Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony Officially Blames Anonymous For PSN Hack

Posted by samzenpus on from the in-today's-sony-hack-news dept.

H_Fisher writes "In a letter to Congress, Kazuo Hirai, chairman of Sony's board of directors, blames hacker group Anonymous for making possible the theft of gamers' personal information. 'What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes,' Hirai wrote. He also indicated that Sony waited two days before notifying the FBI of the theft."

41 of 575 comments (clear)

  1. shame game by alphatel · · Score: 5, Insightful

    I officially blame Sony for being PSN hacked.

    --
    When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
    1. Re:shame game by ouija147 · · Score: 5, Insightful

      Anonymous my ASS

      Convenient scape goat

    2. Re:shame game by _xeno_ · · Score: 4, Insightful

      They probably deserve the blame, too - they were apparently hacked via a "known vulnerability" although I don't think they've ever stated which one.

      --
      You are in a maze of twisty little relative jumps, all alike.
    3. Re:shame game by tripleevenfall · · Score: 5, Insightful

      Same here.

      I fail to see any kind of plausible explanation why "We were busy defending ourselves from Anonymous" affected the poor design of their security structure.

    4. Re:shame game by toastar · · Score: 4, Funny

      I think they meant anonymous as in they don't know who did it, not Anonymous the group.

      Kinda like the guy who broke into my car and stole my radio/mp3 player was anonymous.

    5. Re:shame game by Eggplant62 · · Score: 4, Insightful

      I blame Sony for not having security sufficient to prevent such an attack in the first place. What, did we have a Win '08 server facing the 'net without a firewall??

    6. Re:shame game by Omnifarious · · Score: 4, Insightful

      The real mind bender is.. Is there a difference? I mean, Anonymous isn't exactly organized is it? It's just a convenient name people adopt sometimes.

      --
      Need a Python, C++, Unix, Linux develop
    7. Re:shame game by shentino · · Score: 4, Interesting

      Who scapegoated them?

      A professional cyber cracker may well opt to take advantage of anonymous's wrath by leaving a frame job behind.

    8. Re:shame game by characterZer0 · · Score: 4, Insightful

      Sony is not the victim, the users are the victims.

      --
      Go green: turn off your refrigerator.
    9. Re:shame game by WrongSizeGlass · · Score: 4, Funny

      I blame Sony for not having security sufficient to prevent such an attack in the first place. What, did we have a Win '08 server facing the 'net without a firewall??

      No, it was a PS3 that used to serve as a Linux firewall. Unfortunately they 'patched' it and now it doesn't run Linux anymore.

    10. Re:shame game by hedwards · · Score: 4, Insightful

      I'm guessing that Sony is scapegoating them because it's easier than figuring out who did do it. And even when/if they do figure out who it was, it's basically impossible to prove that that individual isn't in some convoluted way anonymous.

    11. Re:shame game by 0100010001010011 · · Score: 5, Insightful

      The reason it took so long is because they were planning on using 'terrorists', but after the recent news they decided against it.

      Add "Anonymous" to the list of things that frighten the lay person and get stupid laws passed.
      Right after 'terrorists' and 'for the children'.

    12. Re:shame game by bioster · · Score: 4, Informative

      Of course there's a difference.

      Just because party A and party B are both anonymous doesn't mean they're the same party. It just means you can't pick either of them out of a crowd.

      The Anonymous group which has been anti-Sony recently is huge, amorphous organization with goals that change from day to day depending on what they feel like doing that day. Think of Anonymous as an online flash mob.

      The anonymous group that hacked Sony? Who knows. They could be highly organized under a feudal system where failure is rewarded with the opportunity to commit seppuku. Although this group is anonymous, they may have none of the attributes that make Anonymous what it is.

      I guess the problem you're having is that you're equating anonymous with Anonymous. One is a description and the other is the name of an organization which happens to be descriptive.

      If (as we suspect) Anonymous had nothing to do with the hack, then all Sony is doing is trying to vilify an organization that opposes it. In other words they're putting the blame on someone they don't like in the hopes of lowering public opinion of them.

    13. Re:shame game by ceswiedler · · Score: 5, Insightful

      From what I've heard, the vulnerability was in a library which was used by a piece of middleware which Sony relied on.

      Sony should have tracked vulnerabilities in indirect dependencies more carefully, but I'll bet that dozens of other companies which invest millions of dollars in security have similar issues. It takes a ridiculous amount of money and sacrificed features to harden a non-trivial setup against truly determined attackers. Sony had both a lot of valuable credit-card data and a lot of wrath from the tech world, and that's a dangerous combination.

  2. oh Shit! by Anonymous Coward · · Score: 5, Funny

    They're on to us!

  3. Yeah right by festers · · Score: 4, Insightful

    "carefully planned, very professional, highly sophisticated"

    These are not words I think of when discussing Anonymous. Give me a break.

    --


    -------
    "Every artist is a cannibal, every poet is a thief."
    1. Re:Yeah right by Bobfrankly1 · · Score: 5, Funny

      "carefully planned, very professional, highly sophisticated"

      These are not words I think of when discussing Anonymous. Give me a break.

      "carefully planned, very professional, highly sophisticated"

      These are not words I think of when discussing Sony.

    2. Re:Yeah right by cpu6502 · · Score: 5, Insightful

      Sony is doing what all people in power do:
      - find a scapegoat.

      Reminds me of what my boss said, "I will not take the blame for the failure of this board. YOU will." Normally I would agree, but I told you that we should do additional testing to verify it works, but you said 'we don't have time'. LIKEWISE I suspect Sony's employees told them to add additional safety measures, but Sony's managers refused to spend the labor time/cost.

      So instead the managers are deflecting blame from themselves to the users.

      Bastards.

      --
      My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
    3. Re:Yeah right by AK+Marc · · Score: 4, Informative

      If you read their statements, they blame Anonymous for DDOSing Mastercard and Visa for the breach on PSN. They spread Faux News style "information" by saying something that works out to "Anonymous was attacking people because of us (and a smaller attack on PSN that wasn't active at the time of the intrusion) and then the attack happened. We aren't saying that Anonymous did it, we are saying it looks like there's a link - We report - You decide." Of course, for making fun of our favorite un-news group, I'm sure I'll get modded/flamed, but it's something people are getting used to seeing in the news. When deliberate lies are spread as "fair and balanced news" from formerly reputable news organizations, why should we expect any less from corporations?

      It's possible the two were linked. Perhaps Sony deliberately reduced security to improve uptime with a DDOS. Perhaps the targeted attack was planned and ready for a while and they waited until Sony was busy with other security matters or wanted to deflect the blame. "Linked" doesn't mean "caused by" or even "influenced by" in that the attacks would likely have happened even if Anonymous didn't exist. But that the timing may have been adjusted, however slightly, by Anonymous's actions. But it's not like someone DDOSing Sony from Anonymous said "Wow, I just hacked the Gibson, let's see what's in this garbage file..."

      --
      Learn to love Alaska
    4. Re:Yeah right by Jonner · · Score: 5, Informative

      Anyone who has read TFA will not find this the least bit insightful, though the Slashdot headline is extremely misleading as usual. Sony said they had been the "victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes," but did not blame Anonymous for that. They said they were under a DDOS attack from Anonymous at the same time as the security breach and the two events may or may not have been related.

    5. Re:Yeah right by dkleinsc · · Score: 5, Insightful

      - find a scapegoat.

      A good scapegoat isn't just someone who can take the blame, it's somebody who you're trying to attack or remove for reasons you can't actually state publicly. For instance, if The Boss has to pick between scapegoating Alice or Bob, they might pick on whoever's standing in the way of a plum promotion for their good friend Fred, regardless of whether Alice or Bob had more to do with the problem in the first place. Or if someone from country A attacked country B, if the leaders of country B wanted to attack country C but couldn't come up with a legitimate reason they might try to blame the whole thing on country C rather than country A.

      So I'm guessing Sony has it in for Anonymous for reasons totally unrelated to this breach.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
    6. Re:Yeah right by mr_lizard13 · · Score: 5, Informative

      The Slashdot headline isn't just misleading, it's a complete fabrication.

      --
      "We live in a global world" - Harvey Pitt, former Securities and Exchange Commission Chairman
  4. Anony == Scrapegoats by Anonymous Coward · · Score: 5, Insightful

    Dont have the competency or skill to run your network correctly?
    Dont know who else to blame when your on the hook for a class action and liability in the billions?

    Blame Anonymous.

  5. Anonymous? by Anonymous Coward · · Score: 5, Funny

    hey!
    I didn't do crap!

    1. Re:Anonymous? by Tsingi · · Score: 5, Funny

      hey! I didn't do crap!

      Coward

    2. Re:Anonymous? by Moryath · · Score: 5, Insightful

      Sony, go fuck yourselves.

      We are not "Anonymous."

      We are the customers whose data you exposed by being a bunch of idiot fucktards who wouldn't bother with the most basic of data encryption.

      And WE ARE STILL LEGION.

    3. Re:Anonymous? by houstonbofh · · Score: 5, Insightful

      I have to agree. If so, it is the first time Anonymous has been called "very carefully planned, very professional, highly sophisticated" about anything. That alone should raise flags.

  6. "...steal..." by betterunixthanunix · · Score: 4, Insightful

    The fact that the attack involve the theft of credit card data, as opposed to just shutting down the network, screams "not Anonymous" to me. You know, given how Anonymous tends to just shut things down with DDoS attacks, or occasionally overwrite a web page with one that spreads some message.

    --
    Palm trees and 8
  7. Wait, what... by Jugalator · · Score: 5, Interesting

    Sony said on Wednesday that Anonymous targeted it several weeks ago using a denial of service attack in protest of Sony defending itself against a hacker in federal court in San Francisco.

      The attack that stole the personal data of millions of Sony customers was launched separately, while the company was distracted protecting itself against the denial of service campaign, Sony said.

      Sony said it was not sure whether the organizers of the two attacks were working together.

    So they know Anonymous DDOS'ed them, and Anonymous have admitted this too.

    They also were attacked separately where the theft took place. They don't know if these groups were working together. They blame the latter on Anonymous too. How did they draw that final conclusion??

    --
    Beware: In C++, your friends can see your privates!
    1. Re:Wait, what... by betterunixthanunix · · Score: 5, Informative

      Sony said on Wednesday that Anonymous targeted it several weeks ago using a denial of service attack in protest of Sony defending itself against a hacker in federal court in San Francisco.

      This quote is more disturbing as far as I am concerned. Sony was not defending itself against Geohot, since Geohot never attacked Sony nor did Geohot sue Sony. Geohot was defending himself in a lawsuit filed by Sony.

      Talk about slanting things...

      --
      Palm trees and 8
  8. Re:!Anonymous by sqrt(2) · · Score: 5, Informative

    There is no official "anonymous" and there is no leadership or command structure. It's a concept, an idea to describe an emergent system of hacktivism. Saying anonymous is responsible for this (or anything) is like saying democracy is responsible for causing the wars in the middle east. You're mixing up an idea, an ethos, with an organization.

    --
    If you build it, nerds will come. Soylentnews.org
  9. Re:I told you, I didn't do it! by OECD · · Score: 4, Insightful

    There is no 'Anonymous.' It's just a term that's been widely co-opted. Sort of like 'Al Qaeda.'

    --
    One man's -1 Flamebait is another man's +5 Funny.
  10. Got my letter...don't know why by hilldog · · Score: 5, Interesting

    I got a letter in the mail yesterday May 3rd advising me my info may have been hacked. Weird since I don't have a play station and have not played an online Sony game in over a decade (12 years maybe more) and then I canceled my subscription. Which brings me to a question why is information that old still being kept where it can be cracked?

  11. Re:!Anonymous by powerlord · · Score: 4, Insightful

    There is no official "anonymous" and there is no leadership or command structure. It's a concept, an idea to describe an emergent system of hacktivism. Saying anonymous is responsible for this (or anything) is like saying democracy is responsible for causing the wars in the middle east. You're mixing up an idea, an ethos, with an organization.

    Yes, but when an organization runs around saying they are attacking targets, and when that organization has no real leadership (collective/mob), they also can't cry foul if someone co-opts their name, claims to be part of them (since they have no real membership requirement or leadership, whose to say), and decides to either:

    1) Partake in the attack even though it has been officially "called off" (hey, just because most of Anonymous might be clueless, doesn't mean some of it can't hack/crack with the best of them.

    2) Use your name as a convenient scape goat to pin their crime on (okay, we take as much data as we can, and point the finger at THOSE guys over there).

    Either which way, saying "Anonymous Denied all Responsibility, It MUST BE SONY'S FAULT!" is the biggest LOL of them all.

    Its the fault of the malicious idiot who attacked and broke into the network. Yeah, Sony should have done a better job securing the data, but that does not absolve the THIEF of responsibility (in spite of what most slashdotters seem to think).

    --
    This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
  12. Agreed - Scapegoat for organized crime by Anonymous Coward · · Score: 4, Insightful

    Looking for credit card info? Anonymous tends to do things for idealogical reasons, AFAIK. There may be some overlap, but this sounds like organized crime. And yes, known vulnerabilities are things you should not be vulnerable to if you have credit card info for even two million people.

    1. Re:Agreed - Scapegoat for organized crime by negRo_slim · · Score: 4, Insightful

      It's highly unlikely that anyone that would self identify as Anon was involved with this. Perhaps Sony's recent troubles have caused people, who might not otherwise have bothered, to take a closer look at Sony and their related infrastructures and there they found opportunities they had previously overlooked.

      Then again there might just be one really bad ass anon who decided to get down with his bad self.

      --
      On the Oregon Cost born and raised, On the beach is where I spent most of my days
    2. Re:Agreed - Scapegoat for organized crime by SuricouRaven · · Score: 4, Interesting

      Or it could be that Sony, fearing Anonymous attacks, had their engineers start running systematic security audits - and then discovered that PSN had been hacked months ago, but do well that it hadn't been noticed.

  13. Not an ideal strategy by Oxford_Comma_Lover · · Score: 4, Funny

    Getting anonymous mad at them might not be the best strategy for beefing up the image of their security, though.

    --
    -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
  14. Apparently by microbee · · Score: 4, Funny

    Sony would have blamed Bin Laden had he not been killed by the US earlier this week. They had to find some other scapegoat so that's why it took so long for their official blaming.

  15. Re:!Anonymous by amicusNYCL · · Score: 4, Insightful

    Saying anonymous is responsible for this (or anything) is like saying democracy is responsible for causing the wars in the middle east. You're mixing up an idea, an ethos, with an organization.

    Are you equating the loosely-affiliated group Anonymous with a concept like democracy, or are you redefining the common definition of Anonymous as a loosely-affiliated group to now mean anyone involved in hacking or online attacks for an ideological reason other than financial gain? I've never heard proponents of democracy, or any other ethos, say something as cheesy as "We are [ethos]. We are Legion. Expect Us." The words "we" and "us" clearly identify people as a group. That is, even Anonymous thinks they're a group and not just an ethos. They are not an ethos, they are a group of people with some common world views, regardless of whether or not they have an official roster.

    It's perfectly reasonable that a not-for-profit attacker would in fact steal valuable information just to steal it, not necessarily to release or sell it. It makes Sony look much worse, and costs them more, to have their customers' financial and personal data stolen, even if that information never actually gets used or released. In addition, it's not Sony's customers that Anonymous wants to attack, it is Sony itself. It doesn't serve their goals to release customer information, all they need to do is steal it. In other words, it would fit in with the idea of revenge against Sony to simply do as much damage to them as possible even if you don't plan on benefiting directly from the attack.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  16. Re:Blame the victim? by PRMan · · Score: 4, Interesting

    Because there are different ways to approach the problem and heavy-handed lawyer-inflicted abuse makes you look like a total jerk.

    Marcon hacks Wii and adds the "Homebrew Channel", which has never enabled piracy (although some others have built upon it to do so). Nintendo releases a firmware update. Marcon re-opens Homebrew Channel. Ninetendo releases another firmware update, which bricks a few Wiis on accident. Marcon re-opens Homebrew Channel and finds a way to un-brick some of the bricked Wiis. Nintendo pretty much just leaves the issue alone, not wanting to harm their customer base even more.

    Note, at no time did Nintendo sue Marcon, remove features that were advertised with the product, etc. And when they realized their strategy was doing more harm than good, they backed off a little. Nintendo is still making a fortune off of Wii, BTW.

    Contrast Sony. They said you could install Linux on your Playstation, but not use about half the hardware. GeoHot figures out how to use ALL the hardware. Instead of realizing what's best for everyone involved, in a control-freak driven rage they remove OtherOS. GeoHot casually puts it back. Sony removes it again, makes it so future firmware updates are forward-only, and requires all their game and BluRay partners to do a firmware check on all new releases. And they drag GeoHot into court on what should be freedom of speech. Then, they subpoena all visitors to GeoHot's website, everyone who ever gave him money, etc., etc., really making enemies of millions of unrelated people. All this in addition to their track record of installing a rootkit on customers' PCs when listening to music (a 5-10-year felony if you or I did it) and taking back purchases from thousands of customers and refusing to lift a finger to give them back.

    Sony is NOT the victim here. And they are being punished for legitimate crimes (hacking, theft) by vigilante justice because the courts and governments haven't done their job.

    --
    Peter predicted that you would "deliberately forget" creation 2000 years ago...