Hacker extraordinaire, George Hotz, has denied any involvement in the current crisis to effect the Playstation Network.
Hotz came to fame firstly for being the first person to jail break the iPhone, but became even more notable when his house was raided after Sony accused him of hacking and publishing the root key for the Playstation 3.
The root key allowed users to run home-brew software, and in turn led to the current intrusion by unknow parties.
When his plight was splashed across the internet, hacktivist ground Annonymous was created to attack Sony for the treatment of Hotz.
Since then hotz and Sony settled out of court and it looked to be the end of the saga, well not quite, the Playstation 3 network was broken into and the personal details of 75 million users was compromised, with no one taking responsibility for the one of the most infamous pieces of cyber terrorism in the 21st century.
In a blog post, Hotz, who was recently felt that force of the entire of Sony’s legal team said:”Anyone who thinks I was involved in any way with this, I’m not crazy, and would prefer to not have the FBI knocking on my door. Running homebrew and exploring security on your devices is cool, hacking into someone else’s server and stealing databases of user info is not cool. You make the hacking community look bad, even if it is aimed at douches like Sony.”
Hotz went on the explain the idea behind the original hack was to create a homebrew alternative to the PSN, a place where hackers could play together without interfering with the rest of the law abiding community. Hotz also claimed it's not the Sony Engineers fault but the naïve Sony board members.
“The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts,” he writes.
“Alienating the hacker community is not a good idea.”
Sony will probably never publicly reveal how its infrastructure was so easily attacked, allowing the personal details of 77 million users to be stolen, but Hotz is willing to speculate, and would love the read how it was done, but accepts that this may never happen, only if the perpetrator is eventually caught, but we doubt someone of there talent would leave a trail right to his door, and if he has then he’s not as clever as everyone seems to credit him for.
“I bet Sony’s arrogance and misunderstanding of ownership put them in this position,” he says. “Sony execs probably haughtily chuckled at the idea of threat modelling. Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client (can’t trust those pesky consumers), everything is good.
“Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client. It’s the same reason [Modern Warfare 2] was covered in cheaters, EA even admitted to the mistake of trusting Sony’s client. Sony needs to accept that they no longer own and control the PS3 when they sell it to you.
“Notice it’s only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren’t crazy.”
Hotz finished with passing shot the people behind the latest intrusion “To the perpetrator, two things. You are clearly talented and will have plenty of money (or a jail sentence and bankruptcy) coming to you in the future. Don’t be a dick and sell people’s information.”