Sony claims Anonymous to blame for Playstation Network cyber attack

Sony is now putting the blame on the cyber attacks on its Playstation Network servers on the hacker group Anonymous. Sony's claims came in a form of a letter to the US House of Representatives who had requested that the company answer its questions on the cyber attack that made Sony shut down the Playstation Network on April 20. The letter was summarized on the official Playstation blog site and shown in full on the Playstation Flickr web page.

The letter was written by Kazuo Hirai, the current chairman of the Board of Directors of Sony Computer Entertainment America. It was submitted today as part of a hearing in Washington DC by the US House of Representatives' Subcommittee on Commerce, Manufacturing and Trade. The hearing, with the title of 'The Threat of Data Theft to American Consumers', was not personally attended by a Sony representative.

In the letter itself, Hirai says he was aware there has been some people who felt that Sony did not do enough to alert its Playstation Network customers on the cyber attack, which obtained personal info from over 70 million of its subscribers. He said in the letter, "I hope you can appreciate the extraordinary nature of the events the company was facing - brought on by a criminal hacker whose activity was neither immediate nor easily ascertainable."

Sony has now put the blame on the attacks on the group known as Anonymous, who a few weeks ago conducted a large denial of service attack on Sony's servers. Hirai's letter said that an investigation in the cyber attack on its MMO business Sony Online Entertainment, " ... it also discovered that the intruders had planted a file on one of those servers named "Anonymous" with the words, "We Are Legion." Previously a video message from Anonymous has denied its involvement in the more recent cyber attack.

As previously reported, Sony said it is taking steps to beef up security for its Playstation Network servers along with plans to compensate its users for the downtime. It has also said there is no evidence that credit card info has been lifted from the Playstation Network servers, although it has admitted that a small number of older credit card numbers from 2007 were taken from an Sony Online Entertainment server.

Report a problem with article
Previous Story

Rumor: AT&T claiming no new iPhone coming in June-July time frame

Next Story

Android ups marketshare to 35%, WP7 around 2.4 million shipped

57 Comments

Commenting is disabled on this article.

For me, I feel Sony need to be stood up to, their constant (and forced) updates, removing features I paid for and them trying to identify any who even visited "Hacking" sites was more annoying than PSN being down for 3 weeks.

If I buy something I want to be able to do with it as I please.

Cowboy71 said,
For me, I feel Sony need to be stood up to, their constant (and forced) updates, removing features I paid for and them trying to identify any who even visited "Hacking" sites was more annoying than PSN being down for 3 weeks.

If I buy something I want to be able to do with it as I please.

+1

Completely agree, I've paid for the console I can hack it as much as I want. If I want I can blow it up and it has nothing to do with Sony.

I do realize that hardware is different to software hacking/manipulation but I've bought the product if I want to hack it then why can't I.

Personally I think Sony brought this on themselves, but at the same time I'm ****ed off that they hacked PSN becuase I want to use this feature.

Anyone that didn't update their PS3 past the point of losing "Other OS" still has that option. Nobody was forced to upgrade. You simply have to upgrade to continue using PSN and playing newer games. Neither of those are things that you are entitled to through your initial purchase. Using the PSN requires you to agree to their TOS and new games are completely distinct entities.

You also have the ability to hack your console as much as you want so long as it all takes place in your own home. Then you can't really be caught. If you were to create a hack for the system, then publish it online, knowing that you had to bypass a security feature to do so (which is a violation of law and probably your ToS) then you too would be responsible for the consequences (enabling massive piracy).

Sure, George Hotz may not have had the intention of doing so, but he was certainly to be held accountable. We don't live in a dream world were people can do whatever they may please, no matter how much we'd all like to think that the internet is anonymous.

As for this current situation. I'd like to believe that my credit information is still safe and I will be keeping a close eye on my statements, but Sony is not the first company to get hacked and have credit information stolen. It has happened many times before and will continue to happen because there is no such thing as perfect security. All we can do is hope that the hacker doesn't do anything with the information in hand (any transaction could possibly lead back to him/her/them) and that Sony (and other companies) are now taking the time to rethink their security.

Lastly, anonymous (the group) is a loose collection of anonymous people. Anyone can claim that they are anonymous (the group) and perform any action. Meanwhile, the group can deny it because they aren't a real organization with binding ties. They don't know what people are doing in their name outside of what the IRC channel decides is "official".

Apparently Neowin writers can't actually read the things they report on.

We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”

SOE servers != PSN servers. They already said the PSN portion of the attack was NOT anonymous.

SazerX said,
i say it was a inside jobs it got to be someone who knew all of sony infor
Not necessarily. The servers were allegedly unpatched or behind on their patches. If someone started snooping around these networks looking for ways to break in then they'd only need to fingerprint the OS and read up on the latest vulnerabilities to see where to focus their attention.

Sony should be held liable for this. If you want my personal information then you should be held responsible for securing that information. Can't have it both ways Sony.

So by this logic Sony, if I created a file with the name "Justin Bieber" with the content "Rebecca Black isn't actually that bad"...you'd go straight for Justin Bieber?

BRB

Alansonit said,
So by this logic Sony, if I created a file with the name "Justin Bieber" with the content "Rebecca Black isn't actually that bad"...you'd go straight for Justin Bieber?

BRB


Pretty much this.

Alansonit said,
So by this logic Sony, if I created a file with the name "Justin Bieber" with the content "Rebecca Black isn't actually that bad"...you'd go straight for Justin Bieber?

BRB

Good point! Go do it so we can wipe Bieber off the face of the planet!! That kid is so annoying.

I do find it a bit funny that anonymous is being accused considering everyone said anonymous was just a bunch of script kiddies who only DOS sites.

Vice said,
I do find it a bit funny that anonymous is being accused considering everyone said anonymous was just a bunch of script kiddies who only DOS sites.

I know, right? It couldn't have possibly been them because they suck but it has to be them because Sony said so.

A file called "Anonymous" ? Its clear only a member of that group could possibly have planted it, its not as if by adding the file whoever did do it could pretty much guarantee Sony and the other involved party's would go on a witch hunt instead of actually looking for the culprits.

Seeing that its credit-cards (even if old ones) and users personal info thats been targeted, it makes much more sense to assume the attack is financially motivated IMO. I don't really see how "Anonymous" stealing peoples personal data is really "Punishing Sony", especially seeing as they ain't taking credit for it "/

I thought Anonymous said they didn't do this shortly after it happened.
I also heard that the whole thing was done by a 12 year old.
Who knows the real truth?

netsendjoe said,
I thought Anonymous said they didn't do this shortly after it happened.
I also heard that the whole thing was done by a 12 year old.
Who knows the real truth?

Sharks

This is not Sony's fault! They had security measures in place. Maybe the anon group didn't do it, but they started it all. They inspired whoever did this. Anon is saying that they did whatever they did to help PS3 users... yeah... there are reasons why what they did is illegal. Now look that happened. I've been without PSN for ages. Thanks for the help anon... This is just what we PS3 users wanted! Now we can run third party OSes without any possibilities of running PSN! Just what I bought my PS3 for!

man, the lack of misinformed people here is just surprising... while all the information is out there for them to read, they either just blindly ignore it, or can't read...

shakey said,
man, the lack of misinformed people here is just surprising... while all the information is out there for them to read, they either just blindly ignore it, or can't read...

While you trust Sony, some people don't. There is not "information out there" that proves anything, just Sony saying there was a file.

People have opinions, deal with it.

Rodrigo said,

While you trust Sony, some people don't. There is not "information out there" that proves anything, just Sony saying there was a file.

People have opinions, deal with it.


+1.

The PS3 Family know's all the details and everyone else can't read or just has "misinformation" about what's going on.

shakey said,
man, the lack of misinformed people here is just surprising... while all the information is out there for them to read, they either just blindly ignore it, or can't read...

Yeah I just wish there were more of those misinformed people =)

As a group they probably didn't do it but there was probably a small subset of users (or maybe just one) who took it upon themselves to do more than fire LOIC cannons for days on end.

Of course they'll blame Anonymous, even if they didn't do it. I'm not defending either side, but it would be a great way for Sony to play the "poor us" card with all the previous stuff Anonymous did, and were pretty quick to brag about by the way. Anonymous denying something isn't exactly in their SOP.

Max Norris said,
Of course they'll blame Anonymous, even if they didn't do it. I'm not defending either side, but it would be a great way for Sony to play the "poor us" card with all the previous stuff Anonymous did, and were pretty quick to brag about by the way. Anonymous denying something isn't exactly in their SOP.

Of course, lets all believe the unorganized petty lowlife group of hackers.. cause that seems like the place to put all your trust. /s

shakey said,

Of course, lets all believe the unorganized petty lowlife group of hackers.. cause that seems like the place to put all your trust. /s

Good point, I guess the big faceless company that hides the fact that your data has been stolen 2 days after that fact being confirmed is the person to trust here.

They blame geographically diverse group that is unlikely to be tackled as a whole. They won't be caught and Sony is still left eating a turd sandwich.

Alternatively hackers planted that singular file implicating Anon giving Sony that cover.

Sony cannot hide and must be scorned for this.

Full of **** they did not do it... even if they did they would not leave any trace behind. They already said they didn't do it. Sony do not have a clue who did it they just using Anonymous as a Scapegoat. Incompetent fools.

Just because they were linked to wikileaks they will be targeted... shame on you sony

Typical, lets not except responsibility, lets blame it on a group of loosely organized hackers that in no way would or could defend themselves meaning no one could prove if they were or were not involved.

Rooster69 said,
Typical, lets not except responsibility, lets blame it on a group of loosely organized hackers that in no way would or could defend themselves meaning no one could prove if they were or were not involved.

And while we're at it, why don't we decide that due to our own personal opinion on a company that any press release it makes or any public statement it makes is complete and total BS/conspiracy/scapegoating.

Perfectly intelligent response with lots of proof.

LiquidSolstice said,

And while we're at it, why don't we decide that due to our own personal opinion on a company that any press release it makes or any public statement it makes is complete and total BS/conspiracy/scapegoating.

Perfectly intelligent response with lots of proof.

Logical thinking..

Amarok said,
Except they didn't store your data as plain text.

sshhh, if they haven't been able to get the point by now, they never will. Just ignore the uneducated and laugh at how silly they all are.

Amarok said,
Except they didn't store your data as plain text.

Passwords and credit card details aren't the only things people are concerned about. Names, addresses, email addresses, and birthdates were all stored as plaintext.

What bo!!ox!

I don't care who the hacker was. I care about why SONY did have the very basics of security such as securing my credit card number AND password by encrypting them in their Databases. Why did Sony save my sensitive data as plane text?

Sony is to be blamed 100% for this. Using a scapegoat is unacceptable.

If another company had this low standard of security, the PCI compliant people would be all over them, suing them for millions.

Brian Miller said,
What bo!!ox!

I don't care who the hacker was. I care about why SONY did have the very basics of security such as securing my credit card number AND password by encrypting them in their Databases. Why did Sony save my sensitive data as plane text?

Sony is to be blamed 100% for this. Using a scapegoat is unacceptable.

If another company had this low standard of security, the PCI compliant people would be all over them, suing them for millions.


Precisely.

Brian Miller said,
What bo!!ox!

I don't care who the hacker was. I care about why SONY did have the very basics of security such as securing my credit card number AND password by encrypting them in their Databases. Why did Sony save my sensitive data as plane text?

Sony is to be blamed 100% for this. Using a scapegoat is unacceptable.

If another company had this low standard of security, the PCI compliant people would be all over them, suing them for millions.


well said !

Brian Miller said,
What bo!!ox!

I don't care who the hacker was. I care about why SONY did have the very basics of security such as securing my credit card number AND password by encrypting them in their Databases. Why did Sony save my sensitive data as plane text?

Sony is to be blamed 100% for this. Using a scapegoat is unacceptable.

If another company had this low standard of security, the PCI compliant people would be all over them, suing them for millions.


You only make yourself look stupid when you go spewing BS like that. It's been stated several times the CC info was encrypted and while the passwords weren't encrypted per say, they were transformed using a cryptographic hash function (Not to say they shouldn't have had better security in place, but there was some form of security there).

Boxster17 said,

You only make yourself look stupid when you go spewing BS like that. It's been stated several times the CC info was encrypted and while the passwords weren't encrypted per say, they were transformed using a cryptographic hash function (Not to say they shouldn't have had better security in place, but there was some form of security there).

At least they were not plain text.