Skip to main content

Sony Found an ''Anonymous'' File on SOE Servers

PSN users aren’t the only ones wondering how the heck hackers were able to steal so much personal information from Sony servers. Late last week, the United States House of Representatives Subcommittee on Commerce, Manufacturing, and Trade sent a letter to Sony asking it to detail certain aspects of the breach and how it was dealing with the exposure of such a large amount of personal data.  

Today, Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to the questions via an open letter that details Sony's actions in dealing with the breach and subsequent data loss.

As with many of the blog posts, press releases, FAQs and Q&As Sony has posted in the last couple of weeks, there’s a lot of information in there that we already know. However, also included is some additional information that Sony had not previously disclosed. Indeed, Hirai revealed that Sony did not notice the hackers’ intrusion straight away.

"Almost two weeks ago, one or more cyber criminals gained access to PlayStation Network servers at or around the same time that these servers were experiencing denial of service attacks," Hirai wrote.

"The Sony Network Entertainment America team did not immediately detect the intrusion for several possible reasons. First, detection was difficult because of the sheer sophistication of the intrusion. Second, detection was difficult because the criminal hackers exploited a system software vulnerability. Finally, our security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect this intrusion quickly -- all perhaps by design.

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know. In any case, those who participated in the attacks should understand that -- whether they knew it or not -- they were aiding in a well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony’s many customers around the world."

Hirai goes on to give a more precise timeline of how Sony proceeded once it discovered the intrusion and explains why it took so long to notify users that personal data had been compromised (he gives the same explanation that the PlayStation Blog offered -- Sony simply didn’t know until April 25). He also mentions that the hackers deleted log files in order to hide the extent of their work and activity inside the network.

Perhaps most importantly, Hirai revealed that though the information of 77 million users was stolen, Sony only holds the credit card details of approximately 12.3 million users (5.6 million of them being U.S. customers). The company still has no evidence to suggest this information was stolen or compromised in some way -- the hacker made queries for information related to personal data such as name, home address, phone number, but Sony has not yet discovered any similar queries relating to credit card info -- and the company says it has received no communication from credit card companies to suggest there has been any fraudulent activity as a result of the PSN breach.

Finally, Hirai also stated in the letter that Sony’s investigations led to the discovery of a file titled 'Anonymous' which had been planted on SOE servers and contained the words "We are Legion." Anonymous has already stated publicly that it had nothing to do with the attack, which means there’s two likely explanations: Anonymous was lying and this was part of the group's attack on Sony over the GeoHot affair, or, someone else hacked PSN and SOE and tried to cover its tracks by leaving evidence that points to Anon. At any rate, Sony’s letter doesn’t specifically say it believes Anonymous is responsible, so we have to assume the company is still investigating who is behind this attack.

You can read the letter in full over on Flickr.