George Hotz, aka Geohot is one potential suspect in the PSN security breach but he is denying the attack. Assuming he’s telling the truth (“I’m not crazy, and would prefer to not have the FBI knocking on my door,” he said), that leaves plenty of other suspects for Sony to consider, like the patchwork group of hackers calling themselves “Anonymous,” who have been known to cause distributed denial of service (DDoS) attacks. Hotz does talk about the fact that Sony did this on themselves by basically stepping over the line and making enemies with hackers: The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea.” He continues on: : “Running homebrew and exploring security on your devices is cool, hacking into someone else’s server and stealing databases of user info is not cool,” he said. “You make the hacking community look bad, even if it is aimed at douches like Sony.” “Sony execs probably haughtily chuckled at the idea of threat modeling. Traditionally the trust boundary for a web service exists between the server and the client,” he said. “But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client (can’t trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client.”