Skip to main content

Anonymous: Credit Card Theft Isn't Our M.O.

Sony this week made headlines with an open letter responding to questions from congress regarding the PSN and SOE breaches. One of the more interesting parts of the text was the revelation that Sony had discovered a file planted on the SOE servers titled ‘Anonymous’ and containing the words, “We are Legion.” Discovered earlier this week, the SOE intrusion resulted in the theft of thousands of credit and debit card numbers. Though Sony’s letter did not point the finger at Anonymous outright (Sony actually categorically said it did not know who was responsible for the attack) it did seem imply that Anonymous might have been involved in some way.

However, in a press release posted today, Anonymous vehemently denied it had anything to do with the credit card theft, claiming it’s never condoned the stealing of credit cards or identities.

"Anonymous has never been known to have engaged in credit card theft," the group said. "In the realm of criminal investigation, there is an important aspect of investigations that should never be overlooked. The "modus operandi" of a criminal rarely changes. Whoever did perform the credit card theft did so contrary to the "modus operandi" and intentions of Anonymous. Public support is not gained by stealing credit card info and personal identities, we are trying to fight criminal activities by corporations and governments, not steal credit cards."

So, Anonymous, a group usually more than ready to admit its involvement in a prank, is claiming innocence. Then where did the file come from? There’s a couple of possibilities: Anonymous is lying about its involvement (which doesn’t seem that plausible considering the group’s tendency to publicly declare its plans and victories), or it’s a frame-job. It would be all too easy for the real culprits to cover their tracks by leaving evidence pointing to a group that recently displayed a high level of distaste for Sony.

Of course, there is another conceivable explanation; Venture Beat’s Matthew Lynley points out the rather interesting fact that Anonymous’ press release only focuses on denial of credit card theft and insistence that that is not how it operates. However, Sony’s letter to congress also points to DDoS attacks that occurred around the time of the intrusion. The company said it does not know who is responsible for the attacks, nor does it know if they were working in tandem with the hackers, but Sony does blame the DDoS attack for tying up its security team while the breach was taking place.

" … Our security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect this intrusion quickly -- all perhaps by design," said Sony’s Kazuo Hirai.

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know. In any case, those who participated in the attacks should understand that -- whether they knew it or not -- they were aiding in a well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony’s many customers around the world."

Check out Anonymous' full statement on the Guardian.