I am nothing if not magnanimous. For those of my readers that live under rocks, or deep inside Mom’s Basement surrounded by love pillows and the entirely abhorrent Atlus-driven marketing campaign for sex robot murder masturbation simulator Catherine, Sony is in a bit of a pickle.
A few weeks ago, Sony’s vaunted Playstation Network experienced a serious and prolonged outage and some of its users’ personal data may have been stolen, and that data may be being sold on the black market, which is terrible news as all PSN nerds might have hundreds, possibly even thousands, of dollars in spare change in their dwindling bank accounts.
The general staff consensus as reached on the podcast was that this was not the work hobbyist crackers and network security aficionados. Anonymous has refused to take credit, and their refusal lends some credence to their story. Pulling off an act of e-vandalism such as this and then disclaiming responsibility is not the style of Anon. Sony Public Enemy #1 GeoHot, on the other hand, seems to think that Sony’s anti-consumer, anti-hacker attitude is responsible for “alienating” the hacker community, leaving legions of disgruntled hackers no recourse but to… break into a secured system, steal personal data, and sell it for profit?
For those of you blessedly young enough to have grown up in a world before hacking became a commonplace term, allow Grampy Lane to spin you a yarn of yesteryear, when computer cowboys met in a bar called the Gentleman Loser, down on the south side of the Sprawl, and talked about that time Case punched the Villa Straylight in mirrorshades.
As that was no doubt gibberish to my uncultured buffoons of readers, allow me a digression. In the late 80s and early 90s, a new form of “punk” sf arose from the dingy basements of the nascent computer geek subculture: cyberpunk. Spawned mostly from the cryptopen of one iconoclastic writer, William Gibson, the genre focused on the exploits of gray-area dwelling computer criminals in a dystopian future where the international megacorps won and we all got screwed (but it is not coming true, amirite?). Because cyberpunk was hugely popular with the kids at the time, and this newfangled thing called the Internet was really starting to take off when Netscape 2.1 got support for frames and this upstart company called Macromedia created Shockwave, hacking also became immensely popular.
Whereas real hackers were programmers that often pulled apart proprietary hardware and software to learn how to make it tick, the new generation of hackers (called “script kiddies”) were little more than juvenile morons who used tools written by unethical programmers to make nuisances of themselves on emerging networks. Having only little or no knowledge of computer programming or network architecture themselves, script kiddies nevertheless wanted to recreate the technodrama of cyberpunk in the here and now by making like their security-cracking heroes, who spent their time finding, exploiting, and then (hopefully) fixing holes in network security.
Which leads us back to hacker culture today. A real “hacker” (as opposed to a vandal or cracker) is simply a programmer or network security specialist that likes dicking around with hardware and software. GeoHot is, appropriately, a hacker, because all he did was investigate the PS3’s native security and then publish key components necessary to “hack” into the system itself, gaining control of hardware and software usually sealed-off from a user. The “whys” and ethics of whether he should do this are irrelevant; he merely provided a way to get at a certain object, in this case, the PS3’s basic systems. This could be used for any number of purposes, most benign, and only a few malign.
GeoHot is drastically different from someone that would break into a secured system, steal personal data, and then attempt to resell that data to unscrupulous criminals on the black market. Anonymous, for all their claim to be legion and without conscience or pity, are not criminals and have not, to my knowledge, ever been involved with identity theft.
So who, then, could perpetrate this? I do not think GeoHot is correct in assuming that disgruntled hackers chose to take down Sony’s system in some sort of protest. Again, the nature of their hacking would be to find the exploit, and then publish it to show Sony that their claim of security was but one more lie to their customers. Even hackers so upset at Sony’s practices that they would actively take a break from doing whatever it is hackers do in their off time (swill Mountain Dew, tend to their families, and re-solder old Apple ][e boards, probably) are hardly the types to turn to hardened crime…
Which leaves actual criminals. Organized crime is, sadly, not a thing of Scorsese movies or the history of Chicago. The average PSN user’s identity is inherently more valuable than the contents of their bank account. Organized crime syndicates and identity thieves can make far more use of a name and fake persona than they ever could with the $1,500 in savings someone has. False passports, fake identification documents, fake visas are all big business for people involved in drug and human trafficking. Criminal organizations that wish their members to move through society undetected require false IDs. And the sorts of information that could be gained from such information as stored on a PSN account (such as answers to secret questions, home addresses, names and birth dates)are the keys by which savvy criminals can socially engineer and steal even greater bits of one’s identity to fuel their black market trade in false personae.
And what better cover for such a heist than a break-in to a major computer entertainment company’s network, timed around the same time as Sony has alienated and angered many in the computer security field with their civil litigation against a hacker? Of course it was those disgruntled hackers sitting in their basements eating cheetos, we all say (including GeoHot). Because that is the simple and easy explanation, the one that tugs on our sense of familiar narratives. But it is logically inconsistent with the stated values and aims of that community, and much more in line with the standard operating procedure of a sophisticated criminal organization. Who, thoughtfully, will never claim any actual responsibility for it because the best way to remain in business as a criminal organization is to never let people know you are there.
Sony’s litigation to protect their interests and proprietary trade secrets is par for the course; do not think for a second that any major computer entertainment company would hesitate to do the same. And well that they should; failure to protect legal interests in court often leads to the judiciary turning a blind eye and deaf ear to future complaints. GeoHot may be a romanticized, Robin Hood-esque hero to many nascent populists that dislike the faceless, money-grubbing ways of megacorps, but in reality, he is just a fairly tech-savvy guy that broke a thing and revealed a secret, in and of itself a simple act that, divorced from its context, has no ethical implications. But the proper reaction from GeoHot’s supporters would not be further acts of vandalism and electronic violence against Sony; ultimately, such actions would be rooted only in petulance and the spoiled whining of children who feel that they are somehow entitled to Sony’s secrets. And indeed, there is no indication that the hacking community behaved in the way that everyone expects them to. But that narrative, promoted from within and without the gaming community by people that understand the world in too simplistic of terms, has gained real traction, and I worry that it is being used as a smokescreen while actual thieves make away with the identities of innocents caught in the senseless crossfire between Sony and consumers.