Sony is sticking the blame on Anonymous Operations for breaching its networks, a move that exposed the personal information of close to nearly 100 million users, and led the company to pull the Playstation Network (PSN) and Qriocity offline. It was also found the hack exposed accounts in the Sony Online Entertainment Network.
In an 8-page letter to the House of Representatives, Sony claims that while investigating the breach, it found a file on the servers named “Anonymous,” containing the a slogan of Anonymous Operations, “We are Legion.”
According to Sony, the breach was intended to steal personal and credit card information from its users, although Sony states “We have received so far no confirmed reports of illegal usage of stolen information.” It adds the breach was a “very carefully planned, very professional, highly sophisticated criminal cyber attack …”
The allegations pin one of the largest known personal data breaches in history on Anonymous Operations. The group began launching cyberattacks against Sony in early April, in an operation dubbed #opsony. The attacks were in response to Sony’s legal case against hacker George “GeoHot” Hotz, and Sony’s campaign against Playstation 3 jailbreaking.
Amid the accusations, Anonymous maintains they had nothing to do with the network breach. In a press release posted through The Hacker News, the group states they have never engaged in credit card theft, and notes past adversaries of Anonymous have actively tried to frame them in the past.
They make one point, which is highly accurate: “… Anonymous is an ironically transparent movement that allows reporters in to our operating channels to observe us at work …” Unless the operation was carried out by splinter members of Anonymous, the breach would have been reported on the group’s IRC channels which are open to the public.
I can attest to this, as I interviewed them on the IRC channel in early March.
The claims do not rule out, however, a possibility that members of Anonymous infiltrated Sony’s networks during the #opsony campaign. There is no evidence any personal data was stolen, so the individuals who hacked the network may have been snooping for incriminating information against Sony.
Anonymous stated in an April 23 video posted on YouTube they would find other ways of attacking Sony, that do not impact users.
Meanwhile, the complete chat logs of the suspected cybercriminals behind the attack were released by The Hacker News. The individuals make no reference to Anonymous, but detail major security flaws in Sony’s data customer protection.
[youtube id=”Ti6cmkjq2ts” width=”600″ height=”350″]