Sony Provides Timeline of Attack Hinting at Anonymous' Involvement

Scott Bullock

New member
Nov 11, 2010
1,063
0
0
Sony Provides Timeline of Attack Hinting at Anonymous' Involvement

In an open letter to Congress, Sony reveals more details on the recent cyber-attack against it, and how it plans to make up for the theft of user's information.

Last week, the House of Representatives' Subcommittee on Commerce, Manufacturing, and Trade sent a letter to Sony, requesting further information on the nature of the recent intrusion into Sony's networks and the resulting theft of personal information associated with 77 million PSN accounts. Sony's reply, an open letter posted on Flickr [http://www.flickr.com/photos/playstationblog/sets/72157626521862165/], provides an in-depth timeline of Sony's discovery of and response to the attack:

On April 19, Sony's network team noticed strange server activity, including the reboot of several servers and a data transfer. The servers in question were taken offline and analyzed.
After a lengthy investigation by a large internal team, it was decided that there had been some form of unauthorized intrusion into the network. On April 20, PSN was taken down, and Sony hired a computer security and forensic firm to help discover exactly how wide-spread the intrusion was. On the 21st, the company hired a second firm.
After 2 days of investigation, it was discovered that "intruders had used very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside the servers." Upon finding this, Sony decided a third security firm was called for.
On April 25, Sony realized exactly how far-reaching the intrusion was, and that it had accessed the personal data of all 77 million PSN users. The company could not determine if the credit card data had been accessed.
On April 26, one week after the intrusion was first noticed, Sony announced to the public that their personal information had been compromised, and that their credit card data may or may not have been taken, as well.


During the investigation of the attack, Sony says that it discovered a file that had been created titled "Anonymous," and which read "We are Legion". This, obviously, points the finger at so-called hacktivist group Anonymous, which was carrying out denial of service attacks against several of Sony's websites at the time of the intrusion. While it could be an admission of guilt by the group, Sony admits that the file could very well be an attempt by another group to turn the blame to Anonymous, representatives of which have denied all involvement.

Whoever carried out the attack, Sony asserts on its blog [http://blog.us.playstation.com/2011/05/04/sonys-response-to-the-u-s-house-of-representatives/] that it is working around the clock to restore its services, and that it has several new security measures put in place to protect the networks from further intrusion, including several extra firewalls, enhanced encryption, and a brand new data center in an "undisclosed location."

Sony also detailed what it is calling the "Welcome Back" program that it will be offering to all PSN users, which will provide 30 days (plus one extra day per day of network outage) of free PlayStation Plus and Music Unlimited subscriptions, in addition to several free downloads.

Sony also reaffirmed that it will be providing complimentary identity theft monitoring to all affected users.

Source: Joystiq [http://blog.us.playstation.com/2011/05/04/sonys-response-to-the-u-s-house-of-representatives/]

Permalink
 

Harbinger_

New member
Jan 8, 2009
1,050
0
0
It is possible that someone was trying to frame Anonymous... just saying. Also I don't want free stuff from Sony, I'd rather have a cash equivalent as I got rid of my PS3 but my information was still on the PSN.
 

Nikolaz72

This place still alive?
Apr 23, 2009
2,125
0
0
Anon has no reason to steal credit card information from users. They are against Censorship and are sometimes doing stupid shit to prove that, but stealing personal data is not anti-censorship and I therefor could not believe Anon is involved.
 

maddog015

New member
Sep 12, 2008
338
0
0
Hmm, what about the freebie players on their SOE games for the PC? Do I get a free month of subscribed services?
 

Misho-

New member
May 20, 2010
398
0
0
Well, it's good to see the day to day steps taken and what was learned each day. Unfortunately they could have just told us April 25th... Not the 26th...

But anyhow.
 

Thyunda

New member
May 4, 2009
2,955
0
0
I notice that this 'welcome back' program has been mentioned now in every single article about this, plus what the pack contains.

Advertising? Mighty suspicious, I say.
 

killamanhunter

New member
Mar 24, 2009
204
0
0
maddog015 said:
Hmm, what about the freebie players on their SOE games for the PC? Do I get a free month of subscribed services?
Actually they said exactly that, 1 month of free subscription plus one day the service is out

OT:Either Sony is feeding trolls or Trolls are framing Anon, because as much as I hate Anon (as shown by my avatar) they work for the people, against DA MAN!
 
Aug 25, 2009
4,611
0
0
I'm just waiting for someone to come along claiming that Sony is lying to Congress.

Maybe someone's framing them, maybe someone who considers themselves part of Anonymous (in which case, given how much people try and describe Anonymous, someone who considers themselves part of Anonymous is automatically part of Anonymous, therefore Anonymous takes responsibility), or maybe it really is Anonymous themselves.

One way or the other, Sony wouldn't lie to Congress, don't be so stupid (to anyone who would make that claim) so it does look like they really didn't know the extent of the damage until the day before they announced it, which at least says something for their customer support.
 

Carbo

New member
Dec 17, 2010
61
0
0
Carbley says:
*apparently someone left "Anonymous" and "We are Legion" in the hacked files on Sony servers
Suidayseki says:
*so it wasn't 4chan
Carbley says:
*it wasnt
Suidayseki says:
*thats like a giant flag that says "We're trying to pin the blame on 4chan"
 

cerebus23

New member
May 16, 2010
1,275
0
0
It would be odd of anon to deny it publicly but leave a big flashy sign on the network say "IT WAS US" this does smack of a "rogue" wing of anon or someone else trying to lay the blame at their feet.

So what if the welcome back is mentioned you think sony is paying off article writers to mention it? gods get a grip.
 

kurupt87

Fuhuhzucking hellcocks I'm good
Mar 17, 2010
1,438
0
0
Anon might be involved. If it is then I doubt they'd use any data they've obtained maliciously, it goes against their stated aims and will make them necessarily the bad guy. They could have deleted it all or used it for 'nefarious' purposes, we won't find out unless identity theft becomes even more common and that increase is confined to Sony customers. My point is that merely taking the data from Sony is enough to hurt Sony; only afterwards using that data for their own purposes then makes them the bad guy.

I never thought it was them though because the scope of this hack is well beyond anything else that has been attributed to the group. This hack was, to use a popular phrase, serious business.

When Anon announced, before all this, that they'd stop their attacks against Sony because they were inconveniencing the general user I thought them weak. The only way to hurt a company like Sony is to either destroy it, almost impossible, or make it a non-choice for consumers. So, if they thought they were Just in taking Sony on then to falter so early shows they weren't really committed at all.

Edit: Forgot to add, I still don't think this was Anon's work.
 

Kross

World Breaker
Sep 27, 2004
854
0
0
Isn't anonymous made up of whoever decides to declare themselves as part of it? Including people in some other group/whatever? It's just a handy pseudo-anarchist group that uses a forum that allows anonymous posting to organize activities. It's not like they have an entrance exam, or even a need to organize if you're doing something solo.
 

mjc0961

YOU'RE a pie chart.
Nov 30, 2009
3,847
0
0
Again, I don't see how it matters if it was anon or not anon. Does them being anon or not help find the bastards? ...No? Okay. Who cares? Focus on finding the people responsible, then you can search their computers and find out if they were really anon if it matters that much to everyone.
 

lacktheknack

Je suis joined jewels.
Jan 19, 2009
19,316
0
0
That Guy Who Phails said:
Hate to be the one to say it but....

Discussion value?
News room, man. Discussion value is optional here.

Typically, though, they're chock full of debate anyways.

Anyways, it looks to be a framing case, anyways. Why would Anonymous want everyone to know they hacked it when they already recanted for pissing off every PS3 user who ever lived?
 

MisterGobbles

New member
Nov 30, 2009
747
0
0
Kross said:
Isn't anonymous made up of whoever decides to declare themselves as part of it? Including people in some other group/whatever? It's just a handy pseudo-anarchist group that uses a forum that allows anonymous posting to organize activities. It's not like they have an entrance exam, or even a need to organize if you're doing something solo.
Yeah, anyone who declares themselves part of Anon is pretty much part of Anon, whether or not their actions taken using the name is approved of by anyone else using the name.

So if this person claims that they are part of Anonymous, then they really are part of Anonymous, whether the rest of them like it or not.
 

RoBi3.0

New member
Mar 29, 2009
709
0
0
Nikolaz72 said:
Anon has no reason to steal credit card information from users. They are against Censorship and are sometimes doing stupid shit to prove that, but stealing personal data is not anti-censorship and I therefor could not believe Anon is involved.
Except that they announced their goal to take down Sony. Now there is no way in hell Denial of Service attacks are going to do that, but breaking into Sony databases and stealing all the personal info so that Sony gets sued by everyone and their bother including Canada, and causing irreparable damage to their reputation, just might.

I am not saying they did it, but it would be stupid not to include them in a list of suspects.
 

JDKJ

New member
Oct 23, 2010
2,065
0
0
Kross said:
Isn't anonymous made up of whoever decides to declare themselves as part of it? Including people in some other group/whatever? It's just a handy pseudo-anarchist group that uses a forum that allows anonymous posting to organize activities. It's not like they have an entrance exam, or even a need to organize if you're doing something solo.
That's what happens when you have decentralized government: small groups of citizens or a lone citizen can go off and do whatever they want. Who's to stop them?
 

Carbo

New member
Dec 17, 2010
61
0
0
Kross said:
Isn't anonymous made up of whoever decides to declare themselves as part of it? Including people in some other group/whatever? It's just a handy pseudo-anarchist group that uses a forum that allows anonymous posting to organize activities. It's not like they have an entrance exam, or even a need to organize if you're doing something solo.
While this is true there is absolutely no way that an organized effort would actually be able to work without us knowing beforehand. If there's no announcement, there's no group. They operate in numbers.

There's a difference between "the legion" and the anonymous individual. This is more than likely a rogue member who might have one or two intimate relations with people who wanted to do this as well and are experienced in advanced hacking, or it's something entirely different masquerading as them.
 

Popido

New member
Oct 21, 2010
716
0
0
MisterGobbles said:
So if this person claims that they are part of Anonymous, then they really are part of Anonymous, whether the rest of them like it or not.
MelasZepheos said:
someone who considers themselves part of Anonymous is automatically part of Anonymous, therefore Anonymous takes responsibility
You see, if Obama suddenly came down the street and punched you in face claiming that hes Anonymous, would you belive that? No, as hes clearly who else than Barrack Obama. :D

As anonymity is lost when discovered(herp derp), a hacker calling himself an collective mind of inviduals is nothing more than fake numbers.


...
I hope its not Sony.
 

The Red Spy

New member
Dec 1, 2009
408
0
0
I'm sorry, but I can not take this seriously in even the remotest sense.

A message who's origins cannot be verified is now being presented to the public as evidence? Whilst the attack itself is one incredible blunder, one that should mare Sony's reputation indefinitely, at least they had a professional approach to tackling with the problem and trying to present it to customers when possible.

Now, after not disclosing the scale of the intrusion until a week after the event because it couldn't be verified, they now present this single bloody file as if it was hard evidence?

Whilst the true origins of the file may never be revealed, I almost feel sorry for those who don the 'Anonymous' title, I really do. Having to put up with being the scapegoat to others who want to hide their own failings, and suffer when others start pointing fingers blindly to deflect whatever blame they truly deserve for their own incompetence.

I'm also annoyed that this sad, pathetic excuse for an answer to Sony's 'extensive investigation' into the event will no doubt be accepted not just by their fanboys, but gullible customers as well. Great job guys on saving face.