Sign up for a new account or log in here:
also @ TechSpot: AMD A4-5000 Review: the affordable ultraportable APU
A US Congress subcommittee met today to discuss the recent PSN data breach. Airing on C-SPAN, the congressional hearing criticized Sony for its lack of security and its slow response time -- and the company's reputation wasn't aided by the fact that it decided not to attend the gathering. The company said it was too busy with its ongoing investigation to appear. Instead, Kazuo Hirai, chairman of the board of directors at SCEA, responded to the concerns by releasing eight-page letter after the fact. You can read the full statement on Flickr.
Rep. Mary Bono of the Subcommittee on Commerce, Manufacturing, and Trade said she is "deeply troubled" by the data breaches and that Sony's refusal to testify was unacceptable. Much of Bono's anger was focused on the way Sony handled the attack, asking why the company's customers weren't notified sooner. Sony took approximately one week to inform its users that hackers stole their sensitive information, including names, locations, email addresses, usernames and passwords, and possibly even credit card numbers.
"I fundamentally believe that all consumers have a right to know when their personal information has been compromised, and Sony -- as well as all other companies -- have an overriding responsibility to alert them... immediately," Bono said. She continued by calling Sony's efforts "half-hearted" and "half-baked" because the company announced the breach on its blog, forcing customers to seek the information. Sony has been emailing its 78 million registered accounts, but that's hardly a quick process -- we just got an email notification yesterday.
Defending itself, Sony said that it dealt with the attack by following four key principles: "act with care and caution, provide relevant information to the public when it has been verified, take responsibility for our obligations to our customers, and work with law enforcement authorities." The company's forensic teams until April 25 to determine what data was swiped and Sony informed customers on April 26. It's still unknown if credit card data was taken, but Sony notes that credit card companies haven't reported any related fraudulent transactions.
Interestingly, Sony is now blaming Anonymous for executing the attack. Although the hacker group has repeatedly denied involvement, Sony says it discovered a file on one of its servers named "Anonymous" that contained the words "We are Legion" -- a phrase commonly used by Anonymous. Additionally, the company believes that the denial of service attacks orchestrated by Anonymous and the subsequent PSN/Sony Online Entertainment breaches are related. Anonymous still denies responsibility, and a single file is hardly damning evidence.
Sony has employed a third security firm to aid in the investigation, which now involves US Homeland Security and the FBI. The company says it's still working around the clock to revive its services, but it hasn't provided any concrete dates. When everything is restored, the company promises to offer US customers a "Welcome Back" package that includes free downloads as well as 30 free days of PlayStation Plus and Music Unlimited. The company will also extend those subscriptions for the number of days services were unavailable.
User Comments: 35
Got something to say? Post a comment-
This all comes back to Anon's message to Sony; "You own your domains. You paid for them with your own money. Now Anonymous is attacking your private property because we disagree with your actions. And that seems, dare we say it, 'wrong.' Sound familiar?"
This basically goes against Sony's firing the first shot at Geohot and taking him to court his trying to use his PlayStation as he wished.
So Geohot wrote a jailbreak for iPhone. Apple didn't budge. He works on a jailbreak for PS3 and Sony jumps out of their skin. Sony doesn't have any credit here, and loses class as a company.
Anonymous also has been quoted as saying; "Anonymous is not a group of hackers, We are average Internet citizens ourselves and our motivation is a collective sense of being fed up with all the minor and major injustices we witness every day."
And Anonymous said that they don't intend to steal customer info. They're motivation is not for profit or to hurt consumers, it is to raise awareness.
You can read more at: [link]
This really smells like a Sony spin, and just Sony trying to play victim for the war they started.
-
9Nails said:
Anonymous also has been quoted as saying; "Anonymous is not a group of hackers, We are average Internet citizens ourselves and our motivation is a collective sense of being fed up with all the minor and major injustices we witness every day."
How exactly can you quote Anonymous? I can decide to "join" Anon right now, and put out some kind of media statement, and it would be all over the world in 15 minutes, especially if its real juicy.
Did all those 13 year olds who downloaded LOIC and went after various targets get sworn into Anonymous?
I have little doubt that the "original" Anonymous members, whomever they are, had nothing to do with the credit card theft, but when your organization is pretty much open to anyone who wants to do something and use your name, is this surprising? Neither is the fact that people are going to do criminal acts and hide under Anon's name, and its not surprising that Sony is going to blame this on Anon, as Anon can't do anything to show their innocence. Was the anti-Iran thing Anonymous, or CIA people calling themselves Anonymous?
If Anonymous was to get any credibility back, they should find the people who are responsible for the second hack, and then they might get their activist, and not criminal, reputation back.
-
gwailo247 said:
How exactly can you quote Anonymous? I can decide to "join" Anon right now, and put out some kind of media statement, and it would be all over the world in 15 minutes, especially if its real juicy.
Man, that's a good question. I don't know how they work, if it's some form of collective ideas, like a Wiki or open source project where the work of many individuals build a single page or idea. They say that they're not monolithic, so if you believe that then there isn't a single mind that's ruling an organization.
gwailo247 said:If Anonymous was to get any credibility back, they should find the people who are responsible for the second hack, and then they might get their activist, and not criminal, reputation back.
Kind of like how OJ was looking for his wife's killer?
I'm not sure how forensically Anonymous could go about this one. I'd doubt any individual would step through Sony's datacenter under an Anonymous Visitor Pass and have access to their files, records, and any other information that could be useful in finding out who did this. It would be like trying to determine what made a bang and crashing sound in your neighbor's house with only a description of the sound. When it might just be that their cat knocked over a bookcase and broke a vase. Things link this would take some private data to discover. In this case, what direction (group, website, organization, country?) do you even go to start looking?
-
lol they PLACED a file on sony's server? sounds like a personal problem to me, sony can stop whining now.
-
I don't see how "Anonymous" could do an attack like this, and still retain the respect of its followers. I mean really, Anonymous likes to have community support for thier "righting of wrongs" against ordinary users. They can't retain the impression of, "purity of purpose" if they're stealing people's personal information. If they can, then their "followers" have some sincerely distorted senses of value.
In brief, launching a "DDOS" attack to "teach a company a lesson", is a far different thing than stealing people's credit card numbers.
-
I'm not sure how forensically Anonymous could go about this one. I'd doubt any individual would step through Sony's datacenter under an Anonymous Visitor Pass and have access to their files, records, and any other information that could be useful in finding out who did this. It would be like trying to determine what made a bang and crashing sound in your neighbor's house with only a description of the sound. When it might just be that their cat knocked over a bookcase and broke a vase. Things link this would take some private data to discover. In this case, what direction (group, website, organization, country?) do you even go to start looking?
I really have no knowledge of IT security, but hackers get caught somehow, and typically the people employed to do so are (former) hackers themselves, so I would assume if you go with the 'it takes a thief to catch a thief' maxim, they'd be able to do something.
Like I said, I do believe (more or less) that the idealistic people who founded anonymous are not behind the credit card theft, but they either need to restore their name, or abandon the scheme. If they continue like this, when something worse happens, they'll get blamed more and more.
Their last missive still ended with the 'we are legion, we don't forget' crap, so if they were really not behind this, and they're unable to do something when outsiders do things in their name, then they're just making fools of themselves at this point.
-
Anonymous still denies responsibility, and a single file is hardly damning evidence.
To me this one line summarizes it all, Sony don't have any solid proof and seems like they are just looking for a scape goat and Anon is the best one out there, that people know about.
-
The problem with using a name like " Anonymous" is that pretty much anyone can claim to be Anonymous.
-
I think Sony is just desperately looking to finger some one for the massive breach of their security. Too bad their assh*les and no one wants to defend them anyway.
-
I think Sony is just desperately looking to finger some one for the massive breach of their security. Too bad their assh*les and no one wants to defend them anyway.
Wait, what?
Most Popular
| Trending | Featured |
Featured on Laptops
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.