Sony tells Congress: Anonymous responsible for PSN attack

Matthew DeCarlo

Posts: 5,271   +104

A US Congress subcommittee met today to discuss the recent PSN data breach. Airing on C-SPAN, the congressional hearing criticized Sony for its lack of security and its slow response time -- and the company's reputation wasn't aided by the fact that it decided not to attend the gathering. The company said it was too busy with its ongoing investigation to appear. Instead, Kazuo Hirai, chairman of the board of directors at SCEA, responded to the concerns by releasing eight-page letter after the fact. You can read the full statement on Flickr.

Rep. Mary Bono of the Subcommittee on Commerce, Manufacturing, and Trade said she is "deeply troubled" by the data breaches and that Sony's refusal to testify was unacceptable. Much of Bono's anger was focused on the way Sony handled the attack, asking why the company's customers weren't notified sooner. Sony took approximately one week to inform its users that hackers stole their sensitive information, including names, locations, email addresses, usernames and passwords, and possibly even credit card numbers.

"I fundamentally believe that all consumers have a right to know when their personal information has been compromised, and Sony -- as well as all other companies -- have an overriding responsibility to alert them... immediately," Bono said. She continued by calling Sony's efforts "half-hearted" and "half-baked" because the company announced the breach on its blog, forcing customers to seek the information. Sony has been emailing its 78 million registered accounts, but that's hardly a quick process -- we just got an email notification yesterday.

,sony,psn,anonymous,congress

Defending itself, Sony said that it dealt with the attack by following four key principles: "act with care and caution, provide relevant information to the public when it has been verified, take responsibility for our obligations to our customers, and work with law enforcement authorities." The company's forensic teams until April 25 to determine what data was swiped and Sony informed customers on April 26. It's still unknown if credit card data was taken, but Sony notes that credit card companies haven't reported any related fraudulent transactions.

Interestingly, Sony is now blaming Anonymous for executing the attack. Although the hacker group has repeatedly denied involvement, Sony says it discovered a file on one of its servers named "Anonymous" that contained the words "We are Legion" -- a phrase commonly used by Anonymous. Additionally, the company believes that the denial of service attacks orchestrated by Anonymous and the subsequent PSN/Sony Online Entertainment breaches are related. Anonymous still denies responsibility, and a single file is hardly damning evidence.

Sony has employed a third security firm to aid in the investigation, which now involves US Homeland Security and the FBI. The company says it's still working around the clock to revive its services, but it hasn't provided any concrete dates. When everything is restored, the company promises to offer US customers a "Welcome Back" package that includes free downloads as well as 30 free days of PlayStation Plus and Music Unlimited. The company will also extend those subscriptions for the number of days services were unavailable.

Permalink to story.

 
To be fair, I would have put a .txt on the server I was hacking to lead them off my trail to Anon's, makes the whole "finding me" a bit more confusing :)

Anyway I really don't think Anon did it, the fact that they as a group have put a video up and gone on record to say they did not have anything to do with this makes it sound fairly trust worthy. I mean, I trust them more than Sony right now :)

Probably the work of some 10-15 geeky 20-30 year olds who felt Sony needed a kicking.

I don't personally have anything Sony but I still feel Sony needed a kick in the teeth any who.
 
I still say it was a disgruntled employee who "Accidentally" left a backdoor open after getting fired/quitting.

Then they "Accidentally" told somebody about the flaw in the system.
 
From what I have read about this so far is that anon was DDos them when the attack happened. They weren't sure if the second attack was from anon or someone working with anon or an independent attack.
 
burty117 said:
To be fair, I would have put a .txt on the server I was hacking to lead them off my trail to Anon's, makes the whole "finding me" a bit more confusing :)

Anyway I really don't think Anon did it, the fact that they as a group have put a video up and gone on record to say they did not have anything to do with this makes it sound fairly trust worthy. I mean, I trust them more than Sony right now :)

Probably the work of some 10-15 geeky 20-30 year olds who felt Sony needed a kicking.

Exactly!

For all we know, this could've been a gang of crackers who wanted to join Anonymous' cause, maybe/possibly somebody showing off after the DDoS-attack on Sony or something, and that 'We are Legion' thingy definitely sounds like a dark trail.

I'm very surprised that Sony directly assumes that it was Anonymous based on this file - Sony might actually got a better hint and are now laying their own 'dark tracks' for us to speculate about (a fake file, maybe?). Or perhaps just to portray Anonymous as the kind of cracking-bunch they really are?

Ooo. The mystery. The speculation.
 
Well, I suppose that the file was probably a false trail, but it could have been a reverse psychology move as well. I have nothing against Sony or Anonymous, but I don't think we will know for awhile who really is behind it. I mean, if the FBI and Homeland security can't figure out where the penetration occurred in a day or two, they aren't going to for a long time. Even if they got an IP address or something, they would need to go through a ton of red tape to get to the real person behind it. I would think that the hacker(s) used some random persons' computer via a virus and then used the infected computer to infect and control a second, possibly repeating this process a few times. After getting a chain of a few (possibly a hundred or more) they could have sent a chain of commands in a different order each time through the chain to get one computer to do their dirty work and download the information. It would be nearly impossible to legally trace the path back to the attackers as it would involve viewing the HDD contents of random people who did nothing wrong other than having crappy antivirus software. This is all just a theory, but it seems fairly logical.
 
BrianUMR said:
From what I have read about this so far is that anon was DDos them when the attack happened. They weren't sure if the second attack was from anon or someone working with anon or an independent attack.

Anonymous didn't do anything. They even put up a vid denying any involvement in the incident. If you've seen their track record you'd know they would want to take credit for it.
 
This just illustrates the problem when you go from posting anti CoS videos to doing DDos attacks and so forth. There is a line between seeking anonymity when dealing with an organization that uses more or less legal tactics as retribution for free speech, and doing blatantly illegal things.

Anon's initial goal and tactics were good for what they originally did. It was only when people started saying "Hey, lets do something else..." that this thing spiraled out of control.

You can't go around saying that we're this decentralized group of people who have no leadership, and then at the same time start saying as to they were and were not responsible for. Even if they catch the person responsible, all he has to say is that he *is* part of Anonymous, and who is to dispute him?

Sure the whole Anonymous thing was a good idea when all the PR was ostensibly positive, but what happens when things start going bad?

Yeah, we hacked Sony, but we didn't steal credit cards. Yeah, we disrupted BofA servers, but we didn't blow up one of their branches.

All you're doing is providing both a cover for other people to use your "good" name for their nefarious deeds, and you're also prompting more intrusive government legislation. If there is no way to find out who is doing what, do they really think that the gov't is just going to throw up their hands and ignore it? Or proceed with the assumption that everyone is a possible suspect and react accordingly? And lets not ignore the possibility of the gov't itself using Anonymous to both get away with doing shady things, and to operate as a false flag operation to bring about more restrictions.
 
Lets think deeper about this. right in the middle of the massive battle for music clouding positioning and all the battle for media giants for their member base - trying to situate themselves on the internet -- this hack could easily have been orchestrated by several massive corporations - such as Apple, Google, Amazon, or even Scientology - whose thorn in their side is... ...Anonymous. The fact there was a file marked with their signature tagline makes me come to one huge conclusion -- its all BS. I guarantee this attack on SONY was purely a move to substantially weaken their position in the marketplace. Let's start bloggin this - instead of our personal rants that do nothing constructive -- this looks like a set-up -- it reeks of one...
 
ANONYMOUS = ANONYMOUS.

an obvious attempt to frame-up Anonymous or the typical scapegoat situation - that takes the place of the real massive corporation that tried to weaken SONY by screwing with them...probably hiring out some kid in Thailand or Russia to hack in....

...and those scummy attornies - or ambulance chasers trying to get users to sue is a laugh -- screw you - you ratty little trolls -- anything to worm a dollar with your legal BS
 
dude anonymous did not hack SONY. they are being used as a scapegoat...if you robbed a bank - would you leave your drivers license behind - purposely!!!!???? NO. this is so typical -- i say - look deeper and realize -- its the competition who did it -- who is that?---

google -- apple -- amazon -- any giant corp - racing to win the massive members for clouding games music etc
 
Oh please, Sony is just scapegoating Anonymous. They blame Anonymous, I blame Sony. It's their servers and their security lapses that are the problem -- the ultimate responsibility is Sony's. I thought Japanese companies had a more ethical backbone, this is a typical dodge American corporations take.
 
WTH! If they were half as intelligent as they are big they would know that Anon had nothing to do with the PSN attack. But that's okay, we are going to piss off a decentralised organisation notorious for getting exactly what they want and with very few casualties by directly attacking them because it's the wise thing that will make this whole thing blow over without a hitch.


God I hate them right now...
 
If Anonymous/AnonOps hacked Sony, Sony and everyone else would know about it. As a group they wouldn't deny it. I see this turning into a witch hunt.
 
While I do agree that the hacker needs to be caught, Sony is just trying to get out of this by changing the subject...or raising the curtain of distraction. Besides, Anon makes it clear when they hack. They don't just leave a little file behind. They come out and say "HEY! LOOK AT WHAT WE DID!"

This hacker was both smart and stupid. Smart in that he left behind a false id to throw Sony off of his scent, but not smart enough to know that this is not Anons style.

I'm really hoping this guy (or group) isn't part of Anon and is going rouge on his own free time. I can't even imagine how p*ssed Anon would be if they found out someone in their organization was doing this. Not that there's much they could do as turning the hacker(s) in could be disastrous. Depending on how much the hacker(s) know, it could mean trouble for Anon......how awesome would it be if Anon hacked the investigation, got a hold of the files, and found and turned in the culprit? :D
 
Princeton said:
BrianUMR said:
From what I have read about this so far is that anon was DDos them when the attack happened. They weren't sure if the second attack was from anon or someone working with anon or an independent attack.

Anonymous didn't do anything. They even put up a vid denying any involvement in the incident. If you've seen their track record you'd know they would want to take credit for it.

Yeah I didn't say they did it. I was saying that is what Sony said. Anon did take credit for DDos them. I do agree thought if anon did it they would have had a video
 
If its not them, then I think Anonymous should step in and help find the person/people involved. They say they don't forgive and heres someone making their name bad and also affecting millions of innocent users.
 
taimuraly said:
If its not them, then I think Anonymous should step in and help find the person/people involved. They say they don't forgive and heres someone making their name bad and also affecting millions of innocent users.

I guess those users shouldn't have bought a PS3 I guess :)

Why would they help a company that they hate? I know this guys is making them look bad but at the same time Anon probably are secret laughing at Sony over this.
 
the truth is, Sony has no clues about who attacked PSN....and making false statments will probably open doors for more attacks....

way to go sony
 
Personally it sounds like an inside job that took advantage of the DDoS from Anonymous to sneak in unnoticed besides all that other traffic.
They fired around 200 employees a few days before the networks went down, and they all had a 2 week notice.
 
Back