It ain’t over till it’s over: A group of unidentified hackers is reportedly planning a third attack against Sony, which is still trying to clean up a security breach that left the personal data of more than 77 million PlayStation Network and Qriocity gamers exposed and the network itself in shambles.
According to CNet, an “observer” of an Internet Relay Chat (IRC) channel used by the hackers oversaw the group’s planning of another attack against Sony’s website. The source says that the group already has access to Sony’s servers, and intends to publish online whatever information it obtain from those servers. That, says the source, could include customer names, credit card numbers and addresses.
It is not yet clear whether the hacker group is, in fact, that of Anonymous, which recently waged a distributed denial of service (DDoS) attack against Sony’s websites in retaliation against the electronics giant’s lawsuit against PlayStation 3 jailbreaker George “GeoHot” Hotz. But, of course, Anonymous is the first suspect that comes to mind.
Earlier this week, Sony issued a letter to Congress in response to questions about the massive security breach of the PlayStation Network that put 12.6 million credit card numbers at risk. In the letter, Sony board chairman Kazuo Hirai said that the company’s security team had found two files — one labeled “Anonymous, the other labeled with the Anonymous slogan “We are legion” — on its servers. While Sony admits that it has no idea whether Anonymous is the same group who broke into their system, the company places the blame on Anonymous.
“Whether those who participated in the denial of services attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know,” wrote Hirai in the letter. “In any case, those who participated in the denial of serve attacks should understand that – whether they knew it or not – they were aiding a well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony’s many customers around the world.”
Anonymous, which called off its “Operation Sony” DDoS attack days before the PSN breach took place, has firmly and repeatedly denied having played a role in the PlayStation Network breach, and says any evidence that they were involved is the work of their enemies.
“Whoever broke into Sony’s servers to steal the credit card info and left a document blaming Anonymous clearly wanted Anonymous to be blamed for the most significant digital theft in history. No one who is actually associated with our movement would do something that would prompt a massive law enforcement response,” writes Anonymous spokesman Barrett Brown in a press release published Wednesday afternoon. “On the other hand, a group of standard online thieves would have every reason to frame Anonymous in order to put law enforcement off the track. The framing of others for crimes has been a common practice throughout history.”
With the threat of a new attack hanging in the air, Sony is already working frantically to clean up the mess that hackers already created. Thursday, Sony CEO Howard Stringer issued a letter of apology to PSN users, saying that he and the company are sorry “for the inconvenience and concern caused by this attack,” and that Sony has “teams working around the clock and around the world to restore your access to those services as quickly, and as safely, as possible.”
In addition, Sony has announced that it will offer US users of the PSN identity theft protection free for one year through the AllClear ID Plus service.
Sony’s problems don’t stop with customers, however. Today, New York Attorney General Eric Schneiderman issued Sony a subpoena over the breach and resulting data theft.
- Data stolen from HealthCare.gov includes partial SSNs and immigration status
- U.S. set to charge North Korean spy with Sony hack and WannaCry cyberattack
- Hack affects 2 million T-Mobile customers, unclear if passwords included
- Researchers warn smart home appliances could be used to attack power grids
- Apple CEO demands Bloomberg retract its Chinese surveillance story