News - Spanish police arrest three in connection with PSN attacks

[Jimbo75]

I'll say it again:
"I was referring to the breaking and entering of a server. You've missed the act, breaking in to the server."

Breaking suggests physical force, which of course did not happen. Nothing was "broken".

Copying data is another offense. Breaking in is one itself. Putting the details on a torrent I'm sure was for the public good, no ego fluffing there... But I guess I've been brainwashed by you know not been a complete douche just because I can.

You're being a complete douche by suggesting I was making a case for piracy when I didn't even mention that at all.

Excellent, hold that thought of claiming a victim was asking for it as ludicirous... Hold onto it and:

No your attempt to compare rape to hacking was ludicrous, and I'm sure you realised that's exactly what I meant.

Ah yes, there we go.
No you were saying it wasn't theft, the law and terminology gets confusing because of the international boundaries, but in the US that would be classified as IP theft.

Too bad we aren't in the US? Or too good? The EU is constantly making laws to protect us from American laws, all I can say is I hope they speed some of them up before it gets even worse.

I suppose you feel that the hexus forums were asking for the hack they suffered previously?

I have no idea. There are various kinds of hackers out there, but then again people are different no matter what. Some of them are more like Robin Hood while you seem to think they are all like the Yorkshire Ripper or some other beastly thing.

Learn to prioritise, yours are laughably out of whack. I'm gonna guess you lost some money in Sony shares or you possibly work for them, either way you are definitely going way overboard with your comments here.

[Noxvayl]

Much like Jimbo75 I don't "subscribe" to the privilege model of life, however, I feel the projections and snipes above are besides the point and of no use to anyone.

I don't agree that attacking a company to make a point is a good thing but how can we influence our experience on their systems without doing that?

The problem I have with the current situation is that we have certain things dictated to us and the choice we get is either deal with it or get on without it. That doesn't count as a choice for me and I feel that abstaining from a platform is not an option when your friends aren't bothered. You either loose out or you loose out, great choice there.

I don't know of a way to improve it, but I think a good starting point would be changing the way companies view their customers. Companies need to become part of the community they provide for, being disconnected causes too many problems.

[Jimbo75]

Exhail, the problem with companies like Sony is they just don't listen to reason. There is only one way to deal with a company like that.

All of this happened to them because some guy found a way to hack the PS3 to use different OS's, and they took him to court over it. For the sake of what would have been a few thousand quid, they started law cases running into much higher amounts, then finally saw billions wiped off their shares.

I hope it's been a hard lesson to them and others. Corporate greed brought Sony down and nothing else.


You made a very valid point on being unable to abstain from making choices as well. This is the new thing. I cannot sign up to play a game online without giving out more and more details every year. It didn't stop me from being hacked, and probably hundreds of thousands of others as well. They do not need this info for our safety like they claim, they need it because it is worth money to them pure and simple.

If there was another choice I'd take it, but these same companies are involved in cartels and neverending anti-trust issues which prevents anyone else from breaking their stranglehold. The EU is making laws as fast as it can but it's not fast enough for some of us.

[TheAnimus]

Breaking suggests physical force, which of course did not happen. Nothing was "broken".

Damn. Guess we never broke enigma then, never cracked the lorenz either. Same way that breaking and entering doesn't have to involve a damage to the property that is been entered.

You're being a complete douche by suggesting I was making a case for piracy when I didn't even mention that at all.

Well you sir... Don't get how your thinking that, because I wasn't that one that started to complain that critising people posting stolen data on the net was wrong.

No your attempt to compare rape to hacking was ludicrous, and I'm sure you realised that's exactly what I meant.

Not really. Rape is a violation, people are seeing this now happen online, someone blackmails some normally young girl, and using data acquired from their PC gets them to take video or something for them. An extreme point, but valid that to a lot of these young victims, they are so scared about having intimate details of their life posted to all their school friends, that one picture they took for their boyfriend, they will capitulate with someones sexual fantasies. There was a case in the news which was most shocking a couple of weeks back. I shan't link it here, doubt the mods would be happy, but it would certainly fall into the extreme violation category.

Now just because she was guilable enough to download and run as elevated an executable which proported to be from the school does not mean she deserved it. No matter how lax her security measures were.

Too bad we aren't in the US? Or too good? The EU is constantly making laws to protect us from American laws, all I can say is I hope they speed some of them up before it gets even worse.

Last I checked the PSN was a global thing admistered mostly out of the US. Which law do they use to charge the hacker, they can be extradited you know.

I have no idea. There are various kinds of hackers out there, but then again people are different no matter what. Some of them are more like Robin Hood while you seem to think they are all like the Yorkshire Ripper or some other beastly thing.

Oh yes these guys were really doing it for all the little peoples good weren't they? I mean the little people were glad to erm.... Can't think of any upside for them, except they might have gotten some fresh air whilst the network was offline... Yes they helped the working man get fresh air, they are heros.

I'm not for a second saying there aren't many people who are just doing it for the fun in ways which are harmless. But these guys weren't harmless.

Learn to prioritise, yours are laughably out of whack. I'm gonna guess you lost some money in Sony shares or you possibly work for them, either way you are definitely going way overboard with your comments here.

No they put torrents of peoples information up on the net, for no reason other than they could. How the hell do you make that sound like a good thing?

Someone trashed the hexus forums because they could. At the risk of a flame war its not hard because PHP is a pile of insecure poo, but just because its possible, does it really mean they should? No.

So to recap, theft of IP, is erm, theft. Breaking in to a system in an un-authorised way is naughty. Posting details of people who had nothing to do with any of it makes you a douche.

[Jimbo75]

Last I checked the PSN was a global thing admistered mostly out of the US. Which law do they use to charge the hacker, they can be extradited you know.

Yes exactly, like the US are trying to do with a UK citizen Gary McKinnon for example, a guy with a serious personality disorder.

I'm not for a second saying there aren't many people who are just doing it for the fun in ways which are harmless. But these guys weren't harmless.No they put torrents of peoples information up on the net, for no reason other than they could. How the hell do you make that sound like a good thing?

These are the same guys who are outing the US's war crimes, which is the only reason the US is interested in the first place. As for putting people's information up on the net, you realise that this allows these people to start a class action against the company? That's why its a good thing, that's why Sony has put aside a fortune to pay off people who were victims of this so called "crime". You have to wonder, who really is the criminal when Sony is the one facing $billion payouts?

http://www.computerandvideogames.com...er-data-theft/

On top of that, some of these people are waking up to the reality of what is actually going on, which is the main reason for posting details - publicity. If people weren't so ignorant in the first place Sony would not have free reign on all of their personal information. This is a good thing.

So to recap, theft of IP, is erm, theft. Breaking in to a system in an un-authorised way is naughty. Posting details of people who had nothing to do with any of it makes you a douche.

In your opinion. Laws can change and they will change. You would have them change for the worse, along with the board at Sony, the US government and the rest who would have us living in a corporate police state.

[TheAnimus]

Yes exactly, like the US are trying to do with a UK citizen Gary McKinnon for example, a guy with a serious personality disorder.

Erm, this is about people leaking information about customers of the PSN. The Gary McKinnon thing is irrelevant.

These are the same guys who are outing the US's war crimes, which is the only reason the US is interested in the first place. As for putting people's information up on the net, you realise that this allows these people to start a class action against the company? That's why its a good thing, that's why Sony has put aside a fortune to pay off people who were victims of this so called "crime". You have to wonder, who really is the criminal when Sony is the one facing $billion payouts?

I can't believe this. Your saying its OK to publish information on PRIVATE people who have done nothing more than buy a service from sony?

I cannot begin to fathom how you arrive at that. How the hell?

The wikileaks thing is completely irrelevant. No matter how good the intentions of someone are in one act does not excuse them in another.

On top of that, some of these people are waking up to the reality of what is actually going on, which is the main reason for posting details - publicity. If people weren't so ignorant in the first place Sony would not have free reign on all of their personal information. This is a good thing.

Yes we should really question more about what information people hold on us, but there are ways of going about it that are correct.

I think you would be singing a different tune if it was your information posted, if your credit card was subsequently used fraudulently.

In your opinion. Laws can change and they will change. You would have them change for the worse, along with the board at Sony, the US government and the rest who would have us living in a corporate police state.

Really? No government has been looking at relaxing the laws regarding accessing systems without prior authorisation. I love how you go straight to corperate police state.

In what way, in this scenario are Sony not a victim? How are they been an evil corporate? Providing an online gaming service which people choose to use (surely xbox live is better!).

Where would you draw the line, I'm self employed, I have personal data on my home office network. Should people be allowed to break in to that at whim to show how bad my security is?

And that is the last bit. All security is flawed. If you respond to my first post about where you draw the line, I think we might move this along a bit better.

[Jimbo75]

Erm, this is about people leaking information about customers of the PSN. The Gary McKinnon thing is irrelevant.

You were the one who brought up extradition. What's the difference here?

I can't believe this. Your saying its OK to publish information on PRIVATE people who have done nothing more than buy a service from sony?

I'm saying it's not ok for Sony to have that information in the first place. They don't need to have it, if they didn't have it this wouldn't have happened.

I cannot begin to fathom how you arrive at that. How the hell?

How hard is it to believe? These companies are collecting data on people that they simply do not need to have in order to sell us their products. On top of that, they are failing horribly to keep that data safe. That is why Sony is facing more $billion lawsuits.

The wikileaks thing is completely irrelevant. No matter how good the intentions of someone are in one act does not excuse them in another.Yes we should really question more about what information people hold on us, but there are ways of going about it that are correct.

I don't believe it is completely irrelevant. It's the same people. Do you really think the US government cares about a Japanese company losing a fortune? Did Obama care about BP while putting the boot in? No, Americans only care about American interests. This has EVERYTHING to do with wikileaks and if you can't see that then something is wrong.

I think you would be singing a different tune if it was your information posted, if your credit card was subsequently used fraudulently.

For all I know my information could be there. I should check, maybe join the ranks of people suing Sony. I know I didn't give them any of my information but it would not surprise me one jot to find out that they had it anyway. That is how they work.

Really? No government has been looking at relaxing the laws regarding accessing systems without prior authorisation. I love how you go straight to corperate police state.

That's not what I meant. Laws are being put in place to allow customers to opt out of this crap so it wouldn't be an issue in the first place. Just because lawmaking is slow does not give Sony and the rest the right to abuse our goodwill and trust until that law is made.

Read - http://www.telegraph.co.uk/technolog...med-by-EU.html

And that is just the first of many steps that will be taken.

In what way, in this scenario are Sony not a victim? How are they been an evil corporate? Providing an online gaming service which people choose to use (surely xbox live is better!).

Try googling Sony antitrust why I play the worlds smallest violin for them.

Where would you draw the line, I'm self employed, I have personal data on my home office network. Should people be allowed to break in to that at whim to show how bad my security is?

And that is the last bit. All security is flawed. If you respond to my first post about where you draw the line, I think we might move this along a bit better.

The line should be drawn at corporate abuse of trust and need to know information. Until it is, they will only end up losing more and more in the long run, just like Sony. And believe me it's not over for Sony by a long shot, maybe they need to go under for the others to really take notice of how serious people are about personal rights.

Codemasters -http://www.bbc.co.uk/news/technology-13731822

My information is probably included in that as. I hated given out those details just to play on online game, and frankly if I find out it has been used to con me out of money they'll be getting sued too. That their greed should come back to haunt them is the best kind of justice that can be meted out to them, as the guy in that article says...

"Does a company like Codemasters or any video game company really require such sensitive information? In my opinion - no."

[TheAnimus]

I'm sorry, I tried, I couldn't write something that wouldn't violate the family huggy friendly nature.

So I'll simply leave it with, the law says your wrong. Long live that status quo.

[Jimbo75]

The law is changing to prevent stuff like this happening in future.

You are welcome to your opinion but for the love of God I hope you don't actually believe you have the moral upperhand, or are feeling any actual pity for Sony.

The only difference between something like Sony and Anonymous is individuals in Sony can hide behind their corporation and get away with all sorts of criminal activity because of it, while the Anonymous guys will probably end up in jail for far lesser crimes.

[[GSV]Myocardial]

Okay. I can't let that go without some comment.

Yes Sony had been pants on head retarded in the way the PSN worked, the security model was inherently flawed, once someone had any cyrpto certification they could do anything, from update the characters position to a game server, to executing arbitrary code. That is bad.

But think about it, your saying its OK for someone to do whatever they want because they can?

I can break in to someones house steal what I want because well they shouldn't have left the window open, they were stupid enough to use a Yale lock, rather than a bump proof lock. She was asking for it. They didn't cypher the passwords, they where asking for it, they used only and MD5 with no salting, our rainbow list owned the passwords, they where asking for it, they used a classic salt of the first two letters of the username, our improved rainbow lists found 80% of the users passwords because complexity rules were not enforced. If these concepts don't make perfect sense to you, then never post again saying a company failed on computer security topic.

There has to be a middle ground, taking reasonable steps to prevent but at the same time people not breaking in.

These guys broke in to the PSN network, yes I appreciate the intellectual fun of such things, but no system is secure, except of course macs, because st jobs said so, and so they must be.

TheAnimus, how do you get from what I've posted that it's OK to do anything they want. I had an objection to someone wanting physical harm to someone who "could" have been involved with the group that "may" have been involved in hacking the PSN and SOE network. I'd call asking for them to have their balls removed with a rusty razor blade as a call to torture. Personally if we have to drop to that level then we've totally lost the plot as a civilised society. The hackers weren't in the right but neither was the large corporate.

(I'll make the same sort of assertion that you made against both myself and Jimbo75 just for effect) But think about it, you're saying that it's OK to torture a convicted person with razor blades? (Of course you're not, so stop making those sort of assertions about others when you post, it's not appreciated and not what was meant). Maybe I should have been clearer with my objection.

Sony was in charge of over a hundred million end users personal data. Data that can allow a criminal to basically wipe out your bank account, use your credit card and live as though they are anyone on the list. If your bank lost all your money from your account and offered you a year of insurance (that doesn't cover any losses just the money you'd have to spend rectifying your credit record) and a couple months free gaming, you'd be rightfully a little narked. Sony have, through poor administration and control procedures, given away access to potentially a hundred million bank accounts, credit cards etc and potentially blighted people for years to come with problems with fraud.

And for me I don't even want to play their games anymore. I ceased paying for my account over four years ago, there is no way to get your information removed completely from their database, I've tried before and didn't get very far as no one could ever answer my questions and in the end I gave up, thinking that a large corporate like Sony would have appropriate measures of firewalling my personal data away from criminals.

It turns out that they didn't have appropriate measures in place and that such data was available to external sources. In my mind they should be punished to the full extent of the law and severely financially penalised, as well as coutries revoking their rights to administer data.

The other insult comes in their insurance offering, they're not even using all the contact details they have on file to contact people, instead you have to go out of your way to phone the damn company up administering the insurance and ask to be added in some way. Or that's what I've read and since sony seem to have no links to a central place to get information easily findable on the affected sites; www.soe.com has no banner linking to the info as I would expect, it takes some googling to actually find their web pages about this incident.


And on the point of a group publishing the data, it really does seem that this has become the only way that the common man actually gets any say in getting the law governing data protection tightened up.

Although if they do find the people responsible then I think they should also be tried and given appropriate jail sentences.

Where would you draw the line, I'm self employed, I have personal data on my home office network. Should people be allowed to break in to that at whim to show how bad my security is?

Hope you're registered with the ICO as a data controller then?

What security do you have in place and if you think your security is deficient then you better spend some cash on rectifying it, by what you've said above you obviously don't think the data is very secure or is that just me reading something into what you've posted again A recent case that came across my desk has indicated that it is the data controllers problem to have reasonable security in place, comparable to the amount and type of information present. Basically a person had information on their laptop, took it home and while the data was encrypted I believe, the passwords were also on the machine and the machine was not physically secured within the house, i.e. in a locked cupboard or chained to something. The ICO therefore found the company negligent, so things are being done.

It also gave me something more to consider in the business I work for as technically it'll be my boss as Company Secretary who'll be in the firing line should we loose a load of data.


One thing that I would like to see on sites that require you to enter data is that they are forced to give you the option to have all the personal data removed on request, and I don't mean by telephoning or jumping through hoops. Also data should be proportionate with what is required, on SOE all my data is available in one area, rather than being properly seperated. Why do my CC payments need to be in my online game login section, that data should be held completely seperate. Also, technically my chars on the relevant game are also gone as they wiped them as part of a downsize, so my CC details are not even relevant anymore.

[crossy]

Fascinating exchange on this topic - albeit a little heated in places!

Glad to hear that some of the Anonymous folks have been caught. They had my support for the action against Sony, up to the point when they supposedly released all this confidential data to the world at large (or at least the criminal element of it). At that point, as far as I'm concerned they're just scum, and deserve some hard jail time. If they'd just spiked PSN for a day, and then proved they'd compromised the servers, then fine. But to do the other stuff was just ridiculous - particularly data theft for gain is still theft, (and the next person who compares Anonymous to Robin Hood is going to get slapped).

As an ex-Sony online customer (closed my accounts) I'm disgusted by the way that Sony's been handled - a "sorry" from the managers doesn't do it, I want firings at the manager level, (and maybe lower if the admins weren't warning about the lack of security)! I'd be quite happy to see Sony get some swingeing fines from UK (unlikely), EU and US for their horrific negligence - it's long overdue that someone was made a very public example of.

Like others have eloquently stated, I'm getting increasingly uneasy by the amount of data that companies are insisting you provide, and the cavalier way that some of them treat data or copies thereof. Maybe if a few CTO's etc got some personal fines and/or some jail time then we'd see some downsizing of the "requirements" and better handling?

And heaven help you if you try to find out information from these folks. My most recent failure was trying to find out from a pet product advertisement agency why I'd been banned from their forums for "spamming" despite the manner etc of them doing this was in violation of their T&C's. Similarly trying to find out what MS, Apple, Sony are permitting themselves to do with your data is frustrating.

By the way

Claim to have detailed Spain's Anonymous leadership.

in the subhead - shouldn't that be "detained" rather than "detailed"? Pedant mode off ...

[Unique]

http://www.bbc.co.uk/news/technology-13749181

they've now targeted the spanish police website

[[GSV]Myocardial]

http://www.bbc.co.uk/news/technology-13749181

they've now targeted the spanish police website

That's what makes me really question the ability of this group to have hacked the PSN and SOE network. They just seem like that have a lot of bots at their disposal to push DoS attacks.

I doubt we'll ever know who the real perpetrators were.

[Whiternoise]

That's what makes me really question the ability of this group to have hacked the PSN and SOE network. They just seem like that have a lot of bots at their disposal to push DoS attacks.

I doubt we'll ever know who the real perpetrators were.

Actually if their claims are to be believed, pretty much all their hacks have been relatively mundane - SQL injection, local file inclusion, etc.

Apparently Facebook proved a tougher nut to crack... from the Twitter feed:

If you try to snack on Facebook's innards, it unleashes phantom anti-hacker arms that tear you limb from limb while boiling your bones.

Ironically, with all the privacy fiascos, Facebook apparently has a reasonably good security wing.


Does make me wonder though, why can't Sony et al subpoena Twitter for the details of the posters? - though naturally one would assume it's all through Tor, etc.