Spies, Security, Sony and You
March 6, 2013
What do a Sony PlayStation, Apple MacBook Pro and the Department of Homeland Security aerial drone all have in common? Within the last 12 months, each device and their parent organizations responsible for their creation and management have been subject to a series of debilitating hacks in a trend that shows no sign of slowing down. In fact, the trend indicates just the opposite—that cyber-attacks on corporate and government entities alike are becoming both increasingly frequent and devastating. It is now more important than ever for corporations to responsibly protect our data and be held accountable when they fail to do so.
How does this affect the general consumer or “end-user” of these products? In addition to the thousands of new viruses and exploits for Macs, PCs and mobile devices being churned out onto the Internet every day, it means our personal data is under constant attack not only by the malicious sites we work to avoid, but that the data we entrust to companies is a hotter commodity for hackers than ever before. And it’s only getting hotter.
Sony’s presentation of its next generation PlayStation 4 (PS4) console on Feb. 20 was a divisive one. Fans of the PlayStation series praised the relatively high-end technical components of the gaming rig and its shift to a more common machine architecture. However, the most innovative aspect of the release was not inside the console, rather it was the forthcoming online integration. Purportedly sporting an ability to feature remote play through the PS Vita, as well as “second screen” gameplay through official Android and iOS apps, the company announced a “PlayStation Cloud” service, clearly looking to break ground in the online console gaming world. But critics pointed out that while the hardware is impressive now, it is not advanced enough to prevent being quickly made obsolete by PC components. Even worse, Sony’s online services don’t have the best track record.
Data from roughly 77 million user accounts was stolen in a 2011 breach of Sony’s PlayStation Network, triggering widespread public concern about secure management of user data. The entertainment giant quickly became the laughing stock of the computer security community during the 24 days that the network was down. It also faced severe criticism for its poorly applied security practices and its failure to act on a series of known vulnerabilities. Will Gaikai, the company through which Sony is working to provide its cloud service, take a more serious approach than its parent to protecting its consumers?
The PS4 presentation took place only three days after the now viral 74-page report by the computer security firm Mandiant on the hacking collective now known as APT1. APT1 is accountable for a series of advanced attacks, known as “advanced persistent threats,” originating in China and responsible for compromising over 141 organizations and stealing terabytes of sensitive information. This comes on the heels of the Feb. 1 announcement regarding a security breach at Twitter that resulted in 250,000 compromised user accounts, as well as recent public compromises of The New York Times, NBC, Facebook, Microsoft and Apple that may or may not be attributable to APT 1.
Have Sony or Gaikai made advancements in computer security that other Fortune 500 companies or government agencies have not? While settling the multiple lawsuits and fines resulting from their 2011 breach may have encouraged a policy overhaul, it still seems unlikely that the company will be entirely secure, especially when rolling out experimental online console gaming infrastructure. The PS4 may be Sony’s next generation console, but unless they are simultaneously releasing next generation security management, load balancing and appropriate compensation to users with low bandwidth, their forward thinking approach is at severe risk of falling flat.
Thankfully, Fordham is holding its fourth Annual International Conference on Cyber Security this August that’s open to students who sign up. Cohosted by the Federal Bureau of Investigation, this engaging three-day conference trains young professionals on how to protect their sensitive data by using tools and special strategies to fight cyber threats. It is clear that companies need to find ways to improve data security. Finding solutions how to improve data security is ultimately in their hands. In the meantime, we as consumers can educate ourselves on steps to keep our data safe.