Sony Can Collect IP Addresses of PS3 Hacker's Site Visitors

March 7, 2011

I'm no lawyer, but this seems a bit frightening. As the story goes, a well-known hacker named George Hotz—also known as GeoHot—figured out how to "jailbreak" Sony's PlayStation 3 video game console. The trick essentially lets PS3 owners load alternative operating systems or run games that haven't been sanctioned by Sony on their consoles. This includes pirated games.

Hotz made this jailbreaking software available for download on his personal website, and Sony brought legal action against him. However, Sony has also recently been granted the legal ability to collect the IP addresses of anybody who's visited Hotz's website since 2009.

According to Wired:

"Bluehost maintains Hotz's geohot.com site. The approved subpoena requires the company to turn over 'documents reproducing all server logs, IP address logs, account information, account access records and application or registration forms' tied to Hotz's hosting. The Bluehost subpoena also demands 'any other identifying information corresponding to persons or computers who have accessed or downloaded files hosted using your service and associated' with the www.geohot.com website, including but not limited to the 'geohot.com/jailbreak.zip file.'"

So even if you merely visited Hotz' site between 2009 and present day, Sony can apparently get access to your IP address. I've visited the site since then for sure, as have plenty of other tech writers.

More: http://techland.time.com/2011/03/07/sony-can-collect-ip-addresses-of-ps3-hackers-site-visitors/

n/t

If this thief were stealing cars and stripping them down or reselling them, we wouldn't care that they arrested him. But, he is stealing software and reselling it, and we should be concerned about his privacy? I don't think so.

I applaud his dissemination of knowledge. Stop being a corporate tool. A very strong libertarian argument can be that you can do whatever you want with your tangible property that was bought and paid for.

Am I a thief for having ROM images of games I purchased 20 ago years sitting on my hard drive right now?

clever people doing clever things with the playstations they own. Why are you against this man?

People are always above corporations.

This NASA project will no longer function with the latest firmware update from Sony...

http://en.wikipedia.org/wiki/PlayStation_3_cluster

But it would with the exploit exposed.

Next we will criminalize case-modding because it doesn't capture the original spirit of Sony's vision!

GeoHot did not steal any of Sony's software. When the PS3 was released, Sony allowed users to load alternate operating systems on the units (like Linux). Recently, Sony decided to remove that option within a firmware update. This option was marketed as a selling point in Sony's literature!

This is no different than if you bought MS Windows and a forced update is applied on patch Tuesday that makes it so your computer can no longer play music CDs. Did Microsoft claim that Windows could play a music CD when you purchased the product? Yes.

Now, imagine if someone wrote their own software that would add that functionality back into Windows, and Microsoft attained a court order to determine, not only the people that installed this new software.. but also ANYONE that visited the software site... the developer's twitter account... the developer's blog... etc...

To put this a little closer to home... Let's just say Skinner made a post on here that some company didn't like. Since you have visited this site, and in no way participated in Skinner's post; That company should be able to attain your personal information, IP addresses, donations, etc????
No way. That is insane! And if you feel OK about giving up your personal liberties, well I guess you must be OK with killing all collective bargaining rights as well. Hell, why not give all your personal health records to the insurers while we are at it! When does it stop?

Well said (and explained)

This is pure insanity.

I despise Sony and wouldn't own anything they produce. It wouldn't surprise me that they were crapping themselves over nothing. However, if he's up to more than that, he doesn't have much of a case.

As for the distribution of IP addresses -- again, it depends on what was going on. I have a strong hunch that it was more than some innocent programming.

So even though he was not tried or convicted of anything... he must be guilty?!? Because of a hunch? WOW. Fuck due process!

Sony is stating that with his code.. it exposes a flaw in their system that would allow others to play games that they did not purchase.

Surprisingly, Google rewards people to find flaws in theirs, with cash payouts!

Guess it is so much easier to criminalize someone else for your own faults.

You posted an opinion question; "Is that all he is doing?"

If that is your opinion, then the question is connotative to your belief that Sony has the right to illegal search and seizure to "prove" any wrong doing?

This is why I have such a problem with the Digital Millennium Copyright Act(DMCA). An intellectual property(IP) owner can claim a violation without any proof. A simple example of this is eBay and their forced compliance through VeRO and DMCA Takedowns. This program forces eBay to remove listing of products... new or used... because you are selling a product at a cost that is lower than the manufacturer's suggested retail pricing. Even if you can prove authenticity of the product, there is no penalty for the manufacturer to VeRO any item that would interfere with their ability to sell at a higher cost. Simply put, if you buy a product.. there is a chance that you can never resell it. Hope you like your current car, you could own it for life.

My question is: Where does this stop? Because you are member of DU, does your current Republican Governor have the right to issue a search of your house to see if you are trying to overthrow the government? It's a slippery slope, and I am very passionate about not giving up any of my rights... once you give up one right, then that opens a door for another to be taken away.

Sorry... I don't "relax" on issues like this, for YOUR benefit.

He decompiled their security software and stole their key. He then packaged it to allow people to steal and cheat. He then bragged about it... hell, he put a video staring himself on youtube bragging about it. I think Sony has the right to gather the proper evidence against him. They are doing everything by the book. I also think that the court of public opinion is pretty safe in saying he did it, his own admission is enough for me.

Why do you keep supporting this asshole?

Even if they had nothing to do with the stealin, stripping down or reselling them?

Privacy rights disappeared with the collapse of civil liberties post 9/11, and the end of privacy was finally enshrined in the Patriot Act. What's going on now is just tidying things up.

Anonymity can still be achieved, but it isn't easy. Anyone who values their ability to engage in anonymous free speech online, and online free association, really needs to take time to sort through the technology of anonymity.

Doing this now would not be too soon. The brutal and over-the-top reaction of the MIC to Wikileaks makes it clear that no-one should assume that what remains of their First Amendment rights will remain intact in the future.

Make it more difficult and expensive for Sony to determine who is actually there that own Play Stations.

Are they thinking they can somehow profile IP addresses and PS3 users? That'd be really something to behold.

Since web logs store source IP addresses and I am certain that the PSN network saves their connection logs as well...

It would be a simple task to match PSN login/logoff IP timeframes against GeoHot's page hits...
Trace the PSN user account back to the IP match.
PSN Account usually has email and credit card information associated.

This is VERY simple! The more data, the better the match outcome.

How many people are going to get false positives over this shit?

Even more of a reason to not allow Sony access to it.

div style?

edit: it's random. snap you can run js in signatures? that's crazy

it's an exploit. and if you read it.. you are opening up yourself up to the wrath of the US Judicial system.

Nicely done. ;D

just because i showed you it CAN be done.. don't go using it for bad things! ;)

This douchebag did this for one reason and one reason only... He was trying to get a job with Sony and when they told him to fuck off, he released the codes into the wild. He knew full well that it would result in stealing of software and massive hacking. Hacking on a scale never seen on a console. Hacking that not only gives the ability to make ones own character superior but to alter and destroy other peoples characters (I know for fact, two of my games online components and characters have been destroyed). His whole story about "homebrew" is total and complete bullshit, anyone that wanted to do "homebrew" had only to not upgrade to the latest firmware, this is common knowledge in PS3 circles and was told to everyone before they upgraded their firmware.

He is a lying piece of fucking garbage that knew full well what he was doing and did it only out of spite. Fuck him and fuck all the assholes that are ruining online gaming.

Bottom Line - Support this asshole and you support theft, no two ways about it.

My cursory research into his biography seems to show him as a pretty gifted individual who has earned his share of accolades.

He asked for the job on his own website before releasing the key. Do some further research, go look at his site (I won't link to it here).

In terms of the homebrew still being available... let me see...

http://en.wikipedia.org/wiki/PlayStation_3_system_software

See 3.21 - It was the firmware upgrade that dis-abled other OS (this allowed homebrew). All one has to do is stay pre-3.21 to still do homebrew.

As for other people being hacked and having their characters destroyed, you can find it in almost any gaming forum, here is Infinity Wards statement on it (they are being hit hardest):

http://www.ggsgamer.com/2011/01/17/infinity-ward-blame-sony-for-mw2-hacking-outbreak/

The douchebag knew full well what he was doing, he is no noble hacker, he is a douchebag that fucked things up for millions. Fuck him and anyone that supports him.

You cannot play any games through PSN. Meaning it is a forced upgrade. Does Sony offer a way to downgrade your system to 3.1 in the even you want to run Linux??? Yeah, didn't think so, who's the real douchebag?

The fact is, this is used not for homebrew but for cheating and stealing. Any other attempt at justification is bullshit.

Try looking.

Find me a link to a SECA sanctioned method to downgrade. So, as long as an exploit benefits you, then it's ok?

One is a tool that lets you adjust settings and software versions. Not a problem. The other lets you hack into other peoples hard drives and also steal software. Big problem.

Do you support stealing and hacking other peoples hard drives? goehot does because the asshole released it with the software required to do it.

that by me changing my firmware... I can tunnel through the PlayStation Network into your hard drive in your PS3 and read and write to your hard drive?

LMFAO.. er... *deep breath*

...and you actually hold a position in the IT field, and get paid for it???

You do not seem to know very much about this for one that is supporting this guy.

What having this key and software does, is allow you to run any program you want on the PS3, without any verification on if it is legal/authorized or not. This allows people to bring up any app they can write or find (someone else writes it). The applications can be made to do pretty much anything and since it runs through a game, your PS3 does not see it as being wrong and allows it to do what it wants. Once one has the key, none of this is very complicated, your lack of knowledge about computers makes it no less possible or difficult.

The most often used hacks right now are hacking both the MW2 servers (gods yes, they get into them also) as well as peoples PS3's. Do a little google on the problem to see how many people have been hit by this. Where do you think my character data lives, on the hackers PS3?

Why are you supporting this asshole? He is not doing some noble service... No one was being prevented from doing homebrew... He released a theft/hack ready tool into the wild.... It's claimed noble use is a bullshit fantasy for something that already existed, done only to get sympathy... Why the fuck would anyone support a douchebag like this?

You had to buy the first couple of million PS3s to do it, and then, you had to have one with outdated firmware. Let's not be apologists for dirty corporations, shall we? PS3 Slim was said that it could not run Linux, well the same hackers being sued released a USB stick that would automatically run Linux on PS3 Slim without any of Sony's firmware.

Lets also not be apologist for douchebags that commit crimes and hack other peoples systems.

Also, Sony explicitly said the model would not do any other OS, it was not an advertised feature. They are also well aware of the various apps that will let people install different firmware and run any other OS on the slim and they are not going after them. They are going after the guy that broke into their security software and distributed it ready to let people play illegal games and hack other peoples PS3's.

Why defend that guy?

But you knew that.

See the entire PS3homebrew github.

...creators of these hacks to prove a point. They will never ever be able to take the hacks out from the wild. I assure you that if they could, they would. But they've chosen to go after the enablers (the people who made the downgrade possible, btw) so that in the future people will think twice about freeing their hardware up.

Yes it allows you to run "unsigned" code on your PS3. All signed code does is validate the owners identity. By me installing this code on my PS3, does not give me control over your PS3. If you installed this code and then downloaded my code and ran it along side of a game your were playing, only then could it intercept the data channel between your PS3 and the hosting servers. It does not execute anything on the servers.

The only thing it could potentially do is monitor other players locations and craft in-game exploits to gain advantages over other players... things like Auto-Aim and Secret Revealers. So in other words... it cannot access your hard drive. it cannot run crap on the servers. it can only give you an in-game cheat. This gives them an unfair advantage over you.

Since the PS3 can only run signed code (licensed by Sony), how could the Average Joe write custom software with the newer firmware? Can't.

If Sony wanted to perform a system check for this exploit prior to running a game... fine, I have no problem with that. Being in software development myself, every programmer knows to never trust data from a client system... all data should be assumed to be threatening until validated by the server endpoint. Read up on XSS and SQL exploits... same thing.

I'm not supporting him at all. I am supporting a community that has invested time into developing software on a platform, an act that was previously applauded by the manufacturer and marketed as a selling point. Now stripped and criminalized by the same entity. I am supporting the person that has had their identity named in a criminal lawsuit only for reading an article. i am also supporting ingenuity by people that care to put forth the effort and release their work free of charge.. as GeoHot did. If it could do all the things you stated... don't you think everyone's credit card information would have been stolen from their PlayStation wallets by now???

Why do you have such an axe to grind... this exploit will only prove to make the platform more secure (once Sony figures out how to plug it). I'm just not willing to give up my rights for illegal search for you to have a character in a game killed by someone with a character that has leveled with an unfair advantage.

Geohot shouldn't be getting the attention he's getting, it should be the other guys who actually reverse engineered the encryption algorithm. Geohot used their stuff to get the master key, it was only a matter of time before someone else got it.

Essentially, the master key renders 60+ million PS3s forever hackable. Forever. All firmwares, hackable.

You are correct when you say what he released does not allow access to other hard drives. What it does do is allow people to run anything they can write or find, it is those programs that can now access other peoples hard drives... make sense?

"The only thing it could potentially do is monitor other players locations and craft in-game exploits to gain advantages over other players... things like Auto-Aim and Secret Revealers. So in other words... it cannot access your hard drive. it cannot run crap on the servers. it can only give you an in-game cheat. This gives them an unfair advantage over you."

You are dead wrong, you really need to go visit some forums and see how many players have had their characters destroyed. The exploits you mention have been around since day one and never needed the key.

"I'm not supporting him at all. I am supporting a community that has invested time into developing software on a platform, an act that was previously applauded by the manufacturer and marketed as a selling point. Now stripped and criminalized by the same entity. I am supporting the person that has had their identity named in a criminal lawsuit only for reading an article. i am also supporting ingenuity by people that care to put forth the effort and release their work free of charge.. as GeoHot did. If it could do all the things you stated... don't you think everyone's credit card information would have been stolen from their PlayStation wallets by now???"

Complete bullshit. Nothing was lost, homebrew could still be done. No CC info could be stolen because it is not kept on the PS3, it is kept on secure servers with Sony.

"Why do you have such an axe to grind..."

Why? Because I write software and it's theft bugs the crap out of me.

"this exploit will only prove to make the platform more secure (once Sony figures out how to plug it)."

No, the PS3 is at the end of it's life cycle almost. What it will do is force Sony to make drastic changes to it's next platform. Instead of relying on security being on the PS3, it will have to be on the servers. This will mean an internet connection required to play anything. It will mean a cost to play anything on-line (in addition to the internet connection). This will also mean that DRM will be a bigger cost to game makers, meaning overall higher costs.

"I'm just not willing to give up my rights for illegal search for you to have a character in a game killed by someone with a character that has leveled with an unfair advantage."

What rights? What illegal search and seizure? And again, you are still dead wrong, not a dead character, a gone character, my hard drive being invaded and corrupted because of this asshole.

So a guy gets a persons data wiped by telling the server "wipe the data." It only proves that the server side security is shit. Credit cards can be acquired through phishing and this is not enabled through the exploit.

And you still don't grasp that downgrading requires the very exploits that you are decrying.

"So a guy gets a persons data wiped by telling the server "wipe the data." It only proves that the server side security is shit. Credit cards can be acquired through phishing and this is not enabled through the exploit."

Thats what I said. They can also access other people PS3's, this is beyond MW though to use it as an example, they are also currently modifying trophy's and other data kept on the PS3.

He said that the security of the server's validation of whom is sending the packets sucks.

It is not accessing your PS3.

They can only modify what the central servers consider to be geniune data. So if you log in to a hacked lobby and you have some trophies unlocked, the hacked lobby will tell the central server that you don't have any trophies unlocked, and the central server stupidly agrees and just wipes your data from their database. This is not the same as "hacking in to your PS3 and getting your credit card information" or whatever other paranoid garbage you're thinking.

http://www.infinityward.com/forum/viewtopic.php?f=28&t=371760

"Sony has recently acknowledged a breach in security on the PS3 which has resulted in the hardware and its games to become exposed to exploits and hacks"

Sony admits it, so stop that mis-information

Sony admits it allows access, please present your evidence it does not.

You have not provided such evidence. Read your own links. No where does it say they can hack your PS3.

Sillyness. bye bye

The server protocol was failed with shitty security. Your own link illustrates that it was on their side and that they fixed it.

Because you are reading this... I'm in your brain, changing shit... so there... LMFAO

This is proof that they don't authenticate the packets sent to the servers. Shitty design. Shitty software.

When they saw the original Geohot hack they should've at least started working on fixing it, that way they could make it live in the event the platform did get hacked. The PC has this same exact problem, Punkbuster helps, but it is hardly a deterrent.

You are cherry picking comments from IW and applying them to Sony's statement. IW is talking about what they plan to do, Sony explains what can be done. At least be honest in your debate and don't cherry pick.

"This is proof that they don't authenticate the packets sent to the servers. Shitty design. Shitty software."

No, they did not because Sony had the security built in. They are going to be doing going forward.

...yet that is exploited all the time.

Should my server trust anything coming from an IE client because it is signed by MS??? hell no. Also, a PS3 will work with a transparent proxy, allowing exploits in packet data. I stand by my statement.. lazy coding. shitty design. shitty software.

You gave a link to an IW forum and I read the first post, which reiterated exactly what I stated... what is your point?

They are already going after him for the key theft. The firmware downgrade does not allow for theft or accessing other peoples PS3's.

...is OK (I highly highly doubt Sony agrees with that).

You can downgrade to Firmware 3.50 and then, volia, an exploit is available to allow you to steal games. Who would've thought that downgrading could ever result in theft!

Your argument is so slippery and specious that it's hardly worth my time, I only find it amusing because you keep arguing in favor of a multi-national corporation that is depending on a law created by heavy lobbying by other multi-national corporations to prevent individuals from having access to the digital data that they own.

"I only find it amusing because you keep arguing in favor of a multi-national corporation that is depending on a law created by heavy lobbying by other multi-national corporations to prevent individuals from having access to the digital data that they own."

No, I am argueing against theft and people being allowed to modify my hard drive at will.

Get over that nonsense please.

Do some research into what is happening.

...software that he enabled is supporting theft. The implication from your post was that downgrading was able to be done without supporting his endeavors, which of course is false.

It allows you to downgrade your firmware and make a few other non-theft adjustments. Do you wonder why Sony is not going after him or anyone else that has released software to downgrade firmware? Why they do not try to prevent it being distributed? Hint... They do not have an issue with it.

...which of course, they can, but they don't necessarily have to.

But what this douchebag released did so very explicitly.

In fact he made that very clear. There's a reason Geohot hasn't been imprisoned yet, he skirts the law carefully. Geohots hack by itself cannot do any piracy. Period.

(But yes with a simple tweak of the code it can, but he didn't enable it nor did he document it.)

I don't buy his claim for a second, he knew full well exactly what the result of releasing this would be. There was no legit reason to release it, the tiny percentage of homebrew people were doing just fine without it.

I'm done with you.

He explicitly made it so that it could not be used for piracy. :hi:

GeoHot was also the first to jailbreak the iPhone, allowing people to write homebrew software on a product they own, without having to pay Apple to approve it. Then he did it to the PS3. ...and he is only 21. He never interviewed or tried to obtain employment with SECA. He did send out a message to SECA stating that if they want to "...build a more secure console, call him". ...and it was sarcasm!

Do yourself a favor, read up on the first-sale doctrine laws. You buy it, you own it. If he obtained the encryption without hacking into SECA's servers or by breaking any laws... he is free to do whatever he wants to the hardware. He did not profit off of the dissemination of this code. He merely pushed open a broken door and told the world how he did it. This should only inspire Sony to build a more secure console.

Thanks for whipping your ass on the Constitution, for the protection of your character in Call of Duty! ....just, *wow*!

First - That geohot is a douchebag is not a statement of support for Sony being able to get people IP's, that I am also against. I made no statement regarding it.

Second - Iphone homebrew and PS3 homebrew are apples and oranges. He had no need whatsoever to release the key in order for people to do homebrew on the PS3, they already had that ability. He did it to spite Sony because they would not give him a job. He claims the statement was sarcasm now but it is very convenient that he released the key right after Sony told him to fuck off.

Third - I never said or implied he had commited any crime, I do not believe he did. He is however a first class douchebag. He knew full well that releasing the key was not for homebrew, it was to steal software and cheat online, no other reason.

Fourth - I never said he made a profit, you once again putting words in my mouth. This also does nothing to make him less of a douchebag.

Nice to know you support theft and general douchbaggerey though.

"Do yourself a favor, read up on the first-sale doctrine laws. You buy it, you own it."

Perhaps you should do yourself a favor and learn what the case is about. No one is going after him for what he did to his PS3, thats bullshit he is trying to sell people to gain support. The fact is, they are going after him for distributing the key, especially since he included the software to make it ready to copy games and hack other peoples PS3's.

"Thanks for whipping your ass on the Constitution, for the protection of your character in Call of Duty! ....just, *wow*!"

Oh yes, I should be just fine that he has allowed people access to my hard drive and the ability to do as they wish to it, altering and deleting data at will. Good to know you support the constitution and are just fine with this.

You know... This is not a case of someone making a modification to their own property, this is a case of someone making a tool that allows people to destroy other peoples property... oh... and it also allows them to steal.

It's just a game console as opposed to disc encryption.

It is used to verify if a disc is legit or not, it is the key to their security. Also, what difference does it being a console make? It is no less wrong to corrupt data on it then on a PC. Would you be just as fine if he had created a tool to allow people to access your PC's hard drive and corrupt and destroy data?

...are encryption mechanisms.

Funny that you bitch about this when Sony was installing rootkits on peoples PCs.

with their rootkit?

I know my company never received a check to cover the removal hours, the loss of productivity due to BSODs of it from Sony.

...that may (*may*) cause security issues down the line, defending a company that installed rootkits on hundreds of thousands if not millions of PCs. As of yet the only security issues that have been found are those that are server side game exploits.

Despite your claims I support Sony, I am not and making the claim that Sony did bad so geohot can do bad back is bullshit.

And the courts will exonerate him.

Meanwhile if you have a PS3 and if you went to his website (simply out of curiosity) you may well be looking at having your PS3 account banned on suspicion of hacking.

:hi:

for illegal search and seizure...and winning.

No different than if I posted plans to build a bong and your read them on the internet... you now are a criminal and so am I? It can be used to do illegal stuff, but neither you or I did anything illegal.

http://www.whatismyip.com/

And with the rootkit software they install anonymously, it's easy to track the filthy criminals.......


:sarcasm: