June 6, 2011, 7:41 PM
Sony’s Security Problems Could Take Years to Fix
By NICK BILTON
Screenshot, via the Pirate Bay
LulzSec, a group of hackers, has attacked Sony several times in the past week and posted the company’s propriety server code online.
It’s been a tough couple of months for Sony. The company’s PlayStation Network was breached by hackers in late April and now several other units of the company have suffered broad security breaches.
In the last week alone, half a dozen Sony Web sites and servers, including some in the United States and Brazil, have been breached. On Monday a group of hackers calling themselves LulzSec posted proprietary Sony source code on file-sharing Web sites.
Although the members of LulzSec have gone after other organizations in the past, including Fox.com and PBS.org, the attacks against Sony have been unrelenting.
“These attacks are a combination of Sony’s lax security and a number of groups being very vigilant about breaking in to show how powerful they can be,” explained Frank Kenney, vice president of global security at Ipswitch, a company used to securely transfer files online. “What Sony has to do is re-examine their entire security system including the type of code they are using and the type of servers; they have to acknowledge that their brand is at stake.”
Mr. Kenney said that no server was impervious to hackers, but a company like Sony, with millions of credit cards and users’ personal information on file, had a responsibility to ensure protection “equivalent to the Department of Homeland Security’s servers is in place.” He said that the fact that dozens of Sony Web sites and servers had been breached indicated it was clearly a companywide problem.
“Any type of environment can be breached, but Sony has to come up with a plan that not only protects their infrastructure, but also convinces their customers that their credit cards and personal information is safe,” Mr. Kenney said.
In an interview in New York last month, Howard Stringer, Sony’s chief executive, said the company was working with a number of outside security companies and the Federal Bureau of Investigation to prevent further attacks. But Sony is definitely up against some untenable foes in this fight.
LulzSec doesn’t show any signs of easing its attacks on Sony, and the group is not deterred by the F.B.I., even taking up a fight with some of the organization’s affiliate groups. LulzSec also said in a Twitter message on Monday that it was receiving thousands of dollars in donations to continue its attacks on Sony.
Ron Gula, chief executive of Tenable Network Security, an enterprise security company, said the problems at Sony likely went back years when the company first built its infrastructure. “A lot of times these problems are more holistic, and that’s usually evidence by the fact that Sony has been attacked multiple times,” he said.
Mr. Gula said Sony would be unable to stop the attacks overnight and that it could take years for the company to get sufficient security in place to protect all its servers, databases and Web sites.
“Microsoft used to be the laughing stock of security and now they are now the shining example of good security,” said Mr. Gula. “It’s going to take a while for Sony to fix this, I think this will take years.”
News 
Market Data 
Discover 
AI
