Sony blames Anonymous distraction for breaches

Sony says it was distracted by an Anonymous DDoS when hackers stole details on over 100 million customers.


Hacktivist group Anonymous has been partially blamed by Sony for the data breaches which hit over 100 million customers last month.

In a letter to Congress, Sony said it had to cope with a significant distributed denial of service (DDoS) attack when hackers took personal data possibly including credit card details of Playstation Network (PSN) gamers.

Sony claimed it was targeted by Anonymous due to action the electronics firm took against a hacker in a San Francisco federal court.

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," the letter written by Kazuo Hirai, chairman of Sony's board of directors, read.

"Those who participated in the denial of service attacks should understand that whether they knew it or not they were aiding in a well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony's many customers around the world."

The company said it had found a file on one of its servers containing a line of Anonymous' signature, "We are Legion."

A message addressed to Sony on purporting to be from Anonymous indicated it had indeed targeted the Playstation creator for chasing down hackers.

"Your recent legal actions against fellow internet citizens, GeoHot and Graf_Chokolo, have been deemed an unforgivable offense against free speech and internet freedom," the message read.

"Anonymous is attacking your private property because we disagree with your actions."

Getting defensive

In his letter to the House Commerce Committee, Hirai also sought to defend Sony's response to the hacks following criticism of how quickly it told customers about the breach.

Sony discovered unauthorised access to PSN data on 20 April. It didn't notify users until almost a week later on 26 April.

Hirai said the complexity of the breach had led to the delay in telling customers, as it sought to understand the scope of the hack and what data had been accessed.

"Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence," Hirai said.

He said Sony believed it now understood how the hack happened, but did not go into detail due to the ongoing criminal investigation and the need to protect systems with "similar architecture to the Playstation Network."

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Most Popular

How to find RAM speed, size and type

How to find RAM speed, size and type

16 Jun 2021
EU plans to launch bloc-wide cyber task force
cyber attacks

EU plans to launch bloc-wide cyber task force

22 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021