Sony Hack Probe Uncovers ‘Anonymous’ Calling Card

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.wired.com/gamelife/2011/05/sony-playstation-network-anonymous/

In the course of its investigation into the PlayStation Network
security breach, Sony discovered a file that makes a clear reference
to the “Anonymous” hacking group.

In a letter to the U.S. House of Representatives on Wednesday, Sony
said a file named “Anonymous,” containing the words “We Are Legion,”
was left behind by the intruders who gained access to the servers of
Sony Online Entertainment, the company’s game development and
distribution arm. The intruders in that breach compromised information
on 24.6 million users, as well as 20,000 credit card and bank account
numbers.

Sony discovered the SOE breach on Sunday while investigating an
earlier attack that compromised information on 77 million accounts
from Sony’s PlayStation Network and Qriocity services in April.
Anonymous has not been linked to the PlayStation Network breach — the
first one detected — but Sony noted that both breaches took place in
the same time frame, which also corresponded with a denial-of-service
campaign launched by Anonymous in retaliation for Sony’s lawsuit
against PlayStation tinkerer George Hotz.

Members of the House Committee on Energy and Commerce held a hearing
Wednesday to address the subject of data theft and its potential
impact on consumers. Sony Computer Entertainment CEO Kaz Hirai did not
attend, but sent written responses to the House subcommittee. Sony
summarized the content of Hirai’s letter on its official PlayStation
blog, saying that it had suffered from a “very carefully planned, very
professional, highly sophisticated criminal cyber attack.”

Sony said it knew how the intrusion was accomplished, but not who was
responsible.

Photo copies of the letter, which details the company’s actions over
the past two weeks and says Sony acted with “care and caution” while
deciding how to act and when to inform companies of the security
breach, was also made available.

On the afternoon of April 20, Sony first discovered evidence of an
unauthorized intrusion, it said in the letter. It then took down the
PlayStation Network servers. Over the next five days, the company
hired multiple security firms and forensic teams to determine the
scope of the breach. On April 25, Sony found that hackers could have
obtained personal information for 77 million PSN accounts, of which it
informed customers the following day.

Sony did not inform customers prior to April 26 because it did not
want to “cause confusion and lead [customers] to take unnecessary
actions,” the company said.

Major credit card companies have still not reported any fraud that
they believe is directly related to the attack, Sony said, adding that
12.3 million customers had credit card information stored on the
PlayStation Network, including 5.6 million in the United States. Sony
says those credit card numbers were stored encrypted.

On Monday, Sony added that its Sony Online Entertainment services had
also been affected by the hack, and that hackers may have obtained
personal information for its 24.6 million users. As of Wednesday, the
company’s Facebook and other online game services have not been taken
back online.

Sony said that it plans to bring some of PlayStation Network’s
services back up this week. As a goodwill gesture, customers will
receive 30 free days of PlayStation Plus as well as a variety of free
downloads.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/