Suit charges Sony laid off security before big hack, spent only protect itself afterward

Lock your own door, but leave customers outside to face wolves? Classy move, Sony

By  

At a big Sony shareholder's meeting in Tokyo earlier this week Sony CEO Sir Howard Stringer blamed the company's dismal recent history of hackage on a community of no-goodniks angry at Sony for having protected its intellectual property with aggressive lawsuits and harassment of customers who cracked its security so they could customize the hardware they bought.

His argument isn't completely unrealistic, but it ignored the six weeks of response time between the first hack and the last – weeks in which most companies would have been able to do something drastic to improve security and halt the humiliation, or fire the people who couldn't make those changes.

It turns out, according to a lawsuit filed in California, that Sony may have gotten things backward by firing the security people before the hackery even started.

The suit, filed by three New Yorkers who were members of the PlayStation network when it was hacked, the account information of 77 million of their peers was stolen and Sony took it offline as the only remaining alternative to protect itself from having the whole site taken over and converted to run Sega instead.

The suit charges Sony laid off "a number" of people in its Network Operations Center in the weeks before the attacks and that after the first attack it spent more money securing its corporate data than doing anything to stop a string of follow-on attacks.

Sony denied the claim through a spokesman who acknowledged there had been layoffs in Sony Online Entertainment to "reduce costs and streamline the company's workforce."

None of those laid off were in security, however, the Sony spokesman said.

The three men who filed the suit -- Felix Cortorreal, Jimmy Cortorreal and Jacques Daoud – said they got their information about the layoffs and Sony's negligence from a confidential internal source.

The claims about layoffs have not been corroborated in the three days since news about the charges broke.

Even without laying off its security staff, Sony knew its security was under par and had invested a lot to create firewalls, a 'debug unit' and IP address blocking to protect the servers used by Sony developers and host to Sony's own gaming code.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness