May 05, 2011

Sony Says Anonymous Responsible for Attack

With a network that has been down since April 20, Sony has finally come to the conclusion that the hacker group known as Anonymous is responsible for all of the down time and massive security breach.

Sony claims it has evidence that the hacktivist group is the bad guy in this scenario, and the ones who stole the data of hundreds of thousands of users worldwide. Sony is being pressured by feds to figure out what the heck is really going on.

“Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack,” writes Patrick Seybold, senior director of communications for Sony, in a summary of its letter to Congress, which was posted to the PlayStation Blog. “We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named ‘Anonymous’ with the words ‘We are Legion.’”

Many news outlets and users across communities have speculated this, yet Sony seems to be the last in line to put the blame on what seems to be the most obvious, easiest party to point the finger at.

Kazuo Hirai, chairman of the electronics giant wrote a detailed letter about the security breach to a U.S. Congressional committee, pegging Anonymous as the bad guy.

He also linked the breach, which began on April 16, to denial of service attacks on Sony systems launched by Anonymous in response to legal action against George Hotz.

The 21-year-old American hacker, who goes by the alias "geohot" online, circumvented copyright controls on the PlayStation 3, allowing it to run unauthorized software. Sony sued him in January after he published his discovery of codes embedded in the console that would let any other owner do the same.

"Several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous," Hirai said.

Hirai offers the theory that Anonymous launched the DDoS attack, which he says occurred “at or around the same time” as the security breach, as a smokescreen to cover for the breach of the PSN — a move that distracted Sony from the true threat to its network and made the company unable to detect the security breach.

“Our security teams were working very hard to defend against denial of service attacks,” writes Hirai in the letter, “and that may have made it more difficult to detect this intrusion quickly — all perhaps by design.”

Anonymous denied official involvement in the take down when the news first came to light. While they have admitted to participating in previous attacks against Sony, they created a video message which explains that they are not responsible for the PlayStation Network being offline. They go on to say that the outage does not represent their collective wishes, and that they do not condone the attack. Watch the recent YouTube video message.

Now speculation is focusing on whether Anonymous members were actually behind the thefts, or whether professional cyber criminals hijacked the denial of service attacks and planted references to the collective to cover their tracks.

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," Hirai said.

The FBI has an active investigation into Anonymous and has issued 40 arrest warrants in January in relation to denial of service attacks against firms including Amazon, PayPal (News - Alert) and Visa.

Anonymous' full motto reads: "We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us – always."

Michelle Amodio is a TMCnet contributor. She has helped promote companies and groups in all industries, from technology to banking to professional roller derby. She holds a bachelor's degree in Writing from Endicott College and currently works in marketing, journalism, and public relations as a freelancer.

Edited by Rich Steeves