Hotz realized that, if he could make a chip inside the phone think it had been erased, it was “like talking to a baby, and it’s really easy to persuade a baby.”

Clearly, the writer has never tried to persuade a baby.
posted by GenjiandProust at 6:42 AM on May 1, 2012 [15 favorites]

The moral of the story seems to be, "if you're going to get up in Sony's shit, do it anonymously." They may be morons when it comes to protecting their customers' data, but they sure have a lot of lawyers.
posted by Kadin2048 at 7:05 AM on May 1, 2012 [1 favorite]

The thing that still surprises me is the fact that any of the core Anonymous/LulzSec are getting caught. Put on a baseball cap and sunglasses, take a bus to the local downtown and wander around until you find an open WiFi network and then conduct your network penetration from there while using a spoofed MAC address to prevent any sort of NIC fingerprinting (does not apply to the idiot script kiddies who require persistent connections for their ultimately futile DDOS gestures).

A basic minimal effort like that will very likely thwart any investigation, and anyone who even knows how to execute a basic SQL injection attack ought to be savvy enough and smart enough to take at least those steps.

I understand, if not condone, the basic desire to lash out against our fundamentally unjust and broken plutocracy. But when a modicum of effort is the only thing necessary to not spend a fat chunk of your adult life confronting a very real possibility of forced sodomy on a daily basis, you would think that anyone smart enough...

I just don't get why people wouldn't exercise just a tiny bit of discipline in order to not get caught. I really don't.
posted by Ryvar at 7:21 AM on May 1, 2012 [4 favorites]

The thing that still surprises me is the fact that any of the core Anonymous/LulzSec are getting caught. Put on a baseball cap and sunglasses, take a bus to the local downtown and wander around until you find an open WiFi network and then conduct your network penetration from there while using a spoofed MAC address to prevent any sort of NIC fingerprinting (does not apply to the idiot script kiddies who require persistent connections for their ultimately futile DDOS gestures).

The problem here is that every act of cover-up induces a new risk. For example, lets say they do that and the operator of the wifi notices something fishy. Then you end up getting busted right there.

It's happened before, I remember a story about a spammer who was caught sending spam from a wifi hotspot. Lets say you do everything though TOR. Okay, now there's a possibility of 'bad' nodes analyzing your data. Or, if you're a government with access to summary data from everyone's ISPs, you could look at when a TOR node was active, and when a member of a group was active, and correlate the two.

Anyway, with LulzSec, didn't they just end up getting caught due to a mole or turncoat anyway? I'm sure they took all kinds of technical countermeasures, but ultimately they were too lose with their personal information. That seems to be the way a lot of technical criminals are captured. Bradly Manning is a perfect example.
posted by delmoi at 7:56 AM on May 1, 2012

I don't know his history on the blue, but quotes like:

“It’s a testosterone thing,” he told me. “It’s competitiveness, but it isn’t necessarily competitiveness with other people. It’s you versus the system. And I don’t mean the system like the government thing, I mean the system like the computer. ‘I’m going to stick it to the computer. I’m going to make it do this!’ And the computer throws up an error like ‘No, I’m not going to do this.’ It’s really a male thing to say, ‘I’m going to make you do this!’ ”

make me roll my eyes.. Yeah, he's twenty whatever, but c'mon, dude.
posted by k5.user at 8:03 AM on May 1, 2012 [1 favorite]

or example, lets say they do that and the operator of the wifi notices something fishy. Then you end up getting busted right there.

Isolated anecdotal cases aside, the real-world odds of a local coffeeshop noticing anything funny going on with their wi-fi, ever, are indistinguishable from zero. Particularly with network penetration (as opposed to DDOS) where your actual bandwidth usage is typically fairly low (attempted connection attempt count is admittedly through the roof once you run nmap).

There's really no need to use TOR, though, as you've already disassociated yourself from your actions by removing physical and virtual correlation with your normal identity. All TOR will do is add an extra hurdle to the process that the feds are 100% guaranteed to plow straight through as a now-routine step in computer crime forensics.
posted by Ryvar at 8:09 AM on May 1, 2012

Anyway, with LulzSec, didn't they just end up getting caught due to a mole or turncoat anyway? I'm sure they took all kinds of technical countermeasures, but ultimately they were too lose with their personal information. That seems to be the way a lot of technical criminals are captured. Bradly Manning is a perfect example.

This is certainly true for a number of them - probably a significant majority. The weakest link is almost always an inability to simply shut the fuck up, which speaks volumes as to the disconnect between declared ideological justifications vs actual motivations.
posted by Ryvar at 8:14 AM on May 1, 2012

on finishing the article, I can't help but think "geeze, what a sociopath".. I guess someone has to follow up after Richard Stallman.
posted by k5.user at 8:15 AM on May 1, 2012

All that said and done, any hardware I buy is MY hardware. If I can cut it in half with a chainsaw I can hack the firmware. Though I believe the Supreme Court has come to their senses about this.
posted by The Power Nap at 8:24 AM on May 1, 2012

Steve Wozniak, the co-founder of Apple, who hacked telephone systems early in his career, sent Hotz a congratulatory e-mail.

Woz is the freaking best.
posted by inigo2 at 8:28 AM on May 1, 2012 [4 favorites]

Isolated anecdotal cases aside, the real-world odds of a local coffeeshop noticing anything funny going on with their wi-fi, ever, are indistinguishable from zero.

That might be true if you're sending Viagra spam or even stealing credit card numbers. But when you're embarrassing the world's most powerful corporations and governments - the penalty if you get caught is indistinguishable from infinity. And it would mean a hell of a lot of resources targeting you.

And second of all you're delusional if you think just putting on a cap and sunglasses is going to prevent you from getting caught. Suppose they narrow you down to to that coffee shop in real time. Or suppose they go back later and review CCTV cameras to see who you were. Remember, these guys were operating out of London. If they'd gone to a coffee shop to hack, they might have been able to trace the user back to their location by reviewing CCTV footage, cellphone location data, whatever.

It's stupid. You may have decoupled it from your "identity", but you've directly coupled your actions to your physical location at a point in time (especially if you don't use TOR). Sure, if you hack from home you do the same thing - which is more problematic because you spend a lot of time there.

The idea that you then could hack without even trying to hide your location is downright suicidal, at least if you're talking about what LulzSec was doing.

Though I believe the Supreme Court has come to their senses about this.

That was the Library of Congress, not the Suprime court. But there is an important point here. There is a reason that Apple didn't sue but Sony did. The Library of congress gets to come up with "exemptions" to the DMCA anti-circumvention rules.

One of their exemptions happens to be cellphones. The reason is, a cellphone is primarily for making calls, and there's no legal reason why you shouldn't be able to switch carriers. Thus, unlocking in an iPhone is legal.

The PS3, however, is not a cellphone. So it isn't legal to distribute circumvention devices. The thing is, though, Geohot never released a circumvention device. The DMCA does allow you to research cryptography and it allows you to talk about the results. From what I understand, that's all he did. He didn't release code that allowed you to pirate software at all. But other people could take his work and write software to enable piracy.

In fact, from what I remember, he didn't release any code at all, he just explained how to do the hack. So Sony was literally going after him for releasing nothing other then information - not even computer code. The article, though says something about releasing a tool that didn't strip DRM.

Either way, he didn't actually violate the DMCA - because he didn't release a circumvention tool.
posted by delmoi at 8:33 AM on May 1, 2012 [1 favorite]

on finishing the article, I can't help but think "geeze, what a sociopath"

Who, George Hotz? Why?
posted by inigo2 at 8:36 AM on May 1, 2012

He doesn't seem much worse than a lot of people in their 20s; most people are just lucky enough to never do anything that makes them the subject of a New Yorker piece before they learn how to not to sound like an asshole. But he wanted to be famous, and worked under his own name, so there you go.
posted by Kadin2048 at 8:42 AM on May 1, 2012 [1 favorite]

k5.user: "I don't know his history on the blue, but quotes like ... make me roll my eyes.. Yeah, he's twenty whatever, but c'mon, dude"

Eponysterical?
posted by barnacles at 8:42 AM on May 1, 2012 [1 favorite]

on finishing the article, I can't help but think "geeze, what a sociopath".. I guess someone has to follow up after Richard Stallman.

I know right? What kind of sociopath wouldn't cower in fear at the face of huge corporations. And think about how much pain he's causing them!!!?

Won't someone think of the huge corporations!?
posted by delmoi at 8:56 AM on May 1, 2012 [2 favorites]

That was an interesting piece.

On this point:
There's really no need to use TOR, though, as you've already disassociated yourself from your actions by removing physical and virtual correlation with your normal identity.

Mmmm.... Maybe. Is someone really going to say, up and drive two hours away every time they want to execute an attack like this? Because if it's traceable to the coffee joint, and the coffee shop is near your house, then it seems traceable.
posted by Diablevert at 8:59 AM on May 1, 2012

Ryvar: All TOR will do is add an extra hurdle to the process that the feds are 100% guaranteed to plow straight through as a now-routine step in computer crime forensics.

Has this actually happened already?
posted by Coventry at 10:37 AM on May 1, 2012

Instead, he found a roomful of PS3 engineers who were “respectful,” he said, and wanted to learn more about how he had beaten their system. During the next hour or so, the man who had started the hacker wars described his methodology.

It does often work better when you approach it that way, yes. (At least when you're dealing with people like Hotz.) Might have tried that earlier.
posted by feckless at 11:00 AM on May 1, 2012 [1 favorite]

“If there were going to be lawyers there,” he recalled, “I was going to be the biggest asshole ever.” Instead, he found a roomful of PS3 engineers who were “respectful,” he said, and wanted to learn more about how he had beaten their system.

See this is the thing. At an engineering level there was an enormous amount of respect for what he achieved. At a social level though, he's an asshole, but even then, you can understand that, because he's also a bright kid. Many of us were horrified by what he was doing, not just because we would have to clean up the mess, but because we were concerned for what the lawyers would do to him.
posted by inpHilltr8r at 11:01 AM on May 1, 2012 [2 favorites]

delmoi: "Either way, he didn't actually violate the DMCA - because he didn't release a circumvention tool."

He should've gone old school and sold t-shirts.
posted by mullingitover at 2:32 PM on May 1, 2012

Ryvar: "I just don't get why people wouldn't exercise just a tiny bit of discipline in order to not get caught. I really don't."

Kids these days, they've got it so easy...
posted by wierdo at 5:05 PM on May 1, 2012