Despite the hacker group Anonymous’ insistence that they had nothing at all to do with the PlayStation Network outage after their brief DDOS attack on the service on April 5, Sony claims that ”the intruders had planted a file on one of our Sony Online Entertainment servers named ‘Anonymous’ with the words ‘We are Legion.’”
Sony stated they responded to the US House of Representatives Subcommittee on Commerce, Manufacturing, and Trade’s demand for answers:
In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:
1.Act with care and caution.
2.Provide relevant information to the public when it has been verified.
3.Take responsibility for our obligations to our customers.
4.Work with law enforcement authorities.
We also informed the subcommittee of the following:
•Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
•We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
•By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
•As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
•Protecting individuals’ personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
•We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.
It seems like a swipe at an easy target like Anonymous, but it makes no sense for the hacker group, who had already attempted a DDOS attack on PSN on April 5, and suffered a PR hit for it.
There are some possibilities here: Sony is lying and trying to pin their failure on Anonymous to take some of the heat off them, one of the hackers posted it to divert attention from themselves and have Anonymous pegged, members of Anonymous went rogue on the group to perpetuate the scam (which makes no sense unto itself), or Anonymous is lying and the group did hack PSN.
Let us know what you think in the comments field below.
