Sony Provides Timeline of Attack Hinting at Anonymous' Involvement

 Pages 1 2 3 4 5 NEXT
 

Sony Provides Timeline of Attack Hinting at Anonymous' Involvement

image

In an open letter to Congress, Sony reveals more details on the recent cyber-attack against it, and how it plans to make up for the theft of user's information.

Last week, the House of Representatives' Subcommittee on Commerce, Manufacturing, and Trade sent a letter to Sony, requesting further information on the nature of the recent intrusion into Sony's networks and the resulting theft of personal information associated with 77 million PSN accounts. Sony's reply, an open letter posted on Flickr, provides an in-depth timeline of Sony's discovery of and response to the attack:

  • On April 19, Sony's network team noticed strange server activity, including the reboot of several servers and a data transfer. The servers in question were taken offline and analyzed.
  • After a lengthy investigation by a large internal team, it was decided that there had been some form of unauthorized intrusion into the network. On April 20, PSN was taken down, and Sony hired a computer security and forensic firm to help discover exactly how wide-spread the intrusion was. On the 21st, the company hired a second firm.
  • After 2 days of investigation, it was discovered that "intruders had used very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside the servers." Upon finding this, Sony decided a third security firm was called for.
  • On April 25, Sony realized exactly how far-reaching the intrusion was, and that it had accessed the personal data of all 77 million PSN users. The company could not determine if the credit card data had been accessed.
  • On April 26, one week after the intrusion was first noticed, Sony announced to the public that their personal information had been compromised, and that their credit card data may or may not have been taken, as well.

During the investigation of the attack, Sony says that it discovered a file that had been created titled "Anonymous," and which read "We are Legion". This, obviously, points the finger at so-called hacktivist group Anonymous, which was carrying out denial of service attacks against several of Sony's websites at the time of the intrusion. While it could be an admission of guilt by the group, Sony admits that the file could very well be an attempt by another group to turn the blame to Anonymous, representatives of which have denied all involvement.

Whoever carried out the attack, Sony asserts on its blog that it is working around the clock to restore its services, and that it has several new security measures put in place to protect the networks from further intrusion, including several extra firewalls, enhanced encryption, and a brand new data center in an "undisclosed location."

Sony also detailed what it is calling the "Welcome Back" program that it will be offering to all PSN users, which will provide 30 days (plus one extra day per day of network outage) of free PlayStation Plus and Music Unlimited subscriptions, in addition to several free downloads.

Sony also reaffirmed that it will be providing complimentary identity theft monitoring to all affected users.

Source: Joystiq

Permalink

It is possible that someone was trying to frame Anonymous... just saying. Also I don't want free stuff from Sony, I'd rather have a cash equivalent as I got rid of my PS3 but my information was still on the PSN.

Anon has no reason to steal credit card information from users. They are against Censorship and are sometimes doing stupid shit to prove that, but stealing personal data is not anti-censorship and I therefor could not believe Anon is involved.

Hmm, what about the freebie players on their SOE games for the PC? Do I get a free month of subscribed services?

Well, it's good to see the day to day steps taken and what was learned each day. Unfortunately they could have just told us April 25th... Not the 26th...

But anyhow.

I notice that this 'welcome back' program has been mentioned now in every single article about this, plus what the pack contains.

Advertising? Mighty suspicious, I say.

maddog015:
Hmm, what about the freebie players on their SOE games for the PC? Do I get a free month of subscribed services?

Actually they said exactly that, 1 month of free subscription plus one day the service is out

OT:Either Sony is feeding trolls or Trolls are framing Anon, because as much as I hate Anon (as shown by my avatar) they work for the people, against DA MAN!

I'm just waiting for someone to come along claiming that Sony is lying to Congress.

Maybe someone's framing them, maybe someone who considers themselves part of Anonymous (in which case, given how much people try and describe Anonymous, someone who considers themselves part of Anonymous is automatically part of Anonymous, therefore Anonymous takes responsibility), or maybe it really is Anonymous themselves.

One way or the other, Sony wouldn't lie to Congress, don't be so stupid (to anyone who would make that claim) so it does look like they really didn't know the extent of the damage until the day before they announced it, which at least says something for their customer support.

Carbley says:
*apparently someone left "Anonymous" and "We are Legion" in the hacked files on Sony servers
Suidayseki says:
*so it wasn't 4chan
Carbley says:
*it wasnt
Suidayseki says:
*thats like a giant flag that says "We're trying to pin the blame on 4chan"

It would be odd of anon to deny it publicly but leave a big flashy sign on the network say "IT WAS US" this does smack of a "rogue" wing of anon or someone else trying to lay the blame at their feet.

So what if the welcome back is mentioned you think sony is paying off article writers to mention it? gods get a grip.

Anon might be involved. If it is then I doubt they'd use any data they've obtained maliciously, it goes against their stated aims and will make them necessarily the bad guy. They could have deleted it all or used it for 'nefarious' purposes, we won't find out unless identity theft becomes even more common and that increase is confined to Sony customers. My point is that merely taking the data from Sony is enough to hurt Sony; only afterwards using that data for their own purposes then makes them the bad guy.

I never thought it was them though because the scope of this hack is well beyond anything else that has been attributed to the group. This hack was, to use a popular phrase, serious business.

When Anon announced, before all this, that they'd stop their attacks against Sony because they were inconveniencing the general user I thought them weak. The only way to hurt a company like Sony is to either destroy it, almost impossible, or make it a non-choice for consumers. So, if they thought they were Just in taking Sony on then to falter so early shows they weren't really committed at all.

Edit: Forgot to add, I still don't think this was Anon's work.

Isn't anonymous made up of whoever decides to declare themselves as part of it? Including people in some other group/whatever? It's just a handy pseudo-anarchist group that uses a forum that allows anonymous posting to organize activities. It's not like they have an entrance exam, or even a need to organize if you're doing something solo.

Again, I don't see how it matters if it was anon or not anon. Does them being anon or not help find the bastards? ...No? Okay. Who cares? Focus on finding the people responsible, then you can search their computers and find out if they were really anon if it matters that much to everyone.

That Guy Who Phails:
Hate to be the one to say it but....

Discussion value?

News room, man. Discussion value is optional here.

Typically, though, they're chock full of debate anyways.

Anyways, it looks to be a framing case, anyways. Why would Anonymous want everyone to know they hacked it when they already recanted for pissing off every PS3 user who ever lived?

Kross:
Isn't anonymous made up of whoever decides to declare themselves as part of it? Including people in some other group/whatever? It's just a handy pseudo-anarchist group that uses a forum that allows anonymous posting to organize activities. It's not like they have an entrance exam, or even a need to organize if you're doing something solo.

Yeah, anyone who declares themselves part of Anon is pretty much part of Anon, whether or not their actions taken using the name is approved of by anyone else using the name.

So if this person claims that they are part of Anonymous, then they really are part of Anonymous, whether the rest of them like it or not.

Nikolaz72:
Anon has no reason to steal credit card information from users. They are against Censorship and are sometimes doing stupid shit to prove that, but stealing personal data is not anti-censorship and I therefor could not believe Anon is involved.

Except that they announced their goal to take down Sony. Now there is no way in hell Denial of Service attacks are going to do that, but breaking into Sony databases and stealing all the personal info so that Sony gets sued by everyone and their bother including Canada, and causing irreparable damage to their reputation, just might.

I am not saying they did it, but it would be stupid not to include them in a list of suspects.

Kross:
Isn't anonymous made up of whoever decides to declare themselves as part of it? Including people in some other group/whatever? It's just a handy pseudo-anarchist group that uses a forum that allows anonymous posting to organize activities. It's not like they have an entrance exam, or even a need to organize if you're doing something solo.

That's what happens when you have decentralized government: small groups of citizens or a lone citizen can go off and do whatever they want. Who's to stop them?

Kross:
Isn't anonymous made up of whoever decides to declare themselves as part of it? Including people in some other group/whatever? It's just a handy pseudo-anarchist group that uses a forum that allows anonymous posting to organize activities. It's not like they have an entrance exam, or even a need to organize if you're doing something solo.

While this is true there is absolutely no way that an organized effort would actually be able to work without us knowing beforehand. If there's no announcement, there's no group. They operate in numbers.

There's a difference between "the legion" and the anonymous individual. This is more than likely a rogue member who might have one or two intimate relations with people who wanted to do this as well and are experienced in advanced hacking, or it's something entirely different masquerading as them.

MisterGobbles:
So if this person claims that they are part of Anonymous, then they really are part of Anonymous, whether the rest of them like it or not.

MelasZepheos:
someone who considers themselves part of Anonymous is automatically part of Anonymous, therefore Anonymous takes responsibility

You see, if Obama suddenly came down the street and punched you in face claiming that hes Anonymous, would you belive that? No, as hes clearly who else than Barrack Obama. :D

As anonymity is lost when discovered(herp derp), a hacker calling himself an collective mind of inviduals is nothing more than fake numbers.

...
I hope its not Sony.

I'm sorry, but I can not take this seriously in even the remotest sense.

A message who's origins cannot be verified is now being presented to the public as evidence? Whilst the attack itself is one incredible blunder, one that should mare Sony's reputation indefinitely, at least they had a professional approach to tackling with the problem and trying to present it to customers when possible.

Now, after not disclosing the scale of the intrusion until a week after the event because it couldn't be verified, they now present this single bloody file as if it was hard evidence?

Whilst the true origins of the file may never be revealed, I almost feel sorry for those who don the 'Anonymous' title, I really do. Having to put up with being the scapegoat to others who want to hide their own failings, and suffer when others start pointing fingers blindly to deflect whatever blame they truly deserve for their own incompetence.

I'm also annoyed that this sad, pathetic excuse for an answer to Sony's 'extensive investigation' into the event will no doubt be accepted not just by their fanboys, but gullible customers as well. Great job guys on saving face.

Bull shit. If any fingers were pointing at Anon they would have popped out and said 'HAH AH WE DID IT!" not leave a file telling you the anon motto. The only finger pointing at Anon is a finger owned by sony that put the file there; if it even existed(no one say conspiracy companies can still lie) and again if anon had hacked sony we would have heard about it from anon via public release.

Won't stop loads of people from beleiving this baseless statement.

It wasn't me. -- Anonymous

See, there. Now Anon has said it wasn't them.

This about sums it up:

Kross:
Isn't anonymous made up of whoever decides to declare themselves as part of it? Including people in some other group/whatever? It's just a handy pseudo-anarchist group that uses a forum that allows anonymous posting to organize activities. It's not like they have an entrance exam, or even a need to organize if you're doing something solo.

It's like writing "Leroy was Here". Leroy wasn't actually there, you know.

RT-Medic-with-shotgun:
Bull shit. If any fingers were pointing at Anon they would have popped out and said 'HAH AH WE DID IT!" not leave a file telling you the anon motto. The only finger pointing at Anon is a finger owned by sony that put the file there; if it even existed(no one say conspiracy companies can still lie) and again if anon had hacked sony we would have heard about it from anon via public release.

Are you forgetting that Sony called in not one, not two, but three independent forensic examiners? All those parties are in on a conspiracy to frame Anonymouse? Possible, but not likely.

Sooo many people who don't understand how anonymous works.

Its entirely likely (and in fact very likely) that it was Anonymous, since anonymous is an amorphous group, and people within that group often times never know what others are doing.

SnakeCL:
Sooo many people who don't understand how anonymous works.

Its entirely likely (and in fact very likely) that it was Anonymous, since anonymous is an amorphous group, and people within that group often times never know what others are doing.

Theres a little bit more difference between "We dont know who did it" and "Anonymous did it".

It's a possible that Anonymous did it. It's possible that Anonymous didn't do it and someone is being intentionally misleading.
I mean cmon. Anonymous has been publicly going at it with Sony for a some time now. Anyone tripping over one of their random cryptic rants against Sony could have just slipped that little bit in.

It's nothing conclusive in any case.

JDKJ:

RT-Medic-with-shotgun:
Bull shit. If any fingers were pointing at Anon they would have popped out and said 'HAH AH WE DID IT!" not leave a file telling you the anon motto. The only finger pointing at Anon is a finger owned by sony that put the file there; if it even existed(no one say conspiracy companies can still lie) and again if anon had hacked sony we would have heard about it from anon via public release.

Are you forgetting that Sony called in not one, not two, but three independent forensic examiners? All those parties are in on a conspiracy to frame Anonymous? Possible, but not likely.

So its impossible for sony to leave a file in there for when one of the firms checks? they turn it in and make like it was found?

While i wouldn't put it past a few entities to lie to people i would say all that would be needed was sony to make a file, leave it in the path of the firms check ups, wait for them to find it, BAM instant scapegoat.

BTW when do we draw the line? Why is it conspiracy for a lie perpetrated by someone in power or status but a lie for everyone else.

Sony is pointing fingers, just another reason not to buy anything from them.

There MUST be a core group of people who organize the actions of Anonymous, just because we aren't aware of who they are doesn't mean they do not exist. I don't think anyone is trying to "frame" anonymous, per se, but I do think they the core group that MUST exist had nothing to do with it.

Kross:
Isn't anonymous made up of whoever decides to declare themselves as part of it? Including people in some other group/whatever? It's just a handy pseudo-anarchist group that uses a forum that allows anonymous posting to organize activities. It's not like they have an entrance exam, or even a need to organize if you're doing something solo.

Not to nitpick, but they never claimed to be a group of anarchists as I understood it. I mean, anarchism is simply not having leaders. It's not chaos or lawlessness as so many people associate with the word. They literally pick a cause and then assert there side by their own means, in some cases shutting down a website. But, they have never done anything as big as this before, and they never stole anything either. Just because they use unorthodox means of expressing their point of view doesn't mean they are cyber thieves. That is like saying that since I speed occasionally, I am also likely the person who robbed the bank.

My friends and I used to have a game night. We would play social games and we played this game where the person would read a statement with a blank in it, and everyone else would write something down, and the person would then have to guess who wrote what. Well, "Don wrote this" came up a lot and Don never ever wrote it.

RT-Medic-with-shotgun:

JDKJ:

RT-Medic-with-shotgun:
Bull shit. If any fingers were pointing at Anon they would have popped out and said 'HAH AH WE DID IT!" not leave a file telling you the anon motto. The only finger pointing at Anon is a finger owned by sony that put the file there; if it even existed(no one say conspiracy companies can still lie) and again if anon had hacked sony we would have heard about it from anon via public release.

Are you forgetting that Sony called in not one, not two, but three independent forensic examiners? All those parties are in on a conspiracy to frame Anonymous? Possible, but not likely.

So its impossible for sony to leave a file in there for when one of the firms checks? they turn it in and make like it was found?

While i wouldn't put it past a few entities to lie to people i would say all that would be needed was sony to make a file, leave it in the path of the firms check ups, wait for them to find it, BAM instant scapegoat.

I think that multiple experts in computer and data forensics would be able to figure out whether a file was placed by an intruder or by the owner of the server. There'd be fingerprints and footprints all over the place. But if you're happy believing in tinfoil hat conspiracies, suit yourself. What ever makes you happy.

Wait a second...

You missed the date when PSN goes back online....

Nevermind: You guys havent got to that part....

Popido:
You see, if Obama suddenly came down the street and punched you in face claiming that hes Anonymous, would you belive that? No, as hes clearly who else than Barrack Obama. :D

As anonymity is lost when discovered(herp derp), a hacker calling himself an collective mind of inviduals is nothing more than fake numbers.

...
I hope its not Sony.

If Mr. Obama was wearing a mask and not talking, then yes, he would be anonymous. If someone says they are anonymous, and we don't know who they are, then they ARE anonymous. In both ways that can be taken.

Edit: Or if he was talking in a voice you couldn't recognize... if you want to be a nit picker.

Baresark:
Sony is pointing fingers, just another reason not to buy anything from them.

You obviously have not read this article properly.
It says that Sony admits that the file could have been placed by another group to place blame on anon.

raankh:

It wasn't me. -- Anonymous

See, there. Now Anon has said it wasn't them.

You never know I mean they could have taken a lesson from http://www.youtube.com/watch?v=GH_StQ6KdW0

If it was Anonymous, you'd think they'd do something a little grander to announce their involvement. Like they've done with basically everything else.

 Pages 1 2 3 4 5 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here