Sony blames Anonymous distraction for breaches
Sony says it was distracted by an Anonymous DDoS when hackers stole details on over 100 million customers.
Hacktivist group Anonymous has been partially blamed by Sony for the data breaches which hit over 100 million customers last month.
In a letter to Congress, Sony said it had to cope with a significant distributed denial of service (DDoS) attack when hackers took personal data possibly including credit card details of Playstation Network (PSN) gamers.
Sony claimed it was targeted by Anonymous due to action the electronics firm took against a hacker in a San Francisco federal court.
"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," the letter written by Kazuo Hirai, chairman of Sony's board of directors, read.
"Those who participated in the denial of service attacks should understand that whether they knew it or not they were aiding in a well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony's many customers around the world."
The company said it had found a file on one of its servers containing a line of Anonymous' signature, "We are Legion."
A message addressed to Sony on AnonNews.org purporting to be from Anonymous indicated it had indeed targeted the Playstation creator for chasing down hackers.
"Your recent legal actions against fellow internet citizens, GeoHot and Graf_Chokolo, have been deemed an unforgivable offense against free speech and internet freedom," the message read.
"Anonymous is attacking your private property because we disagree with your actions."
In his letter to the House Commerce Committee, Hirai also sought to defend Sony's response to the hacks following criticism of how quickly it told customers about the breach.
Sony discovered unauthorised access to PSN data on 20 April. It didn't notify users until almost a week later on 26 April.
Hirai said the complexity of the breach had led to the delay in telling customers, as it sought to understand the scope of the hack and what data had been accessed.
"Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence," Hirai said.
He said Sony believed it now understood how the hack happened, but did not go into detail due to the ongoing criminal investigation and the need to protect systems with "similar architecture to the Playstation Network."
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now