Sony Lays Out Investigation Timeline, Hints At 'Anonymous' Involvement in PSN Breach

In a written response to questions from a congressional committee, SCEA president Kaz Hirai presented evidence the hacker group Anonymous might be behind the breach in Sony servers that exposed users' personal data. In a letter to the House Subcommittee on Commerce, Manufacturing and Trade, Hirai notes that an investigation into the recent breach of SOE servers found "that the intruders had planted a file on one of our Sony Online Entertainment servers named 'Anonymous' with the words 'We are Legion.'" (The phrase is something of a slogan for the loose collection of hackers and activists.) The letter also notes that the attacks on both PSN and SOE servers came shortly after a denial of service attack launched by Anonymous and "threats made against both Sony and its executives in retaliation for enforcing intellectual property rights in U.S. Federal Court." Anonymous quickly halted those attacks to avoid inconveniencing PSN users, and the group later denied involvement in the subsequent intrusion and PSN outage it caused. In the letter, Sony admits it had evidence "data of some kind" had been taken from its servers by the early afternoon of April 20, just before it made the decision to shut down PSN service. A forensic security team was retained that day, and a second one added on April 21 before the FBI was contacted April 22. It took these teams until April 23, Easter Sunday, to confirm the techniques the hackers had used to compromise the system and try to cover their tracks, the letter says. A third forensic team was brought in at this point to help clarify as much as possible the full scope of the breach, which was known by April 25. The company then notified users of the intrusion on April 26. Hirai said Sony has "tried to err on the side of safety and security" in investigating the breach and informing the public about it. "I am of course aware of the criticism Sony has received for the time taken to disclose information to our customers. I hope you can appreciate the extraordinary nature of the events the company was facing..." the letter reads. "Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence," it continues. Sony reiterated that while it can't rule out that credit card data was compromised, they have no reports of fraudulent credit card activity related to the breach from the major credit card companies. "Our forensic teams have not seen queries and corresponding data transfers of the credit card information," the letter says. The letter also details new security systems being set up to prevent such breaches in the future, including additional encryption, firewalls, and automated software monitoring, as well as the naming of a new Chief Security Information Officer.