Sony just turned to an aggressive stance with the hackers responsible for discovering and spreading the PS3 root security key along with releasing modified firmware for the PS3 that allows homebrew apps and pirated software. The electronics manufacture has filed a lawsuit against George “GeoHot” Hotz along with fail0verflow members Hector Martin, Sven Peter and 100 unnamed individuals.
Both Martin and Peter gave a presentation at the 27C3 Conference showing how they broke the Playstation 3’s security. Hotz later released the PS3 root key and followed that up with custom 3.55 firmware. Since then, pirated games have begun to show up on unmodded consoles using the custom firmware.
The charges filed in a U.S. District Court in San Francisco include:
- 18 U.S.C. § 1030(a)(2)(C) – Confidential Information On Computer
- 18 U.S.C. § 1030(a)(4) – Intent To Defraud And Obtain Value
- 18 U.S.C. § 1030(a)(5)(A) – Knowing Transmission of Code
- 18 U.S.C. § 1030(a)(5)(B) and (C) – Intentional and Reckless Damage And Loss
- 18 U.S.C. § 1030(a)(6)(A) – Trafficking in Password
- 18 U.S.C. § 1030(a)(7)(B) – Intent to Extort
GeoHot has updated his website to say that he had been served with legal papers and that “any legal fund donation things you see are 100% fake as of now, don’t get scammed.”
The lawsuit against Martin and Peter appears to be problematic as neither reside in the United States. In fact, fail0verflow’s reaction to this on Twitter was to say, “Looks like Sony decided to ignore the facts and sue us all for it.”
Meanwhile, Hotz has been requested to show up at 9AM on Wednesday, January 12.
The summary of the lawsuit is follows. The last paragraph is somewhat humurous as it accuses Hotz of extortion when he said, “[I]f you want your next console to be secure, get in touch with me.”
Upon information and belief, Defendant George Hotz is bound by the Playstation Network Terms of Service and User Agreement (the PSN User Agreement), 14 of which states in relevant part that both parties submit to personal jurisdiction in California and further agree that any 23 dispute arising from or relating to this Agreement shall be brought in a court within San Mateo County, California.
The FAIL0VERFLOW Defendants intentionally circumvented SCEA’s TPMs, accessed the PS3 System and trafficked in Circumvention Devices and SCEA’s proprietary information, with full knowledge that their unlawful conduct would irreparably harm SCEA. Indeed, five days prior to appearing at the Chaos Conference, Bushing echoed a fellow hacker comment anticipating this irreparable harm: Last chance to sell any Sony stock you may have.
Finally, SCEA will likely prevail on its claim under §1030(a)(7)(B), which prohibits intent to extort from any person any money or other thing of value by threatening to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access. Hotz violated this provision when, in the same post in which the published SCEA’s Keys, he attempted to obtain from SCEA thing of value in the form of employment: if you want your next console to be secure, get in touch with me.