'Pwnie' Awards Mark Hacking Highlights

W460

Japanese entertainment titan Sony had the dubious honor of winning a "Most Epic Fail" award Thursday at a prestigious Black Hat gathering of computer security professions in Las Vegas.

Sony and hacked computer security powerhouse RSA were mockingly honored with Pwnies, annual awards named in a reference to geek slang for "owning" or totally dominating an opponent.

"After learning the hard way that their PlayStation Network was about as porous as air, Sony had to shut it down for over two months to rebuild it from scratch," Pwnie judges said of the winning choice.

"In doing so, they made everyone from your eight-year old cousin to your barber learn about the importance of security," they continued. "Hooray for us, sorry Sony shareholders."

In July, Sony finished restoring PlayStation Network and Qriocity online distribution services that were shut down in April due to hacker attacks.

The attack on Sony compromised personal data from 100 million accounts. Sony later suffered attacks on websites, including in Greece, Thailand and Indonesia, and on the Canadian site of mobile phone company Sony Ericsson.

The technology giant faces a battle to regain the trust of millions of consumers after the attacks on networks integral to its strategy.

Analysts say the breach could cost it around $1 billion, but that attacks threatened deeper damage to Sony's brand image and its efforts to link its gadgets to an online network of games, movies and music.

George Hotz, a celebrated hacker known as "GeoHot" sued by Sony for cracking software defenses of PlayStation 3 videogame consoles was awarded a Pwnie for a rap song firing back at the Japanese firm.

Sony's civil suits against PS3 hackers were believed to have triggered the attacks on its networks.

Hotz was hired in June by leading social networking website Facebook.

A Pwnie for "Lamest Vendor Response" was awarded to RSA, the security division of EMC Corporation, for its handling of a network break-in early this year.

"They got hacked, their SecurID tokens were totally compromised, and they basically passed it off as a non-event... until Lockheed-Martin got attacked because of them," Pwnie judges said of the reasoning behind the award.

The Stuxnet computer worm beat out notorious hacker group Lulz Security to receive an Epic Ownage Pwnie for "delivering the most damaging, widely publicized, or hilarious Ownage."

"How many national nuclear programs did your worm disrupt?" Pwnie judges asked rhetorically.

The Stuxnet code was crafted to stealthily take control of valves and rotors at an Iranian nuclear plant, according to security researchers.

Stuxnet targets computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.

Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there. The worm was crafted to recognize the system it was to attack.

Pwnies were also awarded to software savants who discovered what were considered the most dangerous or intriguing vulnerabilities in computer systems.

A Pwnie lifetime achievement award went to a hacker identified only as "pipacs/PaX Team" whose work on computer defenses was said to have played a significant role in making operating systems safer.

"Like models, hackers wear a lot of black, think they are more famous than they are, and their career effectively ends at age 30," Pwnie judges said.

"Either way, upon entering one's fourth decade, it is time to put down the disassembler and consider a relaxing job in management," they continued.

"This award is to honor the previous achievements of those who have moved on to bigger and better things."

Comments 0