Second Suspect Only Four Months Later?
At this rate, they will round up all of the culprits by 2020 or so.
US police have arrested a second suspect in the June 2011 hacktivist attacks on Sony Pictures Entertainment, an assault that resulted in a breach of passwords and personal data involving 38,000 accounts. Raynaldo Rivera, 20, of Tempe, Arizona, surrendered to authorities on Tuesday after he was named in a federal grand jury …
>>Sony Pictures maintained that only 38,000 accounts were actually compromised.
Oh, well that's fine then, if it was only that many, especially since they were compromised by a thing called a "SQL injection attack" which no-one has ever heard of or learnt how to protect against...
</sarcasm> (just in case someone takes this seriously)
"Charges against Rivera come a week after it emerged that alleged LulzSec kingpin Hector "Sabu" Monsegur had been granted a six-month delay in his sentencing as a reward for his continuing 'assistance' to authorities"
Honour amongst thieves and all that. Oh how I despair.
Hey Hector, you know what they say... 'If you can't do the time, don't do the crime".
"The incident ultimately cost the entertainment giant $600,000 in security consultant fees and other charges"
I'm not defending the hackers, but if Sony had been a bit more responsible with customer's data and written their website a bit more securely (e.g. making sure that there were no SQL injection vulns in sensitive areas of their website) then perhaps they wouldn't have had to pay out the $600,000. Perhaps they didn't do this as it would have cost $$$. If so, then attributing $600,000 to the hackers is just plain wrong.
It's not all one sided here, Sony *were* the victim, but *they are also at fault*. In fact I think what Sony has done is perhaps more wrong that what the hackers did as they have betrayed their customer's trust by not making sure the data was as safe as they would have expected.
> In fact I think what Sony has done is perhaps more wrong that what the hackers did ...
What Sony did was make a mistake, what the LulzSec scum did was a deliberately malicious act.
Perhaps you think if you accidentally leave your car or house unlocked you deserve to be robbed?
> Here we go with that poor analogy again.
If you think somebody making a mistake (Sony) deserves to have criminal activity (hacking) directed at them then you have a warped sense of values.
It is no different than leaving your car unlocked (the mistake) and having it robbed (the criminal activity).
> is more like having pieces of paper containing your personal details displayed on your front window.
Looking at something displayed in somebodies window is not illegal. Hacking is a criminal offence.
That's simplistic. What is "hacking"?
Unauthorized access to a computer is generally the legal definition, but that's incredibly vague and could just as easily be used to describe looking at something displayed in someone's window, I suspect, if it were not for the "computer" clause.
An SQL injection is not even remotely the same as a buffer overflow, as an example. In that latter example you are actually gaining access and control to the computer, assuming you didn't mess up the shellcode or whatever, and to detect an vulnerability and weaponize it requires some amount of expertise and time.
SQL injection is merely displaying contents of the database that the engineer of the system didn't intend possible, and is within the ability of anyone with a browser to perform or check for; even the most basic by-the-book design should prevent it being even possible. It's not the same as "making a mistake" like leaving your car unlocked; a better analogy would be walking through a lion enclosure with raw meat strapped to one's body.
While it is certainly true that I have a warped sense of values, I do have some fragment of empathy left in this cold black heart. But Sony should be more careful if they are using/storing people's data.
Criminal negligence is also an offence.
Yours is even worse.
All analogies fail at some point, but I'll try to improve on yours.
It's like having dropped off your clothes at the dry cleaners and the dry cleaner hung your bill on the backside of a window so only internal staff could see it. Only they missed a mirror on the back wall that no customer could read. And someone who was not a customer walked into the shop with a camera, took a picture of the mirror through the glass, developed the film, printed the picture, pilfered the details of your bill, and then posted it on the internet.