Tuesday, May 24, 2011

TREBLE HACK

Once is happenstance. Twice is coincidence. The third time it's enemy action."
-Auric Goldfinger

Sony has been having a lot of problems lately. Their Playstation network was hacked a few weeks back and personal data from 25 million customers was taken, including credit card numbers, passwords, and so on. For weeks their SOE and Playstation network went black as they worked on the problem, then they came back with big apologies and gifts for people. Paying customers were given free time on their games, and Sony promised they were better prepared now, and offered free Identity Theft protection services at their expense.

Then they got hacked again. This time, the hackers hit Sony Online Entertainment, which is their host for Everquest, Star Wars Galaxies, DC Heroes, and other MMOGs. Again tens of millions of customers had their personal data stolen by hackers. Their games went black again as the problem was worked on.
Link
Now, we find out that Sony was hacked again (NSFW site). This time the damage was significantly less, with "loyalty points" stolen from repeat and long-time customers. These points could be redeemed to buy various things from games, and were not very valuable in real world dollars.

What is going on I'm sure is a focus of intense investigation, but it seems to me that its pretty likely someone inside Sony is behind the whole problem - an insider who works with the hackers. All that credit card information, all those passwords, all those addresses and names and game data are worth a lot. Everquest isn't the giant it used to be, but people still pay real world money for plat and items in-game, and that's true for all their games. Players are going to come back to naked characters stripped by hackers for gear and to sell for cash.

Its suspected that the third hack came from data that was gathered in the previous ones, and that the second hack was done using what was learned from the first, in the same manner. What is certain is that some computer savy mob (I'd guess Russian or Chinese) just earned a lot of cash at Sony's expense, and players are going to be extremely hesitant to trust Sony with any credit card information.

World of Warcraft has been having hacker problems for a while so they installed an "authenticator" system which generates a special short-term six digit code, making hacking based on passwords virtually impossible. The problem is, the Sony hack was done through Sony, not through the customer end, so all the authenticators in the world are useless to stop that.

Computer crime is a real problem, and as long as companies like SOE and Blizzard exist, they'll be prey for these outfits. When a bank is robbed, various governments protect the investments and savings of customers, but these games are often international and the assets are imaginary. My level 68 Wizard in Everquest I retired over 6 years ago is almost certainly standing naked in the Bazaar now, penniless. I don't even recall what gear he had, but the password and credit card info is long, long since out of date so at least its useless for the hackers. His gear wasn't all that great anyway.

In any case, buyer beware, there's no way to be completely safe with these online games, and in some ways they're more vulnerable than other businesses. It might be a good idea to use a dedicated gaming-only credit card that's unrelated to the rest of your banking for this sort of transaction.

Lets hope they get the bad guys. On the bright side, Sony is going to work hard for a year or more rebuilding their reputation, so expect tons of fun ads, interesting material in their games, special promotions, and giveaways.

No comments: