Sony has released their response to the 13 questions asked by the US House of Representatives today addressing the massive data breach. Millions of American consumers' data was compromised when the PlayStation Network was hacked and in their response, Sony hinted that Anonymous may have have been involved. This last tidbit is something that we previously discussed due to Anonymous' previous issues with Sony. Sony's CEO, Kazuo Hirai, submitted six pages worth of answers to the House of Representatives' questions and has subsequently shared them with the public.
If you want the shortened version, here's a quick summary of Hirai's letter:
- Sony has been the victim of a very carefully planned, professional, highly sophisticated criminal cyber attack.
- They discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
- By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, they notified customers of those facts.
- As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
- Protecting individuals’ personal data is the highest priority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cyber crime and cyber terrorism.
- Sony is taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.
Going through Hirai's letter, he does mention a slew of interesting things. “I am of course aware of the criticism Sony has received for the time taken to disclose information to our customers. I hope you can appreciate the extraordinary nature of the events the company was facing – brought on by a criminal hacker whose activity was neither immediately nor easily ascertainable. I believe that after you review all the facts you will agree that the company has been acting in good faith to release reliable information in accordance with its legal and ethical responsibilities to its valued customers.”
The most interesting part of their statement was that Sony found a file planted in the servers titled Anonymous with the words "We Are Legion." This new development contradicts Anonymous' previous statement released on April 22 titled "For Once We Didn't Do It." The statement addressed the PSN Outage; they said, "While it could be the case that other Anons have acted by themselves AnonOps was not related to this incident and takes no responsibility for it. A more likely explanation is that Sony is taking advantage of Anonymous' previous ill-will towards the company to distract users from the fact the outage is actually an internal problem with the companies servers." It's still unclear if Anon is behind the attack, even though Sony is clearly placing the blame on them.
On Page 4 of the letter, Hirai goes in to great depth on exactly what happened when the attack was initiated. "The team took until the afternoon of April 22, 2011, to complete the mirroring of nine of the 10 servers that were suspected of being compromised. By the evening of April 21, 2011, the forensic teams were able to confirm that intruders had used very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside the servers." He goes on to explain what the hacker(s) did and that when they realized the extent of the initial damage they hired a second forensic team.
According to Sony, they have four key principles that they've been working under throughout this whole PSN Outage debacle:
1. Act with care and caution.
2. Provide relevant information to the public when it has been verified.
3. Take responsibility for our obligations to our customers.
4. Work with law enforcement authorities.
However, from another quote from Hirai's letter, it took them an extremely long time to get the FBI involved with the incident. "The forensic experts that Sony Network Entertainment America had retained had not determined the scope or effect of the intrusion at the time the FBI was contacted. A meeting was set up to provide details to law enforcement for Wednesday, April 27.” As the PSN went down on April 20, that means it took eight days before Sony could get the FBI involved.
Sony also told the committee about their Welcome Back initiative and their other plans for the PlayStation Network. They also said in a statement, "We are working around the clock to have some PlayStation Network services restored and we’ll be providing specific details shortly."
What do you think of Sony's answers to the questions posed by the U.S. House of Representatives? Did they answer to your satisfaction, or are they just covering their bases? And perhaps most importantly, do you think Anonymous was involved?
Source:Sony
Comments are Closed
Comments
Displaying 1–20 of 47
1232
IroniclyTrue
I don't think Anonymous did it but an Anon could have done it. Anonymous is a large decentralized group with many members acting on their own. That's one of the reasons they are as powerful as they are. Several times they've said that they couldn't say with certainty that individual Anons didn't take part in attacks on groups that were in some way provoking them. This reminds me of the statement they made about West Boro before we found out it was a hoax, in that, while they could speak for the "leadership" they couldn't speak for individual Anons. Wikipedia even states in their article "Actions credited to "Anonymous" are undertaken by unidentified individuals who apply the Anonymous label to themselves as attribution." so technically, even if Sony did it themselves or it was some hacker with no direct ties to the "leaders" of Anonymous, it was still Anonymous who did it. This is a much bigger problem for us if Congress tries to take action, because the only way to stop Anonymous in this situation is to completely shut down their ability to communicate over the internet as any statement they release could be seen as an indirect attack on any individuals listed as the "enemy". Free speech must ultimately rule over any idea of security or safety.
We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.
TheSlowFlash
Good luck with the FBI Anon virgins, if they can't pin this on you I am sure they will find something else...
Anonymous000
We are not, and I repeat, NOT responsible for Sony's outage. It's ridiculous that Sony is trying to pass the blame on us simply because their own personal network security is simple enough for a barely-seasoned hacker to break into. A large majority of us are actually frequent PSN users, including myself. Just because you simply found a file that was entitled "Anonymous" and had "we are legion" on the files too does not instantly make Anonymous guilty to said crimes. In fact, to even announce this to the public is nothing short of ridiculous, considering the only evidence they had that Anonymous took part in this is linking them to a previous un-related issue and a file name.
We are Anonymous.
We are legion.
We are.... bored without PSN
slyckem508
its funny when people say xbox security is better. if u look it up youll find that xbox was hacked a few years back. points where stolen and accounts were hacked. they shut down there network for two weeks and people sayin f--- psn, hey the same happened for xbox so STFU and no whats goin on
dpizzle08
Thanks Sony, for repeativly kicking me in the nuts.
dukesnugglez
"Protecting individuals personal data is the highest priority and ensuring that the Internet can be made secure for commerce is also essential.
If the statement above is true the WHY WERE PEOPLE"S PASSWORDS NOT EVEN ENCRYPTED?
THE STATEMENT BELOW IS FALSE
THE STATEMENT ABOVE IS TRUE
joshhesami
Those guys at Sony are a bunch of jerks! All they want is to provide free online service and protect our credit card information. Those Fascists!
westraz
the story is getting more and more F up ever day!
FunnyDucklinG
Anon did it 100%..if the didnt why dont they just help Sony find the people that really did it so Sony will get of thier back about it...!!?
Greedyjew6964
I Just want to play Mortal Kombat online. Please bring PSN back soon.
nogr8loss
Solely blaming Sony for this is like saying you don't put 3000 people in a building and blame terrorists for blowing it up, but blame the security or owner of the building. Hackers are basically cyber-terrorists so why should they be regaurded as any different. And why should Sony have to bear the entire weight of this?? I'm not mad at Sony in the least. It's not like they left the front door open and anybody could have done this. They have the FBI and several firms involved and they still have only limited information on who did this highly technical attack. So yeah I feel that Sony is as much a victim as we are. We can cancel our PSN accounts if we so choose, hell most of us were using it for free anyway, they are the ones paying for it now. Not you me or the terrorists (hackers) that did this.
Grave61389
I think the bit about the file is interesting. from everything I have read Anon denied they did it and usually take credit when they messed up somebodies virtual day; to me the masses of anon most likely didn't do it but rather one of their guys who has a very deep hatred of Sony went rouge and kicked Sony in the virtual groin against the group consensus. So Anon is either lying, its a rouge Anon in which case they will still take the heat, or its a frame job. Either way only time will tell and hopefully we will get the big picture.
TheSlowFlash
"A more likely explanation is that Sony is taking advantage of Anonymous' previous ill-will towards the company to distract users from the fact the outage is actually an internal problem with the companies servers."
That is INSANE...
Are you kidding me? The FBI is investigating and an independent company, and you think Sony made that up and planted it?
Wow...
unlvphi164
I know someone already stated it, but this whole event gives me negative vibes. This puts us one step closer to a government-involved internet.
We don't want to be in that position because it will never go back to the good 'ol days. Once they get their hands on it... gg.
WoolySpud
"...'A meeting was set up to provide details to law enforcement for Wednesday, April 27.' As the PSN went down on April 20, that means it took eight days before Sony could get the FBI involved."
The one issue i have with this article is that this statement states that Sony waited till the 27th to contact the FBI BUT in the letter it actually states that they contacted the FBI on the 20th *and* that a meeting was scheduled for the 27th partially due to the fact that Sony's forensics teams had not fully ascertained the scope of how far the intrusion had gone and what was stolen.
The main point here is that according to the letter Sony contacted the FBI immediately, so the FBI was aware. It does not matter that the meeting was set for the 27th, Its not going to help anyone to have a meeting with the FBI without any information to give them. At the time of the call on the 20th Sony gave all the info they had at the time to the FBI... That being "We got Hacked, We are trying to find out the extent, we need to have a meeting once we find out how bad the hack was so you can catch them."
jaysun3535
this something we all have to look at if it has a data base and online access it can be compromised we are worried about the playstation network what if they choose the credit bureaus and nobody credit works or if they decide to crash wall street suing sony won't help the problem at hand congress need to back up and stay off sony and fix these gas prices that rise up every week this congress way to avoid the rising price of gas SHAME ON CONGRESS!!
Shienberg
Not a fan boy.
I own a ps3 and an xbox and I love them both for different reasons.
All things being equal I am sooooo glad I own an xbox right now.
Would write more but I gotta go play some Black Ops and Portal 2 online.
:)
crocodilius
crocodilius's comment is abusive and has been removed.
Sesslersprodigy
who let legion from mass effect 2 hack psn. the geth attack as begun!
Ghost2190
I'm a bit confused, Sony is Blaming "Anonymous" for the attack on "PSN", who ordered an end to "PSN" attacking because it negatively effected consumers why would it make sense to then completely reverse the decision and take down the "PSN" for Weeks? To be blunt they are ALWAYS straightforward with their tactics and they ALWAYS announce an attack before or release a statement right after they do it. None of this adds up to "Anonymous" or "AnonOps" being behind the attack.
I would not like to blame Sony for this but every time a Corporation is caught with their pant's down they immediately become the Victim of a threat that they considered minimal when that is not necessarily the case. such as with the banks who were giving out bad loans and when the economy headed for the hills we found out the the banks were firing scores of employees only so that the CEO's could keep their lifestyle to the same degree as before the economic crisis.
Personally, I love Sony, that's why I got a PS3 however, I am Disturbed at the lengths they went to for two customers and even more disturbed at the lengths they didn't go to for network security in fact, if I found out that my network is potentially compromised the first thing I would have done was to beef up security on both physical and virtual sites using the intelligence of those who were able to crack it.
Note: I only come to this Conclusion (referring to my opinion on "Anonymous' " involvement in the most recent attack on the PSN) out of the patterns of the organization.
Displaying 1–20 of 47
1232