Sony implicates 'Anonymous' in PlayStation Network attack

Reeling from bad press over its sloppy security, Sony has implicated the 'hacktivist' collective called Anonymous. But a spokesman for the organization says they've been set up. Whom do you believe?
Written by Peter Cohen, Inactive on

Sony has implicated the Internet collective known as "Anonymous" in the recent security failure on its PlayStation Network and Sony Online Entertainment servers, resulting in the potential exposure of personal information used in more than 100 million user accounts on those services, combined.

Sony Computer Entertainment America (SCEA) chairman Kazuo Hirai announced the news in a written statement provided to the U.S. House of Representatives Committee on Energy and Commerce, which queried Sony as part of a hearing on "The Threat of Data Theft to American Consumers."

"When Sony Online Entertainment discovered this past Sunday afternoon that data from its servers had been stolen, it also discovered that the intruders had planted a file on one of those servers named 'Anonymous' with the words 'We are Legion," wrote Hirai. "Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous. The attacks were coordinated against Sony as a protest against Sony for exercising its rights in a civil action in the United States District Court in San Francisco against a hacker."

Hirai refers to Sony's lawsuit against George Hotz, known on the Internet by his moniker "Geohot." Hotz was involved in an effort to "jailbreak" the PlayStation 3 video game console to allow the Linux operating system and homebrew applications to be installed on it, after Sony removed the PlayStation 3's "OtherOS" feature, which enabled this to be done legitimately.

Sony responded by suing Hotz, but Sony settled with Hotz on April 11th, the week before the intrusion into the PlayStation Network.

Hotz, for his part, has denied any involvement in the intrusion on Sony's network, calling efforts to steal information "not cool" and using saltier language to describe the actions of the data thieves. Such efforts, Hotz added, cast the hacking community in a negative light.

There's no question that Anonymous had targeted Sony for retribution. On its Web site in early April, Anonymous said Sony was receiving its "undivided attention" for taking Hotz to court. Shortly thereafter, users began to complain of interrupted access to Sony Web sites and the PlayStation Network.

Anonymous later said that it ceased any denial of service activities once PlayStation users complained, however. "We have therefore temporarily suspended our action, until a method is found that will not severely impact Sony customers."

Anonymous spokesman Barrett Brown told IT security publication SC Magazine in an interview published Wednesday that Anonymous didn't have anything to do with the Sony Online Entertainment server break-in.

"Anonymous has no record in engaging in credit card theft and resell, and if we did, the FBI would've already come down on us," Barrett said, adding that anyone could have planted the file to implicate Anonymous.

So. Is the intrusion the work of someone associated with Anonymous? Or is it someone just trying to divert attention? Or could the file have been planted by someone at Sony as a means of focusing governmental attention on the rogue group? The plot thickens around Sony's PlayStation Network problems and its ham-handed handling since then, like the latest paperback techno-thriller. I'm certain there are plenty of chapters left.

Editorial standards