IE 11 is not supported. For an optimal experience visit our site on another browser.

Failure to understand hackers led to Sony security woes

The exploits of the hacker known as Geohot have been in the news for years, but to people outside the world of tech it has been more like a series of isolated events than one cohesive story. A new account by The New Yorker adds little information but binds the last five years of hacking into a single thread, showing convincingly that what has contributed most to companies' security woes has been an inability to understand the motivations of those who hack.

Sony has been a favorite target for hackers recently, and it all started when George Hotz, a.k.a. Geohot, opened up a PS3 to new uses. He wasn't sticking it to the man -- this kind of "jailbreaking" is a time-honored tradition among hackers, the epitome of man vs. machine.

"It’s competitiveness, but it isn’t necessarily competitiveness with other people," Hotz told the New Yorker. "It’s you versus the system. And I don’t mean the system like the government thing, I mean the system like the computer. ‘I’m going to stick it to the computer. I’m going to make it do this!'"

Sony had repeatedly trumped the PS3's security, yet Hotz cracked it in a month. They retreated and restricted what the device could do, and he cracked it again, but faster and better. Each round of patching led to increased righteous indignation among a noisy but small group of users. Eventually, though, that group took matters further, launching an all-out attack on a company they now considered an oppressor. Soon, websites started crashing and the PlayStation Network and other Sony online services were breached. 

What began as a spat with a single tinkerer ended up costing the company potentially hundreds of millions of dollars, not to mention quite a bit of credibility, as anonymous hackers spent the next year attacking them and the highly public legal battle with Hotz grew into a David vs. Goliath situation.

Hackers didn't break into PSN to collect credit card numbers, they did it for two reasons: first, to protest Sony's handling of the PS3 jailbreak patch and to make the company realize that its boasting was far from justified. Second, for fun. Hotz says: "I don’t hack because of some ideology. I hack because I’m bored."

It took a long time for Sony to do what they probably should have done in the first place: Call up Hotz and ask for his help. Facebook, quicker to seize on the opportunity a talented hacker like Hotz offered, had already employed him for eight months. If you can't beat 'em, join 'em, they say -- or if you're a billion-dollar company, make 'em join you.

What hackers like Hotz represent is the future; they may be super-advanced users today, but in a few years their needs and wants will be mainstream. Who would have thought that hackers' wildest dreams in the early days of Playstation, of streaming video and installing Linux, would become standard features? Hackers see these needs before their peers, and using the skills they've learned as digital enthusiasts, they supply for their own demand.

If companies like Sony recognize these prodigal sons of skill and foresight as the jewels they are, and not as vague threats to be put down, they might not only avoid some expensive troubles, but they could improve as a company and provide better for their customers. The story of Geohot and his peers shows this clearly, and hopefully that lesson is being learned in the tech industry at large.

Geohot once wrote on his blog that "Hacker is to computer as plumber is to pipes." People learned a long time ago to remain on good terms with their plumbers, mechanics, electricians, and so on. They're learning that it's just as important to be on good terms with their hackers.

Devin Coldewey is a contributing writer for msnbc.com. His personal website is coldewey.cc.