Skip to main content
  1. Home
  2. Computing
  3. News

Sony blames Anonymous for PlayStation Network data theft debacle

Andrew Couts
By

Anonymous_sony_PSN_PlayStation_NetworkIn response to a Congressional subcommittee’s inquiry into the massive data breach of its PlayStation Network that exposed the personal data of more than 100 million gamers, Sony claims to have evidence that those responsible are part of the infamous international hacktivist group “Anonymous.”

“Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack,” writes Patrick Seybold, senior director of communications for Sony, in a summary of its letter to Congress, which was posted to the PlayStation Blog. “We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named ‘Anonymous’ with the words ‘We are Legion.”

Related Videos

Anonymous has admitted to conducting a distributed denial of service (DDOS) attack on Sony’s website as part of #OpSony, launched in retaliation against Sony’s lawsuit of PlayStation 3 jailbreak hacker George “GeoHot” Hotz. But the loose-knit group denies having any part in hacking the PSN, and insists they were not involved in any data theft of any kind. (See video below.)

In the full letter to the Congressional Subcommittee on Commerce Manufacturing and Trade, however, Sony board chairman Kazuo Hirai offers the theory that Anonymous launched the DDoS attack, which he says occurred “at or around the same time” as the security breach, as a smokescreen to cover for the breach of the PSN — a move that distracted Sony from the true threat to its network and made the company unable to detect the security breach.

“Our security teams were working very hard to defend against denial of service attacks,” writes Hirai in the letter, “and that may have made it more difficult to detect this intrusion quickly — all perhaps by design.”

By the time the security breach occurred on April 16, however, Anonymous had officially called off #OpSony due to the fact that George Hotz had reached a settlement with the company. According to a statement released on AnonNews, Anonymous had moved its operations offline and into “the streets.”

Regardless of whether Anonymous intentionally diverted Sony’s security team for the sole purpose of initiating a “highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purpose,” or was just in it for the LULZ, Sony still places the blame for the attack firmly on Anonymous’ ambiguous shoulders.

“Whether those who participated in the denial of services attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know,” Hirai writes. “In any case, those who participated in the denial of serve attacks should understand that – whether they knew it or not – they were aiding a well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony’s many customers around the world.”

Sony says that it has about 12.3 million credit cards on file through the PlayStation Network, with about 5.6 million of those belonging to parties within the United States. So far, Sony says its investigation has found no evidence that the PSN security breach has resulted in a single count of fraudulent activity.

Anonymous has not yet officially responded to this new, official round of finger pointing. But as Anonymous always says: “Expect us.”

UPDATE: Click here for Anonymous’ response to Sony’s accusations.

Editors' Recommendations

Topics
FBI arrests Anonymous and LulzSec suspects
anon arrest

The FBI has arrested two suspected members of the hacktivist groups Anonymous and LulzSec, according to Fox News. The alleged hackers were taken into custody this morning.

Cody Kretsinger (who uses the alias “recursion”), 23, of Pheonix is accused of being a LulzSec member and charged with conspiracy and the unauthorized impairment of a protected computer. A suspected Anonymous member described as homeless and living in San Francisco was also arrested this morning.

Read more
Sony executive describes PSN security breach as “a great experience”
tim schaaff

If you were a Sony executive being interviewed about April’s massive security breach which knocked offline 77 million PSN accounts for more than a month, cost the company somewhere in the region of $171 million and angered millions of users around the world, how might you describe the whole debacle?
“An embarrassing calamity,” perhaps? “A monumental month of misery,” possibly? Not so Tim Schaaff.
Schaaff, the president of Sony Network Entertainment, described it, somewhat surprisingly, as “a great experience.” The Sony executive was talking to VentureBeat’s Dylan Tweney on Wednesday at the MobileBeat conference in San Francisco.
According to PC Mag, Schaaff told Tweney that Sony had been “very, very pleasantly surprised by the experience.”
Regarding today’s much improved state of affairs, Schaaff said, “Everything's live again around the world, and the amazing thing through all of this is that the customers have all come back, and network performance is better than ever, sales are better than ever.”
The executive, who is no doubt feeling hugely relieved that the company has come through what was one of the most troubling episodes in its history, told Tweney: “We're in a place where we're really looking forward again to what's next, what's new, and how we can keep growing the network.” He continued: “It's a pretty crazy event that we went through but we survived, and we're back strong, and ready to go.”
Schaaff said that when the security breach first took place, the company thought “it was all about Sony, and what was Sony doing.” In the weeks following the attack, however, it became apparent that this wasn’t the case, as a number of other companies and government bodies also suffered at the hands of hackers.
Astonishingly, Schaaff described the whole episode as “a great experience.” That’s really saying something. We’re wondering what would’ve had to have happened for him to call it “pretty damn awful.”
Schaaff qualified his remark by saying, “I would not like to do it again. One time was enough. Great learning experience.”
 

Read more
Sony PS3 hacker George ‘GeoHot’ Hotz ‘works for Facebook’
geohot-facebook-george-hotz

Just when you thought the massive hacker stories were over for the evening, another twist comes in: Hacker George 'GeoHot' Hotz, who recently settled a lawsuit with Sony for publishing a PlayStation 3 crack online, now works for Facebook, according to various sources. His exact position with the company is unclear, but he may be on a the development team tasked wit building the social network's rumored new iPad app.
The rumor of Hotz's break into "legitimate" product development comes first from jailbreak hacker Joshua Hill (aka p0isixNinja), who said in a recent interview that Hotz had made the move. Hill reportedly challenged Hotz to a iPad 2 jailbreak duel. (Both hackers come from an iOS-cracking background.) Hotz declined, saying that he wanted to remain out of the attention of the media after the debacle with Sony.
Gabe Rivera, creator of news aggregator Techmeme, said that he noticed on Hotz's Facebook page a message that reads, "Facebook is really an amazing place to work…first hackathon over." Hotz reportedly published that post on June 17, but he is said to have worked at Facebook since May.
Hotz has become somewhat of a symbol for the hacking community. Hacktivist group Anonymous launched a distributed denial of service (DDoS) attack on Sony in April as retribution for suing Hotz. Coincidentally or not, the DDoS onslaught came at the same time as a monstrous breach of Sony's PlayStation Network put the personal data of as much as 100 million people worldwide at risk.
Those hacks became the preface to an ongoing campaign by Lulz Security, who hacked Sony in a variety of ways. The group later went on to attack everyone from PBS to the CIA. By chance, LulzSec announced tonight that it was disbanding, and would never perform another cyberattack under the LulzSec pirate flag again. There is so far no evidence that GeoHot going corporate has anything to do with LulzSec's sudden death.
Watch the interview with Hill and Craig Fox, founder of My Great Fest jailbreak convention:

Read more