The recent Playstation hack was inspired by an earlier incident, one expert believes
Sony's determined pursuit of a famous hacker last year may have incited the recent Playstation breach in a development reminiscent of the revenge attacks against companies who withdrew their support from Wikileaks, according to a leading internet security expert.
The recent Playstation Network hack is one of the biggest cyber attacks of all time. As a result of the intrusion Sony is now “rebuilding its security system from the ground up”, according to Dave Whitelegg, information security manager at CAPITA.
Last year, Sony reportedly settled a legal battle with the notorious hacker George Hotz, who seized fame for hacking the iPhone and went on to breach the Playstation 3 security system. Whitelegg suggested that Sony’s aggressive pursuit of the case may have incited the April attack on its network.
The Playstation Network uses cloud computing (online data storage). Sony enables the cloud so that Playstation gamers can interract online. But more and more technology systems today use cloud computing, including mobile phones, televisions and even cars. This results in a highly complex security environment, noted Whitelegg.
“The more complex a system is, the more difficult it is to secure," he said. “It often takes a breach for companies to realise how important security is.”
Large organised criminal organisations represent the biggest risk to internet security, warned Whitelegg.
Rich countries and the financial services sector are most at risk from cyber attacks, he added. “It depends entirely on where the money is.”
While extradition laws in China and Russia make it very difficult for the authorities to prosecute hackers, continued Whitelegg.
Whitelegg also suggested that big companies like Sony have become complacent because the law does little to encourage them to protect customer information. He described laws on this subject as “toothless.”
Following the Sony cyber attack, Obama has chosen to address this problem by proposing new cyber risk protection legislation.