Geohot: War on hackers, lack of security experts caused PSN debacle

by Griffin McElroy on Apr 28th 2011 4:00PM

With all the recent hubbub concerning the PSN outage and security breach, the plight of legally beleaguered PS3 jailbreaker George "Geohot" Hotz may have slipped from your periphery. However, the notorious hacker recently posted in his personal blog about the incident, explaining he had nothing to do with the attacks on Sony's user info database. "I'm not crazy," Hotz said, "and would prefer to not have the FBI knocking on my door."

Hotz added that the gaming community might be misplacing some of its anger over the intrusion, saying, "Let's not fault the Sony engineers for this, the same way I do not fault the engineers who designed the BMG rootkit." He added, "The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts." A good point -- though, now, we think they're probably going to need all the lawyers they can get.

Via: Gamasutra
Source: Geohot's personal blog

Tags: geohot, george-hotz, hacker, outage, playstation, ps3, psn, psn-outage-2011, psp, sony

Reader Comments (161)

Yes. They stole everyone's credit card numbers to send a message to Sony...

@dscuber9000 My sarcastic rolling-eyes smiley didn't make it into the comment!

@dscuber9000

I saw them just fine.

@dscuber9000

Why was Sony even storing credit card numbers? That's the job of the payment processor.

@Raffi256 It's stored for convenience... when you don't have to input it again to purchase something, that's them calling up your stored information.

@dscuber9000 Was it stolen too?

@oJMan240o

Yes but that's what payment processors do. They handle recurring transactions. They just issue a customer ID or transaction ID, and the merchant can use that to issue another charge on the same card.

This is standard practice, the payment processors store credit card numbers on PCI compliant servers so you don't have to.

@Raffi256 - boggles the mind, I work at a fast food store and when I receive repeat business they still have to give me their credit card number every time because we never keep that on record. This is also the main reason I get PAPER bills on everything rather then electronics, simply because I'll always have a record I can hold even if my comp crashes with all those passwords!

@dscuber9000
Serious question actually, has anyone actually had their credit cards used yet? If they haven't, then he very well could be right..

@Raffi256 It isn't standard practice, it's just one way of doing it. Yes you can pay a processor to do all that for you, or you can roll your own solution. It has benefits (faster access to data, easier to migrate to something new, more control over reporting and when and how to bill something) and negatives (stolen data means it's your fault). I'm betting Sony had their own payment system already in place that was better and cheaper than relying on a third party.

@dscuber9000

Umm, if you want to get credit card numbers, there are plenty of black market websites that will sell you several thousand for 5 cents each.

publicly breaking into a well known company's database (which leads to all the users being told to monitor their credit) is a really bad way to get CC info that's of any use.

The hackers probably copied everything they found in an attempt to find dirt on sony execs and managers.

@MrMichael

Yeah but if you are going to roll your own there's all these standards that the credit card industry has for storing numbers on separate super-secure PCI compliant servers, etc. And they apparently didn't follow that stuff.

@dscuber9000
Why not? I'd say "message sent". This is giving Sony horrible publicity, it's pissing off their consumer base, it's going to cost Sony millions in PR control, it's going to cost them millions in lawsuits, and it's going to cost them millions to secure their system (which should have been secure in the first place).

@ScreamingGerbil There's been some rumblings about people having their AMEX cards used, but nothing confirmed.

@Faceless Troll
Wait, what the hell accepts AMEX? Everytime I go anywhere they don't accept AMEX.

@dscuber9000

for the first time ever this jackass is right... everybody is somehow holding on the the fact that the hackers did this independently and without thought on the Sony vs. Hacker battle that Sony started. Get real, and THINK about it for a second. PSN has been up for over 5 years and they wait to hack it till NOW to somehow throw Sony off on who did it? I'm sure the people who are good enough not to leave clues on their identity NOW had the knowledge to do so, say, last month. The jailbreak, the trial, the "war" Sony waged on hackers, all the info records they obtained through legal means, all of this lead to the security breach at Sony. Its hard to think they waited 5 years to hack PSN when i remember a time when the PS store was nothing more then a glorified website.

@The Aquacharger A lot of online stores apparently.

@dscuber9000 You know the worst part about GeoHot's post:
You are clearly talented and will have plenty of money (...) coming to you in the future. Don't be a dick and sell people's information. And I'd love to see a write up on how it all went down.
Encouraging to sell the info!? What a dick.

@Raffi256
and what makes you think a payment processor is any safer?

http://www.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm

@dscuber9000 Actually Geohot himself caused this. There was security, he broke it. This is directly GH's fault and it's hypocritical of him to blame anyone else

@dylanspronck
Uh...he DIDN'T encourage that. He said "don't be a dick", discouraging the hackers NOT to sell their info.

@The Aquacharger

You obviously dont shop at Costco where AMEX is the only card they accept.

@mywhitenoise Oh I see. I caught that sentence as "Don't be a dick and don't sell the info, but be cool and sell it".
Thanks!

@dscuber9000

I'd like to punch the hackers in the face to clearly send a message to them. Seriously.

So is he the good guy?

@psnshe69mee

Depends, was this intrusion only possible with a hacked PS3?

@shinjix2

Yes... yes this intrusion was only possible with a hacked PS3.
A hacked PS3 that he, in essence, created due to his irresponsibility.

@oJMan240o

Except we don't know how they intruded. Unless you have an inside source?

@oJMan240o

Then he is still the villain in all this......

The timing is all to convenient. Given Geohot and Sony JUST settled out of court....would they have settled if this hit them in February?

Call me a conspiracy theorist but something doesn't add up.....

@psnshe69mee

EZ Guide for this situation;

Geohot is a douche, he's right about most everything he says, but he still acts like, and is, a douche. (him being a douche is unrelated to PSN being down or his work allowing pirating, he's just a douche)

Sony executives are assholes. Money grubbing, lieing, sue-happy, assholes. They are so full of themselves but so stupid and clueless that they ended up pissing off a hacker group with a track record of successfully breaking system security.

Anonymous is...a bunch of swell guys who I have nothing bad to say about. (please dont hack me)

(BTW, all 3 use intimidation to try to get their way...geohot to get a job, Sony with lawyers to sue whoever feel like, and Anon with threats of cyber attacks)

So in conclusion, the good guys are;

Firefighters and Redcross volenteers.

@oJMan240o

LOL... No. If a hacked PS3 allowed hackers to jack everyone's personal data and CC info then that's a huge f*ck up on Sony's part. There shouldn't be any way a PS3, hacked or otherwise, should even come close to accessing that data. But, hey, given the way Sony screwed up their signing of PS3 games I suppose it's possible they've done something equally stupid in this case.

@psnshe69mee

It's amazing how clueless people are about this situation. GeoHot's actions have absolutely no technological relevance in this situation. There is a big difference between "jailbreaking" and network hacking.

What GeoHot did was "jailbreak" the PS3. This means that he provided people with a way to bypass Sony's DRM (copyright protection), and therefore, play pirated games, install other OS's, etc. This has absolutely nothing to do with hacking PSN.

The hackers that hacked PSN most likely used PCs to access Sony's internal databases. Notice that they hacked the PSN, which is on Sony's servers. Unlike GeoHot, who was "jailbroke" his own PS3 that he bought.

Yes, the PS3 uses PSN, but they are completely separate entities. The word "hack" is a very broad term. GeoHot's "hacking" was local to his own PS3. These other guys hacked servers that are owned by Sony.

If you don't like what GeoHot did by jailbreaking the PS3, that's cool, that's your opinion, but don't blame him for the hacking of PSN.

@(Unverified)
But it WAS via hacked PS3, Rebug custom firmware to be exact.
So yeah, GeoHot should take some of the blame.

@Helghast102
As far as we know, Rebug only allowed some users to get some free shit on the store. And if a hacked PS3 was able to obtain this kind of data, then Sony's security problems are much, much worse than anyone would have guessed.

@Helghast102

No one knows how the PSN was hacked., but I can guarantee you, as an experienced software developer, that the hackers did not use a PS3 in any way.

@psnshe69mee

IDK. If a locksmith down the street gives a hoodlum a set of lockpicks, and teaches him how to use them, then that hoodlum breaks into your house and steals your check book and debit cards, is that locksmith "the good guy?"

@photonman

Best post I've read in a while xD

@Helghast102

Was pulling that out of your ass painful?

@Helghast102

Rebug allowed you to conect to the dev servers of PSN.

That doesn't have anything to do with breaking into PSNs user database.

But is this an attack on Sony or Our information. I realy want to know the hackers true intentions.

@shinjix2
against sony

Douche bag.

@bloodlinejake

Every time I see a pic of him I have to remind myself that punching my screen will only result in me paying for repairs...

But I'm soooooo tempted...

@bloodlinejake. Look at douchey douche look on his face. Why, i oughta...

...Send him a strongly worded e-mail.

@bloodlinejake im on th efence about his douchery... ive been a fan of his iphone stuffs (although theres waaay more iphone jb teams out there these days) but what im interested in...

is sony gonna hire this dude to up their new security? that would be funny

@ironneko

I already did. Had to switch computers -_-.

So they did it to prove a point.

*Slow clap*

@Assmar
glad to see your slow clap processor is still working

"PS3 jailbreaker George "Geohot" Hotz may have slipped from your periphery."

And I was hoping it would stay that way. I'm tired of hearing about him, in all honesty.

@sithlibrarian

Amen to that!

| 1 | 2 | 3 | 4 | Most Recent | Next 50 Comments

Geohot: War on hackers, lack of security experts caused PSN debacle

Reader Comments (161)

Posted: Apr 28th 2011 4:02PM dscuber9000 said

Posted: Apr 28th 2011 4:03PM dscuber9000 said

Posted: Apr 28th 2011 4:05PM Assmar said

Posted: Apr 28th 2011 4:10PM Raffi256 said

Posted: Apr 28th 2011 4:13PM oJMan240o said

Posted: Apr 28th 2011 4:14PM bxgt said

Posted: Apr 28th 2011 4:15PM Raffi256 said

Posted: Apr 28th 2011 4:24PM EEdocSnitthu said

Posted: Apr 28th 2011 4:25PM ScreamingGerbil said

Posted: Apr 28th 2011 4:26PM MrMichael said

Posted: Apr 28th 2011 4:27PM satn said

Posted: Apr 28th 2011 4:30PM Raffi256 said

Posted: Apr 28th 2011 4:32PM mywhitenoise said

Posted: Apr 28th 2011 4:33PM Faceless Troll said

Posted: Apr 28th 2011 4:38PM The Aquacharger said

Posted: Apr 28th 2011 4:47PM PR0F3TA said

Posted: Apr 28th 2011 4:53PM Faceless Troll said

Posted: Apr 28th 2011 4:56PM dylanspronck said

Posted: Apr 28th 2011 5:06PM mund0x said

Posted: May 2nd 2011 4:42PM Extinction said

Posted: Apr 28th 2011 5:30PM mywhitenoise said

Posted: Apr 28th 2011 6:05PM Morisato13 said

Posted: Apr 28th 2011 6:16PM dylanspronck said

Posted: Apr 28th 2011 10:22PM OrangeGamer said

Posted: Apr 28th 2011 4:03PM psnshe69mee said

Posted: Apr 28th 2011 4:06PM shinjix2 said

Posted: Apr 28th 2011 4:11PM oJMan240o said

Posted: Apr 28th 2011 4:16PM (Unverified) said

Posted: Apr 28th 2011 4:16PM shinjix2 said

Posted: Apr 28th 2011 4:41PM satn said

Posted: Apr 28th 2011 4:42PM Vidikron said

Posted: Apr 28th 2011 5:05PM photonman said

Posted: Apr 28th 2011 5:27PM Helghast102 said

Posted: Apr 28th 2011 5:42PM The Bird said

Posted: Apr 28th 2011 5:43PM photonman said

Posted: Apr 28th 2011 7:00PM (Unverified) said

Posted: Apr 28th 2011 7:19PM Ashitaka said

Posted: Apr 28th 2011 9:41PM GrayHero said

Posted: Apr 29th 2011 12:55AM This Little Man Says His Name Is said

Posted: Apr 28th 2011 4:04PM shinjix2 said

Posted: Apr 29th 2011 10:20AM (Unverified) said

Posted: Apr 28th 2011 4:04PM bloodlinejake said

Posted: Apr 28th 2011 4:57PM ironneko said

Posted: Apr 28th 2011 5:29PM Mrguy you know that guy said

Posted: Apr 28th 2011 5:35PM KiraXD said

Posted: Apr 28th 2011 8:03PM Basevi said

Posted: Apr 28th 2011 4:05PM Assmar said

Posted: Apr 28th 2011 6:22PM darkfocus said

Posted: Apr 28th 2011 4:06PM sithlibrarian said

Posted: Apr 28th 2011 9:48PM Breakdown said

Info

Description

MSRP

Release Date

Genre

Developer

Publisher

Rating

Breaking News

WB conjures up Harry Potter for Kinect this fall

Featured Stories

Weekly Webcomic Wrapup is a stranger in a strange land

Silver Lining: I Am Alive's unfeeling world

Game Of Thrones and the paradoxes of adaptation

Engadget

TUAW

Massively

WoW