This is something I just don't understand, these hackers are targeting Sony - for whatever reason I don't care, that is not my business and I'm not employed by Sony. But, another hack has just happened and it appears Sony BMG Greece was hacked on Sunday using an SQL injection attack and lost more than 8000 customer records. LulzSecurity, known for hacking fox.com's login database are responsible and it seems that Sony just aren't really caring about the amount of attacks happening to them.
Now the question is, what are Sony doing? The message is clear, customers can't trust Sony anymore. Sophos Security researcher Chester Wisniewski wrote about the Greece intrusion, saying:
Sophos Security researcher Chester Wisniewski , who yesterday took a gentler tone when covering the Greece intrusion, this time firmly admonished Sony, writing:
While there is an enormous target on Sony's back as a result of these very public attacks it is unclear why this is happening. Is Sony taking security seriously or are there simply so many flaws from the past that exist in their public facing sites that it will take them a long time to patch them all?
I hope this is the last time I have to report on a flaw at Sony. Sony has announced they are working with several professional organizations to get their security house in order and for their sake I hope this happens sooner rather than later.
Sony are going to experience a world of pain to their bank accounts, Sony are claiming that the loss of 101 million records will only cost $2 USD per record, yet the average cost of a system intrusion in 2010 was $318 USD per record lost, so Sony must be understating the losses, or have got some seriously good black market contacts.
What remains? Why aren't these hackers using their undeniable power, consistency and persistance to hack greater targets? Why Sony? Why not BP? Or TEPCO? Or various Governments to find out information or to retaliate against them [Wall Street, etc] for the GFC? It seems like a waste of talent to me (not that I'm advocating hacking, but it's like breaking into a bank and not stealing money.... what would be the point of the initial attack?).