It is soon going to be news when a day goes by without a report about some business unit of Sony being hacked.
Reports came out last night like this one at Reuters and this one at the Epoch Times that the hacking group LulzSec broke into Sony BMGthis time and publicly posted source code to the Sony Computer Entertainment Developer Network yesterday morning.
The story at Epoch Times states that access to the source code could allow hackers to find, exploit or more worrisome, create security holes in Sony IT systems.
There was also a story at Time's Techland website reporting Mr. Jack Tretton, President and CEO of Sony Computer Entertainment of America (SCEA) as saying that Sony's Playstation Network activity is now at 90% of the level before the April hackfest and network outage. It will be interesting to see the level of activity once the freebies disappear.
There is also a story at Bloomberg News today that discusses the difficulty in trying to bring criminal hackers to justice, something that is conspicuously missing in the latest round of hacking attacks, except maybe in the Hyundai Capital case.
The story quotes Mr. Pablo A. Martinez, Deputy Special Agent in Charge, Criminal Investigative Division, U.S. Secret Service (see a bio here in PDF) as comparing the current state of the cyber security-related prosecutions to that of the prosecutions of drug cartels in the early 1980s. Mr. Martinez says that:
"What the Secret Service has to do is take the successful model that we introduced in South America to defeat some of that stuff and incorporate it in what we do in cyber."
A tactic used against drug cartels is cultivate informers. If you believe this story also published today in the London Guardian, the Secret Service and Federal Bureau of Investigation are hip-deep in hackers who are also informers.
The Guardian story claims that 1 in 4 hackers is an FBI informer.
If true, then why the shortage of arrests? Are the FBI informers really connected to criminal groups, or are they more the pranksters that this story in the Wall Street Journal yesterday highlighted? Or are the real culprits outside US jurisdiction, as is implied in the Bloomberg News story as the main reason for the lack of arrests?
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.