Hacker group Anonymous issues sharp response to Sony downtime accusations

Anonymous_sony_PSN_PlayStation_Network

Reports emerged over the weekend that Sony is considering putting what is essentially a bounty on the heads of the hacker or hackers responsible for the “external intrusion” last month that led to the still-ongoing downtime for PlayStation Network, Qriocity and Sony Online Entertainment and the theft of personal data theft from more than 100 million users. The considered reward comes after a pair of hackers from the group Anonymous, which targeted Sony after it filed a lawsuit against noted PlayStation 3 jailbreak George “GeoHot” Hotz, told the Financial Times that “the hacker that did this was supporting [Anonymous’ anti-Sony] movements.” Now the group has fired back with a lengthy official statement once again denying its role in the hacking and attacking the media for pointing fingers.

The press release, entitled “Sony, I Am Disappoint,” is a hefty read. The focus of Anonymous’ attack is Joseph Menn, the author of the Financial Times article. It is difficult to summarize without reading each point in sequence, so here is the full press release, reprinted for your perusal (via CVG):

Yesterday, an article appeared in Financial Times, alleging Anonymous’ involvement in the data and identity theft of some hundred million users of Sony’s Playstation Network and Sony Online Entertainment. This crime is now being investigated by the Homeland Security Agency (HSA), the Department of Justice (DOJ), and other legal entities.

Once again Anonymous has been blamed for a security breach, this time by the journalist Joseph Menn, in his article “Hackers point finger over Sony incursion” [1]. Here, Anonymous wishes to lay out our case against these allegations and false assumptions:

First, let us consider a different article by Menn published on the Financial Times website and entitled “Hackers Warned of Arrest” [2]. This poor piece of journalism has already been extensively referenced in the Sony matter and is being used by many people who oppose Anonymous as proof of guilt. The only quoted source used by Menn was the now infamous Aaron Barr, former CEO of the humiliated HBGary. Barr made the claim that a chat room called #anonymous, founded by the identity “Q”, was irrefutable proof that this “Q” began the movement known as Anonymous. Confident in his assertion, he attempted to sell this and other pieces of so-called “intelligence” about the nature of Anonymous to the U.S. FBI.

His information, however, was incorrect. It would be considered common knowledge that Anonymous began as a “meme”, or shared belief, at the turn of the century and later developed to become a “global collective conscience” in 2006. But it was not until 2008 that Anonymous became a true display of “power in numbers”. Organised protests against the “Church” of Scientology were staged in over 140 cities around the world, forever associating the Guy Fawkes mask and the right to protest with the movement.

Second, just like Anonymous, John Doe and Joe Bloggs are placeholders, rather than proper names, and are available for free use without repercussions. However because of this, there is no membership to Anonymous and anyone can claim to be a “member”. It could be said that “Anonymous is anonymous to Anonymous”.

Barr and Menn did not pause to protect the integrity of their professions, but instead made clearly misinformed assumptions, and accordingly published a factually incorrect article. The article was highly scrutinized as being blatantly biased against Anonymous and its participants, and many readers pointed out obvious inconsistencies in the technicalities, and the physical time line.

Third, in the primary article, Menn claims that a “member” of Anonymous, Kayla, made comments as an apparent admission of guilt from the “leaders”. Kayla reportedly said, “If you say you are Anonymous, and do something as Anonymous, then Anonymous did it”. This statement is inherently weak; an equivalent statement would be that “I confess to being human. Humans performed the attack”. Andy Greenburg at Forbes [3] got it right.

Finally, Menn’s reference to “technical details” [1] regarding a vulnerability in Sony’s network without revealing actual content isn’t useful. Until the forensics reports are released we don’t know which exploit was used. The forensic investigators need to conclude their work, and speculation in articles, blogs and comments brings the factual results no closer.

Menn’s anonymous source claims that “a few ops disappeared” but so has a solid chunk of software infrastructure including NickServ and channel bots over attacks during the PSN outages. Menn’s other quotes are a vague mixture of assertions and denials. During the PSN downtime, Anonymous closed #opsony and put “sony” on the automatic kick list as ‘profanity’ last week.

Is all of this attention on Anonymous acting as a distraction from other problems, and overhyping the nature of the DDoS attacks? Sony’s recurring issues are beyond providing free game credits:

In order to process credit cards, every company needs to be PCI compliant. “If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard” [4]. Since Sony’s network was “unpatched and had no firewall installed” [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence [see Further Reading]. More importantly, “I can’t think of a major data breach where the company was PCI compliant,” said Ira Rothken, the lead attorney handling the class action lawsuit [6].

Sony has been accused of false billing, especially in the repairs department: customers who provided credit card details for an MMORPG are charged $150 for repairs to PS3s that they don’t own; repairs are double billed and then referred to retailers; equipment is charged $150 multiple times (2-4) for repairs that aren’t performed. [7 and Further Reading]

A decent credit card transaction gateway includes recurring billing as an option. Data mining by corporations has a profit motive, but as Sony has demonstrated it can be a massive liability. Why not start a discussion about corporate responsibility to protect user information, especially since they didn’t need it to begin with?

Sony’s response to the U.S. Senate [8] is to request more laws and further the myth of “best practices.” Since Sony was warned of security holes months in advance [5], one of those “best practices” would be to accept the advice of the experts. In Sony’s passing the blame there is no justification for the collection and retention of personal information they didn’t need.

Outraged about the blatant coverup and shameful misdeeds, other internet hacker groups will apparently proceed with attacks [9] over Sony’s mishandling of the matter. These reactions prove that requesting legislation to cover up corporate crimes and the abuse of law is frowned upon by all online communities, not just the Legion of Anonymous. Apparently Sony will have to learn the hard way that corporate malfeasance will not go unpunished. When the dust settles Sony may have more to fear from a massive class action lawsuit by their user base than the brief actions of the Global Hacker Nerd Brigade, Anonymous… Let THE GAMEs begin. :>

Knowledge is free.
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.

Mobile

Apple to boost its Amazon presence with listings for iPhones, iPads, and more

Apple is about to start offering more of its kit on Amazon. The tech giant currently only has very limited listings on the shopping site, but the deal will see the arrival of the latest iPhones, iPads, MacBooks, and more.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Computing

AMD is pulling ahead in the die shrink race with 7nm CPUs and graphics cards

AMD might have played second fiddle to Intel and AMD for a long time, but it has the potential to leapfrog both when it debuts its new 7nm CPUs and graphics cards in 2019, leading the die-shrink race for the first time in years.
Deals

Black Friday 2018: The best deals so far

Black Friday is the biggest shopping holiday of the year, and it will be here before you know it. If you can't wait until November 23 to start formulating a shopping plan, we've got you covered.
Computing

Stay connected with the Surface Go LTE Advanced, coming November 20 for $679

The new Surface Go LTE Advanced model delivers benefits for anyone who is looking to enjoy LTE coverage and stay connected on Windows 10 when traveling on the road or away from home.
Computing

Cloudflare’s privacy-enhancing 1.1.1.1 DNS service comes to iOS and Android

Cloudflare's 1.1.1.1 DNS resolver service has been ported to mobile devices, and now anyone with an Android or iOS device can download it for free to take advantage of its speed and privacy-boosting features.
Gaming

The plug-and-play PC Classic joins the retro console bandwagon

Gaming company Unit-e is creating the PC Classic, a plug-and-play retro console that will come bundled with around 30 of the best DOS games. The system will support gamepads and keyboard setups.
Computing

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they've accumulated files and misconfigured settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.
Computing

Best Buy’s pre-Black Friday deal takes $330 off the 2017 Surface Pro bundle

If you don't need the latest Surface Pro, Best Buy has a heavily discounted rendition of the 2017 model available in its pre-Black Friday sale. For just $1,000, you can get the tablet with a Core i5 CPU.
Computing

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.
Computing

Mozilla’s built-in price-tracking extension makes it easy to shop with Firefox

Mozilla has heard those worries about Black Friday shopping, and is now introducing a new set of experimental extensions which aim to make it easier to find the best deals online.
Computing

Buying a laptop on Black Friday? Don't make one of these rookie mistakes

Shopping for a laptop on Black Friday can win you some excellent deals, but you should also avoid making common mistakes. Check out what to avoid when buying a laptop for Black Friday and what danger signs to be wary of.
Computing

The Mac mini's price jump has crept into iMac territory. How do they compare?

Apple announced a long-awaited update to the Mac mini. Thanks to the updated specs and increase in price, it's begun to creep up to the base model iMac. In this guide, we now put up the specs on the newest refreshed Mac mini against the…
Computing

Our favorite Windows apps will help you get the most out of your new PC

Not sure what apps you should be downloading for your newfangled Windows device? Here are the best Windows apps, whether you need something to speed up your machine or access your Netflix queue. Check out our categories and favorite picks.