Anonymous Denies Involvement in Sony Network Data Theft
No matter what you say, it still wasn't us.
That's the gist of a lengthy rebuke that the online activist group Anonymous posted last night (May 4) after Sony accused it of at least partial responsibility for the theft of personal data from 102 million Sony accounts.
"Anonymous has never been known to have engaged in credit card theft," read the press release. "No one who is actually associated with our movement would do something that would prompt a massive law enforcement response."
Sony, in a letter delivered yesterday to the U.S. House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade, accused Anonymous members of being, at best, unwitting dupes whose directed denial-of-service (DDoS) attack on Sony websites in April paved the way for cybercriminals to steal the data from the PlayStation Network, Sony Online Entertainment and Qriocity networks.
"Our security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect this intrusion quickly all perhaps by design," read the letter, which Sony delivered in lieu of appearing at a subcommittee hearing into recent data breaches. "Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know."
Sony also claimed to have found a smoking gun: a file on one of the compromised servers named "Anonymous" containing the text "We are Legion," one of Anonymous' mottoes.
Anonymous pointed out that any intruder could have left such a message in order to redirect suspicion.
"Whoever broke into Sony's servers to steal the credit card info and left a document blaming Anonymous clearly wanted Anonymous to be blamed for the most significant digital theft in history," the group said in its statement. "A group of standard online thieves would have every reason to frame Anonymous in order to put law enforcement off the track."
Barrett Brown, an unofficial Anonymous spokesman, offered an analogy to SC Magazine.
"They could've just as easily left documents saying, 'Congress. We investigate steroid use in baseball,'" Brown quipped.
Right place, wrong time?
From April 4 to April 11, Anonymous launched DDoS attacks on Sony websites in support of a hacker who had been sued by Sony for posting information online on how to modify PlayStation 3 gaming consoles. The attacks largely failed .
The intrusions into the three Sony networks are thought to have begun around April 17. Sony noticed suspicious behavior on the PlayStation Network and Qriocity network late on April 19, and shut them down the next day. (The intrusion into the Sony Online Entertainment network was not discovered until May 1 .)
Anonymous was immediately suspected by the security and gaming communities of being the cause of the shutdown. It issued a press release entitled "For Once, We Didn't Do It" on April 24, two days before Sony disclosed the data theft .
Anonymous' Twitter feeds, which are used to organize online actions, have not mentioned Sony since early April.
The Sony letter to the House subcommittee characterized the intrusions as "a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes."
It mentioned large amounts of data being transferred out of the servers and systematic database queries to collect as much account information as possible.
Those methods would be used by professional online criminals of the Eastern European variety. Anonymous' motives have almost always been political, and the group is not known to have have profited from its activities.
"The 'modus operandi' of a criminal rarely changes," said the Anonymous press release. "Whoever did perform the credit card theft did so counter to the 'modus operandi' and intentions of Anonymous. Public support is not gained by stealing credit card info and personal identities."