Sony CEO gives reason for data breaches: Bad people don't like how responsible we are
Upright Sony protected its intellectual property by trying to crush Geohot; evildoers took their revenge
We've heard more than we want to about LulzSec's motive for attacking Sony (entertainment and indignation).
Now Sony's CEO is pinning motives to not only LulzSec, but the long but unnamed list of others that cracked its sites during two horrific months this spring.
Until now Sony's public statements have been limited to apologies and promises it had fixed all its security problems (announcements followed within a day or so byanother major breach using the same methods), is spinning the whole debacle with its explanation of why it was targeted in the first place.
Sony was attacked by thugs and miscreants because it was trying to be responsible to its shareholders by suing anyone who tried to run any software on or do anything with a PlayStation 3 that Sony had not previously approved, and the scum of the Internet didn't like that.
That's a paraphrase, of course, but it is essentially the story Sony Chairman and CEO Sir Howard Stringer told attendees at a shareholders meeting Tuesday.
"We believe that we first became the subject of attack because we tried to protect our IP (intellectual property), our content, in this case video games," Sir Howard said at the meeting Tuesday in Tokyo.
In January, Sony sued George Hotz,a U.S-based hacker known as "Geohot" who also jailbroke the iPhone. Hotz was one of several individuals and groups of customers to crack security on the PS3so they could mod it to their own liking. Hotz incurred Sony's wrath by posting easy-to-follow instructions online.
Stringer said that strong stand against piracy and in defense of intellectual property was the reason evildoers attacked the company.
He didn't mention the consistently shoddy security that allowed the attacks to succeed not once, but 18 times.
He did apologize (again) for the string of data breaches, which began in April and for its slow and inadequate response to its laughably (lulzably, I suppose) poor security, but said the company is recovering.
"Our brand perception, you'll be happy to know, is clearly improving again," he said
He did not clarify where he thought Sony's reputation was recovering:
Was it among customers who are still ticked that the sites were down for so long and only secondarily that their information was stolen ;
Was it among hackers who had a series of easy targets until they got bored hitting them
Or was it among shareholders who later called for Stringer's resignation but ended up cutting his pay 15 percent instead. In the invitation it sent to shareholders to attend the meeting, Sony's board proposed an 11 percent cut in pay for Stringer and other top execs.
Sony's stock price has fallen 30 percent this year. The Nikkei exchange on which it is traded fell 6 percent.
Sony's stock price has fallen 37 percent since Stringertook over as CEO in 2005.
Was the decision to tick off customers with draconian copyright protection a good one, considering the loss of data from 100 million customer accounts(caused by bad security where it mattered rather than by good security on the PlayStation console)? Was it worth the drop in stock price?
Was it worth the (conservative estimate) $173 billion the breaches might cost Sonyjust from extra customer support,perks to lure back customers, legal costs and extra spending on security?
In a Congressional hearing on cybersecurity yesterday, Sony Network Entertainment chief Tim Schaaf said traffic on the PlayStation Network had recovered too within 10 percent of its volume before the first attacks in April.
Schaaf was there to support the Data Security and Breach Notification Act, which would require that any site holding customer data increase its security to a fairly minimal level.
The bill would also require that any company whose data had been breached tell customers about it right away, rather than wait days or weeks, as Sony, CitiGroup and several other companies did during a rash of public attacks this spring.
Schaaf did not mention whether he or Stringer felt like idiots for either their poor security and slow, ineffective response during the attacks, or self-righteous attempts to avoid blame in the time since then.