PlayStation hacker: Sony has only itself to blame for breach

Sony worried about the wrong type of hackers, said George Hotz, the man who jailbroke the PlayStation

The hacker who has received widespread grassroots support after being sued by Sony for posting code that can jailbreak Sony PlayStation consoles blamed the company's recent data breach on executive-level arrogance.

George Hotz is now barred from hacking Sony products, but he's still happy to blog about the company and point out what he sees as an institutional misunderstanding of the hacker culture.

Sony's latest problems -- the company responding to what could be one of the largest data breaches in history -- lie with heavy-handed corporate management more interested in prosecuting its customers than protecting their data,

Hotz said Thursday in a blog post.

"The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts," said Hotz, who settled his lawsuit with Sony just days before the PlayStation Network online gaming service was hacked. "Alienating the hacker community is not a good idea."

Hotz, already famous for jailbreaking the iPhone, became a hacker icon after Sony's legal department used heavy-handed tactics, including asking the court for permission to view the Internet Protocol addresses of people who visited his website, apparently to discourage users from downloading and distributing this type of software.

The battle between Hotz and Sony illustrates the growing tensions between rights of the corporations that build products and the consumers who own them -- in particular, hacker enthusiasts who want to modify devices that they have legitimately purchased.

Hotz hacked the PlayStation so that it could run the Linux OS. Sony claimed that his software violated the U.S. Digital Millennium Copyright Act, which prohibits the reverse-engineering of encryption protections.

When Sony's online networks went offline last week, some thought that they might have been attacked in retaliation for Sony's prosecution of Hotz.

In his blog post, Hotz said that he had nothing to do with the attack. "I'm not crazy, and would prefer to not have the FBI knocking on my door," he wrote. "Running homebrew and exploring security on your devices is cool, hacking into someone else's server and stealing databases of user info is not cool."

Sony's PlayStation Network and its Qriocity music subscription service both went offline last Wednesday. On Tuesday of this week, the company acknowledged that consumer data was stolen in a criminal intrusion, possibly including credit card numbers. Although Sony hasn't said how many customers are affected, that number could be in the tens of millions.

The services could be offline for another week as the Sony scrambles to contain the damage and restore its systems.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Game platformssecuritygamessony

More about etworkFBIIDGLinuxSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Robert McMillan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place