Friday, May 6, 2011

Sony 'distracted by vigilante attack' while data stolen

Sony has blamed the online vigilante group Anonymous for indirectly allowing the security breach that allowed a hacker to gain access to the personal data of more than 100m online gamers.

In a letter to the US Congress, Sony said the breach came at the same time as it was fighting a denial-of-service attack from Anonymous.
Denial-of-service attacks take servers down by overwhelming them with traffic.
The online vigilante group has denied being involved in the data theft.
Sony said that it had been the target of attacks from Anonymous because it had taken action against a hacker in a federal court in San Francisco.

'We are legion'
 
It added that the attack that stole the data had been launched separately while it was distracted by the denial-of-service attack, and that it was not sure whether the organisers of the two attacks were working together.

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," Sony's letter said.

Sony said that it had discovered on Sunday a file planted on one of its servers named Anonymous and featuring the line "We are legion", which is a phrase used by the group.

In the letter to members of the House Commerce Committee, Kazuo Hirai, chairman of Sony Computer Entertainment America, defended the way that his company had dealt with the breach.
Sony discovered a breach in its Playstation video game network on 20 April but did not report it to US authorities for two days and only informed consumers on 26 April.

"Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence," the letter said.

No comments:

Post a Comment