Sony implicates 'Anonymous' in response to Congress

Sony's Kaz Hirai has responded to the House subcommittee letter, implicating Anonymous as responsible for the PlayStation Network and Sony Online Entertainment data theft.

42

The data breach of Sony, including PlayStation Network and more recently-discovered Sony Online Entertainment, attracted the attention of Congress. Sony decided not to appear personally at a data theft hearing, but Kaz Hirai has given the company's official response, which implicates the hacker group Anonymous for the attacks.

In a letter to the US House of Representatives Subcommittee on Commerce, Manufacturing, and Trade (summarized on the PlayStation Blog), Hirai explains that the hackers left a calling card. "When Sony Online Entertainment discovered this past Sunday that data from its servers had been stolen, it discovered that the intruders had planted a file on one of those servers named 'Anonymous' with the words 'We are Legion'," Hirai explained.

Though the the SOE theft was discovered later than the PSN attack, it took place at the same time by exploiting shared infrastructure. Sony emphasized that it hadn't suffered a second attack, but rather that SOE's intrusion took longer to detect. That means that if Anonymous is responsible for the SOE attack, it's responsible for PSN as well.

For its part, Anonymous has denied involvement in the attacks, but even in that denial admitted that "other Anons" may have "acted by themselves." When the group apologized for inconveniencing users with denial-of-service attacks, a statement pointed out, "different operations are 'run' by different people." The group noted that it is "comprised of people with diverse points of view, of which not all coincide with one another."

Hirai also gave three reasons why it may have taken Sony so long to detect the problem: the sophistication of the attack, an unknown system vulnerability, and the fact that Sony was focusing on the denial of service attacks. "Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," he said. "In any case, those who participated in the denial of service attacks should understand that - whether they knew it or not - they were aiding in a very well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony's many customers around the world."

The letter also says Sony shut down networks "as soon as threats were detected," but reveals that they noticed off-schedule system reboots due to "unauthorized activity" taking place on 4/19 -- a full day before the PSN shutdown on 4/20, and two weeks before Monday's SOE shutdown.

The House letter to Hirai became part of a data theft hearing, planned before the Sony attacks, that is currently underway. You can watch it live on C-SPAN.

Editor-In-Chief
From The Chatty
  • reply
    May 4, 2011 10:00 AM

    Steve Watts posted a new article, Sony implicates 'Anonymous' in response to Congress.

    Sony's Kaz Hirai has responded to the House subcommittee letter, implicating Anonymous as responsible for the PlayStation Network and Sony Online Entertainment data theft.

    • reply
      May 4, 2011 10:10 AM

      If it turns out to be true, maybe they shouldn't have called the initial attack from Anonymous annoying and nothing to be concerned about, essentially calling them amateurs.

      • reply
        May 4, 2011 10:33 AM

        Yeah because that justifies this *rolls eyes

        • reply
          May 4, 2011 10:48 AM

          He didn't say that, but it certainly provoked then.

        • reply
          May 4, 2011 11:55 AM

          If someone hits you and you turn around and say "Is that all you got?", don't be surprised if they knock you down next time.

          Nothing justifies the attack, and I am worried about identity theft now as much as the next guy on the PSN network. I was just making the point when I read Sony's first response to the Anonymous attack I was questioning if it was a good idea. Regardless, whoever has any of my personal information I would like Seal Team 6 to pay them a visit.

    • reply
      May 4, 2011 10:12 AM

      All to easy.

    • reply
      May 4, 2011 10:18 AM

      It would be odd for Anonymous to immediately come out and say the didn't do it when they took full credit for the original attack. I may be a bit naive, but I believe them when they said they would target Sony in a way that wouldn't affect customers as much as their original attack did. Heh, unless this turned out to be a major "whoops!" moment for them.

      I still think it was an inside job though.

      • reply
        May 4, 2011 10:22 AM

        patsy.

      • reply
        May 4, 2011 10:28 AM

        [deleted]

        • reply
          May 5, 2011 12:11 AM

          Exactly this. Someone in Anonymous who wants to score extra bonus points.

      • reply
        May 4, 2011 10:31 AM

        I dunno. Anonymous is about harrassing their targets, not stealing financial stuff.

        • reply
          May 4, 2011 10:47 AM

          at least, those anons that state a purpose. the silent anons might like stealing financials

          • reply
            May 4, 2011 11:00 AM

            the ones who stole gawker's password database then released it for public consumption were kind of jerks

      • reply
        May 4, 2011 10:48 AM

        Anonymous can be anyone.

        • reply
          May 4, 2011 11:18 AM

          I know. I don't know how you can prosecute an organization that doesn't even recognize its own structure.

          • reply
            May 4, 2011 11:32 AM

            it's not about prosecuting an organization that doesn't recognize its own structure. you can compare the structure to something like Al Queda (i'm not saying they're nearly as bad), but the idea is that you can call something an organization without it having recognizeable structure.

            i guess the more proper terminology would be to call refer to it as "people associated with Anonymous" but still, it's just simplicity. i think almost everyone in the media knows full well by now that there's no chairman of the board of Anonymous for us to indict

          • reply
            May 5, 2011 2:53 AM

            They're not building a fucking RICO case. They'll go after the little shits who did it and move on.

        • reply
          May 4, 2011 11:33 AM

          even TotalRecall?

        • reply
          May 4, 2011 3:43 PM

          I AM THE BATMAN

      • reply
        May 4, 2011 10:56 AM

        If it was an inside job, it would probably be smart to implicate anonymous since it would be so easy to do.

      • reply
        May 4, 2011 11:02 AM

        I highly doubt that any organized part of Anon had anything to do with the intrusion and data theft - that's just not their M.O. I feel that they are, as someone already wrote, being used as a patsy. All it takes is someone to drop 'Anonymous - We Are Legion' on the server to implicate them.

        If Sony can't bring the actual hackers to justice, they'll just go after Anon. Given the shitty P.R. image of Anon, it seems far likelier that they'll just jail a handful of Anon's and go lynch-mob if it proves to be the shorter path to a public relations solution.

        "Look guys - we caught 'em! We're cool - come back online!"

    • reply
      May 4, 2011 10:21 AM

      So basically Anonymous is the Al-Qaeda of computer hackers. I really don't understand their motives. All this because Sony removed the Other OS functionality? Is the PS3 individually really that significant among the whole body of personal computing devices? What about the other game consoles? What about Microsoft Windows? What about Apple? If you want to make a statement about "open platforms" for all consumers or whatever, wouldn't you go to the top, rather the the third/second place manufacturer of some dated hardware in the games industry? Overall this seems pretty childish.

      • reply
        May 4, 2011 10:27 AM

        you're assuming way too much intelligence on a group of mouthbreathers

      • reply
        May 4, 2011 10:29 AM

        They have no motives... No brains either, the FBI just needs to gather as much of the group as they can and just jail them, make a example out of them...

        • reply
          May 4, 2011 10:49 AM

          LOL.

        • reply
          May 4, 2011 10:58 AM

          Oh - I can see Juvenile Detention Facilities just filling up with your average Anons.

        • reply
          May 4, 2011 11:58 AM

          Erm, I'm betting someone in the FBI is part of anon. Hell I bet Anon has and does work with the FBI on a lot of things.

      • reply
        May 4, 2011 10:31 AM

        I believe what really made them move was because of graf_chokolo and geohot.

      • reply
        May 4, 2011 10:31 AM

        Motives? "Anonymous" is the label for a bunch of bored, disaffected people who hang out on 4chan and IRC. You make it sound all organized. Anonymous is the five thousand idiots who show up when someone accidentally makes a party invite "public" on Facebook. Sure, one of them maybe thought it would be a good idea, and another few thousand just followed because they were bored and have nothing else to do. It's the online equivalent of stoned youth hanging out under a streetlamp at 4am when one of them mentions that he knows how to pick locks.

        • reply
          May 4, 2011 12:18 PM

          You sound mad

        • reply
          May 4, 2011 3:14 PM

          Ya anonymous isn't an organization its simply a mantle that anyone can claim for pretty much any action they want

    • reply
      May 4, 2011 10:26 AM

      It's them, they started this whole thing and they should be blamed for it... Obviously they have lost all control in their group because now it's every hacker for themselves. Anonymous used to have meaning now they are attacking consumers and denying it to save their own asses.. I'm getting tired of hearing about this Sony will fix the problem and we'll all move on. Groups like this shouldn't be allowed to get away with this crap, they already ruined their Anonymous movements for the future.... I hope to never hear from this group of idiots again...

      • reply
        May 4, 2011 10:31 AM

        No it's not.

      • reply
        May 4, 2011 10:31 AM

        btw are you TFO?

      • reply
        May 4, 2011 10:33 AM

        Assume much? Just because Kaz SAYS it was anonymous doesn't make it true.

        While I don't agree with anonymous' tactics, they haven't engaged in financial data theft before. They usually do a denial of service, at worst, to make their point. This, this is something completely different.

        It may turn out to be them, or a rogue person or persons from anonymous, but this just doesn't seem like something they would do.

        • reply
          May 4, 2011 11:57 AM

          People who are skeptical (!?) that a hacker group that made grandiose, well publicized statements about Sony like a month ago are behind the attack just puzzle me. Anything's possible, but Total Recall is making a pretty safe assumption.

        • reply
          May 4, 2011 7:30 PM

          Interesting that the general sentiment seems to be trusting of Anon.

          How do you know they haven't engaged in financial theft before? Because they said they haven't? What makes their word more trustworthy than Kaz?

          It's intriguing that people are willing to trust and support a group that is suspect of having enough expertise to steal your financial and personal information.

      • reply
        May 4, 2011 11:02 AM

        I hope when this is over we never have to hear from an idiot like you again.

      • reply
        May 4, 2011 11:29 AM

        [deleted]

      • reply
        May 4, 2011 11:55 AM

        [deleted]

      • reply
        May 4, 2011 1:05 PM

        Seriously, Anonymous had such promise to improve ___________

    • reply
      May 4, 2011 10:30 AM

      [deleted]

    • reply
      May 4, 2011 10:32 AM

      Can't "Anon" be just one person or small group under the "Anon" umbrella? I thought that was the point...it can be anyone

      • Zek legacy 10 years legacy 20 years
        reply
        May 4, 2011 11:08 AM

        The name Anonymous in and of itself is just a meme referring to 4chan groupthink. I'm not convinced there is any such "group."

        • reply
          May 4, 2011 1:38 PM

          My impression is it's whoever feels like joining in. I.e. if someone says "Anonymous is going to protest scientology" then it's whoever feels motivated to pick up a sign and wear a facemask. Or if someone says "anonymous is going to DOS Sony" then anonymous is whoever feels like joining the effort.

          • Zek legacy 10 years legacy 20 years
            reply
            May 4, 2011 1:58 PM

            Exactly, and any claim of responsibility(or lack thereof) isn't coming down from high command, it's just some guy getting his lols who may or may not have had anything to do with it.

    • reply
      May 4, 2011 10:33 AM

      There is no honor among hackers.


      But still it's kinda easy to blame anybody on anything.

      Hell if you post as a guest on most message boards/forums you are labeled as anon >.>"

      • reply
        May 4, 2011 11:10 AM

        I'm pretty sure Anonymous feels they have some honor. They target companies or groups that they see hurting their freedoms or pushing an agenda they are completely opposed to, and they normally try to limit collateral damage. They could be much worse.

        • reply
          May 4, 2011 11:15 AM

          Anon was no central leadership, which means one person can't say they did or did not do it.

          They could have been involved or maybe they put the file on the SOE servers along time ago when the first DDOS attacks started and Sony only found it now. Who knows.

        • reply
          May 4, 2011 11:53 AM

          [deleted]

          • reply
            May 4, 2011 12:25 PM

            You realize you probably have multiple lobbyists working for you interests? Man, those Coal Miners need less protections in their mines.

    • reply
      May 4, 2011 10:47 AM

      "Shit just got real."

    • reply
      May 4, 2011 11:10 AM

      We are Legion comprised of people with diverse points of view, of which not all coincide with one another

      • reply
        May 5, 2011 3:19 AM

        our chief weapon is fear. fear, and surprise. our two weapons are... I'll come in again...

    • reply
      May 4, 2011 11:22 AM

      So everyone is saying Anonymous did ....

      Let's look at it this way:

      Sony has no idea who did it, they say Anonymous planted the file.

      Said hacker(s) knew Anonymous had ddos'ed sony before, used that as cover, planted a file called Anonymous to throw Sony off their trail.

      This all sucks ... sigh

      • reply
        May 4, 2011 11:24 AM

        unless Anonymous stops being anonymous and members start going by handles or aliases, any and all unknown hackers will be a part of anonymous

        • reply
          May 4, 2011 11:57 AM

          Not using an alias doesn't necessarily make you an Anonymous, but like wangel said, the common perception makes it easy to use Anonymous as a smoke screen. My guess? A legacy from the DDoS, Sony or their hired security firm making stuff up for lack of a clearer culprit, or the aforementioned smoke screen by an individual looking for a patsy.

          • reply
            May 4, 2011 12:27 PM

            not using an alias necessarily makes you anonymous (small A), but because big A Anonymous has no membership roster, there is no way to distinguish the two, and big A Anonymous inherently includes all small A anons

        • reply
          May 4, 2011 12:19 PM

          haha what?

          • Ebu legacy 10 years legacy 20 years
            reply
            May 4, 2011 1:21 PM

            Exactly what he said?

            If the hacker doesn't leave a call tag, they are technically "part of" anonymous. As anonymous isn't really a unified collective but rather almost a default.

            Once anon starts using hacker-names! (and effectively stop being anonymous), then any anonymous hacker will stop being part of anonymous and go back to just being anonymous.

      • reply
        May 4, 2011 1:23 PM

        this is like an episode of 24.

        • reply
          May 4, 2011 2:05 PM

          If only Jack was on the case =(

          • reply
            May 4, 2011 2:06 PM

            we know GITMO has the skills kept current. send anyone suspected of being in anonymous there.

            and also julian assange.

            and probably donald trump.

      • reply
        May 4, 2011 2:53 PM

        That makes no sense, because anyone can BE anonymous. If a hacker does that, then he's in anonymous. It's like Al-Qaeda. It's not a real organization but plenty of people can be grouped up in or say they're a part of it. It's not like you have to register to be an anon. It's a mob group.

        It also works both ways. So when Anon starts doing something stupid they can then say "Well those messages were planted by Westboro Baptist Church...cuz they wanted to be hacked for publicity..uhhh...yeah."

    • reply
      May 4, 2011 11:48 AM

      Regardless of who did it Sony should be held accountable for not encrypting the data.

    • reply
      May 4, 2011 12:02 PM

      Note to self: Leave evidence implicating a source of recent conflict when you commit a crime.

    • reply
      May 4, 2011 12:03 PM

      does that mean Anonymous will hack them for real and then their network will go down again? I don't know why I'd find that a hilarious response, but they're asking for it.

    • reply
      May 4, 2011 3:22 PM

      public hangings. Hackers are delusional and maladjusted.

    • reply
      May 4, 2011 3:25 PM

      Leaving a (stupid) little jab like this actually matches the typical hackers psychology perfectly.

    • reply
      May 4, 2011 3:26 PM

      Very smart move by Sony. Blame a group of disorganized amateurs for being able to break into their "ultra-secure" network.

      I thought they wanted to AVOID more reputation damage.

      • reply
        May 4, 2011 3:54 PM

        It's worse than that. They have actively taunted Anonymous now. Ask HBGary how that worked out for them when they did this.

        • reply
          May 4, 2011 4:12 PM

          doesn't read like a taunt to me. i think you're reading more into it than there is

          • reply
            May 5, 2011 7:40 AM

            I agree with you a lot of people are reading more into this than needed. What it looks like is that there is an investigation going on and this file was uncovered. Does that mean Anon did it.. nope. It could be that its just a red herring to throw of the trail. Either you can not just push it aside as if it was nothing, you gotta look into who left that message and why. It would be foolish just push the file aside Anon did have motive but A. This does not fit their MO and B. Did they the have means? Or was this planted by the real culprits to cover there trail. Either way both theories at this point have be to looked into.

            Either way this was not as simple of an issue as first thought.

    • reply
      May 4, 2011 3:28 PM

      What are the odds PSN comes back up before E3? If not, Sony's keynote will be full of LOLs.

    • reply
      May 4, 2011 3:48 PM

      Odds on PSN being back up by the end of May?

    • reply
      May 4, 2011 4:10 PM

      the devil anonymous made me do it!

    • reply
      May 4, 2011 5:12 PM

      So a good hacker used the 15 year olds who like to call themselves anon to DDos...brilliant.

    • reply
      May 4, 2011 10:03 PM

      That a file named "Anonymous" with the text "we are Legion" written inside of it, doesnt mean anonymous did it.

      Its like if someone killed his neighbour and then leaves a note by the body signing it with the name of the neighbour 2 houses to the left for example.

      Or like if someone planted a bomb, and then shouted "long life "insert country here", that doesnt mean hes from that country.

      They are just searching someone to blame for.

      • reply
        May 4, 2011 10:14 PM

        Adding something ^^.
        They should not stop at just looking at the note and, oh so it was them, work finished.
        They should look into the data that is really useful, and try to get the Ip / pc from where that file was created / sent, even if the one that did it tried to delete his footsteps. And see if they were really the ones behind it or not.

        And then point the one responsible with real proof.

        • reply
          May 4, 2011 10:29 PM

          the problem is, anyone and everyone is potentially in Anonymous. Anonymous can't come out and say they had nothing to do with it or that an anon didn't put that there, because they have no records of who actually is in Anonymous and who isn't, because by definition everyone and anyone that's anonymous is Anonymous

          • reply
            May 5, 2011 2:08 AM

            Thats why i say it, its easy to blame someone instead of doing a proper research and track where the file came from, even if that trace is hidden.

    • reply
      May 4, 2011 10:39 PM

      ." The group noted that it is "comprised of people with diverse points of view, of which not all coincide with one another."

      ------

      I wonder if any of them approve of snitching.

      • reply
        May 4, 2011 10:40 PM

        how do you snitch on someone if you don't even know who you're snitching on?

    • reply
      May 4, 2011 11:00 PM

      obvious the real hackers would plant an "anonymous" tag as to throw them off the trail.

    • reply
      May 4, 2011 11:14 PM

      From networking to marketing to usability (DRM/firmware) to software/developer support, what has Sony managed to do right this generation? That's probably a shorter list than what they've gotten wrong or managed to screw up.

      The hardware is pretty reliable, right? A lot of the fatties seem to be dropping but they're nowhere near RROD territory.

      They got lots of good single player games.

      That's about all I got.

      • reply
        May 5, 2011 12:09 AM

        They've managed to strong-arm the industry into adopting Blu-Ray. Though I think it depends on your definition of "right"

Hello, Meet Lola