• Sony's Security Disaster: What next?

    Following their disastrous handling of the loss of 77m of their customers’ personal details, passwords, and mother’s maiden names, new details are emerging about how Sony plans to secure their crippled PlayStation Network.

    Hackers broke in to Sony’s network last week, leading to the company pulling their service offline and the loss of the data.

    The data loss came after the notepad file that all the information was kept in was accessed by the hackers, after they broke through Sony’s defences by cracking their password, ‘password.’ They then found that they had access to everything, including files named ‘everyone’s personal details.txt,’ ‘credit card numbers (please don’t look at this).txt,’ ‘the ten (eight (five (three))) year plan.txt,’ and a folder of Kaz Hirai’s holiday snaps.

    After taking the PlayStation Network down last week and realising the extent of the loss of data, Sony went into defence mode and tried to work out how best to limit the damage to their reputation. They held a meeting and decided the best course of action was to just not tell anyone and hope that everything was okay.

    Unfortunately, a week later it emerged that, due to an administration error, the minutes of this meeting had been posted to hacker, George ‘Geohot’ Hotz, along with a floppy disk containing the aforementioned text files and a compliments slip.

    Realising that it was all about to come out, Sony made the first move and announced that they’d accidentally let everyone’s details get stolen and tried to gloss over the fact that they’d waited an entire week to let people know that their passwords were at risk.

    But what now for Sony’s PlayStation Network?

    After firing literally every employee involved with PSN, Sony hired one man to save their console. NTSC-UK spoke to Jim Jimmison, the man charged with fixing Sony’s broken network.

    “It’s all about going back to basics,” he told us. “The first thing we had to do was protect against any data loss.”

    He talked us through this process, which involved a team of 5,000 Sony employees copying out everyone’s details into notebooks by hand. Over 20,000 biros were used throughout the process, with much of the money coming from PlayStation Plus subscriptions.

    The process didn’t go smoothly, however.

    “They had to do it twice,” Jimmison laughed. “They did it the first time but then we accidentally left all the notebooks outside and someone took them.

    “Boy, was my face red.”

    This system of manually keeping records by hand is a key part of Jimmison’s “back to basics” approach to restoring confidence in Sony’s PlayStation Network.

    “We realise that nobody wants to give us their details anymore,” he said. “It’s like if a tramp stole your wallet and you fought him and managed to get the wallet back, well, you wouldn’t just go and give him your wallet again, would you?

    “We’ve had to make huge changes to the way we do things to reassure people that we’re a different tramp, now, and we’ll take care of their wallets.”

    And it’s here where Jimmison’s manual record keeping is going to be effective, but his initiatives don’t stop there.

    “It’s about putting a face to the service,” he told us. “When you want to log in to the PlayStation Network from next week when it’s back up, it’s going to be a more interactive experience.

    “Every user of the service will be assigned something that we’re calling a ‘buddy,’ a Sony employee who will be responsible for around 2,000 PSN users in the local area.

    “He or she will be given the notebook containing those users’ details, and made to promise that they won’t do anything naughty with it like give it to hackers or put it on Wikileaks.

    “When one of these users wants to sign in to PSN, they simply give their buddy a call and he or she pops round to the user’s house and initialises the connection using a special password, which is currently set to ‘password,’ but don’t tell anyone.

    “We hope that by getting to know their 2,000 buddies in person, each buddy will be 100% confident that when a user is trying to access the PSN, they are who they say they are.

    “With no data held on computers any more, there's simply nothing for hackers to steal. We'll probably have to upgrade to microfiche eventually, though.”
    Comments 2 Comments
    1. kernow's Avatar
      kernow -
      my god whose idea was it to let the writers at the front page
    1. speedlolita's Avatar
      speedlolita -
      I also like how there's no actual game reviews there.