It looks like Sony intends to pass the blame for the hack that took down the PSN and the huge data breach that exposed about 77 million users' financial and personal information onto Anonymous. While investigating that attack, Sony announced on Monday, that Sony Online Entertainment services had also been hacked and that breach compromised 24.6 million users and 20,000 credit card and bank account numbers.
Today, Sony told the U.S. House of Representatives that it found proof "planted" on one of its servers in a file named "Anonymous" which included the phrase "We are Legion" - which is often used by the group as a motto.
The testimony letter by Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, is posted on flickr. Hirai wrote, that it "is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyberattack designed to steal personal and credit card information for illegal purposes."
Hirai added, "Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous." He noted that one or more cybercriminals gained access to the PSN servers about "the same time that these servers were experiencing denial of service attacks."
The Sony executive also wrote, "Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know. In any case, those who participated in the denial of service attacks should understand that -- whether they knew it or not -- they were aiding in a well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony's many customers around the world."
Congressional committee chairman Mary Bono Mack called Sony's decision not to attend the hearing "unacceptable" and criticized the company for not notifying customers sooner of the data breach. Mack was told by Sony that it was "too busy" with its investigation to put in an appearance.
Anonymous still denies that the group is responsible for the data theft. On April 22, Anonymous said "for once we didn't do it." The group also said it might have been other Anons acting on their own. The timeframe pointed out by Sony matches up with the DDoS campaign launched by Anonymous in retribution for the lawsuit Sony brought against George Hotz aka GeoHot. Yet Hirai's statements seem to have conflicting information. Anonymous is not known for stealing credit card information; and even though the group is powerful, it's not really known as a "very professional" group.
U.S. Attorney General Eric Holder told the Senate Judiciary Committee that the Department of Justice has opened an investigation into the data breach. "The FBI is working with federal prosecutors in San Diego as agents try to determine the facts and circumstances of the alleged crimes, an FBI spokesman has said. Analysts have said the incident, in which customers could decide to replace their credit cards, could cost Sony more than $1.5 billion."
Image credit: Sklathill