Sony Blames Anonymous For Latest Hack…
from the easiest-framing-ever dept
Apparently Sony has decided to pick on an easy target for its latest data breach: Anonymous. Sony is claiming it found a file named “Anonymous” on the server, with the non-group’s phrase “We are Legion” in the file:
“The attacks were coordinated against Sony for exercising its rights in a civil action in the United States District Court in San Francisco against a hacker,” Sony chairman Kazuo Hirai said in the letter.
“What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes.”
Of course, those two sentences don’t seem to match. Anonymous isn’t known (at all) for trying to steal credit card information for criminal purposes. Its entire purpose is more along the lines of vigilante protests. Also, Anonymous may be the easiest “group” in the world to frame. Because it’s not a group and anyone and everyone can be a part of it, you just put a file named “Anonymous” somewhere along with the phrase “We are Legion” and clueless dupes assume it was “the” Anonymous rather than a bunch of organized crime hackers searching for credit card details. It very well could have been an Anonymous operation, but it seems like Sony should have a bit more proof before making such a definitive statement on the matter.
Comments on “Sony Blames Anonymous For Latest Hack…”
a carefully planned, very professional, highly sophisticated criminal cyber attack attack designed to steal personal and credit card information just for the lolz?
Re: Re:
This doesn’t fit with Anon.
Although, now that they’ve been accused… I’m willing to bet there will be plenty of lolz in the near future.
Re: Re:
At first the lolz come easy. A little public stunt, some message board posts. But pretty soon that just doesn’t cut it. It’s not delivering the lolz. You have to go bigger.
It starts to take DDOS and some cooperation to get the lolz. At first that’s good, but the small take downs quickly lose their lolz and you have to go bigger. Major DDOS on massive infrastructure bring down major corporations, yeah, there’s the lolz.
But then that’s not enough. You have move on. The lulz just aren’t coming.
Now it takes a highly sophisticated criminal cyber attack to steal personal and credit card information to get the lulz. You’re lost to the lulz. You can’t stop.
Who knows what’s next…
Re: Re: Re:
The lulz have become…
*puts on shades*
Serious business.
Re: Re: Re: Re:
why did i hear the who immediately upon reading this comment?
Re: Re:
Can Anonymous sue Sony for slander?
Re: Re: Re:
Um, no, because then they wouldn’t be Anonymous anymore?
Re: Re: Re: Re:
It is legal in some cases to sue and remain anonymous.
Set sail for FAIL.
Uh-oh..
I take it people at SOny don’t remember what happened the last time a company (HBGary Federal) decided to piss of Anonymous. What are the chances people of Anonymous decide to do what they do best at Sony and them have Sony compare the results?
Re: Uh-oh..
Maybe we’ll see the re-launched PSN crumble as a result of this announcement? I kind of expect that nobody is taking sony seriously here though, and Anon will just say “there was nothing planned” and move along. Man, sony is really grasping at straws here… this is basically like saying “we have absolutely no clues as to who did this.”
Re: Uh-oh..
lmao, wtf is left for Anon to do? there’s only so deep down the rabbit hole you can screw someone, and i’ d say sony is into the mantle now.
Re: Uh-oh..
No, they were doing social engineering to mess with the CEOs of Sony America, because of the Geohot case.
Now? I don’t think this is quite funny.
Re: Uh-oh..
Exactly,
Sony might like to state they found an “anonymous” file on their servers, though it means just as much as if they stated they found an old copy of the WANK Worm and tried to blame Aussies again as it does trying to blame the intangible organisation that is Anonymous.
Rule 1 in Probable data discovery.. PROVE THE PROVIDENCE OF THE DATA! Until then Sony are just blowing rings up everyones arse.
I can very much guarantee that if Anonymous (or some parts of the whole) go after Sony Inc the PSN would not be the target. The Actual Internal records (especially memo’s. legals, et. al) of the behemoth that is Sony on the other hand would be a momentous cause c?l?bre. Then the LOLz would be heard throughout the known universe.
Hypothetically of course 😉
I noticed this too
This seemed highly specious.
What’s the easiest proof? Anonymous never announced a plan to steal credit cards from Sony.
Kinda late for sony to be planting fake evidence saying that it’s “anonymous”‘s fault.
Re: Confession
I admit it. It was me.
Sony, ye idee-yits!!
If Anonymous did it, they would take credit in a VERY public manner–perhaps add a new logo’d login to the PSN or something.
A text file with a snippet? Sounds like a nice fat red herring. I suppose anybody who’d pull this job would appreciate the extra time afforded them from this bit of OBVIOUS misdirection before anybody’s on their trail…
Re: Sony, ye idee-yits!!
even if Anonymous didn’t do it they’d probably take credit in a very public manner.
Re: Sony, ye idee-yits!!
It doesn’t really matter, Sony only has to convince their bought our elected officials that it’s true. Shouldn’t be too difficult.
Re: Re: Sony, ye idee-yits!!
ahh, the words “their bought” should have had a strike through it.
testing
Re: Re: Re: Sony, ye idee-yits!!
I guess strike through doesn’t work on techdirt. My mistake.
[s]more testing[/s]
[strike]more testing[/strike]
testing
testing
.mystri {text-decoration: line-through;}
testing
Re: Re: Re:2 Sony, ye idee-yits!!
there is both an explanation of which tags are allowed and a preview button in the comment box 🙂
Re: Re: Re:3 Sony, ye idee-yits!!
Thanks.
I guess strike through isn’t allowed 🙁
Too bad, it does serve a good purpose.
Re: Re: Re:4 Sony, ye idee-yits!!
The usually accepted substitute for strike-through where unavailable is an appropriate amount of ^H’s. It comes from older networks and computers where some programs didn’t recognize the backspace key.
Just a smoke screen
Who cares who it was or why they did it, the fact remains that Sony was extremely vulnerable and that is Sony’s fault.
I just found a text file on my hard drive named Ed_McMahon.txt and when I opened it said “You may have won $1,000,000”.
Sweet! This is *proof* that I am rich!
Off to tell the boss where he can shove this job…
oh, and PCI!
What about the PCI DSS compliance breaches that consist of this entire debacle?
Has anyone alerted them to this, or do we wait in private for the massive fees to come along to Sony?
PCI is going to eat them alive – violations are incredibly painful (cost-wise), and yes Sony is a member.
https://www.pcisecuritystandards.org/get_involved/member_list.php
Re: oh, and PCI!
PCI won’t do jack shit, and you already know this.
rabidinus trollicanus?
seems like Sony is becoming the very common yet sometimes difficult to spot rabidinus trollicanus. The trollicanus will frequently employ a method of camouflage which attempts to hide the real issue by resorting to irrelevant rhetoric that in no way pertains to the topic at hand and ad-hominem. Special thanks to harbingerofdoom.
Re: rabidinus trollicanus?
i lol’d 🙂
Actually, what Sony is claiming is slightly different. They do not claim that Anon stole the data. They claim that before the breech the network was under a heavy denial of service attack. They claim that their entire online staff was defending against the attack and that the data was stolen under cover of the attack. A DDOS attack would be more of Anon’s style, but anyone who was capable of the break in was probably also capable of mounting the DDOS by themselves.
Sony’s claim is that Anon was responsible for the DDOS attack and thus provided cover for the break in. To me, that doesn’t pass muster. For one thing, a DDOS attack would not have put the incriminating files on the server.
Relieved
If Anonymous hacked the info we can rest easy that the information most likely won’t be used for malicious purposes. But now we know how well Sony protects personal info…and so do the criminals.
Wait, what..?
Did Sony really just point the finger of accusation at Anonymous? With nothing more than a text file to support their accusation?
…I suppose after two fairly major network problems in the space of a couple of weeks, it’s not like Anonymous can do them any more damage than they’ve already suffered, but it seems highly unwise to poke that particular hornets’ nest.
Re: Wait, what..?
Let ’em poke away! Hee hee, I want to watch :D.
Sony hasn’t suffered enough, they still exist.
I have to disagree with Sony, there would have been images circulating for a while now prior to the attack. Anon is always about public self image, the lolz and whatnot.
Honestly if they are going to publicly say it was Anonymous and it wasn’t. There is a chance that Anon could retaliate in a “lol” type manner by doing some other show of power just to be like, haha this is what we do, Anon isn’t known for stealing creditcards. If anything, they would have defaced the sony page, or modified everyones accounts profile pics or names or something random.
Although I will admit its highly possible that another group used Anon’s DDOS(which was known to be coming for the GeoHOT thing) as a distraction to enter and hack away.
But as stated previously, Anon isn’t your normal “group” There are no leaders, no centralized organization. In some ways, anyone and everywhere is technically associated with it. Thus saying it was Anon’s fault is the same as saying, It was everyone’s fault, including our own.
or
It was “somebodies” fault! “Somebody” is at fault!
Re: Re:
This reminds me of Odysseus identifying himself as “Nobody” before poking out Cyclops’ eye (in the case of Odysseus, this didn’t work out since he identified himself in the end and incurred Poseidon’s wrath as a result).
Re: Re:
i dont think there is a chance, i have a feeling its more along the lines of a guaranteed lock they will see more retaliation of the sort that is more in line with Anon very publicly saying it was them.
and i dont think it really matters if there was a ddos and someone else used that as cover. the fact of the matter is that sony apparently has some pretty crap IT and have made some pretty crap security decisions. a ddos of any nature should have not led to this outcome and trying to blame anon (even if there is the most tenuous of tie-ins) is nothing more than sony grasping at any straws they can at this point.
case in point? if what im saying isnt spot on, why did sony announce that they had to rebuild psn from the ground up?
its pretty sad they would try to blame anon actually…
Wow…good job Sony.
Anon has already said they didn’t do this. They said it when the PSN was first taken down.
Anonymous sues Sony for slander in a California court and is allowed to seize all of Sony’s computers, financial records, and logins to all social media.
Re: Re:
Don’t forget their domain name as well – we can’t be letting irresponsible people like Sony have the tools to defraud the public again!
They didn't, but they will?
I find this quite funny… When the Westboro Baptist church claimed that it was anon who hacked them, they denied the claim, and then hacked them any way. Maybe with Sony making all these accusations, they are causing more problems for themselves :-P. You can lay the blame anywhere you want, but maybe just maybe sony could do a better job of updating its server software and these wouldn’t be issues
Something to Take Into Account
Let’s not forget that Sony has yet to discover any evidence that credit card information was actually compromised. It’s possible it was an “Anonymous” activist that hacked the network, and they just saw the personal information simply because it was unencoded.
Though to be honest I don’t know enough about the investigation to know if they were actually able to determine if personal data had been actually transfered or if it was more like “Personal data was not encrypted so the hacker could’ve seen it, credit card info was encrypted so they may not have.”
My defense of Sony isn’t fanboyism-in fact I’m a proud XBox 360 owner who also has a PS3 (which I half-own). People make mistakes, corporations are made up of people so they make mistakes too. I won’t deny that they’ve messed up big time with this but for the most part I think they’ve been handling the aftermath fairly well. I’m not saying Sony doesn’t deserve a little hate, but I’ve been hearing and reading a lot of cynicism being thrown in their direction and I think things have been blow just a bit out of proportion.
Pass-the-blame Game
This is their comeback argument? Blame “Anonymous” for their inability to run a secure network? Really pathetic Sony. Just own up that you don’t know how to run a secure network and didn’t care that much about your customers financial and information security. Don’t worry, you are in good company with many other huge companies who don’t care either.
what’s the betting Sony are lying. They seem to want to blame Anonymous. of course they could be lying all along in an attempt to kill off Anonymous. Its enough to make me join Anonymous.
A letter to Congress?
SRSLY?
This is the way Sony fights back? With a “my big brother will kick your ass” letter pleading for help from above?
Godspeed, lawmakers. I look forward to you rounding up this “Anonymous.” He/she/they have certainly caused enough problems with an online service that had been hailed as “online” and “nearly adequate” up until recently.
So long, “Anonymous” commenters. Your days are numbered. The wide, sweeping net of governmental justice is headed your way. As surely as justice is blind, she is also rather ignorant and prone to playing to the camera.
No doubt anyone d/b/a “Anonymous” is due for a rough time at the hands of los federales, who will be searching and/or seizing anything that looks like it could possibly be connected to TEH INTERNET, including that fancy-ass LG fridge of yours.
I don’t really think you can “frame” Anonymous.
If whoever hacked the PSN claims to be part of Anonymous, they are.
It’s a non-group!
They can’t “stand” for anything. All they can stand for is what they stand for at the moment. If this hacker claims to be Anonymous and believes in stealing credit card numbers, that’s what Anonymous believes in. If tomorrow another group protests Scientology, then THAT’S what they believe in.
I’m not an Anonymous hater. Personally, I think that most of their activities are hilarious (as, I would assume, do they). But I’m just waiting for the day when THIS Anonymous group is distancing themselves from THAT Anonymous group.
But hey, maybe that’s what they want
This post brought to you by Anonymous.
We are Legion.
Re: Re:
I’m glad to see someone made my point already. I’m also glad I decided to read the comments first.
But seriously. All it takes to become Anonymous is to claim association. And I think I’ll start working on that AnonymousSeparatists group.
You know. For the lulz.
Re: Re: Re:
To ensure honesty among the Separatists, I’ll need the name, address, phone number and email of anyone interested in joining. I’ll keep it in a plain-text file on my computer.
Re: Re:
I think this may be exactly why they chose Anonymous. They wanted someone to blame right away in the misguided belief that it would take some heat off them, but they didn’t actually have a culprit yet… Anonymous gives them their temporary scapegoat, then no matter who it turns out to be (assuming they get caught eventually) it’s pretty easy for Sony to claim they just thought it was Anon. because the group isn’t well-defined.
We are legion.
Wow. That was easy.
Expect Sony’s accusation to be echoed by at least twenty well-paid [by Sony, that is] politicians to support the need to grant the FBI unfettered access to all computers on the Internet …
Re: Re:
They already have a bot weapon. Do they need anything else?
“What’s that, officer? You want to check my tire iron for evidence and check for blood-stains in connection with my neighbor’s murder? I’m so sorry… the secret muslims took it. I know, see, because there was this note in the trunk reading ‘JIHAD’.”
“Sir, that note is in the back of one of your credit card receipt. You obviously wrote it… in fact, we saw you write it when we approached you. You’re still holding the pen, sir.”
did anyone think for 1 second that Sony would put the blame where it should be put, ie, with themselves? blaming anonymous or anyone else, without proof, just makes them look even more ridiculous than they did before. couple that with the fact that had they not pissed everyone off when they removed the ‘other os option’, probably none of this would have happened any way. the stupid muddles companies get themselves into simply so they can at least appear to be, in control. bunch of fu***ng morons!
Now expect Anonymous to hack Sony’s E-Mails and reveal that Sony made the whole thing up.
So, since there are no membership rolls or official induction ceremonies for Anonymous, couldn’t anyone who claims to be Anonymous actually *be* Anonymous just as much as the next guy who identifies himself as Anonymous?
It’s not really “framing” someone if that someone is completely undefined.
:D
I Support ananymous!
Re: :D
I spell anonymous!
“The attacks were coordinated against Sony for exercising its rights in a civil action in the United States District Court in San Francisco against a hacker,” Sony chairman Kazuo Hirai said in the letter.
Anon doesn’t give a flying shit about legalese. They act as if they are in a world that isn’t dominated by parasitic attorneys and suits who hide behind officious press releases. Your company acted like total shitbags and you were, in turn, called out. I suppose its wrong to applaud this kind of vigilante mentality but for this moment, I can’t help it. You got exactly what you had coming to you.
Time for the Navy Seals.
See how the kiddies hack themselves out of that.
Re: Time for the Navy Seals.
With GPS scramblers and supraaudio mind-control?
To think that there are no criminals that are a part of Anon would be wrong. I sort of agreed when Anon went after the companies putting pressure on Wikileaks, but to actually give some people access to my computer (downloading scripts) to help with a DDOS in my opinion would have been just nuts.
There is no doubt that some of the people involved are actively involved in criminal enterprises. How big a percentage? Who knows.
Kind of reminds me of the hackers in Ghost in the Shell who used the Laughing Man symbol as a calling card.
I am sure that in today’s’ pass all the profits uphill to the top of the corporation that Sony has followed most world wide corporations of laying off personnel and giving those that remain on the job the duties of four or five past employees. I guess that worked out really well for them in this instance. They probably had all 5 of their IT employees fighting DDoS. Of course you know that isn’t Sony’s fault. They were just making profits for the shareholders.
Does Sony have any credibility left?
Re: Re:
no.
Step 1: Get exposed for being retards at security.
Step 2: Plan “evidence” in the form of a file that any employee could “echo ‘We are legion’ > Anoynmous”.
Step 3: Cry like little girls.
Re: Re:
I was about to complain that there are no Steps 4 and 5, but then I realized that there’s no way they can profit from this.
great way to distract people...
Sony?s Shinji Hasejima, Sony?s CIO, told Sony?s apologetic news conference that the attack was based on a ?known vulnerability? in the non-specified Web application server platform used in the PSN. However, he declined to stipulate what platform/s were used or what vulnerability was exploited, on the basis that disclosure might expose other users to attack.
Hasejima conceded that Sony management had not been aware of the vulnerability that was exploited, and said it is in response to this that the company has established a new executive-level security position, that of chief information security officer, ?to improve and enhance such aspects?.
http://www.theregister.co.uk/2011/05/01/psn_service_restoration/
Re: great way to distract people...
So basically, they get hacked, and one of their IT guys gets an executive promotion? Awesome.
I can see it now.
Some /b/tards get together, re-hack the servers, pull all the logs, and disappear.
3 days later, the the cops receive an ‘anon’ tip that includes the actual perpetrators name, address, and recent photo, as well as a screen grab of the files on his home machine.
The next day, every website with sony in it’s name redirects to the guy’s facebook page, with “blame me” as his status update.
Shortly after that, they release the full source for the PS3 firmware. Every tenth line is commented ‘lol’
Sony backed themselves so far in the corner and all they can come up with is, “but, but, anonymous!”
Seriously?
All those decades of coming up with descent(sic) ideas only to shoot themselves in the foot makes me want to put my money on them to be one of the first giants to fail. This just puts the cherry on top.
And did anyone think about this?
anonymous.
See, I can type “anonymous”. So what?
Wait.
Why is my computer acting funny?
Why is there a black helicopter flying outside my window?
Who’s that knockin’ on my door?
Who the hell are you? You can’t come in he . . . ssssshhhhhhh . . . .
Re: Re:
You sir are LEGION 🙂
“”What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes.” “
Which was probably carried out by a 15 yr old. lulz.
Sony blames anonymous
For a BBC article: “Sony has blamed the online vigilante group Anonymous for indirectly allowing the security breach”
Erm, if anyone is responsible for “indirectly allowing” a security breach it’s Sony itself. Hell they had the responsibility and duty towards their customers to protect customer data. Apparently they did not do that properly and thus indirectly allowed the security breach.
Sony should sue itself for that!
Re: Sony blames anonymous
For a BBC article: “Sony has blamed the online vigilante group Anonymous for indirectly allowing the security breach”
Whereas I absolutely and directly place full blame on Sony for allowing the knowingly preventable security breach in the first place and for not following reasonable and common sense procedures and methodologies to protect that data.
Anonymous had nothing to do with the breach, It seems from information coming out that Sony had been told of their security problems months and months ago (not having patched Apache on the Sony Web servers was just one problem)
When Dr. Gene Spafford (for those in ITSEC circles the guy is a legend…) comes out and absolutely criticises Sony and Epsilon (The security company Sony hired) about lack of firewalls, lack of industry standard practice and states all this to a Standing Committee of Politicians (US Congress) then you know not all is correct with Sony’s propaganda and spin.
Actually to state that it was Anonymous is correct in one sense since their was probably no Network Intrusion Software (ie: Snort for example) attached to Sony’s woefully insecure network and so that any attacker would absolutely be Anonymous in the truest sense of the word.
Who knows, knowing the interesting times that Sony and the Console gaming Industry is having it could be another of three possibilities for the sophisticated (in one sense cracking of the system).
1. Was a competitor who has the wherewithal to hire the proper skill sets to accomplish this task.
2. Was an inside job since 80% of all network intrusions/data breaches are done by current or ex employees (this was the rule 20yrs ago and still holds today)
3. Both 1 and 2 above!
On the flip side if anon wants to hurt Sony, stealing credit card info is a great way to do it.
“It very well could have been an Anonymous operation, but it seems like Sony should have a bit more proof before making such a definitive statement on the matter.”
Funny thing is that Sony is doing more harm than good by saying its Anonymous that did this. If anonymous didn’t do this they are sure to be on the receiving end of more attacks. If they are correct, and it results in people getting arrested, then they have shot a modern day robin hood and his merry men. Simply put the majority of people online either consider themselves “Anonymous”, or they root for them.