Hacking hackers

I’ve been toying with the idea of expanding the subject matter of this blog, and I’ve decided to take the plunge. This week will be an exception, but on Monday-Wednesday-Friday I’ll take on business topics as usual. On Tuesdays, Thursdays and Saturdays I may slip in something else that’s on my mind.

I’ve been watching Sony’s troubles with the PlayStation Network with great interest. My business partners and I have no great love for Sony (They’ve vowed to put an end to the used game market, after all), but what’s been happening to Sony we wouldn’t wish on our worst enemy.

In case you haven’t been following it, Sony’s PlayStation Network (PSN) has been broken into by hackers, who shut down the site and stole a great deal of personal user information. It was later discovered that they had also managed to get into an obsolete database and get credit card information as well. Since then PSN has been hacked again at least once.

The reported cause for the attacks was because Sony has decided to sue a hacker who figured out how to hack the PlayStation 3 and then published the information for anyone to use.

A fairly lively debate has sprung up around this one our business’ Facebook page, where we’ve been posting regular updates on the situation. The issue divides out largely into two camps–those who believe that Sony had it coming and are completely at fault, and those who believe that the hackers bear the majority of the responsibility.

As I said, my partners and I are no Sony fans, but fair is fair. While it’s evidently true that the security on PSN was rather feeble, and it’s true that Sony are rather heavy-handed in their public relations, to blame them entirely for this attack is like blaming the victim of a robbery for failing to lock their door. Had the hackers not determined to do something that is very obviously illegal there would have been no attack, and no inconvenience for millions of Sony customers.

Now it appears Sony is considering offering a bounty for information on who is responsible for the attack. The anti-Sony crowd feel this is just more heavy-handed bullying, but I disagree. In fact I applaud their turning this around, if that’s what they do. They’d be fighting the hackers with a “hack” of their own, only this one attacking on a psychological level. Sony has enough money to throw at this to make the bounty worth picking up. It will likely be a race among the hackers to see who can rat out the others and collect the money. Just as the hackers exploited weaknesses in Sony’s security, Sony could exploit weaknesses in human nature and hacker personalities.

What the hackers did was illegal, and whatever moral high ground they felt they held disappeared when they started publishing some of the stolen personal information on the Internet. I cannot condone illegal means to punish even the most heinous (but legal) corporate behavior. And my personal interest in human nature, psychology, and public relations will be watching intently to see how this plays out over the next weeks and months.