Anonymous not off the hook for the Sony PlayStation Network attack

Forensics teams have tracked the attack that netted the information to a file named "Anonymous" on an internal Sony server

The worldwide hacker group Anonymous may have played a role - even unwittingly - in the theft of personal data from 77 million Sony PlayStation Network customers, according to a letter from Sony's chairman to a Congressional committee.

Forensics teams have tracked the attack that netted the information to a file named "Anonymous" on an internal Sony server including the words "We are Legion", which is part of the hacker group's motto.

"Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous," says Kazuo Hirai, Sony's chairman, in the letter.

PAST DDOS DEBACLES: DDoS Hall of Shame

That attack and the threat of more had Sony network security staff focused on DDoS defense, which might have distracted them from discovering the breach earlier, the letter says, "perhaps by design."

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped in to providing cover for a very clever thief, we may never know. In any case, those who participated in the denial of service attacks should understand that - whether they knew it or not - they were aiding in a well planned, well executed, large scale theft that left not only Sony a victim, but also Sony's many customers around the world."

Anonymous earlier issued a statement that it wasn't responsible, but acknowledged that individual members might have acted independently to break in and steal the data.

The letter to Congress was prompted by a set of questions sent from a Congressional committee to Sony seeking information about the breach, how it happened and what Sony was doing about it.

The letter says that the attackers exploited a software vulnerability in one of the applications in the network that supports PlayStation Network, the online gaming site for Sony PlayStation customers.

The network consists of 130 servers, 50 software programs and 77 million registered accounts, the letter says. In all, Sony came to believe 10 of those servers had been compromised.

The letter says Sony knows the personal data was compromised because it found records of queries being made for it and large data transfers being made out in response. There were no logs of request for credit card information or corresponding outbound transfers, which is why Sony says credit card information might have been compromised but it just doesn't know.

"Among other things, the intruders deleted log files in order to hide the extent of their work and activity within the network," the letter says, which led Sony to conclude that "very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside the servers" had been used.

"At the same time that the experienced attackers were carrying out their attack, they also attempted to destroy the evidence that would reveal their steps."

The worst moments in network security history

The company says it has taken six steps to prevent future breaches:

* Added automated software monitoring and configuration management to help defend against new attacks;

* Enhanced levels of data protection and encryption;

* Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns;

* Implementation of additional firewalls;

* Expediting a planned mover of the system to a new data center in a different location with enhanced security;

* Naming of new chief information security officer directly reporting to the chief information officer of Sony Corp.

To make up to its customers, Sony plans to offer U.S. members complementary identity theft protection services.

It is creating a Welcome Back program including selected PlayStation entertainment content for free. All consumers returning to PSN will get 30 days free membership in PlayStation Plus premium subscription service. Current PlayStation Plus customers will have subscriptions extended for the number of days PSN and Qriocity services were unavailable and get an additional 30 days of free service, Sony says.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags sonyanti-malwarePlayStation Network hack

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Tim Greene

Tim Greene

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?