PlayStation hack: Sony blames Anonymous
Published 05/05/2011 | 13:34
Sony has said the that the hackers who stole more than 100 million users' personal details from its online gaming systems left a file implicating Anonymous, the internet activist collective.
In a detailed letter about the security breach to a US Congressional committee, Kazuo Hirai, chairman of the electronics giant, said the the file discovered by investigators was named "Anonymous" with the words "We are Legion", part of the Anonymous motto.
He also linked the breach, which began on April 16, to denial of service attacks on Sony systems launched by Anonymous in response to legal action against George Hotz.
The 21-year-old American hacker, who goes by the alias "geohot" online, circumvented copyright controls on the PlayStation 3, allowing it to run unauthorised software.
Sony sued him in January after he published his discovery of codes embedded in the console that would let any other owner do the same.
"Several Sony companies had been been the target of a large-scale, coordinated denial of service attack by the group called Anonymous," Mr Hirai said.
"The attacks were coordinated against Sony as a protest against Sony for exercising its rights in a civil action in the United States District Court in San Francisco against a hacker."
In their denial of service attacks, Anonymous members use specially-created software called the "Low Orbit Ion Cannon" to bombard targets with internet traffic. The tactic is designed to overload servers and force them offline.
On April 11, Sony announced it had settled its case against Mr Hotz out of court, but Anonymous nevertheless vowed revenge. The collective was founded to protest against perceived threats to free speech online.
"In the eyes of the law, the case is closed, for Anonymous it is just beginning," a video message posted on YouTube on April 13 said.
It called for real world protests against Sony on April 16 and warned also warned the firm to "prepare for the biggest attack you have ever witnessed, Anonymous style".
In his letter to the House Commerce Committee, Mr Hirai said Anonymous' denial of service attacks had helped the data thieves, because "security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect this intrusion quickly - all perhaps by design".
The breach of the PlayStation Network, in which 77 million users' names, user names, addresses, email addresses, birth dates, and hashed passwords were stolen, was detected on April 19. The near-simultaneous theft of 25 million gamers' details from Sony Online Entertainment, a PC service, was not detected until 1 May.
Both systems are currently offline and under investigation by digital forensics contractors, and the FBI.
Speculation will now focus on whether Anonymous members were actually behind the thefts, or whether professional cyber criminals hijacked the denial of service attacks and planted references to the collective to cover their tracks.
"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," Mr Hirai said.
Most computer security experts have so far believed Sony's systems were targeted by a professional criminal or gang seeking to profit from identity theft and credit card fraud.
But although its activities have been dominated by denial of service attacks, Anonymous has previously hacked into target systems.
Earlier this year members breached HBGary Federal, a computer security consultancy that had claimed it could identify Anonymous' leaders. The firm's email archive was published online, forcing the resignation of its chief executive.
The breach of the PlayStation Network and Sony Online Entertainment has already been damaged to Sony. Its share price tumbled almost 5pc last week amid investor fears that extended outages and a barrage of lawsuits from angry customers would hit profits.
Sony has been criticised by US politicians, particularly over the week-long delay between the detection of the breach on 19 April and the release of information to customers on 26 April, but Mr Hirai defended the firm.
"Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers would cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence," he said.
All 100 million victims have since been urged to change their other online passwords and to monitor their credit card and bank statements closely. The major credit card providers have not yet reported any fraud as a result of the thefts, however.
The FBI already has an active investigation into Anonymous, and issued 40 arrest warrants in January in relation to denial of service attacks against firms including Amazon, PayPal and Visa. The firms were targeted last year after withdrawing services from WikiLeaks.
Six British men and teenage boys are currently on bail after being arrested as part of a coordinated investigation by Scotland Yard.
Anonymous' full motto reads: "We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us – always."