Anonymous not off the hook for the Sony PlayStation Network attack

Forensics teams have tracked the attack that netted the information to a file named "Anonymous" on an internal Sony server

The worldwide hacker group Anonymous may have played a role - even unwittingly - in the theft of personal data from 77 million Sony PlayStation Network customers, according to a letter from Sony's chairman to a Congressional committee.

Forensics teams have tracked the attack that netted the information to a file named "Anonymous" on an internal Sony server including the words "We are Legion", which is part of the hacker group's motto.

"Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous," says Kazuo Hirai, Sony's chairman, in the letter.

PAST DDOS DEBACLES: DDoS Hall of Shame

That attack and the threat of more had Sony network security staff focused on DDoS defense, which might have distracted them from discovering the breach earlier, the letter says, "perhaps by design."

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped in to providing cover for a very clever thief, we may never know. In any case, those who participated in the denial of service attacks should understand that - whether they knew it or not - they were aiding in a well planned, well executed, large scale theft that left not only Sony a victim, but also Sony's many customers around the world."

Anonymous earlier issued a statement that it wasn't responsible, but acknowledged that individual members might have acted independently to break in and steal the data.

The letter to Congress was prompted by a set of questions sent from a Congressional committee to Sony seeking information about the breach, how it happened and what Sony was doing about it.

The letter says that the attackers exploited a software vulnerability in one of the applications in the network that supports PlayStation Network, the online gaming site for Sony PlayStation customers.

The network consists of 130 servers, 50 software programs and 77 million registered accounts, the letter says. In all, Sony came to believe 10 of those servers had been compromised.

The letter says Sony knows the personal data was compromised because it found records of queries being made for it and large data transfers being made out in response. There were no logs of request for credit card information or corresponding outbound transfers, which is why Sony says credit card information might have been compromised but it just doesn't know.

"Among other things, the intruders deleted log files in order to hide the extent of their work and activity within the network," the letter says, which led Sony to conclude that "very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside the servers" had been used.

"At the same time that the experienced attackers were carrying out their attack, they also attempted to destroy the evidence that would reveal their steps."

The worst moments in network security history

The company says it has taken six steps to prevent future breaches:

* Added automated software monitoring and configuration management to help defend against new attacks;

* Enhanced levels of data protection and encryption;

* Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns;

* Implementation of additional firewalls;

* Expediting a planned mover of the system to a new data center in a different location with enhanced security;

* Naming of new chief information security officer directly reporting to the chief information officer of Sony Corp.

To make up to its customers, Sony plans to offer U.S. members complementary identity theft protection services.

It is creating a Welcome Back program including selected PlayStation entertainment content for free. All consumers returning to PSN will get 30 days free membership in PlayStation Plus premium subscription service. Current PlayStation Plus customers will have subscriptions extended for the number of days PSN and Qriocity services were unavailable and get an additional 30 days of free service, Sony says.

Read more about wide area network in Network World's Wide Area Network section.

Join the PC World newsletter!

Error: Please check your email address.

Tags securityPlayStation Network hackdata breachsonyanti-malware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?