Cybercriminals left a file in the name of “hacktivist” group “Anonymous” on the servers of Sony’s online entertainment network, the Japanese company said on Wednesday, but it stopped short of directly accusing the Internet vigilantes of carrying out the attack.
Sony, in a letter to a US congressional committee investigating data theft, provided its most detailed explanation yet of the hacker attacks on Sony Online Entertainment, the PlayStation Network and the Qriocity streaming music service.
Personal information, such as the user names, passwords, addresses and birth dates of more than 100 million people may have been compromised in the attacks and the intruders may also have made off with credit and debit card data.
Sony, in the letter to the US House Subcommittee on Commerce, Manufacturing and Trade, said that the large-scale data theft came shortly after the PlayStation Network suffered distributed denial of service (DDoS) attacks from the loose-knit group of hackers known as Anonymous.
Anonymous, which carried out attacks last year against US companies which withdrew services to WikiLeaks, had vowed retribution against Sony for taking legal action against hackers who cracked PlayStation 3’s defenses to change console operating software.
Anonymous argues that PlayStation 3 console owners have the right to do what they want with them, including modifying them.
In a typical DDoS attack, a large number of computers are commanded to simultaneously visit a Web site, overwhelming its servers, slowing service or knocking it offline completely.
Anonymous took credit for the DDoS attacks, but denied involvement in the data theft.
Sony Computer Entertainment America chairman Kazuo Hirai, in his letter, said: “What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes.”
He said intruders who stole data from Sony Online Entertainment servers “had planted a file on one of those servers named ‘Anonymous’ with the words: ‘We are Legion,’” the Anonymous motto.
“Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous,” Hirai said. “Almost two weeks ago, one or more cybercriminals gained access to PlayStation Network servers at or around the same time that these servers were experiencing denial of service attacks. Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know.”
“In any case, those who participated in the denial of service attacks should understand that — whether they knew it or not — they were aiding in a well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony’s many customers around the world,” he said.
Sony discovered the initial breach between April 17 and April 19 and shut down the network on April 20, but the company has faced criticism for not disclosing details of the breach until a week later.