Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Lawsuit Claims Sony Canned Security Staff Just Before Data Breach

Soulskill posted more than 3 years ago | from the perhaps-a-lesson-has-been-learned dept.

Sony 99

Stoobalou writes "A lawsuit filed this week suggests that Sony sacked a group of employees from its network security division just two weeks before the company's servers were hacked and its customers' credit card details were leaked. The suit, which seeks class action status, is being brought by victims of the massive data breach that took place in April."

cancel ×

99 comments

Sorry! There are no comments related to the filter you selected.

Error 503 Service Unavailable (1)

Anonymous Coward | more than 3 years ago | (#36558330)

Service Unavailable Guru Meditation: XID: 1643227444 Varnish cache server

Welcome back (1)

2phar (137027) | more than 3 years ago | (#36558340)

to the internet

https:// (3, Informative)

TheNinjaroach (878876) | more than 3 years ago | (#36558382)

Fixes my ability to view Slashdot articles.

Re:https:// (1)

Aladrin (926209) | more than 3 years ago | (#36558410)

OMG Thank you. I'm definitely trying that next time. Refreshed a story for like 10 minutes earlier and never got to it. This one took a few minutes and finally worked.

Re:https:// (1)

ideaz (1981092) | more than 3 years ago | (#36558412)

So was how some folks at my workplace were able to access Facebook before it was known to the IT dept.

Re:https:// (1)

shoehornjob (1632387) | more than 3 years ago | (#36558918)

The varnish guru's have been at it again. I just got the ability to post on the site from my work computer after 4 months of inactivity.

So they sacked them too early (1)

codewarren (927270) | more than 3 years ago | (#36558392)

Or too late

Re:So they sacked them too early (5, Interesting)

tjkwentus (2291680) | more than 3 years ago | (#36558434)

Or too late

Or the sacked were involved in the breach.

Re:So they sacked them too early (2)

Normal Dan (1053064) | more than 3 years ago | (#36558724)

Or the sacked were involved in the breach.

this was the first conclusion I jumped to. There seems to be a few stories out there about disgruntled IT workers.

Never put security in the hands of someone you're not paying very well. And never tell an IT working they are being sacked until they are already gone and passwords have been changed.

Re:So they sacked them too early (1)

McNihil (612243) | more than 3 years ago | (#36559264)

Or they sacked them because the breach was done years ago and the higher ups saw that their sec team was completely incompetent.

Regardless of why and how I firmly believe that the breach was wide open well before it got publicly known.

Re:So they sacked them too early (1)

icebike (68054) | more than 3 years ago | (#36559600)

Higher ups saw something early? Nah.
Its not in the nature of higher ups to know the details of the work their underlings do in this pointy-haired world.

I suspect it is what it looks like, and even if the sacked workers were not directly involved there was
probably some private communication on some back channel.

My most generous evaluation upon hearing this was that those who were supposed to be watching the logs and responding to alarms were gone, which makes it Sony's fault. My most pessimistic evaluation is they pissed off their staff and paid the price.

Re:So they sacked them too early (2)

c0mpliant (1516433) | more than 3 years ago | (#36561556)

Irregardless of whether the security team were watching logs or not, there seems to be fundamental failures of their security teams in terms of network infrastructure, design and implementation. Unless they were removed because they were making too much noise about replacing their entire network with a more solid security based design, I would say this was a good move. Their security team was clearly ineffective. From everything that has come out, it didn't need to be an inside job to have been done and some of the gaping holes that were left unchecked for years are (in some cases) absolute basic security principals.

Re:So they sacked them too early (1)

slick7 (1703596) | more than 3 years ago | (#36560736)

Or they sacked them because the breach was done years ago and the higher ups saw that their sec team was completely incompetent.

Regardless of why and how I firmly believe that the breach was wide open well before it got publicly known.

I am sure that is what most execs would like to believe, however, their arrogance usually knows no bounds. Being so full of themselves, they obviously bit off more than they could chew.
You have attributed conditions to villainy that simply result from stupidity. - RAH

Re:So they sacked them too early (3, Insightful)

Jah-Wren Ryel (80510) | more than 3 years ago | (#36559998)

And never tell an IT working they are being sacked until they are already gone and passwords have been changed.

That is terrible advice, especially the "never" part.

There is a cost to treating employees that way - it promotes a pervasive culture of distrust within the company that can be extremely damaging. It tends to chase the best and brightest on to somewhere else where they feel more respected and encourages a punch-clock mentality among those who do stay.

It isn't like a unilateral policy is a guarantee against sabotage anyway - it doesn't take a whole of lot of brain-power for an off-balance IT guy to set up a dead-man's switch that will kick off a bunch of havoc unless he logs in to disarm it on a regular basis.

Far better that managers should actually manage and determine on a case by case basis if the person being terminated requires exceptional handling or not.

Kicking the dog (1)

dbIII (701233) | more than 3 years ago | (#36563644)

Do you also blame poorly paid policemen for crime?

Re:So they sacked them too early (1)

tjkwentus (2291680) | more than 3 years ago | (#36563718)

Couldn't agree more.

Re:So they sacked them too early (1)

L-four (2071120) | more than 3 years ago | (#36572922)

I wouldn't put it pass IT worker leaving putting in back doors for personal use.

Re:So they sacked them too early (4, Funny)

ElectricTurtle (1171201) | more than 3 years ago | (#36558810)

Those responsible for sacking have been sacked. They've all been replaced at the last minute at great expense by trained llamas.

Re:So they sacked them too early (1)

marcosdumay (620877) | more than 3 years ago | (#36559052)

And THAT explains the breaches.

Re:So they sacked them too early (3, Informative)

idontgno (624372) | more than 3 years ago | (#36559690)

Yup. Mexican Whooping Llamas are well known for their computer hacking skills and their nunchuku skills. Their magical skills are second only to Ligers.

2 weeks (5, Insightful)

Aladrin (926209) | more than 3 years ago | (#36558420)

Like 2 weeks was enough to cause the massive problems Sony had. Hah.

No, more like, Sony found out they were incompetent and was firing them for that. Too little too late, obviously.

And what should have Sony done, when they realized they weren't secure? Shut down their entire business for months until they could hopefully secure things?

I'm not pulling 'months' from nowhere, either. Sony's Japanese PSN is still down while they secure it because the government won't let them bring it back up.

Re:2 weeks (4, Insightful)

zigziggityzoo (915650) | more than 3 years ago | (#36558446)

Or - they were fired, and two weeks later hacked into the systems themselves.

Re:2 weeks (1)

Anonymous Coward | more than 3 years ago | (#36558512)

Or Sony fired them then purposely neutered their security systems to start a false-flag operation to convince the world governments to enact stricter internet standards in order to stop piracy.

Re:2 weeks (2, Funny)

Anonymous Coward | more than 3 years ago | (#36558640)

And somewhere within the labyrinthine Sony Complex, seated at an empty conference table, Mr. Kato folds his hands. "Just as planned," he whispers.

Re:2 weeks (1)

inca34 (954872) | more than 3 years ago | (#36559332)

I think that's about enough plot to make a movie! Do AC's have copyrights?!

Re:2 weeks (1)

palegray.net (1195047) | more than 3 years ago | (#36562326)

"Comments owned by the poster."

Whoever the poster is...

Re:2 weeks (1)

fridaynightsmoke (1589903) | more than 3 years ago | (#36558768)

Or Sony fired them then purposely neutered their security systems to start a false-flag operation to convince the world governments to enact stricter internet standards in order to stop piracy.

Or Bush ordered the hack because PSN users were close to uncovering the truth about the involvement of giant lizard-built space lasers in the 9/11 setup...

'Why Bush' you ask? Well, Obama is literally a puppet, a mechatronic puppet; controlled by brainwaves from the fleet of orbiting spacecraft piloted by angels who protect us from the lizards. And....

(While we're on crazy theories)

Re:2 weeks (4, Funny)

Obfuscant (592200) | more than 3 years ago | (#36558876)

Well, Obama is literally a puppet, a mechatronic puppet; controlled by brainwaves from the fleet of orbiting spacecraft piloted by angels who protect us from the lizards. And....

Much simpler and more nefarious than that. He's receives his control messages from one or more visual cuing devices placed in front of him whenever he appears in public, which contain encoded messages for him to speak at the appropriate times.

Humans, I mean we, call them 'teleprompters'.

Re:2 weeks (1)

SnarfQuest (469614) | more than 3 years ago | (#36559066)

You don't need anything so complicated. Just hack his teleprompters, and you own him.

Bush refused to use teleprompters... (1)

mswhippingboy (754599) | more than 3 years ago | (#36559350)

But then again, he couldn't read anyway.

Re:2 weeks (1)

ATestR (1060586) | more than 3 years ago | (#36559386)

"I like-a do the cha-cha"...

Re:2 weeks (1)

carpenoctem63141 (2266368) | more than 3 years ago | (#36559782)

Well, Obama is literally a puppet, a mechatronic puppet; controlled by brainwaves from the fleet of orbiting spacecraft piloted by angels who protect us from the lizards. And....

Much simpler and more nefarious than that. He's receives his control messages from one or more visual cuing devices placed in front of him whenever he appears in public, which contain encoded messages for him to speak at the appropriate times.

Humans, I mean we, call them 'teleprompters'.

So you're saying he's like a black Ron Burgundy.

Re:2 weeks (0)

Anonymous Coward | more than 3 years ago | (#36560274)

you are nuttier than a squirrel turd

Re:2 weeks (1)

danbuter (2019760) | more than 3 years ago | (#36560306)

Heck, Obama doesn't even sign the Bills anymore. He has a computer pen do it for him! He's laughing at all of his in his MIDI voice once the cameras are off.

Re:2 weeks (1)

turgid (580780) | more than 3 years ago | (#36559478)

Now we know David Icke's [google.com] slashdot ID.

Re:2 weeks (1)

UnknowingFool (672806) | more than 3 years ago | (#36558772)

What's probably more relevant to the suit was whether Sony was aware of the alleged small scale attacks and did nothing about. The layoffs may not have had any impact on the security of Sony as it assumes the laid off personnel had the skills and could have secured the servers in question.

Re:2 weeks (0)

Anonymous Coward | more than 3 years ago | (#36558948)

Why don't you RTFA?

Re:2 weeks (2)

skr95062 (2046934) | more than 3 years ago | (#36559714)

this is /. WTF would anyone RTFA.

Re:2 weeks (1)

desdinova 216 (2000908) | more than 3 years ago | (#36560202)

because this is slashdot

Re:2 weeks (1)

icebike (68054) | more than 3 years ago | (#36559646)

Like 2 weeks was enough to cause the massive problems Sony had. Hah.

Two weeks was plenty of time if some of these people participated, or simply supplied account names and passwords
to people already well versed in hacking sites and leaving no tracks.

The massive problems were caused by Sony taking the systems off line to secure them. The hackers themselves
probably didn't do much damage at all.

Re:2 weeks (5, Insightful)

hey! (33014) | more than 3 years ago | (#36559694)

We're speculating here, and it's easy enough to cast the fired guys as villains or victims depending on what you want to imagine.

In the universe where they're victims:

That the security breech occurred so soon after these guys were fired is far from proof that they were incompetents. Two weeks is plenty of time for key systems to be mis-configured by a replacement who doesn't understand what's going on, or to fail to perform some important maintenance task like applying a critical security patch. It is also possible that the attack ought to have been detected and contained, but there was nobody left who knew how to do that.

In the universe where they're villains:

That the security breech occurred so soon after these guys were fired suggests they failed to secure the system, or were in fact actually malicious themselves. Two weeks would not be enough time to fix much after you fired them.

In any conceivable universe:

It would be stupid fire all your security guys for incompetence without bringing in replacements *first*. Even if these guys are incompetent, they know details that their competent replacements will need to know, and which are probably not well documented. Not knowing these details would set the competent replacements back far enough that they might take several more weeks to get things locked down properly.

Being prepared before you give the old team the boot goes even if you have *malicious* network guys. If management knows its job, they get the security tiger team AND the legal team AND the computer forensics team ready for action before the evil admins realize anyone's on to them. Then one morning the admins find themselves locked out of work and subpoenaed, and the systems all shut down damn the cost until the new security team say it's kosher to open for business.

In the universe we actually live in:

As yet we know very little about how the security disaster happened, and have no idea whether the events mentioned in the lawsuit are relevant at all.

Re:2 weeks (0)

Anonymous Coward | more than 3 years ago | (#36560216)

Please mod parent up. This is the first post I've read recently, by someone with an ID less than 50,000, that didn't have "Get off my lawn!!" worked into it, directly or indirectly. Unusually thoughtful for a /. post. Thanks.

Re:2 weeks (1)

joebok (457904) | more than 3 years ago | (#36561384)

You forgot the conspiracy theory universe:

1) Hackers hack into unsecured Sony executive's laptop to plant evidence of malfeasance of key security group.
2) Key security group is fired.
3) Hackers hack Sony site(s) left vulnerable by changing of the guard.
4) Hackers sue Sony for firing security people.
5) Profit!!

Re:2 weeks (1)

Tablizer (95088) | more than 3 years ago | (#36564584)

Which scenario has the goatees?

Re:2 weeks (1)

sjames (1099) | more than 3 years ago | (#36565140)

That the security breech occurred so soon after these guys were fired is far from proof that they were incompetents. Two weeks is plenty of time for key systems to be mis-configured by a replacement who doesn't understand what's going on, or to fail to perform some important maintenance task like applying a critical security patch. It is also possible that the attack ought to have been detected and contained, but there was nobody left who knew how to do that.

Or management had been requesting an incredibly stupid thing for months and the security team had been refusing for as long because of the extreme risk. The new team promptly complied with management since they knew what got the last guys fired.

Re:2 weeks (0)

theshowmecanuck (703852) | more than 3 years ago | (#36559722)

It's not like the Japanese are all that proactive or effective about safety and security. The Fukushima Daiichi nuclear plant has made that abundantly clear. Perhaps too much rigid hierarchical thought processes.

Re:2 weeks (1)

ThePhilips (752041) | more than 3 years ago | (#36559744)

Like 2 weeks was enough to cause the massive problems Sony had. Hah.

Large layoffs in large companies are rarely a big secret. Meaning that people likely new months in advance. Now imaging what would you do if you knew that your department is going to get an axe? Would you be doing your normal job? - or drinking coffee and looking for a new job already?

No, more like, Sony found out they were incompetent and was firing them for that. Too little too late, obviously.

Such companies are run by accountants. To them security is a buzzword without any particular meaning. After a successful lawsuit it might get a real $$$ number and then they would start paying attention to it. But not a moment sooner.

Also, RTFA mentions that according to lawsuit, Sony hasn't failed to properly secure their development servers - it was only the servers holding the customer information which were neglected.

Timeline (1)

ZombieBraintrust (1685608) | more than 3 years ago | (#36561846)

  • December 29, 2010 Fail Overflow has a hacking PS3 press conference talking about how the PS3 was hacked. They publicly show how each part of the PS3 security setup is a failure.
  • Early April, 2011 Sony fires some people in the security team
  • April 16-17, 2011 PSN is hacked resulting in loss of customer info

Re:2 weeks (1)

Anonymous Coward | more than 3 years ago | (#36562714)

Posting anonymously because we had Sony in for a tech briefing in January...while I wasn't in the room, one of my colleagues led a discussion around security.

He basically came away stunned at the lack of focus and seriousness they about network security. It was about what a typical web-site (not an e-commerce site) would have had in 2000.

Whoever actually hacked them, it was made possible by executives who didn't understand the need, didn't invest in the right tech, and didn't have anything close to the right governance around 100M+ user accounts.

Re:2 weeks (1)

dbIII (701233) | more than 3 years ago | (#36563782)

Somebody without adult supervision can seriously fuck up the security on a server in a lot less than two weeks.
An email server I set up was fucked up when the person who was given the root password set all file permissions to read/write/execute by anyone, gave everyone shell accounts, opened up ssh access from anywhere and one user had the password "coffee". A script kiddie just did a simple dictionary attack then and owned the thing so I was called back to set it up again.
I use one of the platters of the hacked disk from that machine as a mirror to remind me to be very careful who I hand things off to. Good developers can be the worst sysadmins on earth if they only care about making things easy for themselves (eg. "chmod -R a+rwx /" on a production system) instead of understanding that the machine is not just for their personal use and there is a big, bad internet out there.

Termination Justified (0)

Anonymous Coward | more than 3 years ago | (#36558440)

So, their termination was clearly justified as they failed to do their jobs properly.

'This network is like Swiss cheese. You're fired!' Two weeks later; pwned.

Re:Termination Justified (2)

JSBiff (87824) | more than 3 years ago | (#36558644)

Or, perhaps, they fired the people who tried to tell them the emperor has no clothes? Seems to me you are assuming an awful lot.

Re:Termination Justified (1)

hedwards (940851) | more than 3 years ago | (#36559172)

Indeed, given the severity of the vulnerabilities, it's hard for me to believe that this wasn't something that Sony's executive board knew about. If they're like many other businesses, they didn't feel like paying the cost of securing the service and got bitten on the ass. Whether it was an inside job or not, the exploit wasn't particularly sophisticated and should have long since been patched.

So? (2)

228e2 (934443) | more than 3 years ago | (#36558444)

It's not like they were in the middle of implementing a new security schema when they were let go. I'm pretty sure the fail of Sony to protect customer information occurred months before this.

Re:So? (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#36560050)

It's not like they were in the middle of implementing a new security schema when they were let go. I'm pretty sure the fail of Sony to protect customer information occurred months before this.

Unless these guys were being replaced by a "better" team then it goes to show a lax attitude towards security on Sony's part.

Built-in defense (1, Insightful)

DaveV1.0 (203135) | more than 3 years ago | (#36558464)

"They weren't doing their jobs so we fired them. Why do you think the intrusion happened in the first place?"

revenge for sacking? (0)

Anonymous Coward | more than 3 years ago | (#36558468)

maybe someone left the door open when they left?

Lawyers (0)

Anonymous Coward | more than 3 years ago | (#36558486)

"is being brought by victims" should read "is being brought by lawyers"

Re:Lawyers (1)

mcgrew (92797) | more than 3 years ago | (#36558550)

Unless it's a class action suit*, the lawyers represent the victims. When you need a lawyer, you NEED a lawyer.

*RTFA? Ewe muss bee knew hear!

Re:Lawyers (0)

Anonymous Coward | more than 3 years ago | (#36559632)

Ewe muss bee knew hear

Google tells me you and sm62704 are the same person?

Considering that account's signature is "mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest" you are either great friends or the same person.

What interests me further is how oddtom refers to sm62704 as mcgrew ... http://slashdot.org/comments.pl?sid=953551&cid=24983417 [slashdot.org] and there are references to users sm62704 (mcgrew) and mcgrew (sm62704)...

I'm just curious/confused why you need two accounts...

Re:Lawyers (1)

scot4875 (542869) | more than 3 years ago | (#36560494)

As sm62704's sig used to say a long time ago, his original account was mcgrew and he lost the password. It has apparently been recovered.

So as he said, "Ewe muss bee knew hear"

and now for something completely different... (4, Funny)

space_jake (687452) | more than 3 years ago | (#36558506)

Those responsible for the sacking have also been sacked.

Re:and now for something completely different... (1)

shoehornjob (1632387) | more than 3 years ago | (#36558956)

The sackers are now the sackee's. LMAO poetic justice.

Re:and now for something completely different... (0)

Anonymous Coward | more than 3 years ago | (#36559604)

My sister was once bit by a moose.

morons (0)

Anonymous Coward | more than 3 years ago | (#36558534)

Don't you get sick of morons who don't know shit getting paid 100k a year to stick their thumb up their butt because they "graduated with honors". "Honors" doesn't make you geek, it just makes you a piece of shit who submissively follows orders.

Re:morons (0)

Anonymous Coward | more than 3 years ago | (#36558582)

Someone sounds a bit jealous about not doing well in college.

Granted, it is annoying to see know-nothing's graduating with "Honors" getting jobs specifically because of it.

so it's an ex-employee's revenge? (0)

Anonymous Coward | more than 3 years ago | (#36558590)

not unthinkable.

Obviously It was justified (0)

Anonymous Coward | more than 3 years ago | (#36558596)

So, are they mad that people who weren't doing their job at a high level were let go or are they implying that these people opened holes when they left?

If you have security staff and you get hacked that badly, it's probably their fault on way or another.

Lesson Learned? (1)

jimmerz28 (1928616) | more than 3 years ago | (#36558610)

And none of them hacked in to change the PowerPoint for shareholders to porn?

They must have not learned from our article earlier this week...

Are they responsible? (0, Troll)

jonnythan (79727) | more than 3 years ago | (#36558672)

Anyone else thinking these guys may have had something to do with the hack themselves?

Re:Are they responsible? (0)

Anonymous Coward | more than 3 years ago | (#36558838)

I find it more likely they were fired for incompetence. That incompetence is what led to the hack.

Re:Are they responsible? (1)

ZombieBraintrust (1685608) | more than 3 years ago | (#36561534)

We know someone on that team was incompetent. That shit with key not being random has been there for years.

Re:Are they responsible? (1)

Nikker (749551) | more than 3 years ago | (#36558842)

From a legal prospect it would seem as an amazing scape goat. Also it could prove Sony had a role in letting the service continue running on cruise control while knowing it was likely to break down.

Re:Are they responsible? (1)

Coren22 (1625475) | more than 3 years ago | (#36559190)

Or quite possibly the security people informed the management about the problems and asked for budget to fix and were told no. I am guessing not many people saying they were at fault actually work for corporations...

Re:Are they responsible? (4, Insightful)

marcosdumay (620877) | more than 3 years ago | (#36559170)

Maybe they were fired because they complained too much that Sony didn't care about security. Or that they upped that complain into the CEO, that preferred the CIO version. Maybe they threatened to make the problem public and their boss didn't like it. Maybe they weren't seen as productive because they kept fixing things the entire day, instead of helping build new things, and were understaffed. Maybe the company didn't like the policies they tried to put in place, so not only didn't accept the policies, but also fired them (this option seems to be quite likely). Maybe they weren't competent enough to put some good security in place, but still dedicated enough to security so that they anoyed people. Or, finally maybe they were justly fired by incompentence.

The Natural Suspicion... (1)

Kamiza Ikioi (893310) | more than 3 years ago | (#36558882)

... is to suspect that if you fire someone in IT Security and your organization is hacked 2 weeks later... hmmm, who would be your first suspect?

Re:The Natural Suspicion... (1)

Israfels (730298) | more than 3 years ago | (#36559392)

I fired our janitors and two weeks later the place was a mess. The janitors did it!
I fired the police and two weeks later crime rates were sky high. The police are the culprits!

It all depends on what Sony did to keep security up after it fired the workers. If they didn't replace them with at least temporary contractors or IT people from other departments, then they intentionally left their guard down. Strike when the guard is down. Just because the events occurred near each other is circumstantial. If I was working on penetrating Sony's systems, I'd increase my attempts if the security department just got laid off too.

Re:The Natural Suspicion... (1)

ZombieBraintrust (1685608) | more than 3 years ago | (#36561564)

The new guys. They came on and then 1 week later. Bam! Hacked.

But the question is why? (1)

hypergreatthing (254983) | more than 3 years ago | (#36558910)

Were they all canned as a corporate profit/cost saving measure or because they were complaining about problems/security flaws and their upper management didn't want to hear about it? Or maybe they were all incompetent?

That's what really makes the difference in this case.

Re:But the question is why? (1)

SnarfQuest (469614) | more than 3 years ago | (#36559102)

Were they really fired? That should be the first question asked. No need for conspiracy theories if nothing actually happened.

Re:But the question is why? (1)

hedwards (940851) | more than 3 years ago | (#36559222)

Corporate America does that from time to time, rather than having to pay out for unemployment, they make the job so hellishly miserable that the employee quits and the has the human trash at the unemployment insurance department cover their asses for it.

It boggles my mind as to why the adjudicators aren't prevented from being paid by the employers. The money should be coming from the state. But then again the money to pay for the USPTO should be coming from the Federal Government rather than from fees, so nothing new there.

Re:But the question is why? (3, Informative)

theshowmecanuck (703852) | more than 3 years ago | (#36559668)

There was a lawsuit a few years ago in the U.S. where precedent was set for Constructive Dismissal a.k.a, Constructive Discharge [wikipedia.org] . This is when a company makes it so unbearable to work there, the employee has to quit. This is treated as unfair or wrongful dismissal, and the employee can sue the company as such. I remember reading about this when I lived in the U.S. where a woman sued her former employer under this concept and won. From what I gather it is a good idea to talk to a lawyer before you quit [timslaw.com] if you are going to try this.

Who cares why they fired them- I want Sony $$ (4, Interesting)

gearloos (816828) | more than 3 years ago | (#36559568)

I could honestly care less why they sacked them. I just want something out of SONY. For the PS3 storing open text negligence, for taking away a feature I paid for (Linux- Other OS) and not giving a rats ass about me, for the Rootkit they put on my system with no real punishment, for the liars that lobbied the Bluray to win over the far superior technology that was HDDVD, for well, "EVERYTHING SONY". For the rootkit alone, their senior staff should have been criminally prosecuted. If I was to put a rootkit on a SONY Server by giving an employee a cd to listen to at work, I'd certainly be in jail. The best part- I went to GTPlanet (for the Gran Turismo Game, GT5) after this and the dam Fanboi mentality of today is every post I saw that complained or said anything remotely bad was shut down by 100 posts saying Sony is such a great company for trying to rebuild everything and that it is so great they are looking out by telling everyone about it..blah blah blah I've had enough- Boycott these thieving asshats. I want my $0.99 from the Class Action Suit. It's almost as good as a company changing the law like Verizon and ATT with their "Unlimited" Plans that are actually 5GB or less.... Truth in advertising? But I digress... I only mention them because they are also tops up there on the list with Sony of companies that do what they please and colude but yet give lots of $$ to lobby their cause to a corrupt (or rather incompetent) judicial system.

Re:Who cares why they fired them- I want Sony $$ (1)

jd2112 (1535857) | more than 3 years ago | (#36560516)

End result: Lawyers will get big $$$ in a settlement, you'll get a free month of PSN and a chance of identity theft after the next breach.

Re:Who cares why they fired them- I want Sony $$ (1)

ZombieBraintrust (1685608) | more than 3 years ago | (#36561670)

They gave you two free games and a month of Playstation Plus. They also give you a year worth of identity theft insurance. That is more than $0.99 from any Class Actions suit. Hell if you have a PSP then that is 4 games. Then there was the free movie rentals and 6 months of Qriocity music thing.

You can't complain that they didn't try to give you 'something.'

Some of things you mention did have class action suits. The root kit thing resulting in Sony replacing CDs.

Re:Who cares why they fired them- I want Sony $$ (1)

Man On Pink Corner (1089867) | more than 3 years ago | (#36564420)

I just want something out of SONY.

They already gave you a free rootkit, what do you want? Don't be greedy.

Re:Who cares why they fired them- I want Sony $$ (0)

Anonymous Coward | more than 3 years ago | (#36591464)

While I mostly agree about the other ones, could you justify your claim of "for the liars that lobbied the Bluray to win over the far superior technology that was HDDVD"? HD-DVD certainly looked inferior to BluRay in nearly every way to me. They did roll out the full feature set in phases at the start; but if you'd bothered to do any research before spending $1K on an early BluRay player, you would have been aware of that. Aside from that bit of entertainment, which may be more due to Toshiba being the only HD-DVD manufacturer than having any sort of formal standard, I'm pretty sure BluRay was superior in every way (crucially, more space).

I really do hope they are forced to reenable the OtherOS in PS3 firmware, and hopefully compensate folks for lost time. Everyone tends to talk about Sony's role in the rootkit fiasco, but I rarely hear anyone mention MS's role they did after all leave AutoRun in their OS long after CD writers were common; I'm rather surprised we didn't see a plain ordinary virus spreading via CD-R long before the rootkit incident.

It won't happen overnight... (1)

Sir Realist (1391555) | more than 3 years ago | (#36559572)

I can't see a bunch of disgruntled ex-employees creating this entire security breach in two weeks.

I _can_ see a bunch of losers getting fired for not doing their jobs.

But I can also _totally_ see a bunch of disgruntled ex-employees, after being forced to work for ages with a broken security system which they did not themselves build, "accidentally" letting slip some inside info about that system's existing vulverabilities in the weeks after being fired. "Yeah? You don't reckon you need security staff? Lets just see if thats right..."

TFA doesn't answer the relevant question (1)

Torodung (31985) | more than 3 years ago | (#36560714)

The relevant question here isn't when they were sacked, or how many were sacked, but why they were sacked. The article doesn't really answer the question that matters. :^(

Re:TFA doesn't answer the relevant question (1)

esampson (223745) | more than 3 years ago | (#36564032)

There's a reason the article doesn't answer that question; because the answer is really, really dull.

At least that is what I'm assuming. The truth of the matter is that two weeks prior to the company's servers being hacked (March 30th) Sony Online Entertainment was forced to lay off a large amount of staff (I believe the number I read was 1/3) due to financial reasons. This layoff included programmers, designers, artists, administrative staff, and yes, people involved in the network security division.

I for one seriously doubt that there is really a causal relationship between the reduced network security staff and the breach. Two weeks just isn't long enough for things like that to fall apart. Just because people left the security they set up doesn't immediately shut down.

And for anyone who suspects that the employees who were let go caused the breach themselves, technically all those employees were still employed (there's a legal requirement that employees affected by large scale layoffs like this be given 60 days warning before being laid off, however because of reasons of security once people were given their warning they were sent home and paid for the next 60 days even though they didn't do anything). That would mean those employees would have been endangering six weeks of 'free' pay, their severance, and being paid for unused PTO.

While that doesn't absolutely rule out the possibility it does make it much less likely in my mind.

Re:TFA doesn't answer the relevant question (1)

Cyberllama (113628) | more than 3 years ago | (#36564716)

Yeah, people think its like the movie hackers. Whenever an attack happens, an alarm goes off and a security sits down into a chair and frantically begins typing in a frantic attempt to protect the Gibson. "He's breached the 3rd firewall!!!"

  That's just not how it works. Holes have to be closed *before* someone/something goes through them. If they hadn't found this hole for all the time it existed before it was exploited, odds are they weren't going to just happen to find it over the course of the subsequent week after they were fired.

SONY and Meetings (2, Interesting)

Anonymous Coward | more than 3 years ago | (#36561310)

I've worked at SONY, though not in the security group. To do anything, there were at least 10 meetings to "decide to do something" followed by another 20 meetings to decide "WHAT" to do. Often, the WHAT wouldn't be possible, because the doers weren't invited.

SONY can spend lots and lots of money on things they believe will make them money and $0 on stuff that doesn't ... like security.

Where I worked was filled with IBM-Japan running AIX systems. Half of these people were really sharp and the other half, well, not so much. I never met or heard anything about the Data Security team, but that wasn't my role while I was there, so it isn't surprising.

SONY wasn't much different from any other large company that hadn't needed to worry about security previously. I bet going forward SONY will make a security review part of every project going forward. It will be a checklist item that leads to 15 other checklists.

Pick any other consumer company, perhaps Emerson or Westinghouse. Do you think they have much real data security either?

Lays offs and abandoned departments (1)

La Gris (531858) | more than 3 years ago | (#36565388)

As I wrote to SOE support about the everquest2.com service and characters profiles being outdated and bugged, they replied straight it was due to the service having no staff to fix anything. I thing this tell much about the state of lays-offs and ability to secure or update services. The everquest2.com website identify users using station SOE logins.

Here is the reply the gave:

Subject: Bugged character profiles [Incident: 110619-000022]
Response Via Email (TSR Steven G.) 06/23/2011 09:15 AM
Greetings leagris,

Thank you for contacting Sony Online Entertainment. Unfortunately, since the EQ2 players site was converted to a free service, there is not a team set to maintain/update the site. We have no ETA when or if a team will be added to maintain/update the site. We are sorry for the inconvenience that this may cause. If you have further questions, feel free to contact us.

Regards,
CSR Steven G.

Re:Lays offs and abandoned departments (1)

La Gris (531858) | more than 3 years ago | (#36565424)

Here is my reply to their statements:

I contest you took part of the assets I pay for as my SOE subscription, to abandon it as a pretending free service. Shall I sue Sony about that?
Even critically, you straight tell me there is no team to fix bugs and hence this service may as well be subject to data breaches, like the one your fired security team failed to fix in may, and caused six weeks of unavailability and caused critical data like credit cards numbers, passwords and private user data to leak in pirates hands?
Sorry, but as a paying customer I demand you continue to provide the services I pay for with the corresponding assets being maintained, fixed and securely tightened.

Sony learning from Walmart? (0)

Anonymous Coward | more than 3 years ago | (#36561854)

So the Supreme court says a class action lawsuit of 1.2 million people was essentially too big to proceed for one large company, what are the odds that Sony pushes this one also to the Supremes to get it also summarily denied?

Granted, from the cheap seats, Sony's problem seems a little more concrete than the Walmart class action lawsuit, but... I'm thinking perhaps that Sony could argue that they had all the mandated protections they needed, and, well, $hit just happens sometimes, so why should we be getting sued for it?

Pesky security folks (1)

gweihir (88907) | more than 3 years ago | (#36562568)

Can't live with them, and when you finally get rid of them, what follows is worse.

On a related note, why not trial-fire all these stupid managers and see what happens?

I normally wouldn't (1)

MrKaos (858439) | more than 3 years ago | (#36562822)

But I feel it's appropriate to say hahahahahahaha.

If there was a lesson to be learned I feel it was probably lost amongst all the inevitable finger pointing and 'covering of ass' and other machinations. But don't worry, the appropriate tech staff not involved in the decision were reprimanded for not picking up the slack left but the involuntary departure of the security team.

Rest assured, no management was harmed in the production of this stupidity.

This is a silly premise for a lawsuit (1)

Cyberllama (113628) | more than 3 years ago | (#36564692)

I do believe Sony was negligent in its handling of sensitive customer information, though this is probably more common than we'd like to think. The vast majority of these exploits were found with an off-the-shell point-and-click vulnerability finder. That one website should fall to this sort of thing is a shame, when 20+ do over the span of a few weeks, its another matter entirely. Sony could have prevented many of these simply by running the exact same publicly named tool themselves after the first 2-3 incidents. That more Sony websites continue to be breached daily by the same method is simply inexcusable.

All of that said, these security holes didn't just magically appear after these people were fired, they were there for months if not years. If these people were not competent enough to find such trivial exploits, then they really didn't deserve to keep their jobs and having them on staff after the attacks began likely would not have improved the situation.

Sony has repeated violated the rights of customers (0)

Anonymous Coward | more than 3 years ago | (#36564906)

Remember the "root kit"? Not to mention numerous other infractions committed by this company against its customers. I vowed long ago that not one dollar of mine would go into the pockets of this anti-competitive, anti-customer company and have kept that vow. Hopefully, more people will look more closely at the policies of this company and use their dollars to show if they support, or condemn this company.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>