AfterDawn: Tech news

'Anonymous' responds, again, to PSN hacking accusation

Written by Andre Yoskowitz @ 09 May 2011 12:50 User comments (18)

'Anonymous' responds, again, to PSN hacking accusation The hacking group Anonymous has taken time to write a full PR release responding to accusations that it was behind the massive PSN hack that has compromised the personal data of 101.6 million gamers.
Two weeks ago, Sony hinted that they found files on the attacked server that imply Anonymous was behind the attack, and the media has gone even deeper in accusing the group.

I have posted the entire PR release below, or you can read it here (with clickable cites).

"SONY, I AM DISAPPOINT"
For Immediate Distribution
Press Release
May 7th, 2011
A 'HiveMind Effort' from
Anonymous Holdings LLC (Bermuda)



Yesterday, an article appeared in Financial Times, alleging Anonymous' involvement in the data and identity theft of some hundred million users of Sony's Playstation Network and Sony Online Entertainment. This crime is now being investigated by the Homeland Security Agency (HSA), the Department of Justice (DOJ), and other legal entities.



Once again Anonymous has been blamed for a security breach, this time by the journalist Joseph Menn, in his article "Hackers point finger over Sony incursion" [1]. Here, Anonymous wishes to lay out our case against these allegations and false assumptions:

First, let us consider a different article by Menn published on the Financial Times website and entitled "Hackers Warned of Arrest" [2]. This poor piece of journalism has already been extensively referenced in the Sony matter and is being used by many people who oppose Anonymous as proof of guilt. The only quoted source used by Menn was the now infamous Aaron Barr, former CEO of the humiliated HBGary. Barr made the claim that a chat room called #anonymous, founded by the identity "Q", was irrefutable proof that this "Q" began the movement known as Anonymous. Confident in his assertion, he attempted to sell this and other pieces of so-called "intelligence" about the nature of Anonymous to the U.S. FBI.

His information, however, was incorrect. It would be considered common knowledge that Anonymous began as a "meme", or shared belief, at the turn of the century and later developed to become a "global collective conscience" in 2006. But it was not until 2008 that Anonymous became a true display of "power in numbers". Organised protests against the "Church" of Scientology were staged in over 140 cities around the world, forever associating the Guy Fawkes mask and the right to protest with the movement.

Second, just like Anonymous, John Doe and Joe Bloggs are placeholders, rather than proper names, and are available for free use without repercussions. However because of this, there is no membership to Anonymous and anyone can claim to be a "member". It could be said that "Anonymous is anonymous to Anonymous".

Barr and Menn did not pause to protect the integrity of their professions, but instead made clearly misinformed assumptions, and accordingly published a factually incorrect article. The article was highly scrutinized as being blatantly biased against Anonymous and its participants, and many readers pointed out obvious inconsistencies in the technicalities, and the physical time line.



Third, in the primary article, Menn claims that a "member" of Anonymous, Kayla, made comments as an apparent admission of guilt from the "leaders". Kayla reportedly said, "If you say you are Anonymous, and do something as Anonymous, then Anonymous did it". This statement is inherently weak; an equivalent statement would be that "I confess to being human. Humans performed the attack". Andy Greenburg at Forbes [3] got it right.

Finally, Menn's reference to "technical details" [1] regarding a vulnerability in Sony's network without revealing actual content isn't useful. Until the forensics reports are released we don't know which exploit was used. The forensic investigators need to conclude their work, and speculation in articles, blogs and comments brings the factual results no closer.

Menn's anonymous source claims that "a few ops disappeared" but so has a solid chunk of software infrastructure including NickServ and channel bots over attacks during the PSN outages. Menn's other quotes are a vague mixture of assertions and denials. During the PSN downtime, Anonymous closed #opsony and put "sony" on the automatic kick list as 'profanity' last week.

Is all of this attention on Anonymous acting as a distraction from other problems, and overhyping the nature of the DDoS attacks? Sony's recurring issues are beyond providing free game credits:

In order to process credit cards, every company needs to be PCI compliant. "If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard" [4]. Since Sony's network was "unpatched and had no firewall installed" [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence [see Further Reading]. More importantly, "I can't think of a major data breach where the company was PCI compliant," said Ira Rothken, the lead attorney handling the class action lawsuit [6].

Sony has been accused of false billing, especially in the repairs department: customers who provided credit card details for an MMORPG are charged $150 for repairs to PS3s that they don't own; repairs are double billed and then referred to retailers; equipment is charged $150 multiple times (2-4) for repairs that aren't performed. [7 and Further Reading]

A decent credit card transaction gateway includes recurring billing as an option. Data mining by corporations has a profit motive, but as Sony has demonstrated it can be a massive liability. Why not start a discussion about corporate responsibility to protect user information, especially since they didn't need it to begin with?

Sony's response to the U.S. Senate [8] is to request more laws and further the myth of "best practices." Since Sony was warned of security holes months in advance [5], one of those "best practices" would be to accept the advice of the experts. In Sony's passing the blame there is no justification for the collection and retention of personal information they didn't need.

Outraged about the blatant coverup and shameful misdeeds, other internet hacker groups will apparently proceed with attacks [9] over Sony's mishandling of the matter. These reactions prove that requesting legislation to cover up corporate crimes and the abuse of law is frowned upon by all online communities, not just the Legion of Anonymous. Apparently Sony will have to learn the hard way that corporate malfeasance will not go unpunished. When the dust settles Sony may have more to fear from a massive class action lawsuit by their user base than the brief actions of the Global Hacker Nerd Brigade, Anonymous... Let THE GAMEs begin. :>

Knowledge is free.
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.

Previous Next  

18 user comments

19.5.2011 13:36

I have never liked 'Anonymous' and I just can't say anything positive about them. I mean I can't stand Sony either so I'm not defending them but in this case I think that Anonymous set themselves up for this one--whether or not they actually comitted the crime. They're a bunch of hipocrites who talk about freedom of knowledge yet they interfere with people's freedom of choice.

29.5.2011 14:22

[quote. Since Sony's network was "unpatched and had no firewall installed" [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence]


If Sony broke any laws with regards to consumers private info then they should be punished by whatever laws we have set up for those types of violations. Obviously there will be an investigation on both sides of this. It will be interesting to find out who is actually behind all of this. And I do think we will all find out!

39.5.2011 15:12

Sony fakes the hack in order to blame Anonymous. Wouldn't that be some poop if THAT was discovered?

49.5.2011 16:34

According to self-ascribed members of Anonymous, membership is conditional but easily achieved, being as simple as concealing oneself while performing online activities. Conversely, the simple act of having one's identity revealed automatically removes oneself from the group.[9] Several members or former members have been interviewed or become noted for their own participation in certain Anonymous activities.

This is what makes me laugh about the group. They can deny all they want, but since there are no individualized members everyone in effect is or can be part of Anonymous. Unfortunately, whoever hacked PSN is Anonymous because there is no real membership or initiation or identification.

This could, however, be a plot by sony or some other group to lure out the key players in the server attacks so that they give away their identity and thus ruin the idealism behind the group entirely.

59.5.2011 17:13
opx4real
Unverified new user

Edited for content that violates forum rules

This message has been edited since its posting. Latest edit was made on 09 May 2011 @ 6:43

69.5.2011 17:38

Lame, blame Anon because they did say that they going to hack sony duh

79.5.2011 18:02

Sony servers were running the latest updates has been on other sites congress had 2nd hand info plus anonymous have been hacked them selves today what goes around comes around.

This message has been edited since its posting. Latest edit was made on 09 May 2011 @ 6:02

89.5.2011 21:51

Chilling. I do not foresee a ps5 in any future.

910.5.2011 01:03

Originally posted by Smacks:
[quote. Since Sony's network was "unpatched and had no firewall installed" [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence]
If Sony broke any laws with regards to consumers private info then they should be punished by whatever laws we have set up for those types of violations. Obviously there will be an investigation on both sides of this. It will be interesting to find out who is actually behind all of this. And I do think we will all find out!
Sony was blind folded and with their legs wide open; it took just a small push to get rape.
Now that they do not know who rape them, just trow the blame to anybody for it, 'cos they are in the corner like a scary rabbit after the laws and more hatters are all over Sony A**

P.S.
I think Sony is playing the Anonymous Card 'cos Anonymous have problems lately with a IRC servers and 1 Mod.
http://goo.gl/fb/RahU0
This message has been edited since its posting. Latest edit was made on 10 May 2011 @ 5:29

1010.5.2011 03:27

Originally posted by anonymous:
a "member" of Anonymous, Kayla, made comments as an apparent admission of guilt from the "leaders". Kayla reportedly said, "If you say you are Anonymous, and do something as Anonymous, then Anonymous did it". This statement is inherently weak;
If you call such a statement weak, probably it's true. So ignoring if it has been done by the group or by a single member, it has been done by anonymous.

1110.5.2011 13:24

Originally posted by Mrguss:
Originally posted by Smacks:
[quote. Since Sony's network was "unpatched and had no firewall installed" [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence]
If Sony broke any laws with regards to consumers private info then they should be punished by whatever laws we have set up for those types of violations.
That whole comment if false though, thus the whole line of reasoning is incorrect since it's based off non-factual FUD. I posted this yesterday ~

Originally posted by Oner:
That is not truthfully accurate information you are speaking and where the propagation of a misinformed comment that continues to grow lies. The misnomer of

Quote:
unpatched servers without a firewall and knowing for months before hand of the security risks
is not true. It started from 1 comment that came from an IRC chat of which was NEVER CONFIRMED as valid. Then only to be blown out of proportion and made int FUD headlines by forum posts and "journalists" who never fact checked ANYTHING of which then ultimately made it to Dr. Eugene Spafford's testimony before Congress of which he was citing unverified/untrue information! This "security expert" in a written statement said ~

Quote:
I have no information about what protections they had in place, although some news reports indicate that Sony was running software that was badly out of date and had been warned about that risk.
Thus PROVING he had no first-hand knowledge of the state of Sony's servers or Sony's knowledge about possible exploits. He didn't know a damned thing and literally just repeated empty unsubstantiated claims he read in the media!

SOURCE & SUPPLEMENTAL

And now people consistently claim this as fact everywhere. It has basically become the game of telephone (explanation) just like so many other media BS <reports>.

This message has been edited since its posting. Latest edit was made on 10 May 2011 @ 1:25

1210.5.2011 17:44
lissenup1
Inactive

Originally posted by lupine25:
I have never liked 'Anonymous' and I just can't say anything positive about them. I mean I can't stand Sony either so I'm not defending them but in this case I think that Anonymous set themselves up for this one--whether or not they actually comitted the crime. They're a bunch of hipocrites who talk about freedom of knowledge yet they interfere with people's freedom of choice.

Please substantiate your nonsense babble please by documenting/siting why they're "hipocrites" and how they have "interfered" with people's freedom of choice.

BTW.........just because Anonymous does what he/she does, doesn't mean they "set themselves up". If they are innocent then they are.........regardless of what they do/did/will do.

People like you walk around with your head up your ass but we don't say that "you set yourself up for all the bad karma that comes your way".

1310.5.2011 21:23

Originally posted by Oner:
Originally posted by Mrguss:
Originally posted by Smacks:
[quote. Since Sony's network was "unpatched and had no firewall installed" [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence]
If Sony broke any laws with regards to consumers private info then they should be punished by whatever laws we have set up for those types of violations.
That whole comment if false though, thus the whole line of reasoning is incorrect since it's based off non-factual FUD. I posted this yesterday ~

Originally posted by Oner:
That is not truthfully accurate information you are speaking and where the propagation of a misinformed comment that continues to grow lies. The misnomer of

Quote:
unpatched servers without a firewall and knowing for months before hand of the security risks
is not true. It started from 1 comment that came from an IRC chat of which was NEVER CONFIRMED as valid. Then only to be blown out of proportion and made int FUD headlines by forum posts and "journalists" who never fact checked ANYTHING of which then ultimately made it to Dr. Eugene Spafford's testimony before Congress of which he was citing unverified/untrue information! This "security expert" in a written statement said ~

Quote:
I have no information about what protections they had in place, although some news reports indicate that Sony was running software that was badly out of date and had been warned about that risk.
Thus PROVING he had no first-hand knowledge of the state of Sony's servers or Sony's knowledge about possible exploits. He didn't know a damned thing and literally just repeated empty unsubstantiated claims he read in the media!

SOURCE & SUPPLEMENTAL

And now people consistently claim this as fact everywhere. It has basically become the game of telephone (explanation) just like so many other media BS <reports>.

@Oner
1)Weather this information
Quote:
Since Sony's network was "unpatched and had no firewall installed" [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence
is false or not my reasoning still stands. If they are guilty then punish them to the full extent of the law. If they are not then people should shut the f**k up about Sony not having a secure system. You would think Sony was trying to give away info if you read most of the posts on these Sony related articles. We should find out the truth when the investigation is completed.

Originally posted by Mrguss:
Originally posted by Smacks:
[quote. Since Sony's network was "unpatched and had no firewall installed" [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence]
If Sony broke any laws with regards to consumers private info then they should be punished by whatever laws we have set up for those types of violations. Obviously there will be an investigation on both sides of this. It will be interesting to find out who is actually behind all of this. And I do think we will all find out!
Sony was blind folded and with their legs wide open; it took just a small push to get rape.
Now that they do not know who rape them, just trow the blame to anybody for it, 'cos they are in the corner like a scary rabbit after the laws and more hatters are all over Sony A**

P.S.
I think Sony is playing the Anonymous Card 'cos Anonymous have problems lately with a IRC servers and 1 Mod.
http://goo.gl/fb/RahU0
Anonymous already claimed responsibility for the original attack, why wouldn't Sony be pointing the finger in their direction.

1411.5.2011 00:12

Well...well...well.
Anonymous Group didn't hack Sony, but members "may" have acted apart from the group as a whole.....
http://cnet.co/kaC22C

Also another Anonymous Hacker Group working alone: LulzSec:
http://j.mp/iChOxB

This message has been edited since its posting. Latest edit was made on 11 May 2011 @ 12:43

1511.5.2011 11:00

Originally posted by Smacks:
@Oner
1)Weather this information

Quote:
Since Sony's network was "unpatched and had no firewall installed" [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence
is false or not my reasoning still stands. If they are guilty then punish them to the full extent of the law. If they are not then people should shut the f**k up about Sony not having a secure system. You would think Sony was trying to give away info if you read most of the posts on these Sony related articles. We should find out the truth when the investigation is completed.
I agree, but that's also the issue. We have the validity of the servers were not unprotected yet people won't STFU about the misinformation and continue to spread that false info like if it's 100% fact. Certain types of people (not just here) want to believe what they want to believe because of a bias and no matter what you show them they will just cover their ears, close their eyes and scream LaLaLaLaLaLa as loudly as they can.


Originally posted by Smacks:
Anonymous already claimed responsibility for the original attack, why wouldn't Sony be pointing the finger in their direction.
Makes sense doesn't it!


Originally posted by Mrguss:
Well...well...well.
Anonymous Group didn't hack Sony, but members "may" have acted apart from the group as a whole.....
That comment/headline is a complete contradiction in itself! Because if part of the group when they WERE in An0nymous did do the hack but now they are not part of An0nymous after the fact doesn't mean that An0nymous didn't do it to begin with.

The fact is they were in An0nymous when they did it. And since An0nymous is not supposed to be lead by ANYONE, whoever does whatever under the guise An0nymous is in effect part of An0nymous! What is so hard to understand about that? Plus we all know An0nOps is not An0nymous but that doesn't mean An0nymous still isn't responsible because An0nOps claims no responsibility.

And what happened to the biggest attack/hack they were claiming just a few days before the PSN went down? Exactly. This WAS the big attack/hack and now that the feds are involved people are scrambling to cover their butts.
This message has been edited since its posting. Latest edit was made on 11 May 2011 @ 8:05

1611.5.2011 12:44

Doesn't matter much anymore as Anon is pretty split in half and fighting has started.

1 person has ripped off 2 of their 3 domains so they don't even have full control of their own network and it's been left wide open for the FBI to come in and grab stuff.

Anon isn't a safe group, you'd be silly to support them.

1712.5.2011 23:53

Originally posted by Oner:
Originally posted by Mrguss:
Originally posted by Smacks:
[quote. Since Sony's network was "unpatched and had no firewall installed" [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence]
If Sony broke any laws with regards to consumers private info then they should be punished by whatever laws we have set up for those types of violations.
That whole comment if false though, thus the whole line of reasoning is incorrect since it's based off non-factual FUD. I posted this yesterday ~

Originally posted by Oner:
That is not truthfully accurate information you are speaking and where the propagation of a misinformed comment that continues to grow lies. The misnomer of

Quote:
unpatched servers without a firewall and knowing for months before hand of the security risks
is not true.


I originally read the news about sony running unpatched, out of date software with no firewall on Google I found another link on CNET is here: http://news.cnet.com/8301-17852_3-20060335-71.html. Short quote from the cnet article:

Quote:

The answer given by Gene Spafford, a security expert and professor of computer science at Purdue University, raises troubling thoughts.

In written testimony to the House Subcommittee on Commerce, Manufacturing and Trade, Spafford highlighted recent data breaches at Sony and at Epsilon.

This message has been edited since its posting. Latest edit was made on 12 May 2011 @ 11:59

1813.5.2011 08:03

Hey I am Anonymous - I do quite a bit of downloading from FTP sites logging in as "anonymous" !

Comments have been disabled for this article.

News archive