The Sony Hack: Who did it and why? UPDATED

STORY UPDATED: 17:00 03/05/11

Cyber criminals have just pulled off one of the biggest hacks in web history. The details of 43 million Playstation and Playstation online users have been stolen and Sony online services are still down. Three weeks after the Sony hack became public, the damage only seems to grow – with details emerging today of the Playstation online data theft affecting 25million.

Who did it? Why? It it a straightforward attempt to steal money from the victims? Is it a punishment on Sony? We look at what we know about the shady figures behind the attack –

Who did it?
The amorphous group Anonymous threatened Sony with attacks two weeks before the hack was revealed to the public. Anonymous – previously responsible for digs at Scientology and acts in defence of Wikileaks – published the message below a few days before Sony’s PS3 service went down. It uses the Anonymous classic Guy Fawkes mask as a background.

2-anonymous-sony-hack.jpg

But – did they do it? No, according to Sony and according to posters on Anonymous forums – and well – commenters on this blog post who have leapt to defend the hacktivist group.

According to a statement by Sony, Anonymous had launched a separate and much milder attack on the company’s websites – a DDoS attack and the publishing of private details of Sony executives. The massive database hack was unrelated they said. Sony CEO Hirai released the following statement describing the Anonymous actions, but drawing clear lines between the two attacks:

“While there may be no relation to this attack, the Sony network has also been targeted by the Internet group Anonymous,” said Hirai. “In addition, the personal information on Sony’s top management, including the names of their children, the schools they attend, and the names of other family members, has been published on the Internet. They have also called for protests outside Sony stores around the world.”

According to a commenter on this post called, err, “Anonymous” – “Anonymous never hacks for monetary gain”. Certainly, it’s not in their high-minded mission statement about Freedom of Information which quotes the United Nations Human Rights declaration – read it here.

The name Anonymous is more a blanket term for a philosophy or behaviour than a set group of people. The Wikipedia article on them contains this description:

“Anonymous is the first Internet-based superconsciousness. Anonymous is a group, in the sense that a flock of birds is a group. How do you know they’re a group? Because they’re traveling in the same direction.”

Why was Sony targeted?
The Anonymous statement above suggests the hack was an act of revenge on Sony after they prosecuted two hackers for opening up the source-code of the Playstation 3 online. Sony had promised to prosecute everyone who downloaded the code as well as the two hackers who posted it online in the first place.

Even if it wasn’t the Anonymous group who initiated the attack, it could have been someone motivated by similar causes to them. Sony’s actions did stir up a lot of anger. Perhaps it was the 17 year old boy mentioned below by commenter below… “BULLSHIT its that 17yr old, dont know his name but got told it waass him, not anonymous” says ‘Anonymous’.

If it is actually a 17 year old – after he gets out of prison – there will be a lot of people queuing up to employ him.

Of course the third option is just some very organised, very smart cyber criminals. But still? Why Sony?

It’s hard to understand why Sony were targeted for a cyber crime of this magnitude. They are just one of many many big corporations who hold the credit card details of their customers online. And surely there other ones who would have been softer touches to hack.

Another thing that gets me about this affair is that though the hacking was very sophisticated and cut to the core of the multinational’s databases, the idea for monetising the stolen data is quite simple and to be honest a bit shit – selling the data over the internet. Surely a true cyber criminal with this kind of brain-power would have worked that bit out as well.

Maybe details of a sophisticated financial fraud plan will emerge later, but this makes the hack seem almost more symbolic than than about monetary gain. That to me makes it seem more like a hacker’s work than a criminals.

But the Anonymous spokespeople – such as there are any – have stepped back from it and condemned the hack. So their hands are clean as far as the internet is concerned.

What’s going to happen to the data that has been stolen?

Reports earlier today suggest that the data will be put on sale on the internet, meaning that that hackers in possession of the data will make some profit from their hack. The data will most likely be sold to cyber criminals with an interest in using it for scams and hacks in an attempt to get money out of the victims.

How are they going to catch them?

Efforts at Sony have been focussed on determining the scale of the hack, fixing their security holes and getting their services back online, however, when they finally do, they’ll be looking at a few more courtcases. The FBI’s cyber-crime division are already working with Sony who must be desperate to avoid this ever happening again. Other corporations with their customers credit card details stored online will be similarly keen to see an example made of the hackers behind this huge attack.

Any more comments? DO post them below.
I might even update the article again.

Anna Leach

24 comments

  • Likewise Sony’s long term goal is to limit the PR damage and is far better for them to say they were targeted and customer data compromised by highly skilled international cybercriminals than admit it was a bunch of bored teenage script kiddies.

  • Likewise Sony’s long term goal is to limit the PR damage and is far better for them to say they were targeted and customer data compromised by highly skilled international cybercriminals than admit it was a bunch of bored teenage script kiddies.

  • Likewise Sony’s long term goal is to limit the PR damage and is far better for them to say they were targeted and customer data compromised by highly skilled international cybercriminals than admit it was a bunch of bored teenage script kiddies.

  • i remember halcyon days of gaming…you got a game..played it…part exchanged it…got another…if ppl wanted net they got pc games…then gates announced his xbox…sony followed with all web bshit…and now u r controlled by the money grabbing bstrds who try to squeeze your last cent out of you..games shops in trouble and you end up buying games online…its obvious all this online crap leaves us vulnerable..and ppl like sony r only interested in the dough…not us. they have no respect for us..selling a machine with other os spec then taking it away..with threat of rendering hardware us if you dont allow update. i went back on psn…only to be faced with barrage of msgs warning me of rental renewals required even though i didnt rent in first place…and they now say i have to purchase movies i bought…not yet played again…and wheres this free stuff? a crappy little package of little value. i shall never give them card details again..but just buy from game…games or redeem cards. the ps3 is abloody good storage device and computer…so most of time i shall use it for photography and music…or is net accessability next thing to go? i dont like what hackers did…but good they have opened our eyes to how gullible and vulnerable we all are…hang loose…dingle doodie

  • this is a disgrace, i want to play killzone. i hate you sony, i hate you

  • It’s obvious who did it, someone who wants to make some money by selling people’s personal information. Normally sold onto spammers. I’m sure the people who have had their details stolen will see an increase in spam received.

    We recommend never to give your email address away, use a disposable email address instead. Check out: http://www.spamratings.com/consumers/the-cleanzer-tour

  • I have had a major problem with Sony Online Entertainment. I played their games since 1999 and I quit in December 2010 because of my Account being stolen.

    Whenever you want any information on your account changed you have to tell the SOE Representative all of your account information including credit cards used etc. Then after you have talked to them a full copy of this is stored in the accounts “Petition History”. Anyone who gains access to the account is able to view this.

    When my account was stolen in December 2010, whoever stole it was able to use my information stored in the peition history to keep my account. I spent over $200 on phone bills to SOE and over 5 hours trying to get my account back. I provided endless amounts of proof of who I am (the owner of the account) and they just never gave me my account back. I was told 3 times that they would return my account to me but they kept me waiting and making me call back (from another country) where they would keep me on the phone for over an hour.

    They assisted a thief to steal my property!!! I spent many years creating what I had, playing many hours daily.

    To top it all off, recently I tried to obtain a basic bank account for my business and I was refused 3 times… and why is that? My credit score is clean? Then I find out I have something marked on my name as Fraud because of Sony Online Entertainment and my stolen game account!!!

    Even though I use to pay this company over $100 every month for many years they have caused nothing but problems for me and I will never play any of their games again.

  • While I generally support Anonymous, I will play devil’s advocate for a sec.

    Just because the hack may have involved credit card data that does not mean financial gain was a motive. the motive could just as easily been to give sony a well deserved and long awaited kicking by giving them a PR disaster they will not forget.

    Anonymous has in the past used the diversionary tactic of keeping IT admins occupied dealing with DDoS attacks at the front door while someone slips in the back ACS:Law (UK) and HBGary spring to mind.

    In such a case there would be nothing gained by anonymous admitting it as it could potentially refocus federal goons efforts and alienate the more short term thinkers in the gaming community.
    Likewise Sony’s long term goal is to limit the PR damage and is far better for them to say they were targeted and customer data compromised by highly skilled international cybercriminals than admit it was a bunch of bored teenage script kiddies.

  • What ever interaction anonymous had in this situation, i stand behind and support them 100%. In history the mask has hid the identity of tens of thousands who have fought for the greater good without care for the individual. This is what humanity needs. and even if anonymous was responsible for the data thefts, at least it is making a clear message that the violations of privicy and the abuse of the judicial system will not tolerated.

  • BULLSHIT its that 17yr old, dont know his name but got told it waass him, not anonymous, anyway when the hell is PSN network back-up, i miss wooping people online, an stay kool yh

  • Terrible journalist is terrible. You should do some more research next time.

  • Anonymous doesn’t care about monetary gain. How much research have you done on Anonymous? Two minutes? You said you’d change the article. We’re still waiting, Anna. It’s unwise to spread lies, especially since in civilised nations, people are innocent until proven guilty.

  • Fail news article, Anon did not hack Sony, Sony have said so themselves,

  • yup, proof that you shouldnt believe all you read on the internet…this article is pure baloney…
    Mmmm, baloney.

  • ookay – hang on: let me update the article, i admit there are some facts missing. but i’m standing by this – with the hacking that sophisticated and the profiteering that casual(selling the data on the internet), to me this seems to be about more than just money. surely there are easier targets than this?

  • Why post ‘news’ if your ‘news’ is so wrong that a simple google search can prove you wrong

  • You are a moron, Anna.

    Sony has officially stated that they have found no link between Anonymous and the PSN hack. Anonymous has also denied any involvement.

    If you were any sort of reputable journalist (you’re not), you would know that outright theft of data is not what Anonymous stands for or endorses. Also take into account that many thousands of Anons were negatively affected by this.

    You have proven yourself to be an enemy of journalistic integrity and should be utterly ashamed of yourself.

  • hi anne (nonymouse) – so are we still waiting for the Anon action to hit Sony then?

  • Bullshit. Anonymous have NOT claimed responsibility for the PSN hack, they have stated they are targetting Sony due to the GeoHot debacle. They have in fact DENIED reasponsibility for the PSN hack.

    Plz to get ur fax strait.

Comments are closed.