Sony reveals 'Anonymous' file was found on entertainment servers

Sony's problems are far from over, but at least PlayStation Network subscribers finally getting some of the in-depth answers they have been waiting for.

In response to a U.S. House of Representatives subcommittee meeting about “The Threat of Data Theft to American Consumers," Sony Computer Entertainment America's chairman of the board Kazuo Hirai submitted a statement with the following key points that reveal more details about the cyber attack that brought down PSN:

• Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
• We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
• By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
• As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.

Sony has been on the defensive with its customers about the gravity of the situation. It took Sony over a week to inform customers that personal data had been stolen.

The hacker group Anonymous claimed responsibility for an outage earlier in April but later denied having a hand in this latest event. Given Sony's testimony, it would seem that Anonymous was in fact involved this time around. However, Sony has refrained from stating outright that the group is responsible. It also does not cite Anonymous as the direct culprit for the latest security vulnerability in which an additional 24.6 million accounts were exposed. But given the calling card left on the server, it's hard to believe that Anonymous didn't have some part in this.

Sony reps said they have followed a series of guidelines to deal with the long-term outage, namely "Provide relevant information to the public when it has been verified." To be fair to Sony, that's the right call. While Sony should have been a little more open with its customers as to what was going on, it was better not to stir up trouble and upset people without all the facts.

At least some of the PSN services are back online again, such as Music Unlimited, but not everything is back to normal yet. The way things are going for Sony lately, it's likely that the PlayStation Network and Online Entertainment services won't be normal again for a very long time.

Related coverage on ZDNet:

• Sony says 'welcome back' to PlayStation Network users with free month of PlayStation Plus
• Sony's PlayStation Network data breach: Game networks an irresistible hacker honey pot
• PSN debacle illustrates stark differences between Apple and Sony
• 6 important things about the ongoing PlayStation Network outage that Sony won't reveal
• More Sony bad news: Sony Online also compromised (this goes beyond the PlayStation Network)