Skip to main content

Anonymous: Credit Card Theft Isn't Our M.O.

Sony this week made headlines with an open letter responding to questions from congress regarding the PSN and SOE breaches. One of the more interesting parts of the text was the revelation that Sony had discovered a file planted on the SOE servers titled ‘Anonymous’ and containing the words, “We are Legion.” Discovered earlier this week, the SOE intrusion resulted in the theft of thousands of credit and debit card numbers. Though Sony’s letter did not point the finger at Anonymous outright (Sony actually categorically said it did not know who was responsible for the attack) it did seem imply that Anonymous might have been involved in some way.

However, in a press release posted today, Anonymous vehemently denied it had anything to do with the credit card theft, claiming it’s never condoned the stealing of credit cards or identities.

"Anonymous has never been known to have engaged in credit card theft," the group said. "In the realm of criminal investigation, there is an important aspect of investigations that should never be overlooked. The "modus operandi" of a criminal rarely changes. Whoever did perform the credit card theft did so contrary to the "modus operandi" and intentions of Anonymous. Public support is not gained by stealing credit card info and personal identities, we are trying to fight criminal activities by corporations and governments, not steal credit cards."

So, Anonymous, a group usually more than ready to admit its involvement in a prank, is claiming innocence. Then where did the file come from? There’s a couple of possibilities: Anonymous is lying about its involvement (which doesn’t seem that plausible considering the group’s tendency to publicly declare its plans and victories), or it’s a frame-job. It would be all too easy for the real culprits to cover their tracks by leaving evidence pointing to a group that recently displayed a high level of distaste for Sony.

Of course, there is another conceivable explanation; Venture Beat’s Matthew Lynley points out the rather interesting fact that Anonymous’ press release only focuses on denial of credit card theft and insistence that that is not how it operates. However, Sony’s letter to congress also points to DDoS attacks that occurred around the time of the intrusion. The company said it does not know who is responsible for the attacks, nor does it know if they were working in tandem with the hackers, but Sony does blame the DDoS attack for tying up its security team while the breach was taking place.

" … Our security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect this intrusion quickly -- all perhaps by design," said Sony’s Kazuo Hirai.

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know. In any case, those who participated in the attacks should understand that -- whether they knew it or not -- they were aiding in a well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony’s many customers around the world."

Check out Anonymous' full statement on the Guardian.

  • .
    The Anonymous DoS would have also have been the ideal time for a revenge action: by HBGary.

    Note that so far, no actual criminal use of the CC data has been reliably determined. HBGary could have simply downloaded the data onto a stick, pulled it out and destroyed it. With a hammer.
  • zoemayne
    i dont think anonymous did this why would they try to fraud the people?
  • captaincharisma
    zoemaynei dont think anonymous did this why would they try to fraud the people?
    because they hate Sony so much they will do anything to put them out of business. if they do get framed it there own fault because there DDOS attack happened almost at the same time. they could have broke in during the DDOS attack and placed the file there. i wouldn't put it passed them
  • ^^ not true in the least. You clearly do not understand the concept of anonymous in the least.
  • johnsmithhatesVLC
    "Anonymous" is just a couple smart social engineering skiddies that get thousands of bored teens to aid in their attacks. At the moment, there is no hard evidence against anybody so you can't really say anything.
  • cobra5000
    It will be interesting to see how this all turns out. Until then I sure wish I could log on to the DCUO account that I paid for!
  • Blessedman
    Umm the reason why there has been no "real" CC fraud yet is because there were no files stolen, the reasons there are no logs is because they have deleted their own trail of planting evidence... This is all Sony's plan to get help from the governments to stop Anonymous from their DDoS attacks which are crippling all that they own online. They have pissed off the masses and just like at the Boston tea party, their tea is going into the harbor. Will be fun to watch how this unfolds.
  • aaron88_7
    I had a dream some hackers stole $40,000 from my bank account.....the funny part was that I don't have anything near that amount in my account lol
  • zinabas
    How could Anonymous have done this, when Sony was quoted yesterday (in the same letter that most of these quotes come from) saying 'there were no similar queries for credit card information'. They admit that nothing related to credit card information seem to be touched in the intrusion yet everyone is arguing whether or not Anonymous has their credit card info.
  • Someone could have just put a file in there to say that since it is a rather known motto of theirs to cover their trail...