Don't Blame Sony, You Can't Trust ANY Networks

Illustration for article titled Dont Blame Sony, You Cant Trust ANY Networks

The hack attack that forced Sony to take the Playstation Network and Sony Online Entertainment offline and resulted in the theft of personal information from tens of millions of people around the world wasn't really Sony's fault, it was an inevitability, a security expert tells Kotaku.

Bruce Shneier, internationally renowned security technologist and author of Applied Cryptography, Secrets and Lies and Schneier on Security, said that the only thing unusual about the break in to Sony's dual networks is that they are used for gaming, something titillating to the mainstream media.

"It's another network break-in, it happens all of the time," he said. "This stuff happens a lot."


For every incident like the infamous Heartland Payment data breach in 2008, which impact millions, there are dozens of smaller breaches, some under reported or not reported at all. The issue is so prevalent that Congress is currently holding hearings on the threat of data theft.

When asked if Sony's network was secure, or if there was some misstep on the part of the company in keeping their customer's personal and credit card information protected, Schneier was dismissive.

"What does that even mean?" he asked. "Is there such a thing as a secure house?"

No networks, Schneier added, are really secure and people have to come to grips with that.


The fact that Sony, and not Microsoft or Nintendo, was the company breached by hackers has nothing to do with their level of security, he said.

Illustration for article titled Dont Blame Sony, You Cant Trust ANY Networks

Bruce Schneier isn't just a security expert, he's also an Internet meme. He's testified before Congress, written articles for publications around the world and appears to be the hacker's answer to Chuck Norris, with a page dedicated to "Schneier Facts" like: "Bruce Schneier cuts meat in prime number lengths." and "Bruce Schneier once killed a man using only linear cryptanalysis."


Both Nintendo and Microsoft, for their part, both say they have secure networks.

"The security of and confidentiality of our customers' information is extremely important to us," Nintendo said in a statement to Kotaku. "That's why we have many technical, administrative and physical security measures in place to protect personal information from unauthorized access and improper use. We also review our security procedures periodically to consider appropriate technology and updated methods, and test our systems."


Microsoft's response was similar.

"The security around our Xbox LIVE service and member information is our highest priority," a spokesman said. "Other than that, we have no comment."


Schneier remains unconvinced:

"Everyone is probably equally sucky," he said of network security in general. "Some may be better than others.


"Unfortunately, the moral here is that you give your information to a third-party, blindly trusting them, a bank, a credit card company, a phone company, Amazon, J. Crew, or Sony. You are blinding trusting that they will use the information wisely and secure it. And you have no say how they do that and you have no recourse if they fuck up."

But, the famously cynical Schneier adds, "Even with all of that, most people are really safe all of the time."


"You're doing OK, I'm doing OK. I buy stuff online all of the time. I bank online. And what other option is there?"


Sony Explains Playstation Hack to Congress, Calls "Anonymous" Cyberterrorists

The cyber attack that knocked the Playstation Network and Sony Online Entertainment offline for more than a week was a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information," according to a letter from Sony to... More »


Share This Story

Get our newsletter



"You are blinding trusting that they will use the information wisely and secure it. And you have no say how they do that and you have no recourse if they fuck up."

Now, I don't know about the laws concerning data protection in the U.S but here in Ireland we have laws in place to protect our personal data and to give recourse if that data isn't protected.


I'm sure Mr. Schneier is an intelligent man but he glosses over many of the key issues in regards to the PSN hacking. For example, there was previous hacking carried out by Anonymous just weeks before this happened. This clearly showed that there was a hole in the security of PSN.

He's right when he says no house is really secure but the responsible and intelligent thing to do if your house gets broken into is to improve the security of the house, be it buying better locks or installing a more advanced alarm system. The onus is also on the householder to let anyone else living in the house know that there was a break-in so that those people can make sure their own property is as secure as they can make it.

Sony didn't improve their security after the anonymous hacking and they didn't inform PSN users that their personal data was compromised, they didn't even provide an avenue for PSN users to change their information.

There are security breaches all the time and yeah, many of them go unreported but this was as much a fuck up on Sony's part as it was an incident of common cyber-crime and all the excuses in the world won't change that.