Two weeks into the PlayStation Network outage, new information has surfaced about the possible nature of the hack that forced Sony to bring the network down in the first place. Responding to a Congressional inquiry regarding the attack, Sony revealed that the hackers left behind a file specifically linking the job to hacker collective Anonymous.
Having been the target of Anon in the past due to their litigation against PlayStation 3 jailbreaker George Hotz, both Sony and the internet were quick to blame Anon, as their prior actions and the timing of the hack seemed to fit. But is that really the case?
In a PlayStation.Blog post detailing Sony’s response to the U.S. House of Representatives, Patrick Seybold, Senior Director of Corporate Communications & Social Media, revealed the existence of evidence implicating Anonymous.
We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
However, one has to wonder whether Anonymous would be so arrogant (read: stupid) to intentionally incriminate themselves in such a major criminal act. Of course, the benefits of being anonymous by design is that no one knows who these people are; however, implicating themselves would only bring more unwanted attention to the hacker collective. And maybe that’s the intent.
While this is merely speculation on my own behalf, the possibility that Anonymous has been framed for the attack should be considered. Whether you support Anonymous and its actions or not, the existence of an Anonymous “calling card” left in the SOE database seems a little too convenient and one has to wonder whether or not the perpetrator(s) simply took advantage of Anon’s earlier attack to further their own ends.
Still, convenient or not, Sony’s own Kaz Hirai mentioned in his statement to the House of Representatives that the DDoS attacks being connected to the PSN hack was indeed a possibility and could even have been intended as a distraction.
The Sony Network Entertainment America team did not immediately detect the criminal intrusion for several possible reasons. First, detection was difficult because of the sheer sophistication of the intrusion. Second, detection was difficult because the criminal hackers exploited a system software vulnerability. Finally, our security teams were working very hard to defend against denial of service oattacks, and that may have made it more difficult to detect this intrusion quickly – all perhaps by design.
Whether that was the case or not, only time will tell. For the moment, Sony has a lot to deal with, including strengthening their security and dealing with both financial and political fallout from the event.
As of now, the PlayStation Network is still down, though Seybold stated that Sony employees were working around the clock to restore PSN functionality and that specific details about the network restoration would be provided shortly.