Sony implicates 'Anonymous' in response to Congress

The data breach of Sony, including PlayStation Network and more recently-discovered Sony Online Entertainment, attracted the attention of Congress. Sony decided not to appear personally at a data theft hearing, but Kaz Hirai has given the company's official response, which implicates the hacker group Anonymous for the attacks.

In a letter to the US House of Representatives Subcommittee on Commerce, Manufacturing, and Trade (summarized on the PlayStation Blog), Hirai explains that the hackers left a calling card. "When Sony Online Entertainment discovered this past Sunday that data from its servers had been stolen, it discovered that the intruders had planted a file on one of those servers named 'Anonymous' with the words 'We are Legion'," Hirai explained.

Though the the SOE theft was discovered later than the PSN attack, it took place at the same time by exploiting shared infrastructure. Sony emphasized that it hadn't suffered a second attack, but rather that SOE's intrusion took longer to detect. That means that if Anonymous is responsible for the SOE attack, it's responsible for PSN as well.

For its part, Anonymous has denied involvement in the attacks, but even in that denial admitted that "other Anons" may have "acted by themselves." When the group apologized for inconveniencing users with denial-of-service attacks, a statement pointed out, "different operations are 'run' by different people." The group noted that it is "comprised of people with diverse points of view, of which not all coincide with one another."

Hirai also gave three reasons why it may have taken Sony so long to detect the problem: the sophistication of the attack, an unknown system vulnerability, and the fact that Sony was focusing on the denial of service attacks. "Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," he said. "In any case, those who participated in the denial of service attacks should understand that - whether they knew it or not - they were aiding in a very well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony's many customers around the world."

The letter also says Sony shut down networks "as soon as threats were detected," but reveals that they noticed off-schedule system reboots due to "unauthorized activity" taking place on 4/19 -- a full day before the PSN shutdown on 4/20, and two weeks before Monday's SOE shutdown.

The House letter to Hirai became part of a data theft hearing, planned before the Sony attacks, that is currently underway. You can watch it live on C-SPAN.