Sony’s PlayStation Network outage has remained in the headlines over the past two weeks, the company having admitted that its online platform had been compromised and over 25 million user accounts exposed to attackers.
When the company first announced it has been subjected to an attack, Sony said it had found no apparent link to an attack by the online collective Anonymous. The “very sophisticated” attack on Sony’s data center in San Diego, resulted in the company taking its online gaming and entertainment services offline on April 20.
As time moved on, Sony updated its customers on its progress as it tried to bring its PlayStation and Qriocity services, only to announce it had been subjected to a second attack, which could have compromised customer card details.
Immediately, Anonymous – which had been involved in DDOS attacks on Sony over its treatment of PlayStation modifier George Hotz (GeoHotz) – denied involvement, stating “For once we didn’t do it,” on a message posted to the AnonNews website.
In a letter sent to Congress today, Sony reversed its statement, this time implicating Anonymous in the attacks after the company found a file called “Anonymous” on its servers. Apparently, the data inside of the file contained the group’s catchphrase: “We are Legion.”
Pretty damning evidence, you would think.
Anonymous, a group that has made every attempt possible to distance itself from these attacks, has been somewhat forced into issuing another press release, this time detailing the reasons as to why it wasn’t involved in the PlayStation Network outage. The statement, embedded below, explains that the group has “never been known to have engaged in credit card theft”:
(Click for full-size image)
The release explains how Anonymous has remained transparent in its operations, inviting press into its public IRC channel to view its operations. It states that whoever did compromise Sony’s servers did so contrary to the group’s “modus operandi and intentions”. The group’s previous public spats with HBGary and Palantir are also referenced as to their “unethical and potentially criminal conspiracies by which to discredit the enemies of their clients”.
Towards the end of the release, Anonymous is confident that if an honest investigation into the credit card theft is conducted, they will not be the ones found liable:
If a legitimate and honest investigation into the credit card theft is conducted, Anonymous will not be found liable. While we are a distributed and decentralised group, our ‘leadership’ does not condone credit card theft. We are concerned with erosion of privacy and fair use, the spread of corporate feudalism, the abuse of power and the justifications of executives and leaders who believe themselves immune personally and financially for the actions they undertake in the name of corporations and public office.
It looks to be back to where it all started. If it wasn’t Anonymous, who was it?
Chances are that a weakness in Sony’s systems was exploited by an attacker not associated with Anonymous, who utilised the public spat between the electronics giant and the online collective to provide some sort of cover for the attack.
We are no closer to finding out what did happen, at least until a formal investigation can identify what really happened.