Sony has blamed the online vigilante group Anonymous for indirectly allowing the security breach that allowed a hacker to gain access to the personal data of more than 100m online gamers.
In a letter to the US Congress, Sony said the breach came at the same time as it was fighting a denial-of-service attack from Anonymous.
Denial-of-service attacks take servers down by overwhelming them with traffic.
The online vigilante group has denied being involved in the data theft.
Sony said that it had been the target of attacks from Anonymous because it had taken action against a hacker in a federal court in San Francisco.
'We are legion' It added that the attack that stole the data had been launched separately while it was distracted by the denial-of-service attack, and that it was not sure whether the organisers of the two attacks were working together.
"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," Sony's letter said.
Sony said that it had discovered on Sunday a file planted on one of its servers named Anonymous and featuring the line "We are legion", which is a phrase used by the group.
In the letter to members of the House Commerce Committee, Kazuo Hirai, chairman of Sony Computer Entertainment America, defended the way that his company had dealt with the breach.
Sony discovered a breach in its Playstation video game network on 20 April but did not report it to US authorities for two days and only informed consumers on 26 April.
"Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence," the letter said.


http://www.bbc.co.uk/news/business-13288532

Anonymous, indeed.



Am i reading this correctly? They have a server called anonymous?

Sony said that it had discovered on Sunday a file planted on one of its servers named Anonymous and featuring the line "We are legion", which is a phrase used by the group.

Edit : redundant......this file has been hacked. lol

:close_tema: :moil::big_boss: :pound:

No Celine, the hacker left a note on the Sony server...bless his/her heart.

It's hard to feel bad for Sony when they leave their servers open to attack...

"What do they call it when your company ignores advanced warnings from security experts about running outdated server software with no firewall? It's on the tip of my tongue, you know...the term for a company that gets hacked, losing the personal data and credit card information for millions of people? Oh yeah, I remember now, they call it "retarded."

According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford."

From hardocp.com

Am i reading this correctly? They have a server called anonymous?

Sony said that it had discovered on Sunday a file planted on one of its servers named Anonymous and featuring the line "We are legion", which is a phrase used by the group.

Sony allegedly found a file left behind by the hackers as a sort of signature. the file name was Anonymous and the line in the file read "we are legion".

It stinks of a setup to me.

It stinks of a setup to me.

Anon are responsible for this.

Me thinks this large corporation is up to Sony Propaganda:)

press release.

Operation Payback brings you #OpSony


Dear Greedy Mother❤❤❤❤ers SONY,

Congratulations! You are now receiving the attention of Anonymous. Your recent legal actions against fellow internet citizens, GeoHot and Graf_Chokolo have been deemed an unforgivable offense against free speech and internet freedom, primary sources of free lulz (and you know how we feel about lulz.)

You have abused the judicial system in an attempt to censor information about how your products work. You have victimized your own customers merely for possessing and sharing information, and continue to target those who seek this information. In doing so you have violated the privacy of thousands of innocent people who only sought the free distribution of information. Your suppression of this information is motivated by corporate greed and the desire for complete control over the actions of individuals who purchase and use your products, at least when those actions threaten to undermine the corrupt stranglehold you seek to maintain over copywrong, oops, "copyright".

Your corrupt business practices are indicative of a corporate philosophy that would deny consumers the right to use products they have paid for, and rightfully own, in the manner of their choosing. Perhaps you should alert your customers to the fact that they are apparently only renting your products? In light of this assault on both rights and free expression, Anonymous, the notoriously handsome rulers of the internet, would like to inform you that you have only been "renting" your web domains. Having trodden upon Anonymous' rights, you must now be trodden on.

If you disagree with the disciplinary actions against your private parts domains, then we trust you can also understand our motivations for these actions. You own your domains. You paid for them with your own money. Now Anonymous is attacking your private property because we disagree with your actions. And that seems, dare we say it, "wrong." Sound familiar?

Let Anonymous teach you a few important lessons that your mother forgot:
1. Don't do it to someone else if you don't want it to be done to you.
2. Information is free.
3. We own this. Forever.

As for the "judges" and complicit legal entities who have enabled these cowards: You are no better than SONY itself in our eyes and remain guilty of undermining the well-being of the populace and subverting your judicial mandate.


We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
Expect us.

http://anonnews.org/?a=item&i=787&p=press

Hornet's nest! LOLS!

Hornet's nest! LOLS!

Will keep track of this one.; this is going to be much fun to watch ha ha

M@

-------------

Anon are saying they are not responsible for the hacking of the server and theft of credit card details etc.

Last month, an unknown party managed to break into Sony's servers and acquired millions of customer records including credit card numbers. Insomuch as that this incident occurred in the midst of Anonymous' OpSony, by which participants engaged in several of our standard information war procedures against the corporation and its executives, Sony and other parties have come to blame Anonymous for the heist. Today, in a letter directed to members of Congress involved in an inquiry into the situation, Sony claimed to have discovered a file on its servers, presumably left by the thieves in question, entitled "Anonymous" and containing a fragment of our slogan, "We are Legion." In response, we would like to raise the following points:
1. Anonymous has never been known to have engaged in credit card theft.
2. Many of our corporate and governmental adversaries, on the other hand, have been known to have lied to the public about Anonymous and about their own activities. HBGary, for instance, was caught lying a number of times to the press, to the public, and to Anonymous itself (in this phone call, for instance, ( http://tinyurl.com/...) CEO Aaron Barr makes a number of untrue statements regarding the intent of his "research," claiming for instance that he never tried to sell the information to the FBI when e-mails acquired soon showed that he had been set to do just that; executive Karen Burke was also caught lying to Bloomberg about having not seen an incriminating e-mail that she had in fact replied to just a few days before). The U.S. Chamber of Commerce lied about not having seen the criminal proposal created by them for Team Themis; Palantir lied about not having any idea what their employees were up to; Berico publicly denounced a plan that they had actively engaged in creating; etc. There is no corporation in existence will choose the truth when lies are more convenient.
3. To the contrary, Anonymous is an ironically transparent movement that allows reporters in to our operating channels to observe us at work and which has been extraordinarily candid with the press when commenting on our own activities, which is why reporters prefer to talk to us for truthful accounts of the situation rather than go to our degenerate enemies to be lied to.
4. Whoever broke into Sony's servers to steal the credit card info and left a document blaming Anonymous clearly wanted Anonymous to be blamed for the most significant digital theft in history. No one who is actually associated with our movement would do something that would prompt a massive law enforcement response. On the other hand, a group of standard online thieves would have every reason to frame Anonymous in order to put law enforcement off the track. The framing of others for crimes has been a common practice throughout history.
5. It should be remembered that several federal contractors such as HBGary and Palantir have been caught planning a variety of unethical and potentially criminal conspiracies by which to discredit the enemies of their clients. This is not a theory - this is a fact that has been reported at great length by dozens of journalists with major publications. Insomuch as that our enemies have either engaged in or planned to engage in false flag efforts, it should not be surprising that many of the journalists who have covered us, who know who we are and what motivates us - and who have alternatively seen the monstrous behavior of those large and "respectable" firms that are all too happy to throw aside common decency at the behest of such clients as Bank of America and the U.S. Chamber of Commerce - also have their suspicions that some capable party performed this operation as a means by which to do great damage to Anonymous in the public eye. Those who consider such a prospect to be somehow unlikely are advised to read about what was proposed by Team Themis in their efforts to destroy Wikileaks, and should otherwise take a few minutes to learn about COINTELPRO and other admitted practices by the U.S. intelligence community. The fact is that Anonymous has brought a great deal of discomfort to powerful entities such as Booz Allen Hamilton, Palantir, and much of the federal government; the Justice Department in particular is likely unhappy that our efforts revealed that it was they themselves who recommended the now-discredited "law firm" Hunton & Williams to Bank of America in order that the latter might better be able to fight back against Wikileaks. All of this is now public record, and anyone who finds it laughable that those or other entities may have again engaged in tactics that they are known to have engaged in in the past is not qualified to comment on the situation.
Anonymous will continue its work in support of transparency and individual liberty; our adversaries will continue their work in support of secrecy and control. The FBI will continue to investigate us for crimes of civil disobediance while continuing to ignore the crimes planned by major corporations with which they are in league.
We do not forget, even if others fail to remember.
We not forgive, even if others forgive our enemies for those things for which we are attacked.
We are legion, and will remain so no matter how many of our participants are raided by armed agents of a broken system.
We are Anonymous.

http://anonops.blogspot.com/

And just to think that this goes on all the time. They will claim that our information and credit Card information is all safe with them and not at risk. And it is all dishonest information they give us as they sell our data all the time. Every way you can imagin to make money off the backs of the trusting masses of people. There does not seem to be any moral standards anywhere except for what they want and demand from us. And our information just keeps on making that circle.

I had a second phone installed in my home last week. We gave that number out to no one. It was a back up phone and a new number. So we have two phone systems in our home. Minutes after the instillation was complete the phone started ringing. commercial companies trying to sell me things. Phone ringing every hour it seems to no end. The telephone AT&T gave out the number and my name to who know how many companies that have not had the chance to call on me yet. It is disgusting how this happens. So, I hooked it up to an answering machine that told each caller to stop calling. How we are used and abused. Emma

I had something similar happen to me a year or so ago. I went into town to get myself a mobile phone I walked into the phone shop picked the one I wanted picked a number for the phone from the computer while the guy was putting the battery on the phone and telling me it was already charged and good to go paid the guy and off I went, Not 10 mins later I had a call from a company trying to sell me Insurance for my phone.

I was really pissed off, I went back and told the guy in the store this was a private number and he had no right giving it to anyone, all he could say was it was not him, it was the computer.

I was not a happy bunny

And just to think that this goes on all the time. They will claim that our information and credit Card information is all safe with them and not at risk. And it is all dishonest information they give us as they sell our data all the time. Every way you can imagin to make money off the backs of the trusting masses of people. There does not seem to be any moral standards anywhere except for what they want and demand from us. And our information just keeps on making that circle.

I had a second phone installed in my home last week. We gave that number out to no one. It was a back up phone and a new number. So we have two phone systems in our home. Minutes after the instillation was complete the phone started ringing. commercial companies trying to sell me things. Phone ringing every hour it seems to no end. The telephone AT&T gave out the number and my name to who know how many companies that have not had the chance to call on me yet. It is disgusting how this happens. So, I hooked it up to an answering machine that told each caller to stop calling. How we are used and abused. Emma

Hi Emma.

It is also possible that wardiallers have 'found' that your number is new and available. I know that telemarketers use wardialling to find numbers.

War Dialling - A Thing of the Past or the Return of a Forgotten Evil
Robert P.S. Jansson, Monday, March 29, 2010


Are you part of an organization that performs war dialling as part of their regular external security audits? I can almost guarantee that most readers of this article will answer ‘no’ to that question. By not conducting regular war dialling as part of their regular external security audits, organizations are leaving themselves open to potential network security breaches due to the lack of knowledge of rogue or poorly configured modems attached to their network infrastructure. Rogue modems are known to have been installed by disgruntled employees or an attacker who has breached the physical perimeter of the organization.

For those new to the subject, war dialling is a technique used by attackers, traditionally using a modem, to scan a list of telephone numbers to search for modems, faxes, voice mail, PBXs, loops, dial tones, forwarders etc. War dialling was made well known in the popular 1983 film ‘War Games’ starring Matthew Broderick as a teenage hacker who unwittingly hacks a United States military supercomputer programmed to predict potential ramifications of a nuclear war. Attackers will often use war dialling attacks to gain access to the protected network without having to compromise the organization’s firewall in place between the public and private networks. Sometimes, these systems won’t even require valid authentication credentials (e.g. username and password) to be able to gain access to systems within the organisation’s network perimeter.



Until recently there has been a lack of development of war dialling tools/utilities by the public community. However, recently released free and readily available war dialling software was released (e.g. WarVOX by Metasploit) by the community, allowing an attacker to scan over 1,000 numbers per hour. Has this attack vector diminished from the face of the Earth or are there really attackers out there still using this old school method to attack public and private organizations?

In my extensive experience of security testing and auditing; most organizations do not commission war dialling as part of their regular security audits. However, some security experts may argue that unauthorized or insecure modems are one of the most overlooked security issues today. As with most successful attacks, this could prove to be fatal to the security posture of the organization and most likely prove to be very embarrassing. It is also most likely to prove costly in terms of remedial action and in regards to the organization’s reputation.

So what do you come across in a war dialling audit for an organization as a security consultant? I think this all depends on the size and nature of the business; but some real examples from the most recent War Dialling tests include the following systems that have been found to be, most of the time, insecure or mis-configured: Private Branch Exchange (PBX) telephone exchange systems, Cisco based telecommunications networks systems (MPLS), data storage systems, various monitoring systems for water and environmental protection industries, fire and alarm systems, elevator control systems, secure dial-in services normally used to provide secure remote or occasional access to local area networks (LAN) via the public telephone network and various fax compatible systems. Some of these systems are generally classified as important or critical by the organization. Most of the time the client never knew these systems was remotely accessible and it turns out that the service provider installed them for remote trouble shooting or that they have the default installation configured with default login credentials!

Now consider this; what if some of these remote access systems would be supervisory control and data acquisition (SCADA) systems to control valves, motors or other forms of equipment. This is obviously relevant for power transmission, oil, gas and water treatment industries, but not limited to those. For example, what if an attacker was able to shut down the power in that local area or open a valve at the sewage plant valve remotely causing a sewage discharge? This all through access gained via an insecure remote access dial-up service. More disastrous examples could be illustrated but I think you should be able to think of a few yourself… how about sewage plants, chemical plants, embedded systems, crane control systems, water purification systems, petroleum wellhead pump controls or even nuclear power generation systems. I am not saying all of these types of systems have modems directly connected to them but the associated infrastructure might.

Throughout my career as a security consultant I have been a firm believer that war dialling should form part of an organization’s regular security audit. War dialling will bring assurance to the organization that they don’t have rogue, poorly configured or unauthorized exposed modems to the general Internet and that they are resilient and secure against potential attacks. To date, there has not been one war dialling audit conducted that I have been involved with without a vulnerability being uncovered for the organization commissioning the audit. With new improved war dialling techniques and software being readily available, perhaps you should consider conducting a war dialling audit to explore/enumerate, classify and audit your exposed systems? Just remember, if you don’t find your vulnerabilities, the evil attackers surely will.

(Commissum are exhibiting at Infosecurity Europe is the No. 1 industry event in Europe held on 27th – 29th April at Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk )

http://www.cstl.com/products/CST/Penetration-Testing/RAS-Wifi-VPN-War-Dialling-and-Laptop-Testing.pdf

http://www.sans.org/reading_room/whitepapers/threats/remote-access-white-paper_476

http://news.techworld.com/security/498/firewalls-no-match-for-war-dialling/

Icecold wrote:

Hi Emma.

It is also possible that wardiallers have 'found' that your number is new and available. I know that telemarketers use wardialling to find numbers.

War Dialling - A Thing of the Past or the Return of a Forgotten EvilWhat really upset me was that not only was the phone ringing off the hook, and when I did (It was set up in another room that we do not use) the person on the other end ask this......Is this Emma S__ B_____, and I would answer ....well yes, but why are you calling this number? and then they would start by telling me a lie, and then go on to say well all you would have to pay is $40.00 a month service fee to make sure it was working, etc etc. The one guy who kept me on the phone with a false and lie opening statement just put me in a very unfriendly mood. I then just told this very pushy salesperson. ......Sir...this conversation is over. He said OK and hung up. I had decided to listen to see where this ,,,,,knowing my phone number and name......would go, and when the bottom line hit I gave him the immediate hang up notice. It is one thing to know a number to call, and it is another thing to...know my name. Thanks for this information Ice, I was not aware that this was/could be such a bigger racket than dreamed. Well....I thank god for the little answering machine built into the phone. No one should be calling that number. I only wanted it to call out. Emma

------------------

It's a setup, ponder this.. What is the best way to destroy Anonymous?
A group that has a swarm mind, one that functions in sync but without an obvious leader. A direct attack will only increase its numbers. If you take out 1 hacker, 5 more will spring up in their place. If you raid every home and destroy every piece of equipment, the movement will get stronger. The resistance will rise. However, there is one eloquent way to dismantle the group. Simply turn those that would join its ranks, against them. Look, it's no secret gamers are mostly nerds, and it's a good chance that gamers know a bit about computers, or at the very least support the Anonymous movement. That is, until their gaming is affected. We know this based on the original attack from Anonymous, it angered the gamers, and Anonymous stopped.

These are the keys to the puzzle, Anonymous refutes the idea that it was them, a "hacker" left the Anonymous calling card on the server, "accidentally", the people who support Anonymous will turn their backs on the group because of the PSN outage and Anonymous slowly turns from Freedom Fighter to an infamous "group of assholes that took down PSN".

So, who did the hack on PSN? Sony, with the assistance of the US gov. It's a win-win, I bet 100-1, Sony settles out of court on the class actions, the US gov "helps them investigate", no data or info is compromised because it was Sony who did it. It's a perfect situation for Sony and the US, they both win and Anonymous loses. Sony will never actually take any action against Anonymous, they will only "claim" it was them. Then, that is it, Anonymous is dissolved and discredited, Sony "makes it up to gamers", the US looks innocent and "everyone" is happy...

It's a setup, ponder this.. What is the best way to destroy Anonymous?
So, who did the hack on PSN? Sony, with the assistance of the US gov. It's a win-win, I bet 100-1, Sony settles out of court on the class actions, the US gov "helps them investigate", no data or info is compromised because it was Sony who did it. It's a perfect situation for Sony and the US, they both win and Anonymous loses. Sony will never actually take any action against Anonymous, they will only "claim" it was them. Then, that is it, Anonymous is dissolved and discredited, Sony "makes it up to gamers", the US looks innocent and "everyone" is happy...

Sony's cost to correct this issue has been estimated at $1.5 billion. $300 million to pay for all the credit cards compromised to be replaced, loss of service, and upcoming legal issues. Surely they could have thought up a cheaper way to take out the hackers.

Well ... after Anonymous's incursion into the Wikileaks saga and web of deceit - in purported defense of that false flag alphabet soup operation - I'm inclined to say that Sony and Anonymous are different components of yet another psychological soup operation.

To wit, Anonymous is establishment playing the anti-establishment role: the king sending his best spy into the mob then clocking him in plain view of the mob ... the mob rallies around Anonymous who they now see as one of their own ... and voila, the king has his royal eyes and ears on public sights and sounds ... and royal arms to bring back seeds to sow in his dungeon.

Humble opinions all around.

:typing:

-----------------------

Does anyone know the date/time of when the first news story broke on this? It might be interesting to look at the astrology. The astrology on the Bin Ladin saga is raising some eyebrows.

The first email from Sony was sent out on 4/26. The acutal events took place between 4/17 and 4/19. The email can also be viewed here: http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/

PS3 maker intends to have service "fully" restored by the end of this month, putting network outage at around six weeks.


http://www.gamespot.com/news/6312524.html?part=rss&tag=gs_news&subj=6312524

I always thought that the CIA liked to remain Anonymous, when engaged in illegal theft, oh wait, where that the case, we would never have heard of them.

The network itself is down but i can still be online and stream movies into my ps3 onto my tv,this is affecting the geeks badly the online gamers,it doesnt bother me much cause i am not one of those call of duty crazy people heh,but its very disappointing to say the least the way sony handled this whole thing and how they kept things in the dark from their customers for an entire week before they told us what really happened,besides the annoyance of having to call my bank to get my visa card replaced and the fact they got hold of all my personal info,so yeah right now there are lots of pissed off people and rightly so!