Sony's truth-twisting has gotten out of hand.
Sony has just submitted a letter to Congress in response to questions over the PSN outage and data theft. I'll post a detailed analysis of their specific answers to that inquiry shortly. Right now, what interests me is the first portion of that letter. Sony used it as a springboard to blame Anonymous for every aspect of the attack, while minimizing their own culpability.
Buy Now: Sony PlaysStation VR In Stock Here
Kazuo Hirai, Chairman of Sony's board and supposed author of the letter described the breach as "a large-scale cyber attack" that "came shortly after" a series of denial-of-service attacks. Along with these attacks was a series of "threats" against company executives for "enforcing intellectual property rights".
By the way- any time Sony refers to the San Francisco suit aimed at "enforcing intellectual property rights", they are really talking about this suit against George Hotz. "Geohot" is one of the men who cracked the PS3.
There are a number of conflicting statements and seeming inaccuracies in this letter, and I'll try to list them all below.
1. Sony claims to have heard "no confirmed reports of illegal usage" of the stolen data. But they claim later on that the hack was 'Designed to steal personal and credit card information for illegal purposes". Sony doesn't address this apparent inconsistency. Nor do they mention the multiple early claims of PSN-related credit card theft. Or the fact that hackers have already bragged about taking credit card data.
2. The letter asserts that Sony operated under several principles during their response to the hack. Their goal was to "provide relevant information to the public when it has been verified", which apparently took something like a week. They also stated their commitment to working with law enforcement towards bringing these individuals to justice. Yet they waited two days to contact any agency, and five days to meet with the FBI.
3. Distressingly, Sony admits that "this past Sunday" saw evidence of another attack revealed. Sony provided no further details of the attack, leaving customers to wonder just what else other private data they may have lost to hackers.
4. Sony makes a big deal about how "professional" and "carefully planned" this attack was. They note that "the experienced attackers...attempted to destroy the evidence that would reveal their steps." Yet those same hackers- who were paranoid enough to try and wipe all traces of their presence, left behind a calling card. A really really obvious calling card: one folder named "Anonymous" with the text "We Are Legion" inside.
The Anonymous Connection:
It's easy to see why Sony would want to blame Anonymous for this incursion. Questions about why personal data was left unencrypted and whether or not it was irresponsible to rely so much on client-side security are easily answered by throwing out a "scary" name. In reality, "Anonymous" as a larger entity would have been entirely disconnected from this enterprise.
Sony even admits that the DOS attacks may not have had any direct connection to the theft. Instead of copping to their lack of security, the gaming giant goes on a rant about the need for stronger laws.
"Creating more stringent guidelines for maintaining and policing storage of personal information may be necessary in our current climate, but, make no mistake, without addressing the need for strong criminal laws and sanctions and, most importantly, enforcement of these laws, there will not be any meaningful security on the Internet."
This is Not Right: You can argue all day about which laws are and aren't needed. That isn't my place. But you're fooling yourself if you think anything but "more stringent guidelines" for information security could have prevented this attack. A law addressing Sony hackers by name and threatening a public stoning wouldn't have kept that personal data from getting out.
But you know what might have? Encrypting it.
So Who Is Responsible?: Shortly after the attack came out, Anonymous posted this video denying responsibility for the attacks. They allowed that individual members of Anonymous may have been involved- likely considering the group's enormous size- but denied that the heist was part of their action against Sony.
"Sony is taking advantage of anonymous' previous ill-will towards the company to distract users from the fact that the outage is actually an internal problem."
Don't Miss: Nintendo NX: Everything You Need To Know
I'm no fan of Anonymous, but that's certainly what seems to be happening. The only people at fault in this whole mess are a very tiny group of skilled hackers, and a company whose hubris gave them fatal delusions of invulnerability.