Sony Blames Anonymous For Latest Hack...
from the easiest-framing-ever dept
Apparently Sony has decided to pick on an easy target for its latest data breach: Anonymous. Sony is claiming it found a file named "Anonymous" on the server, with the non-group's phrase "We are Legion" in the file:"The attacks were coordinated against Sony for exercising its rights in a civil action in the United States District Court in San Francisco against a hacker," Sony chairman Kazuo Hirai said in the letter.Of course, those two sentences don't seem to match. Anonymous isn't known (at all) for trying to steal credit card information for criminal purposes. Its entire purpose is more along the lines of vigilante protests. Also, Anonymous may be the easiest "group" in the world to frame. Because it's not a group and anyone and everyone can be a part of it, you just put a file named "Anonymous" somewhere along with the phrase "We are Legion" and clueless dupes assume it was "the" Anonymous rather than a bunch of organized crime hackers searching for credit card details. It very well could have been an Anonymous operation, but it seems like Sony should have a bit more proof before making such a definitive statement on the matter.
"What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
Uh-oh..
[ link to this | view in thread ]
I noticed this too
What's the easiest proof? Anonymous never announced a plan to steal credit cards from Sony.
Kinda late for sony to be planting fake evidence saying that it's "anonymous"'s fault.
[ link to this | view in thread ]
Sony, ye idee-yits!!
A text file with a snippet? Sounds like a nice fat red herring. I suppose anybody who'd pull this job would appreciate the extra time afforded them from this bit of OBVIOUS misdirection before anybody's on their trail...
[ link to this | view in thread ]
Re:
Although, now that they've been accused... I'm willing to bet there will be plenty of lolz in the near future.
[ link to this | view in thread ]
Just a smoke screen
[ link to this | view in thread ]
Sweet! This is *proof* that I am rich!
Off to tell the boss where he can shove this job...
[ link to this | view in thread ]
Re:
It starts to take DDOS and some cooperation to get the lolz. At first that's good, but the small take downs quickly lose their lolz and you have to go bigger. Major DDOS on massive infrastructure bring down major corporations, yeah, there's the lolz.
But then that's not enough. You have move on. The lulz just aren't coming.
Now it takes a highly sophisticated criminal cyber attack to steal personal and credit card information to get the lulz. You're lost to the lulz. You can't stop.
Who knows what's next...
[ link to this | view in thread ]
Re: Uh-oh..
[ link to this | view in thread ]
oh, and PCI!
Has anyone alerted them to this, or do we wait in private for the massive fees to come along to Sony?
PCI is going to eat them alive - violations are incredibly painful (cost-wise), and yes Sony is a member.
https://www.pcisecuritystandards.org/get_involved/member_list.php
[ link to this | view in thread ]
Re: Uh-oh..
[ link to this | view in thread ]
rabidinus trollicanus?
[ link to this | view in thread ]
Sony's claim is that Anon was responsible for the DDOS attack and thus provided cover for the break in. To me, that doesn't pass muster. For one thing, a DDOS attack would not have put the incriminating files on the server.
[ link to this | view in thread ]
Relieved
[ link to this | view in thread ]
Wait, what..?
...I suppose after two fairly major network problems in the space of a couple of weeks, it's not like Anonymous can do them any more damage than they've already suffered, but it seems highly unwise to poke that particular hornets' nest.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Honestly if they are going to publicly say it was Anonymous and it wasn't. There is a chance that Anon could retaliate in a "lol" type manner by doing some other show of power just to be like, haha this is what we do, Anon isn't known for stealing creditcards. If anything, they would have defaced the sony page, or modified everyones accounts profile pics or names or something random.
Although I will admit its highly possible that another group used Anon's DDOS(which was known to be coming for the GeoHOT thing) as a distraction to enter and hack away.
But as stated previously, Anon isn't your normal "group" There are no leaders, no centralized organization. In some ways, anyone and everywhere is technically associated with it. Thus saying it was Anon's fault is the same as saying, It was everyone's fault, including our own.
or
It was "somebodies" fault! "Somebody" is at fault!
[ link to this | view in thread ]
Re: oh, and PCI!
[ link to this | view in thread ]
Anon has already said they didn't do this. They said it when the PSN was first taken down.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
They didn't, but they will?
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Something to Take Into Account
Though to be honest I don't know enough about the investigation to know if they were actually able to determine if personal data had been actually transfered or if it was more like "Personal data was not encrypted so the hacker could've seen it, credit card info was encrypted so they may not have."
My defense of Sony isn't fanboyism-in fact I'm a proud XBox 360 owner who also has a PS3 (which I half-own). People make mistakes, corporations are made up of people so they make mistakes too. I won't deny that they've messed up big time with this but for the most part I think they've been handling the aftermath fairly well. I'm not saying Sony doesn't deserve a little hate, but I've been hearing and reading a lot of cynicism being thrown in their direction and I think things have been blow just a bit out of proportion.
[ link to this | view in thread ]
Pass-the-blame Game
[ link to this | view in thread ]
[ link to this | view in thread ]
A letter to Congress?
This is the way Sony fights back? With a "my big brother will kick your ass" letter pleading for help from above?
Godspeed, lawmakers. I look forward to you rounding up this "Anonymous." He/she/they have certainly caused enough problems with an online service that had been hailed as "online" and "nearly adequate" up until recently.
So long, "Anonymous" commenters. Your days are numbered. The wide, sweeping net of governmental justice is headed your way. As surely as justice is blind, she is also rather ignorant and prone to playing to the camera.
No doubt anyone d/b/a "Anonymous" is due for a rough time at the hands of los federales, who will be searching and/or seizing anything that looks like it could possibly be connected to TEH INTERNET, including that fancy-ass LG fridge of yours.
[ link to this | view in thread ]
If whoever hacked the PSN claims to be part of Anonymous, they are.
It's a non-group!
They can't "stand" for anything. All they can stand for is what they stand for at the moment. If this hacker claims to be Anonymous and believes in stealing credit card numbers, that's what Anonymous believes in. If tomorrow another group protests Scientology, then THAT'S what they believe in.
I'm not an Anonymous hater. Personally, I think that most of their activities are hilarious (as, I would assume, do they). But I'm just waiting for the day when THIS Anonymous group is distancing themselves from THAT Anonymous group.
But hey, maybe that's what they want
This post brought to you by Anonymous.
We are Legion.
[ link to this | view in thread ]
We are legion.
[ link to this | view in thread ]
Re: Sony, ye idee-yits!!
[ link to this | view in thread ]
Re:
But seriously. All it takes to become Anonymous is to claim association. And I think I'll start working on that AnonymousSeparatists group.
You know. For the lulz.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
"Sir, that note is in the back of one of your credit card receipt. You obviously wrote it... in fact, we saw you write it when we approached you. You're still holding the pen, sir."
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
It's not really "framing" someone if that someone is completely undefined.
[ link to this | view in thread ]
Re: Sony, ye idee-yits!!
[ link to this | view in thread ]
Re: Re: Sony, ye idee-yits!!
testing
[ link to this | view in thread ]
Re: Re: Re: Sony, ye idee-yits!!
[s]more testing[/s]
[strike]more testing[/strike]
testing
testing
.mystri {text-decoration: line-through;}
testing
[ link to this | view in thread ]
:D
[ link to this | view in thread ]
Anon doesn't give a flying shit about legalese. They act as if they are in a world that isn't dominated by parasitic attorneys and suits who hide behind officious press releases. Your company acted like total shitbags and you were, in turn, called out. I suppose its wrong to applaud this kind of vigilante mentality but for this moment, I can't help it. You got exactly what you had coming to you.
[ link to this | view in thread ]
Time for the Navy Seals.
[ link to this | view in thread ]
There is no doubt that some of the people involved are actively involved in criminal enterprises. How big a percentage? Who knows.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Sony, ye idee-yits!!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Does Sony have any credibility left?
[ link to this | view in thread ]
Re: Re:
*puts on shades*
Serious business.
[ link to this | view in thread ]
Re: Uh-oh..
Now? I don't think this is quite funny.
[ link to this | view in thread ]
Step 2: Plan "evidence" in the form of a file that any employee could "echo 'We are legion' > Anoynmous".
Step 3: Cry like little girls.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Sony, ye idee-yits!!
I guess strike through isn't allowed :(
Too bad, it does serve a good purpose.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Sony, ye idee-yits!!
[ link to this | view in thread ]
Re: Wait, what..?
Sony hasn't suffered enough, they still exist.
[ link to this | view in thread ]
great way to distract people...
Hasejima conceded that Sony management had not been aware of the vulnerability that was exploited, and said it is in response to this that the company has established a new executive-level security position, that of chief information security officer, “to improve and enhance such aspects”.
http://www.theregister.co.uk/2011/05/01/psn_service_restoration/
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Some /b/tards get together, re-hack the servers, pull all the logs, and disappear.
3 days later, the the cops receive an 'anon' tip that includes the actual perpetrators name, address, and recent photo, as well as a screen grab of the files on his home machine.
The next day, every website with sony in it's name redirects to the guy's facebook page, with "blame me" as his status update.
Shortly after that, they release the full source for the PS3 firmware. Every tenth line is commented 'lol'
[ link to this | view in thread ]
Re: great way to distract people...
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Confession
[ link to this | view in thread ]
Seriously?
All those decades of coming up with descent(sic) ideas only to shoot themselves in the foot makes me want to put my money on them to be one of the first giants to fail. This just puts the cherry on top.
And did anyone think about this?
anonymous.
See, I can type "anonymous". So what?
Wait.
Why is my computer acting funny?
Why is there a black helicopter flying outside my window?
Who's that knockin' on my door?
Who the hell are you? You can't come in he . . . ssssshhhhhhh . . . .
[ link to this | view in thread ]
Which was probably carried out by a 15 yr old. lulz.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: rabidinus trollicanus?
[ link to this | view in thread ]
Re:
and i dont think it really matters if there was a ddos and someone else used that as cover. the fact of the matter is that sony apparently has some pretty crap IT and have made some pretty crap security decisions. a ddos of any nature should have not led to this outcome and trying to blame anon (even if there is the most tenuous of tie-ins) is nothing more than sony grasping at any straws they can at this point.
case in point? if what im saying isnt spot on, why did sony announce that they had to rebuild psn from the ground up?
its pretty sad they would try to blame anon actually...
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: :D
[ link to this | view in thread ]
Re: Time for the Navy Seals.
[ link to this | view in thread ]
Re: Uh-oh..
Sony might like to state they found an "anonymous" file on their servers, though it means just as much as if they stated they found an old copy of the WANK Worm and tried to blame Aussies again as it does trying to blame the intangible organisation that is Anonymous.
Rule 1 in Probable data discovery.. PROVE THE PROVIDENCE OF THE DATA! Until then Sony are just blowing rings up everyones arse.
I can very much guarantee that if Anonymous (or some parts of the whole) go after Sony Inc the PSN would not be the target. The Actual Internal records (especially memo's. legals, et. al) of the behemoth that is Sony on the other hand would be a momentous cause célčbre. Then the LOLz would be heard throughout the known universe.
Hypothetically of course ;)
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Sony blames anonymous
Erm, if anyone is responsible for "indirectly allowing" a security breach it's Sony itself. Hell they had the responsibility and duty towards their customers to protect customer data. Apparently they did not do that properly and thus indirectly allowed the security breach.
Sony should sue itself for that!
[ link to this | view in thread ]
Re: Sony blames anonymous
Whereas I absolutely and directly place full blame on Sony for allowing the knowingly preventable security breach in the first place and for not following reasonable and common sense procedures and methodologies to protect that data.
Anonymous had nothing to do with the breach, It seems from information coming out that Sony had been told of their security problems months and months ago (not having patched Apache on the Sony Web servers was just one problem)
When Dr. Gene Spafford (for those in ITSEC circles the guy is a legend...) comes out and absolutely criticises Sony and Epsilon (The security company Sony hired) about lack of firewalls, lack of industry standard practice and states all this to a Standing Committee of Politicians (US Congress) then you know not all is correct with Sony's propaganda and spin.
Actually to state that it was Anonymous is correct in one sense since their was probably no Network Intrusion Software (ie: Snort for example) attached to Sony's woefully insecure network and so that any attacker would absolutely be Anonymous in the truest sense of the word.
Who knows, knowing the interesting times that Sony and the Console gaming Industry is having it could be another of three possibilities for the sophisticated (in one sense cracking of the system).
1. Was a competitor who has the wherewithal to hire the proper skill sets to accomplish this task.
2. Was an inside job since 80% of all network intrusions/data breaches are done by current or ex employees (this was the rule 20yrs ago and still holds today)
3. Both 1 and 2 above!
[ link to this | view in thread ]
[ link to this | view in thread ]
Funny thing is that Sony is doing more harm than good by saying its Anonymous that did this. If anonymous didn't do this they are sure to be on the receiving end of more attacks. If they are correct, and it results in people getting arrested, then they have shot a modern day robin hood and his merry men. Simply put the majority of people online either consider themselves "Anonymous", or they root for them.
[ link to this | view in thread ]