On Friday, 10 June, Spanish police announced the arrest of three hackers for allegedly targeting banks, Middle Eastern governments, MasterCard and, most important perhaps, Sony.
Why Sony? Because over the past year, a high-profile international war has been waged by hackers against the consumer electronics giant. There have been denial-of-service attacks and data breaches. The arrest was meant to send a message that the war was being won by the authorities.
But in the short history of gaming, disruption regularly comes from the computer underground, leading to some of the greatest achievements in the medium’s relatively short history. The recent battles highlight a recurring question for the industry: Are hackers good or bad for gaming?
Sony’s problems stem from a single hacker: George Hotz, a young programmer from New Jersey. He managed to gain full access to the PlayStation 3 and shared his hack with the world. Sony was worried that such an intrusion would encourage piracy and aggressively moved to silence Hotz.
The game industry has had a long and unique love/hate relationship with hackers. Many of the earliest gaming pioneers and developers began their careers as hackers. They were the MIT students who created Spacewar! on a mainframe in the 1960s, the home-brew geeks working on Apple IIs and Commodore 64s in the ’80s, and the Doom generation working on PCs in the ’90s.
As these early engineers grew into positions of power within the industry, they began encouraging hackers actively on their own. John Carmack, technical director and cofounder of Id Software, creators of Doom and Quake, has built his business on the hacker ethic. "I think [hacking] is good for the evolution of like knowledge in general," he once told me. "You work on top of the results of other people, and you can’t do that when you’ve got these black boxes."
But while computer game pioneers see value in the hacker ethic, console makers—which rely on selling proprietary hardware—have often treated hackers as a threat. When players modify hardware to run home-brew software and open source operating systems, they also render antipiracy technology useless. Over the years, Sony, Microsoft, and Nintendo have successfully sued distributors of "modchips"—add-on hardware that allows for copyright protection circumvention.
In the annals of game hacking, the battle over the PS3 didn’t seem that different in the beginning. It started in January 2010, when Hotz revealed that he had gained access to PS3’s system memory and processor. "I can now do whatever I want with the system," he told the BBC. "It’s like I’ve got an awesome new power—I’m just not sure how to wield it."
His technique made use of OtherOS, a PS3 function that allowed players to run alternate operating systems, like Linux, on their consoles. Sony had advertised OtherOS as a feature when the company released the first PS3 console in 2006. "It was fully intended that you, a PS3 owner, could play games, watch movies, view photos, listen to music, and run a full-featured Linux operating system that transforms your PS3 into a home computer," the manual read. But after Hotz posted his technique online, Sony felt the security of the system had been compromised. They feared that Hotz’s hack might allow users to run illegal games. Citing "security concerns" not explicitly linked with the PS3 hack, Sony released a firmware update that disabled OtherOS.
In April 2010, Plaintiff Anthony Ventura filed a class action suit in the Northern District of California against Sony Computer Entertainment America (SCEA) complaining that "Sony’s decision to force users to disable the Other OS function was based on its own interest and was made at the expense of its customers."
The outrage soon spread around the world. By the end of 2010, hackers in Australia and Germany had released PS3 jailbreaks of their own. The German hacker team, failoverfl0w, presented their findings at the Chaos Communication Congress, a technical conference in Berlin devoted to security and policy issues. In January, Sony sued Hotz and failoverfl0w for circumventing the console’s copyright protection. The company alleged, among other things, that Hotz had violated the Digital Millennium Copyright Act as well as the federal Computer Fraud and Abuse Act and the company’s terms of service agreement.
The Electronic Frontier Foundation, a leading civil liberties group devoted to digital rights, said "Sony is sending [a] dangerous message: that it has rights in the computer it sells you even after you buy it, and therefore can decide whether your tinkering with that computer is legal or not. We disagree. Once you buy a computer, it’s yours. It shouldn’t be a crime for you to access your own computer, regardless of whether Sony or any other company likes what you’re doing."
As the class action over OtherOS and the online outcry proceeded, Sony looked to cast an even wider net. A California district court approved Sony’s subpoena request [PDF] requiring Twitter, Google, PayPal, YouTube, and Bluehost to supply information on Hotz's hacking efforts (including the IP addresses of anyone who visited his blog).
Colin Sebastian, an analyst with Lazard Capital Markets, a New York City–based technology research firm, says suing game hackers is often ill advised. "It’s been shown before that when companies go after piracy and hackers, the best strategy is to do it as quietly as possible or you attract more attention," he says.