Despite Anonymous flat-out denying any involvement in the PSN security breach, Sony claims that the group is responsible for the most recent cyber attacks on the Sony Online Entertainment Servers. In a recent address to Congress, Sony aknowledged their role in the recent theft of thousands of customer credit cards and other personal data.
Sony told the United States Congress that “we discovered that the intruders had planted a file on our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion” in the file. This recent finding isn’t irrefutable evidence that the hacking group is responsible, but it certainly isn’t going to be winning them any points with the millions of gamers across the globe whose personal information has revealed to the hackers responsible for the attacks.
Sony also layed all of their cards on the table, by brandishing a timeline of the events leading up to the deactivation of the PlayStation Network. Also what they are planning to do going forward.
Sony informed the Subcommittee on Commerce, Manufacturing & Trade of the U.S. House of Representatives of the following:
– Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
– We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
– By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
– As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
– Protecting individuals’ personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
– We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.
Still, no exact timeline has been outlined for the PlayStation Network’s return.