GamesBeat

Hacker Geohot denies involvement in PlayStation Network attack, blames Sony’s hubris

One potential suspect behind Sony’s massive PlayStation Network security breach was 21-year old George Hotz, AKA Geohot, who recently settled a lawsuit with the company over hacking into the PlayStation 3’s hardware. But in a blog post today, Hotz denies that he had anything to do with the PSN attack.

Assuming he’s telling the truth (“I’m not crazy, and would prefer to not have the FBI knocking on my door,” he said), that leaves plenty of other suspects for Sony to consider, like the patchwork group of hackers calling themselves “Anonymous,” who have been known to cause distributed denial of service (DDoS) attacks.

Hotz clearly doesn’t have much sympathy for Sony. He says in the blog post that Sony invited the attack by making enemies of hackers: “The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea.”

He also makes sure to separate the sort of hacking that he does from the PSN attacks: “Running homebrew and exploring security on your devices is cool, hacking into someone else’s server and stealing databases of user info is not cool,” he said. “You make the hacking community look bad, even if it is aimed at douches like Sony.”

One potential project Hotz says he was working on was a PlayStation Network alternative that jailbroken (or hacked) PS3s could use to play multiplayer games and download homebrewed software. That project ultimately never happened once Sony set its legal hounds on him.

Hotz went on to say that he bets “Sony’s arrogance and misunderstanding of ownership put them in this position” — a common sentiment among the hacking community.

“Sony execs probably haughtily chuckled at the idea of threat modeling. Traditionally the trust boundary for a web service exists between the server and the client,” he said. “But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client (can’t trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client.”

He suggests that the hacker shouldn’t sell the stolen private data (which includes credit card numbers and would likely fetch a high price in some circles), and that he’d love to see a breakdown of just how the hack was completed. But with Sony and law enforcement on red alert to find the culprit, I don’t suspect we’ll see a breakdown of the attack anytime soon.


Screen Shot 2014-03-25 at 2.00.11 PMGamesBeat 2014 — VentureBeat’s sixth annual event on disruption in the video game market — is coming up on Sept 15-16 in San Francisco. Purchase one of the first 50 tickets and save $400!

Trackbacks

  1. [...] with leaders in the field and the occasional tidbit of developer drama (come on, don’t pretend it never [...]

  2. [...] with leaders in the field and the occasional tidbit of developer drama (come on, don’t pretend it never [...]

GamesBeat is your source for gaming news and reviews. But it's also home to the best articles from gamers, developers, and other folks outside of the traditional press. Register or log in to join our community of writers. You can even make a few bucks publishing stories here! Learn more.

You are now an esteemed member of the GamesBeat community. That means you can comment on stories or post your own to GB Unfiltered (look for the "New Post" link by mousing over your name in the red bar up top). But first, why don't you fill out your via your ?

About GamesBeat