Coin-OpEd: The great PSN PR debacle

Sony's security breach has been an unmitigated disaster for all involved. Why, then, is the publisher working so hard to deflect the blame?

by

Here's a secret I've been harboring that may give some of you cause for concern: I read your comments on my stories. Now, I say that not to make any of you out there self-conscious or to give you cause to repress some urge to engage in the conversation, profanely or otherwise. Actually, I fully endorse the expression of first thought in that Ginsbergian way.

And over the course of the past couple of weeks, you all have certainly had a lot to say on this whole PlayStation Network quagmire. Should I provide a recap of what's been going on over at Sony? Will a link work? I think a link will work. Here. It occurs to me that we've written more than 30 stories on the issue in half as many days. Perhaps a single link won't work. Dammit, here's a few more.

Who'd have thought that one little box could cause so much trouble?

Our quaint reporting on the matter notwithstanding, GameSpot user comments number in the tens of thousands. (Rest assured, the people here who bandy about "words" like "KPI" will be sending Christmas cards to Sony this year.) The vast majority of you have been so perfectly reasonable in your discussion of the topic that I would trust you with my hypothetical children.

Of course, having been dubbed GameSpot's resident troll (apologies to Tom Mc Shea), I'm drawn to those of you whose first thoughts skew toward the obtuse and asinine. These are the ones that proclaim Sony's impending demise or the fact that Microsoft is somehow culpable. Comparisons to Armenian genocide always get a chuckle out of me, as do those who shrug off the incident since the credit card they had registered was itself stolen.

My personal favorites, of course, go something like, "i dont understand? when i press the play button it doesnt play. i have three white cables and two blue ones. do i plug in the blue ones into the white ones. january is coming."

In the world of corporate PR, however, "first thought, best thought" is not an adage that rules the day. Come along with me, and we'll match up what Sony was saying with what was actually happening.

As detailed in a letter responding to an inquiry by the US House of Representatives' Subcommittee on Commerce, Manufacturing, and Trade, Sony Network Entertainment America uttered its first WTF at or around 4:15 PDT on April 19, when its systems inexplicably rebooted.

By April 20, the PSN operator had clear evidence that its database had been compromised and that data of some kind might be in the hands of…someone. With nary a peep to the public, what I presume to be a giant red button under shatter-proof glass was pressed, causing Dave Jefferies from Illinois to briefly fear he had broken something, having just landed an epic uppercut in an online match of Mortal Kombat.

At around 9:30 a.m. PDT on April 21, Sony said in a brief statement, "While we are investigating the cause of the Network outage, we wanted to alert you that it may be a full day or two before we're able to get the service completely back up and running." At the same time, Sony was engaging with a second computer security firm to look into the issue. One or two days, huh?

Fast-forward two days, and Sony had diagnosed the problem, later telling congressmen, "Intruders had used very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside servers." The technical wunderkinds also deleted log files to cover their tracks.

That evening, around 8 p.m. PDT, Sony issued this statement:

"We sincerely regret that PlayStation Network and Qriocity services have been suspended, and we are working around the clock to bring them both back online. Our efforts to resolve this matter involve rebuilding our system to further strengthen our network infrastructure. Though this task is time consuming, we decided it was worth the time necessary to provide the system with additional security. We thank you for your patience to date and ask for a little more while we move towards completion of this project. We will continue to give you updates as they become available."

Im in ur PS3, stealin' ur infoz.

One such update? Someone tantamount to Ving Rhames from Mission Impossible has had his way with the PSN. Relevant update two? HOLY CRAP, CHANGE YOUR PASSWORDS.

April 24 was Easter Sunday, and my mom was in town. The visit did not go well, but I wouldn't concern yourselves with that. What I would concern yourselves with is the fact that Sony knew it had a "sophisticated hacker" on its hands, and a third security firm had been brought on the case to "determine the scope of the data theft." Despite this escalation, Sony took the holiday as one of rest, providing no updates on the matter.

Cadbury Egg thus devoured, Sony indicated in its letter to Congress that by Monday, all three of the security firms it had hired could definitively say that the personal information for any given PSN or Qriocity service account (of which there are 77 million, though that figure does not reflect unique users) had been compromised. Name, address (city, state, zip), country, e-mail address, birth date, PlayStation Network/Qriocity password and login, and handle/PSN online ID.

The official word? "I know you are waiting for additional information on when PlayStation Network and Qriocity services will be online," Sony said that day around 8:20 a.m. PDT. "Unfortunately, I don't have an update or time frame to share at this point in time. As we previously noted, this is a time-intensive process, and we're working to get them back online quickly. We'll keep you updated with information as it becomes available. We once again thank you for your patience."

On April 26, as Sony and its hired guns worked to ascertain whether Ving Rhames was, in fact, buying mai tais in Jamaica with your credit card, the company at long last copped to what many had begun to suspect: Everyone panic. Oh my god, panic. Here's the part of Sony's comment that day that I found particularly interesting:

"We are currently working to send a similar message…regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity, including online gaming and online access to music, movies, sports, and TV shows."

Phrases that jump out at me: "illegal intrusion," "malicious actions," "enjoy the services."

I've taken the liberty of bringing the subtext as I see it to the fore: "We're sorry that whoever did this is a jerk and, through no fault of our own, decided to personally attack each and every one of you. These actions clearly have nothing to do with anything we did. Rather, it is you all that whoever did this has it out for. Man, I'm glad we're all in this together, right?"

In fact, the deflective tone of Sony's comments has been the one area of certainty and consistency throughout this incident. For instance, in a Q&A concerning the attack posted on April 27, Sony responded to the direct question of "Was my personal data encrypted?" with:

"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted, and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

Sony may have overstated the PSN's security defenses.

In other words, this data is basically entrusted to guards. Said guards may wield M16s. Limb-severing lasers may be involved. Did that matter? No, no it did not. Incidentally, Dr. Gene Spafford of Purdue University, who testified before Congress' inquiry as a cyber-security expert, lambasted Sony's security efforts, claiming that the company was using outdated server software without a firewall.

"Investing in security measures affects the bottom line," he said of companies in general. "They don't understand the risks involved by not investing in security…So when they are hit, they pass that cost along to their customers and to the rest of society."

Perhaps the most egregious comment came yesterday, when Sony Corp. CEO Howard Stringer issued an apology of sorts to all PSN and Qriocity users (and let's not forget SOE's strung-out EverCrack junkies). It began with "Dear Friends" and ended with this:

"In the last few months, Sony has faced a terrible earthquake and tsunami in Japan. But now we are facing a very man-made event--a criminal attack on us--and on you--and we are working with the FBI and other law enforcement agencies around the world to apprehend those responsible."

Japan's tragedy in April has definitely killed nearly 15,000 people (with more than 10,000 still missing). More, the country faces years--decades, even--of figurative fallout from the literal nuclear reactor fallout in Fukushima. How this incident and Sony's nothing-but-downplayed data breach are related, I can't even begin to speculate. How the two are uttered in the same paragraph, I prefer not to speculate.

In a world of "first thought," people speak from a genuine or heartfelt place. What we've gotten from Sony instead is a carefully crafted message designed for maximum manipulation. Can you feel those strings being pulled?

Discussion

579 comments
Uncle-Tunee
Uncle-Tunee

Are you 12? analogies to guns, lasers, those..pics..wanna explain a security-breach sesame-style?

riariases
riariases

@SpyderSeven (...Continued) Now do the same for Howard Stringer (Sony's current president) and the late Norio Ohga (Sony's previous president), and even the combined results don't match up. http://www.google.ca/search?q=owner+of+sony&sourceid=ie7&rls=com.microsoft:en-ca:IE-SearchBox&ie=&oe=&rlz=1I7ADSA_en&redir_esc=&ei=5KbQTdLTN8KugQe2uOS_DA#hl=en&pq=head%20of%20sony%20president&xhr=t&q=howard+stringer+donations&cp=24&pf=p&sclient=psy&rls=com.microsoft:en-ca%3AIE-SearchBox&rlz=1I7ADSA_en&source=hp&aq=0v&aqi=&aql=&oq=howard+stringer+donation&pbx=1&fp=a0ee290b7d0b7e83 118000 results on Google. http://www.google.ca/search?q=owner+of+sony&sourceid=ie7&rls=com.microsoft:en-ca:IE-SearchBox&ie=&oe=&rlz=1I7ADSA_en&redir_esc=&ei=5KbQTdLTN8KugQe2uOS_DA#sclient=psy&hl=en&rls=com.microsoft:en-ca%3AIE-SearchBox&rlz=1I7ADSA_en&source=hp&q=Norio+Ohga+donations&aq=f&aqi=&aql=&oq=&pbx=1&fp=a0ee290b7d0b7e83 29900 results on Google. Combined and that's only 147900 results. Compared to Bill Gates nearly 4.5 million results? Yeah, you're delusional, man. You've got nothing.

riariases
riariases

@SpyderSeven You can easily say that about Sony. They care about nothing but money. They risked their customers security and sensitive information just to save some cash by using a cheap, out of date security system. But Microsoft and Bill Gates are one of the most generous companies in the world. http://www.google.ca/search?q=bill+gates+donations&sourceid=ie7&rls=com.microsoft:en-ca:IE-SearchBox&ie=&oe=&rlz=1I7ADSA_en&redir_esc=&ei=4qXQTYj8F5TrgQe0wb2pDA There are 4430000 results when you look up "Bill Gates donations" on google, with tons of pages making it look like Bill Gates just throws around money across the world for charities. Infact, he pledged his whole savings of $58 billion dollars to a slurry of charities. http://www.dailymail.co.uk/news/worldnews/article-1027878/Bill-Gates-pledges-58-billion-fortune-charity--children.html (Continued...)

AssassinElf
AssassinElf

Of course they are trying to manipulate us , thats what big companies like these do from the very beginning , manipulating us so that they can have our money ...

pillar81
pillar81

There you go SpyderSeven believing things at face value. Where is the proof that the forums were monitored by Sony? He's not talking about a Sony specific forum, he's talking about a public forum that he claims was monitored by Sony. Also, curious phrasing - "individuals who work in security and participate in the Sony Network had discovered several months ago, while they were examining the protocols on the Sony Network to examine how the games worked" Um, if they work specifically for Sony or a Sony developer, they already know how the games work, it's in their SDK. If on the other hand they are those security researchers (as FailOverflow and others call themselves) who like to poke around and tinker with things, I'm not so sure I'll take their word as gospel. Seriously, if you participate in the Playstation Network, is he saying that they are developers of PSN games, or gamers?

SpyderSeven
SpyderSeven

@skellio - could be applied to Microsoft, too. All these big gaming (or otherwise) entities are motherf***ing evil. Honestly, I don't think Sony is any worse than Microsoft or whatever corporate giant cuz they are all run by bloodsucking monsters who see us all as livestock with money.

skellio
skellio

"They demonstrate time and time again that they are concerned only with squeezing as much money out of its consumers as it can," - SpyderSeven Sounds like you're talking about Microsoft.

skellio
skellio

I don't disagree that sony isn't partially at fault but putting the blame entirely on them is ridiculus. The fact is that someone (not sony) hacked their servers regardless of the state of their security or lack thereof. In regards to their comment about the devastation in Japan, they are simply saying they have a lot on their plate right now. They are not trying to draw any kind of comparison between the two events, just saying their problems have now been compounded by this.

106473
106473

@SpyderSeven +1 for your amazing wit.

SpyderSeven
SpyderSeven

I want them to tell me how they honestly see this sh*t playing out. And this is not a news article, its a blog. He isn't engaging in "bad journalism," as you put it. He is telling it how he and many of the rest of us see it, and his statements were factually accurate. He isn't adding food to a flame war (does that even make sense??), but you are pissing off all of us who do care about whats happening by lying down and taking Sony's d**k like a big girl.

SpyderSeven
SpyderSeven

@phantasm-x You are wrong for several reasons. Dr. Stafford did say specifically that Sony was running outdated Apache web servers with no firewall. He got that information by reading mailing lists from security personnel in the Sony Network. You lie. Second, if your bank found out someone had broken in and might MAYBE have your credit card information, wouldn't you want to be informed immediately? I sure as hell would. Also, Sony is obviously NOT "dedicated to providing a truly good and robust enjoyable service to all of its fans". They demonstrate time and time again that they are concerned only with squeezing as much money out of its consumers as it can, always hovering on the edge of pissing us off enough to abandon them, which something they have down to a science. In response to your assessment of their PR throughout this debacle: I do not want these updates sugar coated, and more importantly I don't want Sony to lie through their teeth to me. I don't want to hear about how the network will be "back soon" in ten different useless updates. I don't want them to tell me several times that the network will be back up within a given time and each time be disappointed to find out that again we were being lied to in order to buy SCE some time. I don't want "clever PR."

ranmaso
ranmaso

No matter how secure you make something if someone want it bad enough they will get it. With that being said they are both to blame. Sony for using outdated software and the hackers for doing it. I hate the fact that it had to happen for sony to open its eyes but they are trying to fix. and for these xbox fan Microsoft has proven not to be that secure the first month of windows xp hacker found a way in. Vista wasn't that secure ether and let's not talk about Windows ME

xaviermf
xaviermf

@ drdavewatford I couldn't agree more with you.

ArokaShadow
ArokaShadow

yes I do feel the strings being pulled. When some one says hey heres this great armor to protect you but it has a few cracks in it but don't worry because it will still do its job. Oh and Although u've been stabed it still works. Or dose it? Well we tried. Well we tried dosen't really cover it dose it. Sugr coating the problem dosen't solve it nor dose it help reasure anyone that there info hasn't been stolen. Really People should know if the info could be compremised, So they can turn off there credit cards as a precation. Yeah dancing around the issue isn't helping the company nor its consumers. As a company sony should stand up and say hey it happend we are not proud it happend and we are fixing it. Becarful because your info could be compremised. we will fix it. But hey what do I know I'm just A guy who uses there product. P.S. Some times its a good Idea to deal with the public rather then try and string them along. Just saying.

drdavewatford
drdavewatford

I've been concerned about the theft of my sensitive personal data that I had entrusted to Sony, and thought I'd skim the user comments here to see what the reaction of other gamers has been. Don't know why I bothered, to be honest. On the basis of the message content, a large proportion of people posting here don't appear old enough to even own a credit card and some folks don't seem to grasp the issues at all, which makes me wonder why they bothered to post. Most amazing, some have even managed to somehow turn this into a Sony versus Microsoft fanboy-fest. Guys, wake up - this isn't about Microsoft or anyone else except Sony. It's about how we trusted them with sensitive personal information, and how they didn't look after it. and how they're even now only grudgingly acknowledged that they have placed their customers in danger of identity theft and worse. Almost a week it took them to tell me that my credit card details and other information had been stolen. I found out about it from TV - they didn't even e-mail me until 2 days later - shocking. And by the way, blaming the hackers and labelling Sony as the victims is ridiculous. Would you continue to trust your bank if they didn't bother to shut their doors and lock their safe at night and someone wandered in and grabbed your money ?!

stifstumik
stifstumik

Sony never said it wasn't their fault! So your little 'translations' are incorrect. In fact they admitted from the first day it was their own fault. Due to their poor security systems those pathetic hackers could drop in and take whatever they wanted. The thing is they are trying to solve this and they are REALLY working 24/24 hours a day to make up for there fatal mistake. The only thing we can do is root for them and NOT break them down. It won't solve the issue by saying they are the fault of all this and throwing insults at their faces. Second is there are more important things at matter here, lots of personal data and creditcard information has been stolen. So if you're just angry because the network is down and you can't game no more. Guess what, I have the solution! There's this really nice game you can play anywhere, anyhow until PSN is back online! It is called LIFE!

jemoedr
jemoedr

Who hacked? Sony or the Hackers? Exactly, the hackers. So stop pointing your finger at sony, since the hackers commited the crime. It is as Phantasm said, any computer system can be hacked. The largest corperations and governments on this planet have been hacked and gotten their arses kicked.

Quietstorm75
Quietstorm75

The sad thing about all of this is that I need to go and buy a new PSP and yet I can't because I can't get PSN.

YumeriaYumi
YumeriaYumi

I agree that the one at fault is the hacker/hackers. Even the worlds best security can be cracked by someone somewhere. So yeah maybe they could have noticed faster but is it Sony's fault? No it is not.

x2thac
x2thac

it's not just a little box, it's an entertainment system with unnormal features just hope the hackers get what they deserve for causing this nonsense

oldman54
oldman54

I am amazed this article does not include a comparison on how Sony's pitiful responses look much better when viewed via an xbox connection versus a ps3. I second the notion that @phantasm_x has offered the most intelligent response to this drivel. But Tom, for the last two paragraphs alone, you have my pity. You have shown yourself to be unworthy of being numbered amongst the human beings..

COPMAN221
COPMAN221

In the end, I hope the hackers responsible for all this enjoy their new jail cell with Big Bubba who's all out of Easy Glide.. :)

dlafere
dlafere

@phantasm_x : all true!!! Bring phantasm_x's msg up! >.>

Double_Wide
Double_Wide

@phantasm_x : The most intelligent response that I've read during this entire incident!

rebelspirit01
rebelspirit01

i think the hackers are xbox fans cuze if i had hacked sony then i wouldnt stop now an continue on with microsoft, just becose its fun

a_gamer_guy
a_gamer_guy

[This message was deleted at the request of a moderator or administrator]

warhawk-geeby
warhawk-geeby

The dude writing these is just after another turf war.. The pentagon got hacked, and now Sony. And yet it's amazing how different the two cases have been viewed though. Sony may have been in line for some flack, but end the end of the day it's the hackers doing the wrong. I'll support my chosen company regardless thanks. Yet again Gamespot

gowofwarKratos
gowofwarKratos

Come hackers!!!! , let my Blade of Chaos cut you all in peaces !!!!!

gowofwarKratos
gowofwarKratos

I agree that Sony needs improve their system but the ones we should focus are the Hackers behind the attack that try to mess up our lives. They are the criminals that should get payment for their acts. Just hope everything get back to normal soon and we can enjoy again our free time.

ILBS
ILBS

If somebody walks into your house and picks your keys up for your car without having to break in and then drives off. The insurance wont pay out for it because you didn't take adequate security precautions for for your keys. Its your fault I think a similar thing with protection of data. Leave the door open and data unencrypted its your fault

Kabals
Kabals

@ SolidTy, If Sony has bothered to have real digital security in place and not something a 7th grader installs on his dad's computer, then this may not have happened in the first place. The bottom line is, Sony failed every stakeholder they have, from shareholders to their employees, by risking millions of data points unprotected online. Investors are worried. Shareholders are demanding better security.

BigBossWato
BigBossWato

@cjr1976 Sony Is already giving all psn user one year of credit monitoring and i think that plenty if no one use your credit with in a year they probably won't ever use it. Also you should just cancel what ever card you hand on there or request a new number and from now on buy psn card from where ever it is you chose to shop for game. It not sony is the only place your info can be taken from.

brunolp
brunolp

Really good text. Congrats!

GetafixOz
GetafixOz

Sony: "best console EVA k thanks". Us "suxzors". Hacker(s) "lol PWNED"....

plaintomato
plaintomato

PSN being down sucks. And I hate online glitchers and cheaters, so by extension I can't stand hackers. But...Sony did try to point their huge totalitarian corporate guns at some guy because he cracked their system. It was a scare tactic to tell other would be Hotz's "don't eff with us". Them's fightin' words and maybe a smack in the mouth is just what Sony needed. I don't support what was done, and I don't like it. I'm just hoping Sony learned it might be more effective to shut the window than to run around swatting the flies.

cjr1976
cjr1976

I completely agree with Tom on this one. Even in their official email to everyone, the tone was "we got hacked and lost your info, too bad, here's some links to credit reporting agencies". Sony HAS to take responsibility for this even if it was, as they imply, out of their control. They should be footing the bill for at least 2 years of credit monitoring and identity protection for every member.

deart
deart

Hackers can obtain personal info and credit cards in many ways, this was done simply to mess with Sony.

Azraellll
Azraellll

I read some of these comments and I have to ask. How deluded are people these days?? earthquake?? They actually conviced people that their center of operations is in japan? oh my god no further comments on that matter, because i'd probably end up insulting peoples inteligence, not that they have not already done that themselves just by swallowing such bullcrap. so past that, yeah so whoever did this is to blame, i dont say that people who defend this are wrong but seriusly sony was open to attack, they had the data unprotected as it seems, so if i'd have to choose who i'd sue, SONY, cause this is peoples data credit card data! they made a mess by leaving the door open so now they should be held accountable for their mess. oh and by the way sony stick your sorry's where the sun doesnt shine!

GunGriffin
GunGriffin

[This message was deleted at the request of a moderator or administrator]

Luigi-the-Beast
Luigi-the-Beast

@SolidTy sure, the hackers are obviously to blame... but hackers will hack, just as geological faults are gonna cause quakes. It's their nature, unavoidable, if you will. And if you know this will happen and you still proceed with carelessness, then some of the blame HAS to fall on your lap, no matter if you're the japanese government or the people resposible for network security at Sony.

SaurabhAV
SaurabhAV

I think they mentioned the Earthquake not to shrug of the security breach but to explain why it is taking them so long to fix it.

Luigi-the-Beast
Luigi-the-Beast

@bwgamer except, if Sony does all that and makes us all feel "safer" with all that PR and get hacked again, which is completely possible and even probable, given their tendency to spend as little as feasible on security, then there's no coming back from that..

XTy
XTy

[This message was deleted at the request of the original poster]

SaurabhAV
SaurabhAV

Every time I go to the mall.. I see some kid trading in his Ps3 for a Xbox... and didn't they say the online systems would be online already. Jeez. Heads are probably rolling in corporate. I understand main corporate is located in Japan but if I am not mistaken Sony could easily reroute resources to other countries as it IS an international company. For some reason I am being a pessimistic person and I don't believe systems will be online until late May or early June

bwgamer
bwgamer

I work daily in the world of perception and PR. Unfortunately in our society today you are what people think you are. People will always form their own opinion of you unless you take control of it. Sony needs to start turning the boat around and start putting some positive spin on this crisis. WAY TO MUCH NEGATIVE SONY!!! Never compare a negative to a negative specially comparing it to something that killed thousands of people!!!! Here's some free advise, I would start by leaving all the crap behind. Ok you said you got hack, notified everyone and the authorities (it was a week late but move on). Start talking up the new incredibly awesome most secure gaming network on the market which would never have been possible before all this. Talk of what you have learned and how this new PSN network will help pave the way for new techniques and technologies to fight hackers and secure not only Sony but others. Make users feel safe!!! For the Plus Members who pay for the network compensate their lost time with free downloads for a limited time or other worthy compensation. The point to all this Sony is to help us forget about the past and see the positive in the future. Good luck Sony you have a HUGE hole to dig yourself out of, but it can be done. I'll bill you later :)

got_ice_tea
got_ice_tea

the hacker once found will being going to jail son oma bich

FamousCalibur
FamousCalibur

this console was awesome, it still is, but this whole security breach completely changed the game. well i guess not, idk, i guess we'll have to wait. take the time you need sony

ppg4all
ppg4all

come on sony i thought you guys were awesome but to be set back by a bunch of nerd losers