Sony has claimed that the hackers of the PlayStation Network (PSN) and its Sony Online Entertainment (SOE) were part of the loose hacktivist collective Anonymous.
Kazuo Hirai, chairman of the board of directors of Sony Computer Entertainment America, answered to the Subcommittee on Commerce, Manufacturing and Trade of the US House of Representatives over the recent hacks on their PSN and SOE servers, where more than 100m users’ personal data was taken.
Within these answers, Sony claimed the hack was a “very carefully planned, very professional, highly sophisticated criminal cyber attack.”
Sony noted that as of today, major credit card companies have not reported fraudulent transactions as a result of the attack.
The company said it has enhanced data protection, encryption levels and the ability to detect software intrusions and unauthorised access. Sony has also added more firewalls, established a new data centre in an undisclosed location and will name a new chief information security officer.
Sony pointed out that the hackers planted a file within an SOE server called “Anonymous”, seemingly implicating the loose online collective responsible for taking down sites which withdrew support for whistleblower WikiLeaks.
Anonymous had also previously taken down numerous Sony websites before the data breach, though the reasons were to protest the company’s lawsuit against a PS3 jailbreaker and not to obtain users’ personal data.
Within this file were the words "We are Legion", which is known as the movement’s motto.
However, a statement was released by an unofficial Anonymous spokesperson, Barrett Brown, saying Anonymous “has never been known to engage in credit card theft.”
The statement said Anonymous is “an ironically transparent movement” letting the press observe its activities and accused its “corporate and governmental adversaries” of lying to the public about its activities.
It said that whoever took this personal information did so “contrary to the modus operandi and intentions of Anonymous” and that the loose collective was more concerned with protesting the activities of corporations and governments, as opposed to stealing credit card numbers from the public.
“We are concerned with the erosion of privacy and fair use, the spread of corporate feudalism, the abuse of power and the justifications of executives and leaders who believe themselves to be immune personally and financially for the actions they undertake in the name of corporations and public office,” read the statement.
The loose nature of the collective means anyone can do anything under the name of Anonymous, as the group does not have any official leader handing out orders to other people within the movement.
"Any clever thief of that sort would be inclined to leave a document laying blame to someone else," he said.
"We’re all mystified by this. Everyone just assumes – knows – it’s some criminal group. But it wasn’t us."