Sony's scapegoat for the PSN compromise fights back

Sony has cast some blame for its PlayStation Network security problems in the direction of Anonymous, but Anonymous has denied any involvement.

Back on 22 April, Anonymous was quick to comment on the PlayStation Network compromise in a statement titled, "For Once We Didn't Do It":

While it could be the case that other Anons have acted by themselves, AnonOps was not related to this incident and takes no responsibility for it. A more likely explanation is that Sony is taking advantage of Anonymous' previous ill-will towards the company to distract users from the fact the outage is actually an internal problem with the company's servers.

An amusing sign-off summed up the Anonymous reaction:


Sony Is Incompetent

Following the US House of Representatives Subcommittee on Commerce, Manufacturing and Trade's 4 May hearing, "The Threat of Data Theft to American Consumers", Sony rushed to respond -- after it failed to send a representative as requested by the committee. Sony used Anonymous to scapegoat some of its recent Playstation Network security compromise problems in PlayStation.Blog's "Sony’s Response to the U.S. House of Representatives":

We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named "Anonymous" with the words "We are Legion."

As pointed out by people associated with Anonymous "leadership", there is no way to independently verify the source of such a file if it exists. Is Anonymous the all-purposes bogeyman of corporate IT security now -- or is it just Sony's bogeyman when it wants to deflect attention from its own failings? Anonymous has some choice words on the subject in response to Sony's implication that the PSN compromise was an Anonymous operation.

Anonymous does have a recent history of harassing Sony, at least in part as a response to Sony's litigative attacks on PlayStation hacker George Hotz, whose goal was to provide a means for users to install Linux on their PlayStations. Sony took exception to Hotz' activities, and Anonymous took exception to Sony's strong-arm tactics, which ended in a gag order for Hotz. Anonymous' retaliations against Sony had apparently been confined to denial of service attacks against the corporation's websites and similar nuisance actions. Taking action that essentially targets customers is not consistent with common Anonymous tactics.

Since Sony's accusations, Anonymous has offered further denials of involvement, including a letterhead press release under the auspices of "Anonymous Enterprises LLC (Bermuda)". At some length, it spells out the rationale for Anonymous activities targeting Sony, and reasoning that suggests the PSN compromise is antithetical to Anonymous aims. A summary of the core message closes the letter:

If a legitimate and honest investigation into the credit card theft is conducted, Anonymous will not be found liable. While we are a distributed and decentralized group, our leadership does not condone credit card theft. We are concerned with erosion of privacy and fair use, the spread of corporate feudalism, the abuse of power and the justifications of executives and leaders who believe themselves immune personally and financially for the actions they undertake in the name of corporations and public office.

Anonymous will continue its work in support of transparency and individual liberty; our adversaries will continue their work in support of secrecy and control. The FBI will continue to investigate us for crimes of civil disobedience while continuing to ignore the crimes planned by major corporations which use their services.

It has been suggested that even if Anonymous did not launch the PSN compromise itself, Anonymous activities may have unwittingly provided some cover for the attackers who compromised the PlayStation Network. Whether you regard this as meaning that Anonymous is partly to blame for the PSN breach or not -- or whether you believe it at all -- likely depends on your level of sympathy for Anonymous' stated goals and methods.