Revenge Of The Nerds

Sony has a mess on its hands as a result of the numerous hacker attacks on their services. When thinking about this situation, it bears stating that companies and governments ought to be careful messing around with the hacker culture.

As I understand it, celebrated hacker George Hotz hacked the PlayStation 3 and Sony's lawyers went after him hard. What we are seeing now is the revenge of the nerds against Sony.

I am not saying what George did was right (although I am very sympathetic to hackers opening devices like the iPhone, the Kinect, the PlayStation, etc so that developers can build on them). I am not saying that Sony's lawyers weren't in the right when they sued George. This is not a post about what is right and wrong, legally or morally.

This is a post about the realities of the world we live in. Hacker culture is strong and getting stronger. Companies and governments should not underestimate the power of hacker culture to extract revenge on institutions they feel have wronged them. Unfortunately, it looks like Sony did just that and is now dealing with the repurcussions.



#Web/Tech

Comments (Archived):

  1. Julien

    I definetely agree about the growing role and power of the hacker culture. I’m no lawyer either, but I feel that when I buy something (no matter what it is), I get the “right” to break it, tear it, and hack it to my leasure, and to my risks too.However, I am also scared to see group arbitrary decide of things that our whole community should think thru. One can’t make “justice” to himself.We urgently need better, clearer (and more fair?) rules if we want to avoid that groups like Anonymous eventually decide of what’s good or bad.

    1. fredwilson

      yes, there sure is a vigilante vibe to this whole thing

      1. Prokofy

        well it’s what Martin Luther King, Jr. called “reaping the whirlwind,” and then your “goes around comes around” theories come home to roos for the *next* round. The cycle doesn’t end just when you’re on the “get out of jail free/collect $200” square.

    2. Fernando Gutierrez

      The problem with rules is that most of them are produced at a country level, but the internet in global.Even if most countries agree on something (unlikely) there will always be one that don’t where infractors can do whatever they want (China and piracy, Iceland wants to pass some laws that would turn it a safe place for data leakers and many more examples).

      1. CJ

        The problem with rules, in this case, is that most people don’t have the money or influence to allow their voice to be heard and most of those who are assigned to speak for said people are being bought by people who have a very real stake in the outcome. What we have here, the hackings and internet vigilantism, is a sign of the system being broken and the voice of the people not being heard. In the end it might come down that the people are wrong, and that’s fine, but currently most of us don’t even get heard on issues that we could get sued on later, especially something as simple as modifying hardware that you paid your own money for.

    3. fredwilson

      testing twitter @ mentions@fredwilson:twitter twitter handle@fredwilson:disqus disqus handle

  2. maxniederhofer

    Yes, does feel a bit like vigilante justice.I’m going for old-fashioned boycott. Rootkit, the belatedly settled Geohot lawsuit and the fact that they could do DRM but not protect my person details mean I will be avoiding Sony as much as possible.

  3. Aaa

    If you want a truly sad spectacle, look into a Sony gamer forum: the pathetic addicts get their heckles up because someone is messing with their scumbag dealer. Sort of like seeing a whore fighting for her pimp, only sadder.

    1. Nick Rivadeneira

      I think it would be more like a drug addict fighting for their dealer. Then again, I’m a hardcore gamer, so I’d be doing the same thing if this were happening to Xbox Live.

  4. Baishampayan Ghose

    s/Kinnect/Kinect

    1. fredwilson

      thanks!will fix

  5. sigmaalgebra

    Well, maybe some ‘hackers’ engaged in vigilante justice, but there is also the issue of what Sony was running in their server farm. So, for their farm, athttp://consumerist.com/2011…isSecurity Expert: Sony Knew Its Software Was Obsolete Months Before PSN BreachBy Marc Perton on May 4, 2011 12:30 PMwith claims that they were running Apache, without recent patches, and without a firewall.Hmm.Generally a server farm can expect that what arrives at their farm from the Internet can be just about any bits at all and should be ready to detect and reject the garbage.E.g., I’m sitting here writing Web pages that take in strings from ‘text boxes’. My first cut assumption is that the strings can be anything at all, any bytes whatsoever. I’m encrypting the ASP.NET ViewState sent to and returned from the user and, still, not trusting what’s in it. For one crucial chunk of data, I’m keeping that in session data where the user can’t see it instead of in ViewState.It’s up to me to detect and reject the garbage. I will welcome any attempt at ‘SQL injection’ at my site: If I let any garbage as obvious as a SQL command get through my detection and rejection, then I deserve what I get, and the ass I will kick will be my own. I don’t yet know enough to protect against everything, but there’s no way a SQL command will get in.A few chats with the right people at companies for routers, intrusion prevention, firewalls, packet filtering, etc. and some careful ‘security architecture’ inside the server farm should be able to do well.Server farms built with engineering quality borrowed from the Titanic stands to keep giving people some unwanted ice water baths.The Sony server farm blew it, and they are not the only such server farm recently.The ‘Revenge of the Nerds’ I prefer is when the business idea, the business planning, the software, the server farm, and the financials all work as intended and the good engineers get the money, houses, cars, boats, girls, opera seats, Strad violins, Montrachet, Chambertin, etc.!

  6. shareme

    Unfortunately, Fred you further add to the problem by confusing crackers including criminal crackers with hackers. All indications are that this is the work for criminal crackers not connected in any way to hacker culture..Please refrain from broad lumping of hackers with criminal crackers as it is not helping the situation or providing any worthwhile guidance for Sony.

    1. Sebastian Wain

      Can you elaborate on the foundation of your criminal claims against reverse engineering the PS3?I recommend to read the wikipedia’s page on reverse engineering and it’s legal situation in the US: http://en.wikipedia.org/wik… it’s more legal than the major part of the people think.

    2. Max Ischenko

      I think we have lost that about “hackers” vs “crackers”. It is already widely used as a synonyms and if while we don’t like it there is hardly possible to change it back.

  7. Collin Ardell Sine

    BE NICE! And know all the stories of why? Problem accelerate (-) solution. lets make the internet an easy place to communicate. Automated software, Advertisements, computer generated mail. those are all issues interferring with proper communication. Instead of PEOPLE Building walls why not bridges. If you prey on others misfortunes then you shall be punished, that’s for everyone even myself.

  8. Tom Labus

    According to this report a third attack is going to happen this week end. Dumping users credit card info online is way out of line in any world.http://news.cnet.com/8301-3

  9. Dan Lewis

    There’s also something here to be said about licensing culture — and, like Fred, I’m not making a statement here about the morality of it. Most items, especially before intangible digital goods, came with very loose, tiny licenses which were just the echo of common sense rules (e.g. a ticket to a baseball game doesn’t entitle you to throw things onto the field). And similarly, real-life barriers by and large echoed legal ones — for example, it’s unlawful to make and distribute and audio recording of a book, but until very recently, it was also economically impractical to do so.The digital, intangible goods universe created this disconnect, and from it came extensive licenses — meant to be the source of rights, not a recitation thereof.What we’re seeing now is a backswing, where licenses as the source of rights is being applied to physical goods. Great example: you can’t modify your own device and tell people how you did it. Apply that rule to your car, coffee table, bathroom, etc., and it makes no sense whatsoever. Apply it to your gaming console and… yeah, exactly. If you are honest with yourself, you *expect* people to violate that license. So in theory, you accept those violations as facts of life, the cost of doing business, etc., and use the license as a sword against larger violations (e.g. by other companies, not by customers).The problem: Someone in your organization isn’t going to abide by the theory of “acceptable violations,” especially not in the originally intended situations. And that’s when the culture of licensing explodes.

    1. Dave Pinsen

      “Apply that rule to your car, coffee table, bathroom, etc., and it makes no sense whatsoever.”One of those things is not like the others. Start hacking your car and you may not run into IP issues, but you may invalidate warranties and run afoul of motor vehicle laws (I’m guessing those Nitrous Oxide systems they use in the Fast & Furious movies aren’t street legal, though it’d be fun to have one).

      1. fredwilson

        i want to hack my car. the nav and entertainment system is horrible. i could write better software

        1. Ron Zeligzon

          Speaking of cars, I’ve been waiting for an in dash gps device to be powered by android using google maps. Even if there was a fee of a few dollars a month, I would totally do it just so i wouldn’t have to worry about updating etc.

        2. LE

          Not to mention the warning tones. My BMW used to warn me at 37o. If I stopped the engine and restarted it would warn me again of the temperature near freezing. It wasn’t smart enough to insert a line of code that looked at the time between two events. The Nav and tones on a 911 are much less annoying. But I didn’t buy the car for that reason. I bought it because of an emotional bond to a totally impractical car. The car companies know this and that’s one of the reasons they can get away with what you are describing. It’s also one of the reasons men put up with beautiful women as well. What do they call it? “High maintenance”.

        3. Prokofy

          then other people will hack your car. Want that too?

          1. fredwilson

            sure if they make it possible to install better software in it

      2. Dan Lewis

        Yeah, but you can do it without the car company suing you for damages.

        1. PhilipSugar

          Its a tough question. Mainly it revolves around somebody selling you something for below average cost and then trying to make it up generating high margin revenue later.Classic razor versus blades theory. It has happened before digital. Otis would sell elevators for a loss knowing they would make it up on service contracts. They would get very contentious at aftermarket service companies.

          1. COMRADITY

            which raises two examples of another effective choice to deal with bully mentality: a)When business moved into Ireland and offered students an alternative to terrorism – a job – it weakened the IRA. b)When Technoserve helped coffee farmers in an African village improve their practices and sell coffee beans to Starbucks, the corrupt loan sharks left town.

          2. FlavioGomes

            I’ve learned long ago…always ALWAYS stand up to a bully. You risk a potential black eye…but if you don’t stand-up you risk a whole lot more.

          3. Tylers Jarvis

            actually in reply to FlavioGomes–The question i have is Who is the bully??? Is it Sony for going crazy? Or is it the crackers? (I think its Sony personally…)

          4. COMRADITY

            reply to FlavioGomes and supporter . . .Supporter – the real question is who is the victim. It isn’t Sony.FlavioGomes – the customers are the victims and they are powerless to punch back. Their information was stolen, their precious time had to be diverted to changing passwords, credit cards, and their peace of mind was taken away.SONY is obligated to restore their customers’ peace of mind. Punching back is a strategy. There are other choices. The potential to turn a bad situation into a positive only emerges when we look beyond reacting – and beyond the binary choice: react or not react.

          5. Aaron Klein

            And that’s the risk they take in a free market.Just because I chose to sell the razor below cost doesn’t mean I get to control who my competition is on the blades.

      3. Aaron Klein

        Companies are well within their rights to invalidate a warranty for hacking a car or a Playstation. That is their right, and I support them on that 100%.Suing people who hack the hardware THEY bought? Screw that.Apple will cross this line if they ever kick Kindle off the iPhone with their 30% payment system tax. If I buy a $600 handheld computer from them, I should be able to run whatever software on it that I darn well please.

  10. PhilipSugar

    Couldn’t disagree more. This will get a ton of comments.Its like saying don’t stand up for what you think is right in your neighborhood because those that disagree are criminals and they’ll rape your wife.Now if you say maybe Sony should spend a lot less on its lawyers and a lot more on decent tech guys….ok.

    1. fredwilson

      i didn’t say what the hackers did was right. i specifically shied away from taking a position on that and said the post wasn’t about legality or morality

      1. PhilipSugar

        I agree fully you did not say it was right. But you are saying Sony out to “be careful” of pissing hackers off.That’s exactly what organizations like the mob want people to think.How would you feel if an organization said you better really think about allowing new Twitter clients or we are going to bring Twitter down?

        1. fredwilson

          i’m surprised it hasn’t happened yet4chan users tried to bring tumblr downthis is the way it phil, like it or not

          1. COMRADITY

            Phil and Fred, The hacker culture seems similar to terrorism and gang cultures – all have the psychological profile of bullies: when backed into a corner there is no negotiation – conflict is resolved by hit and run tactics intended to create fear.The position that you have no choices but one – to be a helpless victim – encourages their strategic thinking.In the Chicago Housing projects, where gangs flourished, the cops stayed clear for years to avoid conflict. But a different strategy was used for good effect. Research revealed that most of the members joined for protection. So the cops offered protection in exchange for information.

          2. JLM

            To extend your analogy, the Chicago Police then used the information to eliminate the gangs.The important issue is that the Chicago used a new strategy to support their tactical objective — to get rid of the gangs.It is perfectly fine to alter strategy but it is important not to lose sight of the tactical objective.There are parallels w/ the OBL episode in which the President gets very high marks for his tactical handling of the elimination of OBL but it was the product of the strategic decisions of the Bush administration to obtain extensive information with aggressive interrogation techniques, to intercept all electronic communication and to create huge inter-relational databases which were then able to close gaps even in a foreign language.To think that OBL was caught in part because he didn’t have an Internet connection is quite mind boggling — but I digress and I apologize for the digression.

          3. COMRADITY

            JLM this is in response to your comment below. Yes. The tactical objective is the same.But the more important operating principle is multiple choices. The instinctive, gut reaction when attacked is to be defensive. But there are always alternative choices. It can be really hard to shut up those little voices, but if you can focus on choices which will have a positive impact you can rise above the conflict and ambiguity.

          4. Guest

            JLM – interesting take on morality. You want to question the morality of a hack attack in one post yet apparently laud ‘aggressive interrogation’ tactics in another post. I wish I had had you as an ethics professor in college. Would have been a trippie class!

          5. Ron Zeligzon

            I agree with your post Fred, I said months ago that probably the most powerful person in the tech world is Moot even though he does not associate himself with the hacker clan he did start 4chan.

          6. Prokofy

            No, the powerful people are Ron Conway and Ken Lerer who fund Moot/Chris Poole and therefore enable and sustain him. Moot is just a script kiddie. 4chan is nothing without the enablers, and they have some huge and wealthy enablers now. And of course Fred is one too, cheering them in this disgraceful way.

          7. fredwilson

            wrongron conway and ken lerer funded canv.asmoot owns 4chan 100% and has never taken funding from anyone other than hismom

        2. Hacker

          Sony started it, putting rootkits on their users’ computers. That would be illegal hacking if their users had the same legal team that Sony did. So the hackers extract their revenge. Just because Sony can buy the law doesn’t mean they should be safe.

          1. PhilipSugar

            Two wrongs don’t make a right.Use energy to get some lawyers that want to make a name for themselves and hackers that want to extract a price as terms of settlement for the transgression.Great. I’ll donate.

          2. ShanaC

            I know an about to be lawyer in this area if you want to actually do this

          3. CJ

            Why fight them on their terms? We’d have never won the Revolutionary War if we merely lined up in bright blue unis across from the Brits on the field of battle and got mowed down by their superior arms and training. War is hell and when fought all rules go out the window. Companies would do well to remember that. You won’t necessarily have to defend against a foe who will only fight you where you are strong, he might also attack where you are the weakest.

      2. Prokofy

        Just because you are dodging the legal and moral issues here doesn’t mean it isn’t a legal and moral issue.

        1. Prokofy

          BTW, I can back to visit to see if Kid Mercury sold his gold yet. Seems like it’s time to worry:http://finance.yahoo.com/bl

          1. fredwilson

            i think we agree on gold. that’s progress!

          2. Prokofy

            well you notice Soros got out.

        2. Prokofy

          No, Fred, that’s completely misleading.Ron Conway and Ken Lerer funding canvas IS funding Moot and makes him able to unaccountably keep running his script kiddie empire of griefers and big-time criminal hackers who all congregate at 4chan.orgMom’s in on it too. If you care about Bank of America being hacked, and you should, you should think about how Ron Conway and Ken Lerer, your peers, contribute to this.This is why I wrote an open letter to Ken Lerer when all the WikiLeaks stuff broke.This is

    2. Nick Rivadeneira

      philsugar, there’s a difference between how you are interpreting it and what Fred actually said:Your interpretation – Hackers are strong, so don’t do anything to anger themFred’s meaning – Hackers are strong, don’t underestimate this. If you choose to take action, prepare yourself for retaliation (ie. security hardening).Preparation for opposition is different than submission to opposition.

      1. PhilipSugar

        Read the title.

        1. Nick Rivadeneira

          “Revenge of the Nerds”I’m unclear how this implies any of what you claimed. The only thing I see that it implies is that nerds took revenge.

          1. PhilipSugar

            I’m hating to reply. Look up the movie. Figure out the theme. Notice I use analogies too. Out.

          2. Nick Rivadeneira

            I’ve seen the movie plenty of times. Doesn’t change the fact that nowhere in the blog post does Fred assert that Sony should have avoided legal action for the sake of not bothering hackers.

  11. DavidSandrowitz

    Sounds familiar, similar to the idea of asymmetric threats that western governments have been wrangling with for the better part of a decade now. This is not a value judgement or the suggestion that hackers are terrorists…I think nothing of the sort. But, it is a very similar challenge – large, monolithic institution not realizing the strengths or likely reactions of a distributed, highly motivated adversary.Companies do need to wake up to the fact that most of us believe we own the device when we buy it and that we should be allowed to do whatever we want post-purchase. Companies can’t expect to own it all – the customers simply won’t let them anymore.

  12. Jack

    Two from authentication has always been reserved for perceived important areas like government and healthcare. The reality is, however, authentication is the solution to much of this. Making sure Fred is Fred-whether it pertains to his health records or his playStation.

  13. Kasi Viswanathan Agilandam

    Hackers are like ‘E.Coli ‘ a bacteria which helps digestion and produces vitamins and ‘omega-3 fatty acid’ which helps prevent heart attack.They are needed as a part of the system and Sony deserves that treatment from hackers. Live and let them live it will benefit you rather than harming you in the long run.

    1. Adrian Sanders

      that’s a pretty neat analogy actually. in terms of “treatment” there should probably be two strategies: preventative – creating communities that you actually engage and understand, treating them with respect and transparency reactive – swiftly isolating outliers, reacting to press / publicity on hot issues, and gearing up security when suppression doesn’t work.

    2. Prokofy

      it’s so apt an analogy that you can point out the obvious: that when e.Coli spreads too much it makes people sick and the board of health has to close restaurants. It’s one thing when it’s inside your stomach; it’s another thing when it is transmitted into food you eat. Same with omega3 — too much of it will make you sick.

  14. treyfisher

    This topic reminds me of a quote I would often hear from a very good lawyer,…”If you live by the sword, you better be prepared to die by the sword.”

  15. Joe Spinelli

    Well said, though it’s hard to fathom what “taking care” should mean. Ultimately, some “hackers” are motivated purely by doing something they aren’t supposed to do, or said another way, doing something just because they can. Even if Sony was a steward of openness, somebody who was motivated by inner circle brownie points, or moreover felt that the last SOCOM should have been longer, might have been vindicitve enough to try to penetrate the system.Amazingly, Mircosoft seems to be leading the way with a realistic/modernist approach to WP7 hacking. http://www.wired.com/gadget

    1. fredwilson

      exactly. microsoft seems to have gotten smart about this stuff recently

      1. JLM

        MS effectively turned their “problem” into a marketing opportunity. The thing that is unsaid but obvious is that the hackers like the product into which they are hacking.MS turned that to their advantage w/ more than a bit of humor. A very American trait.Sony started WWIII which is only logical since they also started WWII. The Japs are without humor.

        1. David Semeria

          My sons were watching a TV programme about some hot-rod enthuthisiasts who completely dismantled and rebuilt a 57 Chevie.It occurred to me these chaps were hackers too.

      2. Sebastian Wain

        I have given this example in the past: we sell various products based on reverse engineering Microsoft software for ~8 years. Before Windows 7 launch we were contacted by the Microsoft’s QA team. They were offering us help to support Windows 7.I remember that Samba had issues in the past with Microsoft, but it’s nice to tell this story.

  16. Rohan

    Wow. I did not know this. What I would love to know is – what would your advice be to the Sony CEO at this point of time/ What would you do in his place?Make peace?

    1. fredwilson

      make all sony products hackable

      1. Kasi Viswanathan Agilandam

        That is a real brave statement and I love it if every CEO thinks like that world will be a better place to live.Do you think as the CEO of that company you can get all those ‘margins’ and ‘lines’ in place? (profit margin, this margin, that margin, bottom line, top line etc., )

      2. Rohan

        Hahaha. Interesting!

  17. Florian Feder

    One reason why lots of people feel sympathy with hackers is that we put some blame with the victim, who presumably could have built better walls, hired better security experts, etc. Many people basically assume “what can be hacked may be hacked.”Jaron Lanier convinced me that this attitude is missing the point. Our homes, for example, can be very easily breached. All that protects us from intruders is an old fashioned lock that could be cracked within minutes. But nonetheless does our society strongly disapprove of those who do. In Jaron’s own words: “Locks are only amulets of inconvenience that remind us of a social contract we ultimately benefit from.”

  18. JLM

    Everyone seems to be reluctant to touch the moral implications of these actions while the answer is obvious. It is morally repugnant and gives rise to garden variety civil tort liability.If the attendant litigation is messy and attracts more such repugnant behavior, then that is the cost of litigation. Litigation is messy and expensive.Fights like these — changing conditions in an entertainment venue in which certain rights are held hostage — have been fought since the time when movie studios fought the idea of paying actors residuals. They threatened all kinds of mean spirited retaliation.In the end, the actors retained the value of their creative efforts and were able to enforce their rights.Bonus question — who was the President of the SAG who made the studios recognize and pay residuals? Ronald Reagan — it cost him his acting career.Sony is going to have to improve its own security but I applaud them in disciplining these transgressors. I recognize the short term futility of the attempt and perhaps it is not a great business decision — that is for them to decide.But any vendor should be able to take its product to the marketplace and sell it at a price and upon terms and conditions that they decide. That is as essential a free market principle as anything else.In a left handed way, this may be best possible advertising — millions of dollars worth — for Sony once they get their security program in order.

    1. ShanaC

      He’s not really disciplined though. He still have many opportunities in the future to hack, by the looks of it

      1. JLM

        The George H settlement agreement prevents him from reverse engineering a Sony product for the rest of his life. He agreed to that to settle the lawsuit.

        1. ShanaC

          There are tons of products to hack- and although he settled, we have yet to attack the issue of the machine versus the program and which one we have the right to alter. By sony product, do they mean the hardware or the software, and does that mean he can’t work on tagental products.(Also, why aren’t they hiring him exactly)

      2. Dave W Baldwin

        Have to disagree on that one. Ronald Reagan could see the fringes and tried new things to achieve a forward thinking goal.He didn’t do the envy thing.He showed strength, yet had quite a lengthy relationship with the leader of the enemy via letters.He used one liners on everyone involved to the point that everyone laughed together.BTW, the one thing JLM left out is the fact Reagan had to have a loaded pistol on the night stand due to threats before he ever became Gov or President of US… that’s right, as Prez of the SAG.

        1. ShanaC

          Wrong person- i got to say this is a totally fascinating discussion of Reagan though

          1. Dave W Baldwin

            Sorry, reread whom you meant.

    2. CJ

      I’ll touch it too, I admire the guy for it. If you don’t want your product modified then you should rent it to me rather than selling it. That’s the root of the situation, you can’t control what I do with anything after I’ve bought it. The Mythbusters buy cars all the time just to take them apart of wreck them and that’s their right, they OWN it. When I no longer own the hardware (tangible item) that you sell to me, then it’s time for you to rent it to me. Of course, they won’t do it because no one will rent a game system as the price would be outrageous.Ownership rights on tangible goods are very tricky, ideally you want in place protection from duplication and exploitation but going down the slope of protection from modification opens an entirely new set of issues of ownership and purchase.

  19. kidmercury

    and the hackers will win. just like how terrorism is a more effective form of warfare than rolling up with your overpriced army wearing uniforms. because big, expensive organizations are so easily disrupted by tiny groups that can operate with very little funding, the model of growth by big organization is coming to an end. this runs along the same lines as the death of the nation-state and the death of theft-by-inflation as the means of financing innovation. the more direct implication for the web services crowd is the disruption of web serivces by open source software, which will also bring about technology federations and data portability, and perhaps the world of multiple internets.

    1. kidmercury

      @kidmercury:disqus @kidmercury:twitter@justinbieber:twitter@barackobama:twitter@911wasaninsidejob:twitter@notevenarealusernamedddd:disqus @notevenrealfakednssdh:twitter

      1. fredwilson

        enjoying the new disqus feature or showcasing its vulnerabilities?

        1. kidmercury

          Just testing and enjoying 🙂 curious as to how it worked. I might switch todisqus on some of my sites that im preparing to upgrade. A little concernedabout who owns what when dealing with disqus, simply because third partycomment engines are a bit new.

          1. fredwilson

            if you run on WP, then disqus syncs the comments to their native commentsystemyou essentially have a backup

    2. CJ

      Ugh – Opensource. Like and hate it. It’s awesome for communities but monetizing it is a horrible experience.

  20. Ahmadali

    Perhaps the explanation for the Sony breach is more mundane. From the sounds of it, they were running grossly vulnerable systems. If indeed the case, it would eventually be found and exploited. It’s often tempting to attach greater meaning to events. Occam’s razor might apply.

  21. Yikes

    Fred,There is something wrong when we are being warned (alerted) not to do something because the bad guys will make you pay for pissing them off..The sub cultures that are holding companies and corporations hostage should not be appeased or tolerated.. Following recent events I suggest the best solution is to shoot them, bathe them, wrap them in cloth and throw them off a boat.

    1. joeagliozzo

      This is fantastic – have to use it in quotes:I suggest the best solution is to shoot them, bathe them, wrap them in cloth and throw them off a boat.

      1. JLM

        There is huge cultural symbolism in the bathing and wrapping in clean cloth.A martyr does not get bathed as they enter heaven with their martyrdom blood on them to be welcomed into heaven (the 72 virgins in attendance) and there to be bathed and annointed by the welcoming angelic hordes. The martyr does not have to get an admission ticket, he is in like Flynn.The bathed and wrapped decedent enters heaven to be judged by Allah and therefore must be as clean as possible with the notion that Allah might otherwise not give him the greenlight.

    2. Nick Rivadeneira

      Fred never warned anyone not to do something. All he said was that Sony underestimated hacker culture. Another action that could have been taken was to continue with their actions and harden their security.

      1. Yikes

        ” Companies and governments should not underestimate the power of hacker culture to extract revenge on institutions they feel have wronged them.”

        1. Nick Rivadeneira

          (I don’t think my reply posted properly) As I mentioned to someone else, preparation for opposition is different than submission to opposition. Fred never told companies to submit, he merely said be prepared.

    3. Fernando Gutierrez

      That reminds me to a sad episode we had in Spain. In 2003 terrorists bombed a few trains here in Madrid and killed 192 people. They did it three days before general elections.In the beginning we all thought it had been done by a Spanish terrorist group that had been active for 40 years, but in those days all clues pointed to islamic terrorists. Many people, instead of blaming them, blamed the government because we had gone into Irak war along the US and the UK (most people opposed to it).Three days later the opposition party won the elections (before the attack every survey said the government party would win easily). The government party should also be blamed because they managed things very poorly in those three days, saying that it had been the Spanish terrorist group because they saw that the other alternative was bad for them.The first thing the new president did was pull the troops from Irak, leaving our allies to do the job. Shame on him and on all those who voted him and prefer to live on their knees. He had opposed the war, but leaving like that made me, and many others, feel ashamed.Never blame the victim.

    4. Hacker

      I agree – I just think Sony is the bad guys. How many computers did they put their root kits on? The law ignores it because it’s a large company. So vigilante justice is the only recourse. Karma is a bitch, and once you start hiring hackers to root your users’ computers you shouldn’t be surprised when the criminal culture you hired turn on you.

  22. Statspotting

    I am not sure what Sony did wrong here.

  23. Guest

    this must be hard to get screwed/hacked by any kind of persona and not to be able to find out who it was – PLUS to get all that endless shame. I will definitely post a picture of the most beautiful & sweetest girl at my web app somewhere where a hacker might enter and ask in “lolcatzfontstyle” to be cool! 😉

  24. Alasdair

    This is far broader than just Hackers, but a great example of the double-edged sword of ‘communities’. Any group of individuals can band together online to pursue a common cause, and affect change through a variety of channels. Hackers are just the most obvious given their ability to directly (and individually) wreak havoc.Communities can be harnessed to great good (Wikipedia), to gain political power (Obama ’08) (Egypt ’11), or malice (Sony ’11) – the tools and leaders of these communities

    1. fredwilson

      that is a much better way of saying what i wanted to say todaythanks alasdair

    2. CJ

      I’ve been trying to get a colleague to see this for over a year. He tells me that money = Power, I agree. But I counter with Attention = Power in the absence of money. Meaning that if you get enough people together, focusing their attention on a cause you can affect change that would have taken millions of dollars otherwise. The way forward for the masses is through attention, it’s the only way you can compete with people who have thousands of times the cash that you do, in the end their vote still only counts once. Win the attention battle and you win the war.

    3. COMRADITY

      The difference between good and bad outcome is related to the difference between a “community” and a “gang.” One is a social contract among individuals to give a little to gain from being a part of a whole. The other is a social contract reminiscent of feudalism in which individuals give power and control to an elite few in return for protection, retribution, etc. One is motivated and sustained by a positive purpose. The other is motivated and sustained by negative reasons like fear. One levels the playing field among individuals. The other empowers a few individuals and limits freedom of choice for everyone else. Both may take leaders, but the way to distinguish between one or the other is to ask what the vision is to replace what is. Communities need a positive vision to galvanize individuals to work together – a charismatic leader is not enough.For example, the Egypt movement suffers from the lack of a positive vision. You might be able to disrupt the status quo with negativity, but you can’t start a stalled economy with it – http://www.dailystar.com.lb

  25. Christian

    I think the other message here is that a large legal team is not enough to shield a company from a passionate public. As a company I think you have to extend your responsibility beyond profits and shareholders and consider how your actions will be received by the general public.Cracking is only 1 way that people are empowered to raise their voice

    1. LE

      Sounds like you are comparing it to peaceful protest instead of damaging riot. In general, and with some exceptions, I think you need to respect the law. And respect the law doesn’t mean necessarily 100% honest and true. There is a difference between embezzlement and certain types of cracking and stealing paperclips from the office or taking 6 Keurig cups (my favorite theft) from the local bank branch. Or killing in self defense.

  26. MTC73

    Hackers and Crackers are fast becoming the only power the general public has in an assymetrical war against big government and big corporations. That’s not saying that everything they do is kosher, but the culture itself is one of the few real powers the ordinary people have any more.Of course it’s painted as a big bad threat to us all because it’s to the benefit of the powers that be to do so.

    1. Hacker

      +1. Remember Sony tries to root your computer so they can stop piracy of their music. The law isn’t going to shut them down. If Sony wants to play the vigilante hacker game then they better be ready for what they get. Comcast and AT&T should watch out, too.

    2. ShanaC

      I wouldn’t say that – what if they fight for something I think is against my interests- then what?I was looking at an artist recently, named Paolo Cirio, about a piece called Lovely-Faces.com, where he and a buddy took 250k public facebook pages, and turned them into a dating website, indexed by facial recognition software.As much as it sounds like an interesting art piece, I am not sure what they did was right.

  27. paramendra

    It is like the Internet does not belong to any country, not to any government, not to the UN.

    1. supporter

      It doesnt…

  28. Barry Nolan

    Ironically it was apples about-face embrace of the original app ‘hackers’ that was the making of the iOS platform.

  29. Nick Rivadeneira

    I still don’t see where he says not to take action. I repeat – Fred warns companies to not underestimate hackers’ power. That’s very different than warning companies to submit to hackers.EDIT: This was in reply to Yikes.

  30. Leo B

    Greatpost Fred. I agree with your thinking and I believe the attack on Sony isbacklash from a tightly-knit hacker community.There is great camaraderiebetween hackers andthe best are very arrogant. Think, “ProductiveNarcissist” and multiply by ten.Rightor wrong, this is a contingency major companies need to plan for. Bigcompanies especially need this planning because hackers love the prestige thatcomes from toppling a giant.

  31. Aaron Klein

    These companies need to figure out this principle called user freedom, and they need to figure it out fast.I wrote a post on the subject a few weeks ago when Apple’s payment system was rumored to be the pretext for tossing Kindle off the iPhone and iPad.http://www.aaronklein.com/2…When I buy something, it’s MINE. Don’t try and tell me what I can do with the atoms that I own.All that said, I absolutely reject the idea that there is any justification for “revenge” in this case. Beat Sony legally, beat them soundly in the marketplace, but stealing and cyber-terrorism is never excusable.

  32. Gregory Magarshak

    I didn’t think of it like that! Yes, that would make sense as to why hackers attacked sony.

  33. CJ

    Personally I see this as a step towards the people taking back a bit of power against the big guy. Corporations have almost infinite money and power and they often use it to squash the little guy, look at legislature like the DMCA and the ACTA treaty as examples.These guys, black hat or not, are there as a sort of checks and balances for the little guy. That said, I also reserve the right to judge each act on its own merits and not the group as a whole. There may be a time where I disapprove of an action against one entity but support it against or in support of another. I’m human, I can live with that.In the end companies are going to have to start investing more in security or in their public image if they want to avoid losing money and face due to this new breed of digital crusaders.

    1. COMRADITY

      I’m confused, Malcolm, aren’t “the people” the victim here? The hacker’s intent may have been to make SONY look bad, but to do it they stole the CUSTOMERS’ information.

  34. Pete Griffiths

    There is a big difference between ‘hacking’ a product to see how it works and learn from it, and hacking a system to steal information or damage that system in any way. These communities too are different. IMHO the mistake Sony made was to sue the guy for hacking the product to see how it works and learn. A lot of people interpret that as a heavy handed corporation stopping someone doing something that they have in a sense paid for. They resent this behavior and a subset of them belong to the community who are prepared to steal and do damage. Inflamed by somewhat gauche behavior by Sony they “retaliate.”Fred is absolutely right to warn people to be attentive. What is the point of waving a red flag in front of a bull?I am reminded of an occasion years ago when the owners of DIVVX announced it was ‘hack proof.’ What a dumb move!

  35. falicon

    I think it comes down to two basic rules I try to alway operate under:1. Be open. Let people know what you are doing and, as much as possible, give them ways to help or learn from it. In the example of Sony, what was the reason for being a locked down system? (hint: it’s because they are too far skewed on my #2)2. Don’t be greedy. If you’re offering a good and fair value, then there’s no reason you can’t be in the sweet spot of #1…but if you’re just trying to maximize revenue at any cost then you’ll find yourself doing many things that no longer allow you to be in the sweet spot of #1…I think this is why companies like Apple polarize people…amazingly great products but they are just a bit on the greedy side (for example $300 more to get a laptop color choice?) and the closed side (for example $$$ just to submit an app?)…they walk the line better than anyone out there but occasionally it bites them (as me publicly bashing Apple a little here will probably bite me)If you can honestly stick to these two things, then I think everyone wins and the world is a better place…but skew too much on either one and eventually someone loses (and when someone loses, feelings are hurt, revenge is contemplated, enemies are made, etc.)Anyway that be my thoughts for the night – @falicon:twitter

  36. Alex Murphy

    deal with life as it is, not as you wish it was …

    1. COMRADITY

      “deal with life as it is, not as you wish it was …” That comment reflects an attitude I can not relate to. Is there is a generation gap, with only “baby boomers” still believing anything is possible?

  37. FAKE GRIMLOCK

    CAPITULATE TO MOB RULE BAD WAY TO DEFEND AGAINST RULE BY MOB.

  38. drp

    Hackers or Looters?

  39. Sean Saulsbury

    Don’t throw morality out the window.Perhaps if we condemned these actions as morally wrong and companies like Sony successfully sue those who demonstrably harm their businesses (especially with malicious intent), such hackers will cease such operations and focus their talented efforts on more productive, profit-driven activities.I’m not saying exposing security flaws is a bad thing per se and is, perhaps, a morally grey area to hack into someone else’s system to do no harm other than expose such a flaw. (Although exposing the security flaw publicly can be harmful in and of itself, too). But we can draw distinct moral lines when it comes to malicious intent and stealing or destroying other people’s property (e.g., data, customer lists, etc…).As long as hacking (in the bad sense) is condoned as morally justified, such actions will continue. We should be praising the good hackers–entrepreneurs who create awesome new products and startups every day–and condemning the bad ones. It won’t stop all the bad guys, but it will fuel those who do some of these bad things in the name of the good.Let’s define the good and steer such folks in the right direction. Real value is at stake–it’s the difference between creating value and destroying others’ values and property–and taking the morally agnostic position only strengthens the bad guys.

  40. BuyGiftsItems

    I recommend the best solution is to shoot them, bathe them, wrap them in cloth & throw them off a boat. Auto Auctions

  41. Dave W Baldwin

    Something needs to be worked out. With the push to allow phones to make purchase at store, you need to show you have the security.There is big difference between taking apart the television set and stealing vital personal info on a bigger group.Otherwise, I don’t see the need to go into the tar and feather stuff, but just say to this hacker, if he is so smart, why doesn’t he do something for overall good?

  42. mediaeater

    There is so much I want to add here. This is part of a larger sum whose narrative is emerging – the anonymous generation – who want betterness accountability. I would start allocating a % earning to doing good same for any industry that just takes from the worlds resources and does not give back.For a long time, our digital ancestral responsibility has gone unchecked – it seems that kids born in the 90’s have all read some of my favorite sci-fi novels and want justice and a better way than the full consumption cycle. Unlike the entitlement generation before them, anonymous is as serious as a heart-attack on change for the better (IMHO).Durning the late 90’s I ran a info-sec site called hacked.net and most of what was happening then was NOT economically motivated yet the government leverged the activity and fear to legislate and lump exploring into terrorism (hacking not cracking.) I will never forget the head of the FBI (at that time it was Louis (Information wants to) B. Freeh) using my work to incite Congress to fund a misguided information war that was sending teens to jail as threats to the nation. I removed the hacked.net site from the grid because even with taking no other position than documentation, it was being used in ways not intended.This experience has informed my concern around potentially glorifying or idealizing hacker culture (which is essential to the world). There is no gray area in the eyes of the law and such exploration can now lead to life imprisonment.In running my own company, we have made a practice to open source most of the hot technology we produce, which could evolve all and even better our own offerings by being open and sharing. Hardware companies not being open in the coming decade are begging for disintermediation either by sword or smarter more open companies – who give back when they take.Unbridled greed will lead to suffering.Things are just starting to get interesting.

    1. fredwilson

      wooootthe mediaeater in the AVC commentsthat’s a big deal this saturday morningand, of course, you’ve got a strong opinion and the experience to back it up

    2. COMRADITY

      What if “open” were the way NASA developed all the technology to launch the space program? If an error in the open “code” led to accidents in Space, would we even have a Space program today? Would all the private companies have partnered with the government if they didn’t retain the right to commercialize the technology developed (TANG, VELCRO, etc.)? And would investors have funded these companies with the enormous amount of money it takes to bring to life science fiction technologies if they didn’ think they could control the risk. Alot has been accomplished through public/private partnerships by leveraging greed to do good. And yes it must be done very very transparently, and with ever vigilant eyes of justice watching.

  43. Josh Gordon

    I’m probably in the minority here in the AVC community running a brick and mortar business.I have a mess on my hands as a result of numerous thieves in my shop. When thinking about this situation, I realize that healthcare companies like mine should be careful messing around with gangs.As I understand it, a notorious repeat-offender Egroeg Ztoh, broke into my shop stealing most of the medical records I keep on patients, including their health history, medication and diagnosis records, and social security numbers (we treat many from the AVC community!). Luckily, police were right on his tail and retrieved the sensitive information.But unfortunately, the Rekcah Cartel, a large street gang in which Egroeg belongs, is now seeking revenge against me. Which is what makes me think how wrong I was in working with police.I am not saying that what the Rekcah cartel did was right (although I am very sympathetic to gangs breaking into and stealing information from other organizations such as Columbia and NYU hospitals). And I am not saying that the police weren’t in the right when they caught Egroeg. This is not a post about what is right and wrong, legally or morally.This is a post about the realities of the world we live in. Gang culture is strong and getting stronger. Companies and governments should not underestimate the power of gang culture to extract revenge on institutions they feel have wronged them. Unfortunately, it looks like I did just that and am now dealing with the repercussions.(The only true sentence here is the first.)

  44. MikeSchinkel

    Sony might have been in the right legally and morally, but their actions were an example of guarding against positive change for their own perceived benefit and fighting for their perceived short term interests at the expense of what could have been to the benefit of their users and even Sony themselves.I chalk it up to a simple example of bad karma. Per Wikipedia: “Karma is a concept in Hinduism which explains causality through a system where beneficial effects are derived from past beneficial actions and harmful effects from past harmful actions, creating a system of actions and reactions throughout a souls’s reincarnated lives forming a cycle of rebirth.” http://en.wikipedia.org/wik

  45. Druce

    I think you’re being far too kind to Sony. I don’t see how what GeoHot did was any different from jailbreaking an iPhone.Sony went after him hard and sued for damages based on the DMCAhttp://www.engadget.com/201…This awoke the wrath of the hacker community, and it turns out they were running PSN on unpatched servers.http://consumerist.com/2011http://www.theregister.co.u…Seems worth mentioning that Sony hacked people’s PCs in the name of DRM -http://www.wired.com/politi…They’re part of the whole RIAA / MPAA fiasco and suing people who have been ‘identified’ by an IP address.Maybe the moral of the story is… any DRM system can, and eventually will be cracked. Expect cracks. Be prepared to deal with them. The best defense is to build an ecosystem that doesn’t depend 100% on that DRM, and that provides enough value that most consumers find it attractive to participate on legitimate terms. The iPhone jailbreaks didn’t mean having to shut down the App Store.In any case, if you do build a system that is that vulnerable, maybe you shouldn’t wave a red flag in front of the people with the ability to break it. It’s hard to build crack-proof DRM if you’re not smart enough to patch your servers and protect users’ info.GeoHot’s take is worth a reference -http://geohotgotsued.blogsp…

    1. fredwilson

      i love that line “what goes around comes around”it’s one of my central values in life

  46. Prokofy

    Hacker culture is not culture; it is crime. When honourable men like you promote this crime out of technocommunist beliefs, you enable criminals. Eventually you will all fail with this criminality which you keep trying to to pass off as creativity.

    1. fredwilson

      i am well aware of your views on this one prokofy and would not haveexpected anything else from your point of viewi think it is not as black and white as you thinkGalileo was denounced as a heretic and placed under house arrest for hisviews

      1. Prokofy

        There’s a difference between “heresy” and dissent and criminality.It’s one thing to call Jesus Christ a “heretic” and concede that free speech and freedom of religion, while they can be viewed by a clerical state or secular state as “heresy,” are just free speech and free religion.It’s another thing when there is actual destruction of propety and harm to human beings.The Black Panthers were feted and cossetted by Leonard Bernstein and other liberals (Remember Tom Wolfe’s Radical Chic?) but they were criminals, drug dealers, murderers, rapists, and they went down and did time and history has judged them (even if the Obama Administration has been soft on them).You’re like the Radical Chic of our time, Fred. Tom Wolfe needs to write a novel about all you folks. I should tell him that idea. You’re perfect fodder for a Tom Wolfe novel a la Bonfire of the Vanities.

  47. Prokofy

    Want your revenge, nerds? Feel entitled to be !@#$@#$? Well, you will find civilians fighting back more and more against you and the destructive Internet. If it takes a civil war if you invade government and communications, you will find people will even take up arms against you if necessary. You can’t win, because you represent death.

  48. Prokofy

    Do call us when these Anonymous criminals hack FourSquare, or Twitter, or something you value (maybe you don’t value Sony). And do tell us then that you love having your investment screwed with like that. Waiting…

  49. Guest

    Please delete this comment.