Sony was forced to reneg on their previous assumption that “some” services for the PlayStation Network would be up by the end of last week when they told users that the network would remain down. In a blog post, SCEA’s Patrick Seybold informed users that when they stated their plans at a press conference last week, they did not know the extent of the damage to Sony Online Entertainment’s network, and they will not bring up the network until they have verified that the system is safe from outside intrusions. The company has no set timeline on when the network will be back up. EDIT: Shigenori Yoshida of Sony has told Bloomberg that they hope to have the service back up “by May 31st”, which would be six weeks after the the company took the service down.
Sony has also announced in separate posts that they are offering fraud protection for their customers in the United States and Europe. In the United States, the protection will be AllClear ID Plus through Debix Inc., while plans are not clear in the EU due to the complex nature and individual laws in each of the EU’s countries.
In the same post on the EU blog, Sony’s Nick Caplin informed users that the company would be offering two free games out of a selection of five for PlayStation 3 uses, and two out of four games for PlayStation Portable users. As of this moment, the games that they are offering for users are unknown. Gaming Bus has asked for clarification from Sony Computer Entertainment America on whether this deal will be available in North America.
Related to data theft, information for 2,500 users from a contest run in 2001 was posted online over the weekend. The information includes addresses and names, but does not include credit card information, passwords or social security numbers. Sony told Rueters that the database was out of date and no longer in use when it was accessed. It is unsure at this point in time if the people behind the hacks against the PSN or Sony Online Entertainment were behind this one as well.
Speaking of the responsible party, speculation is still rampant as to how involved Anonymous was. As we reported on Friday, Sony is keen to place the blame wholly on the shoulders of the internet activist group, and Anonymous put forth an official response. Two of the group’s members who were involved in the initial DDoS (codenamed OpSony) told the Financial Times that an offshoot or “rogue” element of the group was likely involved in the hack. One member stated that technical details of exploits that were used in the actual attack showed up in a chatroom, while another, using the online alias Kayla, stated “If you say you are Anonymous, and do something as Anonymous, then Anonymous did it… Just because the rest of Anonymous might not agree with it, doesn’t mean Anonymous didn’t do it.”
Finally, adding insult to injury for Sony, Ars Technica reports that hackers have released a custom firmware that restores the OtherOS feature. The firmware requires extra steps for slim-model users and some features are still a work in progress, but it restores the functionality that Sony had taken out as a security precaution in a mandatory update back in April of 2010. In a message on their site, the developers of the firmware sent a message to Sony: “My hardware, my rules. I brought back what you took away.” The restoration of the OtherOS feature by George Hotz and Sony’s eventual legal action against him eventually led to Anonymous starting OpSony.
Analysis: There’s a lot to absorb here. Let’s take it one by one.
* Sony is in the right to make damn sure that the network is ready to take a beating when it comes back up. It’s patently obvious at this point that the company has a humongous bullseye on its back, and that the motives of the people doing the attacking are equal parts unscrupulous and impossible to gauge. Assuming it’s Anonymous, the group doesn’t believe in taking credit card data or hurting innocent people, yet that’s what these people are doing. Plus, you have a group of people who sometimes do things “for the lulz”, meaning that they do them just for shits and giggles. At this point, no one knows fully what to expect, but we do know what to expect when the PSN comes back up: it’s going to be targeted, and another breach could do catastrophic damage to the reputation of both Sony and the PlayStation brand. Some could say it’s a little late for Sony to be concerned about our data and their network, but we’re long past the point of what-ifs.
* The fraud protection is a good idea, and the first good thing Sony’s actually done. However, I don’t know for a fact if this automatically signs me up for their program that will automatically bill me afterwards, or what kind of information I’m going to have to give to get this kind of protection. Simply put, I can’t trust anything coming out of Sony’s mouth at this point, and as I have not received the email saying what the exact details are for me, as a consumer. I could ask Sony about it, but I’m sure that’d go as far as my other requests for information. To be fair, it seems a lot of sites are getting run-around on this; Sony is talking to Bloomberg and Reuters because they’re big, mainstream sites. The entire games press seems to be left out of the loop on this, comparatively speaking. I guess we’re small potatoes?
* Assuming the free games are part of North America’s “Welcome Back” program, this is a good start. Giving us a choice is much superior to just dumping a game on our laps, like Microsoft did with Undertow as compensation for their outage dating back to the holiday week of 2007. However, the circumstances are different this time around: Microsoft’s Live outage was nothing more than an inconvenience, whereas this outage has real-world identity theft consequences. Sony must go the extra mile, and they seem to be doing that, though if they look at us and go “OK, you can have Digger HD, Wakeboarding HD, Thexder Neo, Tank Battles and Kick Ass. Pick two. Be thankful”, there will be howling screams of anger coming from the masses, the ones that were more concerned about their precious damn trophies than their information. These people will be loud, and will drown out the world if they are not pleased. I would caution Sony to tread carefully in this regard.
* The data from a 2001 contest is largely irrelevant. All it did was cause headline writers to decry “Sony Suffers Another Information Breach”, which draws the clicks of people who will then go “wait, ten year old data from a contest, and nothing major? Really?”. All this did was enable people to say that the attack happened. It was a red herring, and doesn’t matter at all in the larger scheme.
* Finally, it’s nice to have the OtherOS feature back, but for one, it takes a high level of technical sophistication to be able to install it. While I could do it, I’m not about to potentially brick my PS3 to be able to test this out. Yes, it works with modern firmwares, but for one, I have to do a bunch of other risky steps because I’m a slim owner. Secondly, there’s no telling what’s going to happen when Sony comes back up with their mandatory firmware to be able to go online. I have to go online to play games; I’m a reviewer, it’s my job. Will Sony brick this firmware if it comes back up? Will it be intentional, accidental, or an “oopsie” that Sony blows off? There are too many questions for my liking. The only people that are likely to get anything out of this are people late to the OtherOS party, because anyone that was THAT serious about OtherOS likely never updated from 3.21. With that said, I say the following as someone typing this on Linux: I cannot for the life of me understand the “hardcore” Linux user, the one that insists on being able to run Linux on their systems at all costs. I like and use Linux, but these are the type of people that have to install Linux on *everything* that runs a CPU. PCs, Apple systems, phones, even things completely unrelated to personal computing seems to not only need Linux, but one of the harder to use distros (I use Ubuntu, so to these people, I’m not “good enough”. Hey, make OpenSuSE run without eating my laptop alive, and we’ll talk, cool?). Bringing this point up to them just sets them off on massive rants about Micro$oft, so why bother? Unfortunately, it was these people – specifically, Geohot and the fail0verflow group – that caused this mess by their pitiful insistence on a freaking operating system, and who are going to ensure that *NO ONE* ever makes the mistake of ever catering to the technical crowd ever again. Sony tried to toss these guys a bone for four years, and look where they are now. Meanwhile, Apple treats their technical users with fairly open disdain, and they seem to be doing quite well.