Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Sony hacker arrests: 5 questions

Will the arrests in Spain stop the cyberattacks? Or will they simply stir the Anonymous hornet's nest?

Arrests in Spain related to the Sony Playstation Network hacking case have computer users wondering whether the loosely organized Anonymous hacker coalition is weakened -- or merely irritated by being busted.

Officers with the Technological Investigation Brigade of the Spanish National Police arrested three people Friday as part of an investigation that began in October 2010. Using Websites and chat networks, police said, Anonymous hackers organized DDOS attacks against Spain's Ministry of Culture.

Who are These Guys?

Spanish police said the three people arrested in Barcelona, Alicante, and Valencia helped direct attacks on Websites for the Sony PlayStation Store, the bank BBVA, the Italian utility company ENEL, and the governments of Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand. Authorities haven't released names of those arrested.

Did They Get the Right People? All of Them?

We can't know the answer to the first question, but the answer to the second is "Probably not." Anonymous and similar hacker networks have a loose, decentralized structure that attract people who enjoy the technical challenge of cybercrime or who feel obligated to bring down corporations or governments.

"Police may have found some of the hackers. But how many?" says Harvard Business School professor Benjamin Edelman. "And what stops another group from doing the same thing? For any company that has technically-capable adversaries with a bone to pick, Sony's experience is cause for concern."

"A hacktivist can be simply someone who looked at a news story," says Benjamin Wright, a Dallas attorney who teaches the law of data security and investigations for The SANS Institute. "There is a sense of political mission. Some people in the world feel very strongly about it ... It's a very, very fluid cultural phenomenon we've seen emerge. It's global and it's extremely hard to predict."

What Penalties can be Applied? Will They Go to Jail for a Long Time?

Maybe, Wright says. If prosecutors in many global jurisdictions pursue criminal charges against the hackers, "It could be possible for someone like this to be put away for quite a number of years," riding the international prison circuit from nation to nation.

According to a report in The New York Times, Spanish police confiscated at least one server that they say shows a link between the people who were arrested and various Anonymous attacks. "Forensic proof in cases like this can be challenging," Wright says, but both the law and the technology are evolving rapidly.

SANS Technology Institute President Stephen Northcutt had a more cynical view. "If they are convicted, Spain is not overly tough on computer crime, so they [could] spend about two years in prison and come out as famous security researchers," he says.

Will Hackers Leave Sony Alone?

Not likely, Edelman says. "So far hackers seem to have the upper hand. They've found a never-ending stream of weaknesses in Sony's systems, and at every turn they've been able to disrupt Sony's operations."

Sony's security shortfalls "were particularly egregious," he adds, suggesting that customers who were locked out of their accounts for weeks on end "should receive especially generous compensation."

What Should I Do Now?

Sony PSN customers -- and every other computer user -- should maintain vigilance against data and identity theft issues, Wright says. "You should always be on red alert for security issues," he says. "All of your data is subject to abuse at any time."

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: etwork, Harvard Business School, Playstation, SANS Institute, Sony, Technology, The SANS Institute
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: firewalls, hackers, network security, Playstation, security, sony
Latest Blog Posts
Whitepapers
  • Eliminating Tape
    When it comes to storage and backup, the old tape may not ‘cut the mustard’ in today’s world. But how does one move on from tape? This Computerworld Australia Guide, sponsored by EMC, examines whether the Cloud will provide a viable long-term archiving option to magnetic tape. This guide also looks at eliminating tape by examining storage and backup alternatives, taking examples of organisations that have managed to overcome problems with tape. Read more.
    Learn more »
  • Stella Travel Services embarks on a strategic refresh of print operations
    Stella Travel Services embraces Managed Print Services (MPS) to deliver savings, centralise and consolidate print operations in order to gain control of print costs and streamline IT support. Read more.
    Learn more »
  • 10 Mobile Security Requirements for the Bring Your Own Device (BYOD) Enterprise
    An enterprise mobility strategy needs to include more than the provisioning and security services available through mobile application and MDM solutions. To meet the mobility and security requirements of mobile users, enterprises need to look at deploying a solution for mobile content management (MCM) that supports BYOD policies. Read this whitepaper to learn: Why provisioning for mobile users has become more complex; Ten requirements to consider when selecting a mobile content security solution.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments