How One Hacker Unintentionally Triggered One Of The Biggest Data Thefts Of All Time

How One Hacker Unintentionally Triggered One Of The Biggest Data Thefts Of All Time

George “geohot” Hotz found himself with overnight notoriety when, in 2007, at the age of 17, he successfully unlocked an iPhone — the first known to do so, bragging about it online.

In January 2010, he became the first hacker successfully to break through all of the restrictions Sony had put on the PlayStation 3. Sony responded with a patch which, in January 2011, Hotz also cracked. Internet fame followed, along with a massive lawsuit.

The May 7 issue of The New Yorker features a lengthy profile of Hotz in which they examine how one kid from New Jersey became a cause celebre for Anonymous, and — directly or not — a catalyst for the massive PSN hack that exposed 77 million users information and kept the service offline for nearly a month.

Reporter David Kushner interviewed Hotz about the original PS3 hack and the lawsuit that followed. “Internet protests, like street protests, have a way of spinning out of control. People chant peacefully, but then someone throws a rock through a window and rioting begins,” Kushner observes. He continues:

Back in his parents’ house, in front of the glowing computer screens in his cluttered bedroom, Hotz clicked with mounting apprehension through the news of Anonymous’s plans. “I hope to God Sony doesn’t think this is me,” he remembers thinking. He didn’t believe in secretive online warfare, much less in defecating on someone’s doorstep. “I’m the complete opposite of Anonymous,” he told me. “I’m George Hotz. Everything I do is aboveboard, everything I do is legit.”

On April 11th, Sony announced that it had reached an agreement with Hotz, who denied wrongdoing but consented to a permanent injunction barring him from reverse-engineering any Sony product in the future. But Hotz’s supporters felt that the injunction was a form of censorship. Some of his defenders made “FREE GEOHOT” shirts, and others went to Sony stores in cities such as San Diego and Costa Mesa to protest. Black-hat hackers called for more destructive attacks against Sony.

A week later, on April 19 of that year, Sony techs noticed their servers acting oddly, and the rest became history. Sony Online Entertainment and Sony Pictures took hits not long after, as well as a number of other gaming- and tech-related companies and sites; 2011 was an extremely busy year in hacks.

Since the resolution of the lawsuit, Hotz has mainly been lying low (except for an incident earlier this year where he was arrested in Texas for marijuana possession). He worked for Facebook briefly, then left the position.

Meanwhile, it seems Sony did indeed learn something meaningful from the whole disaster. After the lawsuit was settled, Sony engineers invited Hotz to their offices to teach them just how he’d beaten their systems.

Machine Politics: The man who started the hacker wars [The New Yorker]

Top photo: Shutterstock


  • “Sony engineers invited Hotz to their offices to teach them just how he’d beaten their systems.”

    THAT is what i like seeing large organisations do.
    Although it would have been better PR if Sony had just ask the guy to come and show them how he did it, rathert than taking legal action against him.

    • They took legal action against him because of the very thing that happened.

      It’s like saying if you figure out a way to break prisoners out of prison you should be asked to build better prisons while not being responsible for the hole in the wall that a bunch of murder’s escaped through

      He may have cracked the Sony to allow Linux to return. But in doing so he created a bunch of issues for the not so honorable people out there to exploit.

      • your prison analogy is horrible, as breaking people out of prison is illegal. what hotz did was not illegal.

        it’s almost a common practice to offer jobs to people whom break past tech security.

  • Must be rretty bright kid one of the first to crack an iphone at age 17 . Trololol apple Engineers you make me smile.

  • I was pretty pissed off with the PS3 hacking. I had Linux on my PS3 … it was the perfect media and internet centre right there in my lounge … then it was taken away and I still haven’t found/been able to afford an alternative that works as well.

    It’s easy to just blame Sony, but a part of me is annoyed at this guy as well. Whatever high moral reasons he might say he had to hack and announce his hacks his actions directly screwed things up for users like me.

    • This was inevitable. If Hotz hadn’t hacked it, somebody else would have. The blame rests solely on sony as they were the asshats that took it away.

      • The blame rests solely on asshats that hack things in the first place which lead to it being taken away.

        Other OS as a feature was fine, When it was being exploited it was removed. Hackers pissed that their exploit was gone then decided to re-hack the system.

        Hackers want their shit no matter what the situation. Sony played nice by giving them the privilege of Other OS to start with. They abused it and it got taken away. Sony probably could have handled things better. But it was the abuse by the consumer that caused the vicious circle in the first place

        • You mean hackers were pissed that an advertised feature on a device that they OWN was removed?

          • Yes I’m sure hackers OWN the piece of code known as proprietary security keys. Could I have your bank number and pin, after all it’s just some numbers in a particularly order which we all share knowledge of being able to write.

    • You might want to look into this. Linux was removed pre-emptively because other hackers wanted to mess with the cores which apparently would have opened the machine to piracy. The major push behind Hotz was to crack the PS3 so they could get it back – unfortunately the same hack also generated other cracks. Also note that he wasn’t the only person working towards the same goal.

      • Removing Linux was not about security. It was about cutting costs. Sony didn’t want to maintain the hypervisor needed to run the Linux OS.

        If you think about it, when Sony removed the Linux OS, it only affected people who upgraded their firmware. If firmware was kept the same, then people could still run the memory glitch hack, and still crack their PS3. No security improvement. Also, soon after, the USB hack appeared, and encryption keys were discovered. People could now run software via the game os. They didn’t need Linux to run custom software. No security improvement.

        The only conclusion is that removing Linux was not about improving security, it was about making the device more profitable.

  • Why do you guys defend Sony, or any of the other big companies responsible in the gaming industry. Let me break it down for you guys:

    Purchasing & Leasing Rights
    I have purchase my clothes, therefore I am entitled to do what I would like to it.
    I have purchased my car, therefore I am entitled to do what I would like with it.
    I lease my apartment, thefore I am eligible to use it as long as my use falls within the contract.
    I lease my cable, thefore I am eligible to use it as long as my use falls within the contract.

    Purchasing and Leasing Obligations
    I have purchase my clothes, therefore I am the responsible for the maintenance of my clothing.
    I have purchased my car, therefore I am the responsible for the maintenance of my car.
    I lease my apartment, thefore I am NOT responsible for the maintenance of my apartment.
    I lease my cable, thefore I am NOT responsible for the maintenance of my cable.

    The Big Companies:
    First off I think Banning on XbOx Live, and PSN is perfectly justified, because you can only pay to use it, and therefore never own it… So it would make sense there are guidlines one should follow.

    My Problem with the Big Companies: They take the responsibilities of owning something, and Limitations of leasing something, and try to put them together to fuck you over? Do I believe they should have the ability to ban someone when they do something outside of the agreements they set in place? yes I do . They’re logic fails however because technically you never really own the Xbox360, or PS3 because you are legally unable to modify it, yet it’s your responsibility to pay for it out of pocket when something breaks? They need to change their fucking logic and make it fit into 1 of the categories.

    1. I own my console system, therefore it’s my right and priviledge to modify it as I please,(educational or otherwise), as long as I cause no physical, nor financial harm** to anyone. In the event the system should break, it’s my responsibility to fix it (Red Ring of Death for Example)

    2. I do not own my console, therefore it is not my right and priviledge to modify it as I please. I am liable for legal action if I decide to modify it. In the even the system should break, it’s not my responsibility to fix since I am leasing it, and technically do not own it. Futhermore the Lumpsum price you are charging me in advance pays for my entire lifetime of leasing the said device, and therefore should it ever break in the future, you are responsible.

    Lastly Sony advertised as having the ability to install Linux on their PS3. That ability wasn’t a bug someone discovered, it was a hailing feature of the Ps3 over the XboX360. Now you’re going to false advertise and retract it, because you fucked up in the first place?

    What about Ps2 Emulation for all those Die-Hard PS2 Gamers that had burnt out lasers? Guess that doesn’t matter when you have a big enough base.

    Stop kissing ass to the companies who obviously don’t get a fuck about you, and start fighting for at least what you’re entitled to.

    **Caveat: I do not believe in software piracy under any circumstances, but I do believe there are benefits to having the ability to modify you’re own console. What for example? Let me list some out
    Computer Aided Engineering (Finite Element Anaylsis, Computational Fluid Dynamics)
    Weather Simulation
    Protein Folding
    Programming and Engineering(Cell, Distributed Computing, OpenCL,)

Show more comments

Log in to comment on this story!