It has now been over 3 weeks since the PlayStation Network was taken down by Sony due to a hacker incursion that has made headlines worldwide. The loss of personal data, the potential leak of credit card data, the lack of security and seemingly slow response from Sony has gamers, developers and privacy experts alike all calling for blood.
There's talk of developers abandoning Sony's platform entirely due to losing a lot of revenue and retailers aren't exactly making a case for consumers to stick with the PS3 as opposed to the competition.
Factor in that the Xperia Play doesn't seem to be shifting games and things are looking pretty bad for Sony. Is this the end of the PlayStation 3? Can Sony recover from this any time soon, if at all? Well, if any company can come back from the brink, it's Sony - and history will show you why.
Time for a History lesson.
In order to see why Sony can easily turn the tide of negativity, you only have to look back in time a couple of years. The PlayStation 3 has not had an easy life. Way back when it was announced in 2005, it came under fire almost immediately. The 2005 E3 expo didn't have a single playable PS3 console. There were some great tech demos, but it was all running on developer kit. Sony can be forgiven for this, though, it was early days and there would be plenty of time for demonstrations later. This isn't what got people riled up though, although one could argue that if there was a playable console it would be different, as then people would actually get to use the thing that they immediately decided to hate - the controller.
The original design for the PS3's controller is very different to the device we eventually ended up with. Every time a discussion comes up regarding the Sixaxis or controllers in general, this image is never far behind. People immediately hated it without reservation, despite the fact that very few people ever actually used it. Sony probably spent quite a bit of money researching ergonomics to design a really comfortable controller but because it looked a bit funny, people didn't want it. The "Boomerang" controller lived up to its name - by flying straight back into Sony's face. Sony had to do something quickly and just a year later at 2006's E3, they announced that the boomerang controller had been scrapped in favour of the Sixaxis.
On paper, this was a good move. Nobody wanted the boomerang controller, so why not give them what they really want? The exact same design of controller that has become an icon for the PlayStation brand. It gets better - throw in motion controls, that way they're getting the controller they want with the addition of a state-of-the-art feature, as well as the bluetooth wireless. What could possibly go wrong? Sadly, many people didn't see it that way. While nearly everyone was glad to have the DualShock design back, many people weren't that impressed with the additional motion controls - after all, Nintendo had been talking about that for nearly a year by that point and even had a controller design specifically to take advantage of it. Sony's take seemed somewhat tacked-on and many people were eager to shout "copycat!". In fact, if you watch the press conference that unveiled the Sixaxis for the first time, you can hear the audience cheer when they're told the boomerang controller was dead, yet stay almost completely silent when the motion controls were revealed. Nobody was impressed and when people found out that they'd have to sacrifice vibration as well, the whole thing fell flat on its face - and that was just the controller, the rest of the press conference didn't go well, either. This video may well be pure trolling, but it gives you an idea of how much flak Sony was coming under and why. People could live with the controller. I mean, hey, it was still basically the same excellent pad the PS2 had, but there was other issues with the console, first and foremost being the price - $599.
The cost of potential.
$599. That number will probably haunt a few executives at Sony for a while. For the same cost, you could buy both an Xbox 360 and a Wii. Yet even at this price, Sony still lost money on the console. No matter what way people tried to swing it, it was expensive. Sure, you got value for money - it was a Blu-ray player, it played all your old PS2 games as well as the latest and greatest PS3 games, it had a web browser which effectively meant that it could replace your PC if you wanted, you didn't need to buy any accessories like wireless dongles or charging cables and so on. You certainly got your money's worth out of that $599, but that didn't necessarily make the thing affordable to many. All this when a single console wasn't even on shelves yet - and then came the "worldwide launch".
When Sony first announced the PS3, they promised a worldwide launch. Well almost, there was to be a 6 day gap between Japan and the rest of the world, but hey - that's still better than the usual 6 months-to-a-year before everyone else gets it. Alas, it wasn't meant to be. Due to shortages of essential components, namely the optical diode used in the PS3's Blu-ray drive, Sony couldn't produce enough for a worldwide launch and had to delay Europe's launch by 4 months, crucially missing the Christmas period by an entire quarter.
When the European launch came, it didn't go well for Sony there, either. There were still huge shortages of the console in the US, while European retailers were having trouble shifting their stock. Normally when a console launches, especially a console as big as the next PlayStation, you get 2 occurrences - stores selling out everywhere and eBay being flooded with consoles that have a huge markup on them. In the PS3's case, the opposite happened and many eBay scalpers made a significant loss. Society may have won a small victory here, but at Sony's expense.
Cutting that expense.
The last games console to launch with a huge asking price was the 3DO and that didn't fare well at all. Sony realised they had to do something and quick. A couple of years later, Howard Stringer, the CEO of Sony, would eventually admit that the PS3 was, as he called it, "on life support" and he wasn't kidding. Sony had invested millions into the PS3 - from the design of the CELL, to losing money on each unit sold, the PS3 had to be a success. There was also the small matter of Blu-ray having to duke it out with the now defunct HD DVD - quite a lot rested on the PS3. If the PS3 failed, not only might it have taken down Sony's Computer entertainment division, it could have taken Blu-ray with it, so the stakes were pretty high - and this was to be the first of their "Epic Saves".
The main, key thing hampering the PS3 was quite simply the price. Costs had to come down and fast. The most expensive component was the Blu-ray drive, but since the games came on Blu-ray disks and the format itself meant a lot to Sony, removing it simply wasn't an option. Cost-cutting had to come from other areas. The very first thing to go was the 20Gb model - savings could be made by just producing one type and it was the version that lost Sony the most money anyway. You can tell that this decision was made pretty quickly because the 20Gb model never even reached Europe.
The next thing to go was Backwards compatibility, or at least partially. Inside the launch model PS3's, there are 2 main components from a PS2 - its CPU, known as the "Emotion Engine" and its GPU, what Sony dubbed the "Graphics Synthesiser". Any PS2 game running on one of those PS3's may as well have been running on an actual PS2 as more or less the same hardware was in use. Incidentally, this is why there were reports of PS2 games not looking all that great - they weren't really running on a PS3, they were running on a PS2 inside a PS3. Still, Sony quickly started removing non-essential components and the Emotion Engine chip was next on the chopping block. This batch of PS3's were still backwards compatible thanks to some software emulation, but the number of games that actually ran correctly dropped sharply.
Before long, the GS would be removed and with it, backwards compatibility altogether. In an almost ironic twist, the eBay scalpers from the PS3's launch could have made it big with a little patience as the original launch PS3's can be highly sought after simply because they can run PS2 games. It made perfect sense for Sony - after all, they're essentially removing the cost of an entire PS2 unit and at the same time forcing people to go out and buy those lovely new PS3 games instead of hunting the used games lot for bargain PS2 classics. Internally, the PS3 also went through several revisions to reduce costs.
This paved the way for the first real game changer - the 40Gb PS3. Sure, it didn't have the memory card reader, it couldn't play PS2 games, it had a smaller hard drive and only 2 USB ports, but it was a staggering $200 cheaper than the 60Gb version and still did all of the important stuff you'd want it to - play high-definition PS3 games and Blu-ray films. Now the PS3 was affordable - and it sold like hot cakes.
While many speculated that, due to the initial high price of the PS3, most people would opt for an Xbox 360 instead, one thing they underestimated was the size and loyalty of the PlayStation fanbase. You just have to take a look at almost any gaming focused website, particularly when a piece of news is somewhat negative towards Sony, to see just how passionate and devout this group can be and Sony owes quite a lot to them for keeping the console alive in those early, dark days.
And it was all going so well...
A few other issues nagged at the PS3 during the first few years. The most apparent were the numerous multi-platform titles that looked noticeably worse on the PS3 when compared to the 360 version, sometimes made slightly more embarrassing when the PS3 was meant to be the lead platform. Sony quickly stepped in and upped their developer support, producing better tools, documentation and help for those developers that struggled with the PS3 at first. As time would go on, the difference between PS3 and Xbox 360 titles narrowed more and more and then Sony had something to try and tip the balance - fantastic looking exclusives. Metal Gear Solid 4, Uncharted 1 and 2, Gran Turismo 5, Killzone 2 and God of War 3 just to name a few. Every year Sony proved that they were capable of pushing out high-quality, great looking games that would make any 360 owner jealous. It didn't matter if some multi-platform titles looked slightly better on the 360, the difference was narrowing and the exclusives more than made up for it. So what went wrong this time?
It didn't take long for the Xbox 360 to get the unwanted attention of hackers. In fact, it was only a few months before the first hacks came out allowing piracy on the console, hacks that continue plague the console to this very day, with Microsoft and pirates involved in a constant cat-and-mouse game of updates and bans. With the PS3 struggling at first, piracy could have seriously hampered the console's growth, similar to what happened with the PSP. Luckily for Sony, hackers didn't seem to take much interest in the PS3, or as some people preferred to believe, that the PS3 was "unhackable". Then came along an Apple fan called George. Sort of.
Those dastardly hackers!
Over the years, Sony had improved the manufacturing process of the PS3 so much that the internal components of the PS3 began taking up less and less space. Eventually and after months of speculation, Sony launched the PS3 "slim" models. Smaller, cheaper versions of the PS3 that did everything the "fat" versions did. Well, almost everything. There was one, teeny tiny feature removed that most people wouldn't even notice - "OtherOS". OtherOS was the option that allowed users to legitimately install Linux onto their machine. It may have been somewhat restricted, but it was Linux none the less and that was good enough for anyone that wanted it. The official reason for Sony removing OtherOS was to save on development costs, which is probably somewhat true. It's also true that it would stop people from buying thousands of PS3s without intending to buy a single game for them, but hey it's a games console, it's meant to play games, right?
Well, having heard this news, one George "Geohot" Hotz took it upon himself to investigate. George made a name for himself in the iPhone hacking scene and his ego knows no bounds, doing the impossible by "hacking the unhackable" would certainly message said ego and clearly the man couldn't resist. In just over a month, George hacked the PS3 wide open! Or so he would like you to believe. Yes, George did hack the PS3, but it wasn't all that it was made out to be. The "hack" required you to solder a couple of wires onto your PS3, connected to an external device and then through some trial and error, would cause the PS3 to boot into OtherOS with some of the normal restrictions removed. Essentially, it allowed anyone to poke around inside the memory of the PS3 from within Linux. It did not, however, allow anyone to run pirated games. Nothing could be done from inside "GameOS", as everything running there has to be digitally signed and such, nor could anyone flash any kind of custom firmware for the same reasons. OtherOS itself isn't capable of directly running PS3 games.
In what must have been a panicked move from Sony, OtherOS was quickly removed from all PS3's as part of firmware 3.21, slim and fat alike, despite promises to the contrary. Future games would require the latest firmware update, as would PSN, so everything was neat and secure. Worst case scenario is that someone will figure out a way to pirate games that run on firmware 3.15 and below, but the future games would never work thanks to encryption. Sure, it really annoyed a lot of enthusiasts everywhere, but that's fine, the important thing was that the PS3 was secure once more and this little glitch was nipped in the bud. Another Epic Save from Sony? No, we all know what came next...
This tiny, harmless looking device caused quite a storm when it appeared a few months after everyone forgot about George Hotz. It almost seemed too perfect, too staged - plug this little thing into your PS3 and suddenly, you can "backup" your games to the hard drive and, crucially, play them back from it. Except it wasn't a hoax, like the many that had graced the PS3 scene over the years. Sony's worst fears had finally come true - piracy on the PS3. It gets worse, too, the dongle worked on the very latest firmware at the time, 3.41, with no Linux or OtherOS required. Not only had Sony abandoned OtherOS, irking some very smart and dedicated hackers and garnering a lot more attention from them, it turns out that the move didn't stop a thing.
Despite what many people believe, the dongle wasn't actually a clone of an official service jig that Sony used. It used a genuine exploit in how the PS3 handled USB devices to turn on "debug mode". Aside from enabling sheer piracy, this allowed homebrew to be run on the PS3 as the digital signature checks are disabled, giving unprecedented access to the inner workings of the device.
Sony were quick to file lawsuits where they could to prevent the distribution of the jailbreak device, but it was far too late. Enough of the devices got into the hands of the kinds of people they annoyed by removing OtherOS which allowed them to reverse engineer it and port the code to other devices. Soon, the "PS Jailbreak" could be run from all kinds of devices, from mobile phones to calculators, as well as various clone devices.
Sony didn't hang around, though. While the lawsuits were in progress, a firmware update was pushed out which plugged the hole the PSJailbreak used. Later, a method would be released that allowed people to downgrade their consoles back to 3.41, but all Sony had to do was once again ensure that future games were encrypted for 3.42 and above, as well as lock out PSN to anyone that hadn't upgraded. A bit of a save there, but perhaps not quite the epic one they would have liked.
I wonder, then, if anyone at Sony, if some lone engineer somewhere had an idea as to what was going to come next. Did anyone see it coming? Did anyone warn of it, only to be shot down by bureaucratic corporate executives and red tape?
Public Private Keys.
It's December 29, 2010. The annual Chaos Communications Congress is in full swing and a little trio of hackers, none of which are George Hotz, are about to unleash hell for Sony - Public Private Keys. As it turns out, Sony made a massive error with their cryptography. It really is hard to emphasise just how massive this error is, the term "epic fail" seems justified. The error would allow people to mathematically work out the private keys Sony used throughout the PS3. This would mean that the whole digital signature element of the system fell apart. With this information, people wouldn't need a dongle to run homebrew, the PS3 would quite happily run it thinking it was legitimate software. Worse still, custom firmware was now a distinct possibility and it would install straight off of a USB stick as if it were an official PS3 update. Not only was it possible to pirate on the PS3, it was extremely easy and didn't cost a penny to do so. Things looked bad - the PS3 had been utterly compromised. Everything could be decrypted, so even if a firmware update was released, what was to stop hackers from decrypting that and modifying it to disable whatever new protections Sony added?
The software on the PS3 is made up of several systems. When you turn your PS3 on, it doesn't immediately start booting the XMB. In the background, various subsystems start up and initialise the next one. This is actually quite common, particularly on games consoles and is known as a "chain of trust". The idea is simple - you start off with a hard-coded piece of code. This can't be changed by anyone, not even yourself and all it does is verify that the next bit of code is legitimate. It's stored deep within the PS3, in a place you just can't get access to. That way, even if someone were to hook up a device to the PS3's internal flash memory and rewrite it with their own code, the PS3 will refuse to run it because that first loader ensures that it's all legitimate. It's a pretty solid idea - you can't change the very first link in the chain and it ensures the next link is authorised and so on, but it does require your private keys not being known.
The team that revealed Sony's gaff with their cryptography, collectively known as fail0verflow, knew this and specifically did not release the keys that would allow people to compromise this system. After all, they were only interested in restoring Linux back to the PS3 - all PS3's and the next day, showed a demo of Linux booting on a slim PS3. Geohot, on the other hand, used the knowledge from fail0verflow's presentation to find what was known as the "metldr" key. This is that one step on the PS3 that simply cannot be changed, that first link in the chain, which is why many believed the hack to be un-fixable without releasing a new PS3 model. There's quite a few different keys and definitely quite a bit more regarding custom firmwares, but this article is long enough as it is.
Sony's response by this point was predictable - lawsuits, lawsuits and more lawsuits. Somehow, Geohot became the face of this PS3 hack, but in reality it was several different people that did the leg work, he was just happy to have people swooning over him. The fail0verflow team went pretty quiet while Geohot garnered even more attention to himself. Still, the lawsuit against Geohot combined with the existing lawsuits against Sony for removing OtherOS did raise one interesting question - who owns your PS3? You bought it, so surely you do, right? But then, does that mean you can modify the software on it? The software that Sony owns? Is George Hotz an evil hacker or is Sony a big evil corporation that's picking on the little guy? That's a question with no real right answer, but it certainly riled a few feathers.
Sony needs another Epic Save.
2011 didn't begin well for Sony. Their previously unhackable console was suddenly becoming one of the most hacked consoles out there. Their private keys were out in the open, despite numerous gag orders and lawsuits, what could they possibly do? As it turns out, quite a bit.
In came another firmware update, 3.60, except this time the encryption was done correctly. What's more, somehow they figured out how to package it in such a way that it couldn't easily be decrypted. Even better, they managed to secure their chain of trust. Previously, the chain was a series of loaders, but Sony realised that there was one tiny area of the PS3 that hackers didn't quite have access to and that was all they needed. The new loaders were repacked inside this one secure area and the PS3 was secure once again. One of the hackers who originally became known for porting the PS Jailbreak dongle to Nokia phones, KakARoToKS, was impressed and he described the whole thing as an "epic save". There's probably enough information and knowledge out there to eventually decrypt this and create a 3.60 custom firmware, but as yet this hasn't happened. Once Sony booted custom firmware users off of PSN, everything was looking good. Similar to before, anyone that stuck to older firmwares could pirate games up to that point, but newer games would be encrypted for 3.60+ and thus be unplayable without upgrading.
But what about that other guy...
Geohot and the fail0verflow guys weren't the only people investigating the PS3. As the information became available, more developers started to come out of the woodwork. Some were interested in custom firmware to allow for the pirating of games, while others were more interested in the Linux side of things. One developer in particular was very interested in getting Linux back onto the PS3. His name was Aexander Egorenkov, but most people knew him as graf_chokolo. This man didn't seem to be seeking fame or fortune. In fact, he went unnoticed for quite some time as he originally started posting on a comments section of a different hacker's blog. Still, as he posted more and more information, people started to take notice. People like Sony.
Despite the fact that the PS3 was once again "secure", Sony didn't like the idea of someone doing yet more research into their system and, with the help of the German authorities, raided his home. Anyone else would have called it a day and taken their chances in the courtroom. That's what Geohot did, but not this guy. First, he released all of the information he had and then he continued working on the PS3 as if nothing had happened. It came as no surprise, then, that his home was raided a second time, only this time Sony threatened him with massive fines if he didn't cease everything immediately. While Sony tried to portray all this legal action as defence against evil, malicious hackers, some people were beginning to see Sony as the evil ones, not the other way around. Then something happened that nobody really expected.
...and what about all those guys over there?
Somehow all of this caught the attention of an unlikely crowd of people. If you can call them people, that is. Some people call them a "hacker group", some people call them terrorists, other people call them script kiddies. Whatever they are and whoever they are, they involved themselves in the whole ordeal. They, or someone purporting to represent them, released a statement saying that Sony had their undivided attention. While I'm sure Sony was effectively quaking in their boots, the sum total of Anonymous' efforts were a bit lacklustre. They tried to take down the Playstation Network for a couple of days, but this just annoyed actual gamers and after Sony got more bandwidth, it didn't really change much. Then came the Sony store protests, except Sony just closed a few stores for the day and the whole thing was a bit of flop. It would seem that Sony aren't the only group capable of failing.
Things weren't looking too bad for Sony. They may have been slightly embarrassed at the whole store closure thing, but they can be safe in the knowledge that there was plenty of embarrassment to go around. In the meantime, Sony settled a few lawsuits and things were starting to get back to normal.
Then it got bad. Then it got worse. Then it got even worse.
On the 21st of April 2011, the PlayStation Network went down for the second time this year. Except this time, it wasn't a bunch of script kiddies doing the equivalent of repeatedly pressing F5 that took it down, it was Sony themselves. Something went wrong and Sony decided to take just a couple of days to figure it out before restoring the service, or so they said. That "day or two" turned into a weekend and not just any weekend, but the Easter weekend. People weren't happy, particularly as it was a weekend when many people had an extra day or two off of school or work which would normally be used to catch up on some essential gaming. It's ok though, it wouldn't be the first time that a games console's online facilities went down during a crucial holiday period, plus how bad could it really be? As it turns out, about as bad as it gets.
The PSN wasn't just taken down for emergency maintenance due to a blown fuse or a dying hard drive, it was taken down because it had been hacked by someone. Someone, who to this day we still don't know the name or whereabouts of. Sony seems to think that it might have been Anonymous, while they themselves deny all involvement. Still, all that bad stuff that happened to the PS3 before - from the poor initial sales to the custom firmwares enabling mass piracy - never generated as many headlines and news stories as this.
It was international news - personal details of 77 million people had been stolen. At the time, Sony wasn't even sure if credit card details were part of that information or not. What started off as a bit of an inconvenience for PS3 owners now ballooned into a much more serious issue. People started asking questions and information slowly trickled out from Sony about what has actually happened. As of the time of writing, it's still very much an ongoing investigation, but many people seem to think that it all stems from the PS3's security being compromised. In the past there had been a few rumours that the PSN security wasn't all that great and now it would seem that this is the case. Some people are also asking why this happened and while any theory is a viable one, people have been quick to point out that the more Sony targets hackers with lawsuits, the more things seem to go wrong for them.
To kick Sony while they were down, it was later discovered that another area of the company had been compromised, namely Sony's Online division, SOE. This time, another 24 million people's details were taken and, crucially, a credit card database that wasn't encrypted. This brought the total number of people's personal details that were compromised to over 100 million.
All is not lost.
So what happens next? Well as of the time of writing, the network has begun to be restored and assuming there aren't any more attacks against Sony, people should have the service back in their area soon. Still even with the service fully restored, Sony has a lot to make up for. There are two groups of people that will demand recompense for the whole ordeal - gamers and game developers.
Gamers are obviously concerned about the loss of their personal details as well as being unable to use any online component of their console, and Sony have already promised to give free identity theft protection to everyone, as well as a couple of free games. This will never please everyone, but it'll certainly go a long way towards making it up to people. Plus, as we've already discovered, the PlayStation fanbase are a loyal bunch and, apparently, they aren't abandoning the platform just yet.
Game developers and publishers have a lot more to be angry about. For many, PSN is a critical source of revenue and while it was down, they were not getting any of it. Furthermore, any game released while PSN was down will suffer greatly due to people not being able to enjoy the online component - and online is a pretty big deal these days. Plus, the PSN release schedule is decided pretty far in advance. What if you're an indie developer and your game was due out last week? What about all the money you've invested into marketing that title to be released then? All that money has gone to waste. Sony has at least promised to help with marketing costs for anyone affected, but it still wont be easy. There's a reason game releases tend to be staggered and don't all come at once - too much competition. What's going to happen to those titles now? Will there be a free-for-all with all those titles that should have been released all being put on the store at once, or will Sony delay releases through the summer, annoying even more developers for the sake of those that should have already had their titles released? In either case, people are going to lose money.
What Sony does for developers and publishers alike will probably be done on a company-by-company basis and stay between Sony and them. Bigger companies like EA and Ubisoft will be able to squeeze a lot more from Sony than smaller developers like Q-Games, but you can bet that it'll be a combination of free marketing and reduced publishing fees. For example, Sony normally takes a cut of every game sale on the PSN and for a while, they may decide to reduce that cut or even waive it entirely. They might skip a cut now for fear of costing themselves too much money in favour of offering reduced publishing costs for future titles, encouraging people to stick with PSN for the long run.
Whatever Sony ultimately decides to do, as each day goes on it seems less and less likely that they'll be able to pull off an "epic save" and more likely that they'll just be able to save face. The whole ordeal, though, doesn't put Sony in any worse a position than they were a couple of years ago. At the end of the day, there's still 50 million PS3's out there and so for developers, there's still a massive market to appeal to. Even if a few million PS3s end up in used electronics stores, someone will pick them up. It's too far into the console's life span for something like this to kill it off.