Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony Officially Blames Anonymous For PSN Hack

Posted by samzenpus on from the in-today's-sony-hack-news dept.

H_Fisher writes "In a letter to Congress, Kazuo Hirai, chairman of Sony's board of directors, blames hacker group Anonymous for making possible the theft of gamers' personal information. 'What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes,' Hirai wrote. He also indicated that Sony waited two days before notifying the FBI of the theft."

29 of 575 comments (clear)

  1. shame game by alphatel · · Score: 5, Insightful

    I officially blame Sony for being PSN hacked.

    --
    When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
    1. Re:shame game by ouija147 · · Score: 5, Insightful

      Anonymous my ASS

      Convenient scape goat

    2. Re:shame game by _xeno_ · · Score: 4, Insightful

      They probably deserve the blame, too - they were apparently hacked via a "known vulnerability" although I don't think they've ever stated which one.

      --
      You are in a maze of twisty little relative jumps, all alike.
    3. Re:shame game by tripleevenfall · · Score: 5, Insightful

      Same here.

      I fail to see any kind of plausible explanation why "We were busy defending ourselves from Anonymous" affected the poor design of their security structure.

    4. Re:shame game by Eggplant62 · · Score: 4, Insightful

      I blame Sony for not having security sufficient to prevent such an attack in the first place. What, did we have a Win '08 server facing the 'net without a firewall??

    5. Re:shame game by Omnifarious · · Score: 4, Insightful

      The real mind bender is.. Is there a difference? I mean, Anonymous isn't exactly organized is it? It's just a convenient name people adopt sometimes.

      --
      Need a Python, C++, Unix, Linux develop
    6. Re:shame game by LWATCDR · · Score: 1, Insightful

      You can blame a home owner for not putting a good lock on their door but the person that breaks in should still go to jail.
      Blaming the victim is just lame.

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    7. Re:shame game by characterZer0 · · Score: 4, Insightful

      Sony is not the victim, the users are the victims.

      --
      Go green: turn off your refrigerator.
    8. Re:shame game by poetmatt · · Score: 3, Insightful

      Wha? Why would it have to go that far?

      This is a single file that sony "magically" came up with after the fact. This is more than a week later, and there's nothing they're showing to substantiate their claim. If there was an actual anonymous attack plan stating "let's steal sony's credit card info" prior to this event, then we might have a finger to point at anonymous.

      Instead, I'd bet my life savings that Sony planed this "anonymous framing document" themselves.

      I really hope this puts sony out of business.

    9. Re:shame game by hedwards · · Score: 4, Insightful

      I'm guessing that Sony is scapegoating them because it's easier than figuring out who did do it. And even when/if they do figure out who it was, it's basically impossible to prove that that individual isn't in some convoluted way anonymous.

    10. Re:shame game by 0100010001010011 · · Score: 5, Insightful

      The reason it took so long is because they were planning on using 'terrorists', but after the recent news they decided against it.

      Add "Anonymous" to the list of things that frighten the lay person and get stupid laws passed.
      Right after 'terrorists' and 'for the children'.

    11. Re:shame game by AliasMarlowe · · Score: 1, Insightful

      You can blame a home owner for not putting a good lock on their door but the person that breaks in should still go to jail. Blaming the victim is just lame.

      You can blame a home owner for not having firearms under lock and key, and the law is likely to do so.
      It is the burglar who breaks in and steals them who is completely guilty of the theft. And whoever subsequently uses the stolen firearms is also guilty of a crime. But the burgled gun owner owner is guilty of negligence in failing to adequately secure items which could harm others, and would face consequent punishment in many jurisdictions.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    12. Re:shame game by ceswiedler · · Score: 5, Insightful

      From what I've heard, the vulnerability was in a library which was used by a piece of middleware which Sony relied on.

      Sony should have tracked vulnerabilities in indirect dependencies more carefully, but I'll bet that dozens of other companies which invest millions of dollars in security have similar issues. It takes a ridiculous amount of money and sacrificed features to harden a non-trivial setup against truly determined attackers. Sony had both a lot of valuable credit-card data and a lot of wrath from the tech world, and that's a dangerous combination.

  2. Yeah right by festers · · Score: 4, Insightful

    "carefully planned, very professional, highly sophisticated"

    These are not words I think of when discussing Anonymous. Give me a break.

    --


    -------
    "Every artist is a cannibal, every poet is a thief."
    1. Re:Yeah right by cpu6502 · · Score: 5, Insightful

      Sony is doing what all people in power do:
      - find a scapegoat.

      Reminds me of what my boss said, "I will not take the blame for the failure of this board. YOU will." Normally I would agree, but I told you that we should do additional testing to verify it works, but you said 'we don't have time'. LIKEWISE I suspect Sony's employees told them to add additional safety measures, but Sony's managers refused to spend the labor time/cost.

      So instead the managers are deflecting blame from themselves to the users.

      Bastards.

      --
      My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
    2. Re:Yeah right by Idbar · · Score: 3, Insightful

      See, what baffles me is that they lock Blurays, Consoles, Google TVs, handsets to no point. They know they are not good at it because (except for the GoogleTVs) all of them have been hacked already.

      Yet they go around collecting information they know they are not good at protecting.

    3. Re:Yeah right by dkleinsc · · Score: 5, Insightful

      - find a scapegoat.

      A good scapegoat isn't just someone who can take the blame, it's somebody who you're trying to attack or remove for reasons you can't actually state publicly. For instance, if The Boss has to pick between scapegoating Alice or Bob, they might pick on whoever's standing in the way of a plum promotion for their good friend Fred, regardless of whether Alice or Bob had more to do with the problem in the first place. Or if someone from country A attacked country B, if the leaders of country B wanted to attack country C but couldn't come up with a legitimate reason they might try to blame the whole thing on country C rather than country A.

      So I'm guessing Sony has it in for Anonymous for reasons totally unrelated to this breach.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
  3. Anony == Scrapegoats by Anonymous Coward · · Score: 5, Insightful

    Dont have the competency or skill to run your network correctly?
    Dont know who else to blame when your on the hook for a class action and liability in the billions?

    Blame Anonymous.

  4. "...steal..." by betterunixthanunix · · Score: 4, Insightful

    The fact that the attack involve the theft of credit card data, as opposed to just shutting down the network, screams "not Anonymous" to me. You know, given how Anonymous tends to just shut things down with DDoS attacks, or occasionally overwrite a web page with one that spreads some message.

    --
    Palm trees and 8
  5. Re:Wait, what... by chemicaldave · · Score: 3, Insightful

    Sony defending itself against a hacker in federal court in San Francisco.

    Did they really claim to be defending themselves against a "hacker" in court? Don't they mean "suing"? And isn't it unfair to lump the hackers who stole the information with completely different hacker, Geohot? Who the fuck wrote this article?

  6. Re:I told you, I didn't do it! by OECD · · Score: 4, Insightful

    There is no 'Anonymous.' It's just a term that's been widely co-opted. Sort of like 'Al Qaeda.'

    --
    One man's -1 Flamebait is another man's +5 Funny.
  7. Re:!Anonymous by powerlord · · Score: 4, Insightful

    There is no official "anonymous" and there is no leadership or command structure. It's a concept, an idea to describe an emergent system of hacktivism. Saying anonymous is responsible for this (or anything) is like saying democracy is responsible for causing the wars in the middle east. You're mixing up an idea, an ethos, with an organization.

    Yes, but when an organization runs around saying they are attacking targets, and when that organization has no real leadership (collective/mob), they also can't cry foul if someone co-opts their name, claims to be part of them (since they have no real membership requirement or leadership, whose to say), and decides to either:

    1) Partake in the attack even though it has been officially "called off" (hey, just because most of Anonymous might be clueless, doesn't mean some of it can't hack/crack with the best of them.

    2) Use your name as a convenient scape goat to pin their crime on (okay, we take as much data as we can, and point the finger at THOSE guys over there).

    Either which way, saying "Anonymous Denied all Responsibility, It MUST BE SONY'S FAULT!" is the biggest LOL of them all.

    Its the fault of the malicious idiot who attacked and broke into the network. Yeah, Sony should have done a better job securing the data, but that does not absolve the THIEF of responsibility (in spite of what most slashdotters seem to think).

    --
    This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
  8. Agreed - Scapegoat for organized crime by Anonymous Coward · · Score: 4, Insightful

    Looking for credit card info? Anonymous tends to do things for idealogical reasons, AFAIK. There may be some overlap, but this sounds like organized crime. And yes, known vulnerabilities are things you should not be vulnerable to if you have credit card info for even two million people.

    1. Re:Agreed - Scapegoat for organized crime by negRo_slim · · Score: 4, Insightful

      It's highly unlikely that anyone that would self identify as Anon was involved with this. Perhaps Sony's recent troubles have caused people, who might not otherwise have bothered, to take a closer look at Sony and their related infrastructures and there they found opportunities they had previously overlooked.

      Then again there might just be one really bad ass anon who decided to get down with his bad self.

      --
      On the Oregon Cost born and raised, On the beach is where I spent most of my days
  9. Re:Wait, what... by Machtyn · · Score: 2, Insightful

    Legalese. They defended their IP against Geohot's hacking. Whether we see it like that is a different story. Most of us see it as Geohot had to defend his ownership of hardware from Sony. IANAL, but I think the law sees both as correct until a judgment is made.

  10. Re:!Anonymous by amicusNYCL · · Score: 4, Insightful

    Saying anonymous is responsible for this (or anything) is like saying democracy is responsible for causing the wars in the middle east. You're mixing up an idea, an ethos, with an organization.

    Are you equating the loosely-affiliated group Anonymous with a concept like democracy, or are you redefining the common definition of Anonymous as a loosely-affiliated group to now mean anyone involved in hacking or online attacks for an ideological reason other than financial gain? I've never heard proponents of democracy, or any other ethos, say something as cheesy as "We are [ethos]. We are Legion. Expect Us." The words "we" and "us" clearly identify people as a group. That is, even Anonymous thinks they're a group and not just an ethos. They are not an ethos, they are a group of people with some common world views, regardless of whether or not they have an official roster.

    It's perfectly reasonable that a not-for-profit attacker would in fact steal valuable information just to steal it, not necessarily to release or sell it. It makes Sony look much worse, and costs them more, to have their customers' financial and personal data stolen, even if that information never actually gets used or released. In addition, it's not Sony's customers that Anonymous wants to attack, it is Sony itself. It doesn't serve their goals to release customer information, all they need to do is steal it. In other words, it would fit in with the idea of revenge against Sony to simply do as much damage to them as possible even if you don't plan on benefiting directly from the attack.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  11. Re:Anonymous? by Moryath · · Score: 5, Insightful

    Sony, go fuck yourselves.

    We are not "Anonymous."

    We are the customers whose data you exposed by being a bunch of idiot fucktards who wouldn't bother with the most basic of data encryption.

    And WE ARE STILL LEGION.

  12. Re:Anonymous? by houstonbofh · · Score: 5, Insightful

    I have to agree. If so, it is the first time Anonymous has been called "very carefully planned, very professional, highly sophisticated" about anything. That alone should raise flags.

  13. Ohh, this is going to sting.... by TiggertheMad · · Score: 3, Insightful

    due entirely to Sony's fuckwitted lack of security concerning sensitive data, I have had to take measures to protect my identity

    Fuckwitted, indeed. By making this (dubious sounding) claim, they have just poked anon with a stick after it has just been demonstrated that they have a major security problem. There is a fair chance that anon has a sizable population of already irritated PSN users. In light of the whole HBGary fiasco, does this REALLY seem like a wise thing to do?

    GG Sony, you are proving to be more entertaining by the day...

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!