First lessons of the incident from Sony

Posted by Abdullah Abdul Aziz | Friday, May 20, 2011

The Information Policy slowed by Sony after the attack on the Playstation network shows that customers do not trust the security of businesses. Experts call for the company responsible for such attacks.

How big is the damage, which is why the attack on the Playstation.....

How big is the damage, which is why the attack on the Playstation Network, Sony is to quantify not sure yet. 100 million user accounts had been disclosed in the incident. The fact that the Japanese IT company has been slow and completely informed about the process itself great harm incurred, is now criticizing security experts.

Howard Stringer, CEO of Sony, admitted unless they had been on the biggest threat to corporate data. Not only Playstation users, even experts know, but to investigate.

"We have this problem again and again in this type of attack, we never know what happened, how bad it is, or how the author takes precedence over" complains of Bruce Schneier, security expert. "Everything is opaque, and Sony is particularly difficult to explain some things and then back again."

Sony is due to its information policy is now faced with several requests and subpoenas from the U.S. Congress from New York Attorney General. Both require information on which the data was stolen and what security measures the company.

In response to a complaint by the first Congress, the Japanese had declared cloudy, they were in an "extraordinary" situation in which information about the shooting data "to obtain, directly or simply" be. Sony gave some credit in the letter that closed the system network, while its own research staff.

That was on April 20 was. The attacks were at some point between 17 and 19 April sees, but only on 26 April, Sony said that large amounts of sensitive data that was open.

In the intervening days, the group had only cryptic explanations of why the Playstation Network is not available. Reading is something like this: "We are aware that some network functions have failed. We will post more information as soon as they are able to do it," said a Sony official journal on 20 April.

On April 21 the rumor that the investigation would last less. On 22 April was the first time, "said a foreign intrusion in our system" one. On 23 April, Sony said, "the reconstruction of our system in order to improve our additional network infrastructure," and to "provide the additional security system."

Three days later, on 26 April level, the group finally to a more detailed explanation. Sony confirms the fact that the names, addresses, birth dates, email addresses and other information of registered users of the PlayStation Network and transmission Qriocity media services had been stolen. Customers should be protected in case of identity theft himself, recommended to the Japanese.

The wrath of the users received the company soon will be felt. This was the comment about "jonabbey" declaration on the PlayStation blog: "It's pretty incredible that this is the first meaningful information that you give us. Many of you reading this blog understand enough of the technology even operate their own Internet services. Too much communication should certainly not be a problem. "

Also Bruce Schneier agrees. "You need enough information to researchers, but customers can make wise decisions. Companies do not, however, hinted that the clients. They is rather to give more details because the details are shocking."

The client, there is nothing more than Sony and Citibank, Facebook or Amazon or the mobile operator to trust, Schneier added. "You have no transparency and no control over how secure the company network."

In the United States can be held liable under the Computer Fraud and Abuse Act currently only financial services or authorities for the theft of data. The measures taken recently by the government's legislative initiative on cybersecurity Obama plans to expand the responsibility of critical infrastructure. Melissa Hathaway, in early 2009, U.S. problems Obama's security discussed, advocated and attacks leave the network of Sony covered by law.

"This is really an opportunity to push through a concept of deterrence, that this law applies to any computer that - for whatever reason - be broken," Hathaway goes a step further. "The law should specify that piracy is illegal, and that the sentence to determine its impact." It is time that the interconnection between the government of all computer systems - whether from governments, businesses or educational institutions - to explain.

Sony has its PlayStation Network on May 15 from moving again. The attack has caused from April, according to Sony estimates to date in a loss of $ 171 million.