Sony/Anonymous Nonsense & the PSN Outage ... also GeoHotz

[X-SOLDIER]

(@ Tets: It's linked in the bottom of my post)


X

 

[Tetsujin]

Tbh, that file they found doesn't prove it was Anonymous.

Also, why would they deny it was them if they had actually left a signature behind? I mean. What.

 

[X-SOLDIER]

Tbh, that file they found doesn't prove it was Anonymous.

Also, why would they deny it was them if they had actually left a signature behind? I mean. What.

It doesn't, but it doesn't help their case at all, and it's enough that some of the investigation could justify looking into Anon.

For all we know, it was a section of the group, since they don't always operate together, and some of their members could've pulled this off independantly, and put something to claim their connections with Anon.

It could also just be something to point folks in the wrong direction. Either way, it's still bad news for Anon in this case.


X

 

[Masamune]

The cyber attack that knocked the Playstation Network and Sony Online Entertainment offline for more than a week was a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information," according to a letter from Sony to members of Congress obtained by Kotaku today from government sources.

I bet the mainframe password was 'Sony'.

 

[Cookie Monster]

Anyone can claim to be Anon, it's not like it's an actual organization with a set member base. That's why it's called Anonymous. It could just be some random basement dwelling nerd that gets off on doing this type of thing.

 

[ForceStealer]

It could just be some random basement dwelling nerd that gets off on doing this type of thing.

Kinda describes anyone that has ever claimed to be part of Anonymous.

 

[X-SOLDIER]

Gawker now has an article on this very subject.

The Sony hackers who perpetrated one of the biggest data breaches in history left a calling card on Sony's servers: a file called "Anonymous," containing the notorious hacking group's tag line. This is bad news for Anonymous, whose members largely want nothing to do with the hack.

Last month, hackers exposed the personal information, including credit card data, of millions of gamers by breaching Sony's PlayStation Network. In a letter sent to Congress today, Sony explained that the company had been the target of "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information."

The letter also implicitly blamed on Anonymous: Sony revealed it discovered a file on Sony Online Entertainment servers called "Anonymous" with the group's tagline, "We Are Legion." Case closed, right?

Not really: Most Anonymous members claim the group had nothing to do with this hack and have taken extraordinary steps to distance themselves from it. On the IRC servers Anonymous uses to organize its operations, channels dedicated to attacks on Sony have been systematically deleted for weeks. Even mentioning an operation against Sony can lead to a ban. And when Sony's PlayStation Network went down mysteriously last month—we now know this was when the hack was occurring—Anonymous took the unusual step of issuing a press release claiming that "for once we didn't do it."

Anonymous has come to realize that attacking Sony's PlayStation Network alienates a powerful group of potential supporters: nerds. The point was proved after Anonymous launched an unrelated attack on Sony in early April that briefly took down the PlayStation Network, in retaliation for Sony suing a kid who bypassed the Playstation 3's security systems. The attack sparked a nerd backlash which crippled Anonymous chat servers with retaliatory strikes and was generally a PR disaster.

"All the Sony kids were flooding the [Anonymous chat servers] and whining and complaining," said Gregg Housh an activist associated with Anonymous. An attack on Sony's PlayStation Network "pisses off a lot of people they want as fans not enemies." A similar concern was voiced last December when Anonymous contemplated attacking Amazon in revenge for it banning Wikileaks: One reason for not attacking was concern that the attack might anger people who were trying to do holiday shopping.

The dilemma presented by this new Sony hack shows how Anonymous' greatest asset—its amorphous, grassroots nature—can also be its greatest weakness. As news spreads that Anonymous was behind an attack on millions of gamers, there will likely be another backlash. "Pissed off that Anonymous Hacked PSN," wrote one Twitter user. Stealing millions of regular folks' credit cards is not a good look for Anonymous, the self-styled defenders of free speech.

Cries of "scapegoat" have been filling the Anonyosphere, which will no doubt argue Sony is trying to unload responsibility for its enormous screwup on Anonymous. But frankly there's almost no way Anonymous can disavow a role: If someone claims to be Anonymous, they are Anonymous. Just as the small cadre of elite hackers who took down the security firm HBGary were Anonymous, whoever was behind the PlayStation hack can claim the Anonymous banner as well—whether "Anonymous" claims them or not.

X

 

[Dashell]

http://www.industrygamers.com/news/...-handling-half-hearted-half-baked-says-house/

 

[Jaqen H'ghar]

I've been hearing updates on BBC and this is getting ridiculous. :| Sony needs to step up their shit 35 minutes ago.

 

[X-SOLDIER]

The Guardian has a full statement from Anon on their lack of involvement with a lot of good points. The site also has a link to Anon's full statement for those interested.

The online activism group Anonymous has denied insinuations by Sony that it was involved in the hacker breaches of the PlayStation Network (PSN) and Online Entertainment (SOE) systems in which between 77m and 100m personal details were stolen, and potentially as many credit card details.

The riposte was delivered in a letter published online soon after the corporation delivered a letter to US politicians in which it claimed that private investigators called in to examine the break-in had discovered a file entitled "Anonymous" and containing the words "We are Legion" - part of Anonymous's slogan.

The group issued a 900-word statement in which it insisted that it does not steal credit card data and that its aims are purely political - in marked contrast, it said, to its adversaries, who include Sony because of the action the company took against a number of users who had found ways around some protections built into the PlayStation 3 console.

"Anonymous has never been known to have engaged in credit card theft," the statement said. "Many of our corporate and governmental adversaries, on the other hand. have been known to have lied to the public about Anonymous and about their own activities."

It said that the credit card theft - which Sony said came about after four servers on its network spontaneously rebooted and began behaving "oddly" - did not fit Anonymous's "modus operandi": "Whoever did perform the credit card theft did so contrary to the 'modus operandi' and intentions of Anonymous. Public support is not gained by stealing credit card info and personal identities, we are trying to fight criminal activities by corporations and governments, not steal credit cards."

Anonymous is a loosely organised group of hackers of various levels of expertise with an onion-like structure, where the most experienced and skilled hackers work in the centre, widening to the less experienced but sympathetic "members" at the fringes. They organise themselves through online chatrooms; few members know each others' real-life identities. Membership is international and probably includes a couple of thousand people at any time.

In the past the group has targeted the Church of Scientology, Visa and Mastercard, and various middle Eastern governments in the pursuit of what it sees as transparency and individual liberty.

Sony has also blamed Anonymous for carrying out a denial-of-service attack which made it difficult or impossible to spot the break-in because Sony's engineers were trying to cope with the online attack that was knocking out their servers. The statement from Anonymous - which appears to have been authored by a number of people, but uses American spelling and grammar throughout - does not deal with the ramifications of the attack, and Sony's assertion that it enabled the theft by distracting the security team.

The timing of the break-in to Sony's systems is unlikely to have been an accident; a malicious hacker could have used the attack by Anonymous as cover when the first break-in on 17 April was made. Anonymous had announced on 4 April that it would attack Sony because the Japanese corporation decided to pursue legal action against George Hotz, who had discovered and then shared the "root key" of the PS3, which/i would mean that anyone could potentially play any game on it - including pirated ones.

Anonymous insisted: "If a legitimate and honest investigation into the credit card is conducted, Anonymous will not be found liable. While we are a distributed and decentralized group, our 'leadership' does not condone credit card theft. We are concerned with erosion of privacy and fair use, the spread of corporate feudalism, the abuse of power and the justifications of executives and leaders who believe themselves immune personally and financially for the actions they undertake in the name of corporations and public office."

The fact that Sony has said that the people who hacked its servers erased log files to cover their steps makes it look extremely unlikely that they would also have left a text file linking them back to Anonymous if that were their origin.

So while blaming Anon directly seems to be a red herring, it's incredibly likely that their actions were what allowed the hack to take place unnoticed. I still wouldn't be surprised if it was one of the individual Anon members acting of thier own volition, but the possibilities are pretty much endless. That being said, I think that even if it was, Anon would be either be too afraid of getting burned by giving up the hacker, or don't actually know who in their structure did it.

I've been hearing updates on BBC and this is getting ridiculous. :| Sony needs to step up their shit 35 minutes ago.

What exactly do you think that Sony could be doing that they aren't already doing?


X

 

[ForceStealer]

Here's what I don't understand. They're basically saying that they can't be held liable due to their decentralized nature, and that they didn't do it. But if they're so decentralized, how can whatever due wrote up that statement say whether they did or didn't do it?

 

[Jaqen H'ghar]

I would've liked to know the day it happened tbh I didn't even find out until days later through Facebook now they're getting it done but I just... I don't know what's going on anymore. I just want to know as much as possible. Plus I read somewhere that they're kind of taking longer than they expected with what they're doing right now I'll see if I can find the link.

 

[Ⓐaron]

Here's what I don't understand. They're basically saying that they can't be held liable due to their decentralized nature, and that they didn't do it. But if they're so decentralized, how can whatever due wrote up that statement say whether they did or didn't do it?

Well, it's obviously impossible to know whether someone who associates with Anonymous is responsible until the responsible party is identified, but they're definitely not doing it for Anonymous. If they were doing so for Anonymous, then information about it would be out by now. If that makes any sense. I may still be somewhat sleep deprived so I may not be making as much sense as I'm hoping I'm making.

 

[Russell]

Here's what I don't understand. They're basically saying that they can't be held liable due to their decentralized nature, and that they didn't do it. But if they're so decentralized, how can whatever due wrote up that statement say whether they did or didn't do it?

Spoiler

I'm not mocking you Vash, you make a very good point.
But I just couldn't helping thinking of that noise after I read your post.

[edit] I agree with Captain America.

 

[X-SOLDIER]

I would've liked to know the day it happened tbh I didn't even find out until days later through Facebook now they're getting it done but I just... I don't know what's going on anymore. I just want to know as much as possible. Plus I read somewhere that they're kind of taking longer than they expected with what they're doing right now I'll see if I can find the link.

I'd suggest Reading this post if you have any questions about why they put out what notifications when they did. IMO, their opinions were all timely based on the relevance of the information that they had.

If you really want to get a good head on what's going on, I'd read through this thread. I know it's 14 pages long, but this thread is absolutely crammed with information. Most of my posts have links to news sites and updates as they came out.


X

 

[Jaqen H'ghar]

I haven't really had the time lately to be able to look over everything (lulz finals) but I'll look it over

 

[Dashell]

What exactly do you think that Sony could be doing that they aren't already doing?


X

did you read the article I linked to on that post of mine that you thanked?
Though tbh I'm not sure how valid it is.

 

[X-SOLDIER]

did you read the article I linked to on that post of mine that you thanked?
Though tbh I'm not sure how valid it is.

Yeah, and I facepalmed at virutally everything that Mary Bono Mack said in it. There have been very good reasons that sony didn't show up to testify, and why they prepared all the statements for the hearing instead, and in this statement, they released a timeline of the events, and outlined why and how they announced what when.


X

 

[Tetsujin]

Rumour has it there's another attack planned:
http://news.cnet.com/8301-31021_3-20060227-260.html

Honestly though, I can't really believe this is true. What with the FBI and numerous security firms involved now that seems a bit too cocky to me.

Also, a letter from Howard Stringer:
http://blog.us.playstation.com/2011...um=social&utm_campaign=howard_stringer_050511

And lastly, this:
http://blog.us.playstation.com/2011...ium=social&utm_campaign=identity_theft_050511

 

[Madame Mayor]

Honestly though, I can't really believe this is true. What with the FBI and numerous security firms involved now that seems a bit too cocky to me.

Part of me hopes they are stupid enough to. It'll be easier to catch them a second time now that they are on full alert for it.

Also, am I the only one who calls them Crackers anymore? Sometimes I let slip Hackers just because it's what everyone says anymore but that makes me sadface.

And for anyone who doesn't know wtf I'm talking about...

http://en.wikipedia.org/wiki/Cracker

In computing, a hacker who breaks or circumvents security, including:
Computer security hacker, that is, someone who breaks into computers, regardless of intent. Used by computer programming hackers to stress the differences between the two occupations and philosophies.

Black-hat hacker, that is, someone who breaks into computers with malicious or criminal intentions. Used by white hat computer security hackers to stress the difference in ethics.

Software cracker, someone who modifies software to remove or disable copy protection and digital rights management features

Password cracker, someone who recovers encrypted passwords from data that has been stored in or transmitted by a computer system or associated to accounts as a measure for restricting access to a computer.

 

[ForceStealer]

I can't say I've ever heard that term myself. Maybe racial connotations interfered? Not that anyone really cares about that word. I dunno.

Anyway, yeah, in a way I hope they do only because they're more likely to get caught and we can ban their asses from coming near a computer.

On the other hand, I WANT PSN BACK, YOU DICKS. You don't like how Sony handled it so you want to make us go through that again? Fuck you.

 

[Dana Scully]

Also, am I the only one who calls them Crackers anymore? Sometimes I let slip Hackers just because it's what everyone says anymore but that makes me sadface.

I just call them hackers because no one knows wtf I'm talking about when I say crackers.

 

[X-SOLDIER]

As Tets said, it looks like PSN's getting close to being online again, which is great news.

We're getting closer. Sony has just announced via the PlayStation Blog that work on rebuilding the PlayStation Network at its new data center is complete, and that its "global network and security teams" teams are busy testing it internally.

According to the announcement, Sony is in "the final stages of internal testing of the new system, an important step towards restoring PlayStation Network and Qriocity services." The company didn't go so far as to estimate when PSN will be back online for everyone, but it's calling this a "milestone" in the process, so we'll hopefully learn more soon.

Regardless of the fact that there's been no reported credit card / identity theft, Sony is offering free identity theft protection for a year through Debix. PSN folks should be getting an e-mail in the next couple days containing a promotional code for Debix's service, after which they'll have until June 18 to sign up. I think it's US-specific for now until the get appropriate services for each region, but this offers the following:

Cyber monitoring and surveillance of the Internet to detect exposure of an AllClear ID Plus customer's personal information, including monitoring of criminal web sites and data recovered by law enforcement. If his/her personal information is found, the customer will be alerted by phone and/or email and will be provided advice and support regarding protective steps to take. The customer will also receive monthly identity status reports. Debix works with an alliance of cyber-crime experts from the government, academia and industry to provide these services.

Priority access to licensed private investigators and identity restoration specialists. If an AllClear ID Plus customer receives an alert, or otherwise suspects that he/she may be the victim of identity theft, the customer can speak directly, on a priority basis, with an on-staff licensed private investigator, who will conduct a comprehensive inquiry. In the case of an identity theft, the customer can work with an identity restoration specialist to contact creditors and others, and take necessary steps to restore the customer's identity.

A $1 million identity theft insurance policy per user to provide additional protection in the event that an AllClear ID Plus customer becomes a victim of identity theft. This insurance would provide financial relief of up to $1 million for covered identity restoration costs, legal defense expenses, and lost wages that occur within 12 months after the stolen identity event.

X

 

[Tetsujin]

Final stages. In other words another week or two.

 

[X-SOLDIER]

Update on attempting to get appropriate & similiar Identity Protection for EU users.

(God I hope it's up sooner than another 1-2 weeks)


X