Sony Blames Anonymous For Latest Hack…

from the easiest-framing-ever dept

Apparently Sony has decided to pick on an easy target for its latest data breach: Anonymous. Sony is claiming it found a file named “Anonymous” on the server, with the non-group’s phrase “We are Legion” in the file:

“The attacks were coordinated against Sony for exercising its rights in a civil action in the United States District Court in San Francisco against a hacker,” Sony chairman Kazuo Hirai said in the letter.

“What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes.”

Of course, those two sentences don’t seem to match. Anonymous isn’t known (at all) for trying to steal credit card information for criminal purposes. Its entire purpose is more along the lines of vigilante protests. Also, Anonymous may be the easiest “group” in the world to frame. Because it’s not a group and anyone and everyone can be a part of it, you just put a file named “Anonymous” somewhere along with the phrase “We are Legion” and clueless dupes assume it was “the” Anonymous rather than a bunch of organized crime hackers searching for credit card details. It very well could have been an Anonymous operation, but it seems like Sony should have a bit more proof before making such a definitive statement on the matter.

Filed Under: , ,
Companies: sony

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Sony Blames Anonymous For Latest Hack…”

Subscribe: RSS Leave a comment
77 Comments
Steven (profile) says:

Re: Re:

At first the lolz come easy. A little public stunt, some message board posts. But pretty soon that just doesn’t cut it. It’s not delivering the lolz. You have to go bigger.

It starts to take DDOS and some cooperation to get the lolz. At first that’s good, but the small take downs quickly lose their lolz and you have to go bigger. Major DDOS on massive infrastructure bring down major corporations, yeah, there’s the lolz.

But then that’s not enough. You have move on. The lulz just aren’t coming.

Now it takes a highly sophisticated criminal cyber attack to steal personal and credit card information to get the lulz. You’re lost to the lulz. You can’t stop.

Who knows what’s next…

Anonymous Coward says:

Re: Uh-oh..

Maybe we’ll see the re-launched PSN crumble as a result of this announcement? I kind of expect that nobody is taking sony seriously here though, and Anon will just say “there was nothing planned” and move along. Man, sony is really grasping at straws here… this is basically like saying “we have absolutely no clues as to who did this.”

G Thompson (profile) says:

Re: Uh-oh..

Exactly,
Sony might like to state they found an “anonymous” file on their servers, though it means just as much as if they stated they found an old copy of the WANK Worm and tried to blame Aussies again as it does trying to blame the intangible organisation that is Anonymous.

Rule 1 in Probable data discovery.. PROVE THE PROVIDENCE OF THE DATA! Until then Sony are just blowing rings up everyones arse.

I can very much guarantee that if Anonymous (or some parts of the whole) go after Sony Inc the PSN would not be the target. The Actual Internal records (especially memo’s. legals, et. al) of the behemoth that is Sony on the other hand would be a momentous cause c?l?bre. Then the LOLz would be heard throughout the known universe.

Hypothetically of course ๐Ÿ˜‰

:Lobo Santo (profile) says:

Sony, ye idee-yits!!

If Anonymous did it, they would take credit in a VERY public manner–perhaps add a new logo’d login to the PSN or something.

A text file with a snippet? Sounds like a nice fat red herring. I suppose anybody who’d pull this job would appreciate the extra time afforded them from this bit of OBVIOUS misdirection before anybody’s on their trail…

Designerfx (profile) says:

oh, and PCI!

What about the PCI DSS compliance breaches that consist of this entire debacle?

Has anyone alerted them to this, or do we wait in private for the massive fees to come along to Sony?

PCI is going to eat them alive – violations are incredibly painful (cost-wise), and yes Sony is a member.
https://www.pcisecuritystandards.org/get_involved/member_list.php

weneedhelp (profile) says:

rabidinus trollicanus?

seems like Sony is becoming the very common yet sometimes difficult to spot rabidinus trollicanus. The trollicanus will frequently employ a method of camouflage which attempts to hide the real issue by resorting to irrelevant rhetoric that in no way pertains to the topic at hand and ad-hominem. Special thanks to harbingerofdoom.

fogbugzd (profile) says:

Actually, what Sony is claiming is slightly different. They do not claim that Anon stole the data. They claim that before the breech the network was under a heavy denial of service attack. They claim that their entire online staff was defending against the attack and that the data was stolen under cover of the attack. A DDOS attack would be more of Anon’s style, but anyone who was capable of the break in was probably also capable of mounting the DDOS by themselves.

Sony’s claim is that Anon was responsible for the DDOS attack and thus provided cover for the break in. To me, that doesn’t pass muster. For one thing, a DDOS attack would not have put the incriminating files on the server.

ricebowl (profile) says:

Wait, what..?

Did Sony really just point the finger of accusation at Anonymous? With nothing more than a text file to support their accusation?

…I suppose after two fairly major network problems in the space of a couple of weeks, it’s not like Anonymous can do them any more damage than they’ve already suffered, but it seems highly unwise to poke that particular hornets’ nest.

Anonymous Coward says:

I have to disagree with Sony, there would have been images circulating for a while now prior to the attack. Anon is always about public self image, the lolz and whatnot.

Honestly if they are going to publicly say it was Anonymous and it wasn’t. There is a chance that Anon could retaliate in a “lol” type manner by doing some other show of power just to be like, haha this is what we do, Anon isn’t known for stealing creditcards. If anything, they would have defaced the sony page, or modified everyones accounts profile pics or names or something random.

Although I will admit its highly possible that another group used Anon’s DDOS(which was known to be coming for the GeoHOT thing) as a distraction to enter and hack away.

But as stated previously, Anon isn’t your normal “group” There are no leaders, no centralized organization. In some ways, anyone and everywhere is technically associated with it. Thus saying it was Anon’s fault is the same as saying, It was everyone’s fault, including our own.
or
It was “somebodies” fault! “Somebody” is at fault!

harbingerofdoom (profile) says:

Re: Re:

i dont think there is a chance, i have a feeling its more along the lines of a guaranteed lock they will see more retaliation of the sort that is more in line with Anon very publicly saying it was them.

and i dont think it really matters if there was a ddos and someone else used that as cover. the fact of the matter is that sony apparently has some pretty crap IT and have made some pretty crap security decisions. a ddos of any nature should have not led to this outcome and trying to blame anon (even if there is the most tenuous of tie-ins) is nothing more than sony grasping at any straws they can at this point.

case in point? if what im saying isnt spot on, why did sony announce that they had to rebuild psn from the ground up?

its pretty sad they would try to blame anon actually…

Trae says:

They didn't, but they will?

I find this quite funny… When the Westboro Baptist church claimed that it was anon who hacked them, they denied the claim, and then hacked them any way. Maybe with Sony making all these accusations, they are causing more problems for themselves :-P. You can lay the blame anywhere you want, but maybe just maybe sony could do a better job of updating its server software and these wouldn’t be issues

DJGamer says:

Something to Take Into Account

Let’s not forget that Sony has yet to discover any evidence that credit card information was actually compromised. It’s possible it was an “Anonymous” activist that hacked the network, and they just saw the personal information simply because it was unencoded.

Though to be honest I don’t know enough about the investigation to know if they were actually able to determine if personal data had been actually transfered or if it was more like “Personal data was not encrypted so the hacker could’ve seen it, credit card info was encrypted so they may not have.”

My defense of Sony isn’t fanboyism-in fact I’m a proud XBox 360 owner who also has a PS3 (which I half-own). People make mistakes, corporations are made up of people so they make mistakes too. I won’t deny that they’ve messed up big time with this but for the most part I think they’ve been handling the aftermath fairly well. I’m not saying Sony doesn’t deserve a little hate, but I’ve been hearing and reading a lot of cynicism being thrown in their direction and I think things have been blow just a bit out of proportion.

ScytheNoire (profile) says:

Pass-the-blame Game

This is their comeback argument? Blame “Anonymous” for their inability to run a secure network? Really pathetic Sony. Just own up that you don’t know how to run a secure network and didn’t care that much about your customers financial and information security. Don’t worry, you are in good company with many other huge companies who don’t care either.

Capitalist Lion Tamer (profile) says:

A letter to Congress?

SRSLY?

This is the way Sony fights back? With a “my big brother will kick your ass” letter pleading for help from above?

Godspeed, lawmakers. I look forward to you rounding up this “Anonymous.” He/she/they have certainly caused enough problems with an online service that had been hailed as “online” and “nearly adequate” up until recently.

So long, “Anonymous” commenters. Your days are numbered. The wide, sweeping net of governmental justice is headed your way. As surely as justice is blind, she is also rather ignorant and prone to playing to the camera.

No doubt anyone d/b/a “Anonymous” is due for a rough time at the hands of los federales, who will be searching and/or seizing anything that looks like it could possibly be connected to TEH INTERNET, including that fancy-ass LG fridge of yours.

xero says:

I don’t really think you can “frame” Anonymous.
If whoever hacked the PSN claims to be part of Anonymous, they are.

It’s a non-group!

They can’t “stand” for anything. All they can stand for is what they stand for at the moment. If this hacker claims to be Anonymous and believes in stealing credit card numbers, that’s what Anonymous believes in. If tomorrow another group protests Scientology, then THAT’S what they believe in.

I’m not an Anonymous hater. Personally, I think that most of their activities are hilarious (as, I would assume, do they). But I’m just waiting for the day when THIS Anonymous group is distancing themselves from THAT Anonymous group.

But hey, maybe that’s what they want

This post brought to you by Anonymous.

We are Legion.

Marcus Carab (profile) says:

Re: Re:

I think this may be exactly why they chose Anonymous. They wanted someone to blame right away in the misguided belief that it would take some heat off them, but they didn’t actually have a culprit yet… Anonymous gives them their temporary scapegoat, then no matter who it turns out to be (assuming they get caught eventually) it’s pretty easy for Sony to claim they just thought it was Anon. because the group isn’t well-defined.

The Groove Tiger (profile) says:

“What’s that, officer? You want to check my tire iron for evidence and check for blood-stains in connection with my neighbor’s murder? I’m so sorry… the secret muslims took it. I know, see, because there was this note in the trunk reading ‘JIHAD’.”

“Sir, that note is in the back of one of your credit card receipt. You obviously wrote it… in fact, we saw you write it when we approached you. You’re still holding the pen, sir.”

jimbo says:

did anyone think for 1 second that Sony would put the blame where it should be put, ie, with themselves? blaming anonymous or anyone else, without proof, just makes them look even more ridiculous than they did before. couple that with the fact that had they not pissed everyone off when they removed the ‘other os option’, probably none of this would have happened any way. the stupid muddles companies get themselves into simply so they can at least appear to be, in control. bunch of fu***ng morons!

Tom Landry (profile) says:

“The attacks were coordinated against Sony for exercising its rights in a civil action in the United States District Court in San Francisco against a hacker,” Sony chairman Kazuo Hirai said in the letter.

Anon doesn’t give a flying shit about legalese. They act as if they are in a world that isn’t dominated by parasitic attorneys and suits who hide behind officious press releases. Your company acted like total shitbags and you were, in turn, called out. I suppose its wrong to applaud this kind of vigilante mentality but for this moment, I can’t help it. You got exactly what you had coming to you.

Anonymous Coward says:

To think that there are no criminals that are a part of Anon would be wrong. I sort of agreed when Anon went after the companies putting pressure on Wikileaks, but to actually give some people access to my computer (downloading scripts) to help with a DDOS in my opinion would have been just nuts.

There is no doubt that some of the people involved are actively involved in criminal enterprises. How big a percentage? Who knows.

Anonymous Coward says:

I am sure that in today’s’ pass all the profits uphill to the top of the corporation that Sony has followed most world wide corporations of laying off personnel and giving those that remain on the job the duties of four or five past employees. I guess that worked out really well for them in this instance. They probably had all 5 of their IT employees fighting DDoS. Of course you know that isn’t Sony’s fault. They were just making profits for the shareholders.

Does Sony have any credibility left?

Anonymous Coward says:

great way to distract people...

Sony?s Shinji Hasejima, Sony?s CIO, told Sony?s apologetic news conference that the attack was based on a ?known vulnerability? in the non-specified Web application server platform used in the PSN. However, he declined to stipulate what platform/s were used or what vulnerability was exploited, on the basis that disclosure might expose other users to attack.

Hasejima conceded that Sony management had not been aware of the vulnerability that was exploited, and said it is in response to this that the company has established a new executive-level security position, that of chief information security officer, ?to improve and enhance such aspects?.

http://www.theregister.co.uk/2011/05/01/psn_service_restoration/

NotMyRealName (profile) says:

I can see it now.
Some /b/tards get together, re-hack the servers, pull all the logs, and disappear.
3 days later, the the cops receive an ‘anon’ tip that includes the actual perpetrators name, address, and recent photo, as well as a screen grab of the files on his home machine.
The next day, every website with sony in it’s name redirects to the guy’s facebook page, with “blame me” as his status update.
Shortly after that, they release the full source for the PS3 firmware. Every tenth line is commented ‘lol’

Anonymous Coward says:

Sony backed themselves so far in the corner and all they can come up with is, “but, but, anonymous!”

Seriously?

All those decades of coming up with descent(sic) ideas only to shoot themselves in the foot makes me want to put my money on them to be one of the first giants to fail. This just puts the cherry on top.

And did anyone think about this?

anonymous.

See, I can type “anonymous”. So what?

Wait.

Why is my computer acting funny?

Why is there a black helicopter flying outside my window?

Who’s that knockin’ on my door?

Who the hell are you? You can’t come in he . . . ssssshhhhhhh . . . .

FuzzyDuck says:

Sony blames anonymous

For a BBC article: “Sony has blamed the online vigilante group Anonymous for indirectly allowing the security breach”

Erm, if anyone is responsible for “indirectly allowing” a security breach it’s Sony itself. Hell they had the responsibility and duty towards their customers to protect customer data. Apparently they did not do that properly and thus indirectly allowed the security breach.

Sony should sue itself for that!

G Thompson (profile) says:

Re: Sony blames anonymous

For a BBC article: “Sony has blamed the online vigilante group Anonymous for indirectly allowing the security breach”
Whereas I absolutely and directly place full blame on Sony for allowing the knowingly preventable security breach in the first place and for not following reasonable and common sense procedures and methodologies to protect that data.

Anonymous had nothing to do with the breach, It seems from information coming out that Sony had been told of their security problems months and months ago (not having patched Apache on the Sony Web servers was just one problem)

When Dr. Gene Spafford (for those in ITSEC circles the guy is a legend…) comes out and absolutely criticises Sony and Epsilon (The security company Sony hired) about lack of firewalls, lack of industry standard practice and states all this to a Standing Committee of Politicians (US Congress) then you know not all is correct with Sony’s propaganda and spin.

Actually to state that it was Anonymous is correct in one sense since their was probably no Network Intrusion Software (ie: Snort for example) attached to Sony’s woefully insecure network and so that any attacker would absolutely be Anonymous in the truest sense of the word.

Who knows, knowing the interesting times that Sony and the Console gaming Industry is having it could be another of three possibilities for the sophisticated (in one sense cracking of the system).

1. Was a competitor who has the wherewithal to hire the proper skill sets to accomplish this task.

2. Was an inside job since 80% of all network intrusions/data breaches are done by current or ex employees (this was the rule 20yrs ago and still holds today)

3. Both 1 and 2 above!

Hephaestus (profile) says:

“It very well could have been an Anonymous operation, but it seems like Sony should have a bit more proof before making such a definitive statement on the matter.”

Funny thing is that Sony is doing more harm than good by saying its Anonymous that did this. If anonymous didn’t do this they are sure to be on the receiving end of more attacks. If they are correct, and it results in people getting arrested, then they have shot a modern day robin hood and his merry men. Simply put the majority of people online either consider themselves “Anonymous”, or they root for them.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ยป

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...