informa
News

Sony Lays Out Investigation Timeline, Hints At 'Anonymous' Involvement in PSN Breach

In a written response to questions from a congressional committee, SCEA president Kaz Hirai presented evidence the hacker group Anonymous might be
In a written response to questions from a congressional committee, SCEA president Kaz Hirai presented evidence the hacker group Anonymous might be behind the breach in Sony servers that exposed users' personal data. In a letter to the House Subcommittee on Commerce, Manufacturing and Trade, Hirai notes that an investigation into the recent breach of SOE servers found "that the intruders had planted a file on one of our Sony Online Entertainment servers named 'Anonymous' with the words 'We are Legion.'" (The phrase is something of a slogan for the loose collection of hackers and activists.) The letter also notes that the attacks on both PSN and SOE servers came shortly after a denial of service attack launched by Anonymous and "threats made against both Sony and its executives in retaliation for enforcing intellectual property rights in U.S. Federal Court." Anonymous quickly halted those attacks to avoid inconveniencing PSN users, and the group later denied involvement in the subsequent intrusion and PSN outage it caused. In the letter, Sony admits it had evidence "data of some kind" had been taken from its servers by the early afternoon of April 20, just before it made the decision to shut down PSN service. A forensic security team was retained that day, and a second one added on April 21 before the FBI was contacted April 22. It took these teams until April 23, Easter Sunday, to confirm the techniques the hackers had used to compromise the system and try to cover their tracks, the letter says. A third forensic team was brought in at this point to help clarify as much as possible the full scope of the breach, which was known by April 25. The company then notified users of the intrusion on April 26. Hirai said Sony has "tried to err on the side of safety and security" in investigating the breach and informing the public about it. "I am of course aware of the criticism Sony has received for the time taken to disclose information to our customers. I hope you can appreciate the extraordinary nature of the events the company was facing..." the letter reads. "Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence," it continues. Sony reiterated that while it can't rule out that credit card data was compromised, they have no reports of fraudulent credit card activity related to the breach from the major credit card companies. "Our forensic teams have not seen queries and corresponding data transfers of the credit card information," the letter says. The letter also details new security systems being set up to prevent such breaches in the future, including additional encryption, firewalls, and automated software monitoring, as well as the naming of a new Chief Security Information Officer.

Latest Jobs

Infinity Ward

Woodland Hills, California
11.3.21
Sr. Multiplayer Design Scripter/Programmer

Disbelief

Cambridge, Massachusetts
11.3.21
Jr. Programmer

XSEED

Torrance, California
11.3.21
Head of Marketing
More Jobs   

CONNECT WITH US

Register for a
Subscribe to
Follow us

Game Developer Account

Game Developer Newsletter

@gamedevdotcom

Register for a

Game Developer Account

Gain full access to resources (events, white paper, webinars, reports, etc)
Single sign-on to all Informa products

Register
Subscribe to

Game Developer Newsletter

Get daily Game Developer top stories every morning straight into your inbox

Subscribe
Follow us

@gamedevdotcom

Follow us @gamedevdotcom to stay up-to-date with the latest news & insider information about events & more