Enterprise Security

Anonymous Makes Mischief With Manufactured Hack Claim

The fixes Sony made to its PlayStation Network last year after its system was hacked may not have made it impenetrable: Reports are circulating that the hacktivist group Anonymous has breached the network again.

The rumors started with a tweet posted to the group’s account that has since been taken down. The tweet apparently claimed the hackers had gotten their hands on 50-gigabyte database of sensitive customer information. Some 10 million PSN user accounts, including emails and passwords, were supposedly stolen.

Hoax Territory

There are several reasons to believe the reports are based on a hoax, starting with a fervent denial from Sony.

“We can confirm that the recent claim that PSN was illegally hacked & that customer PWs and email addresses were accessed is completely false,” the company said in a tweet.

Another reason to dismiss the hacking claim as malarkey came from Web publication Kotaku, which analyzed the published email addresses that supposedly were hacked and determined the list was a copy of a pastebin posting from March 19.

“The leak was fake. As far as we can tell, PlayStation Network has not been hacked again,” Mikko Hypponen, chief research officer of Internet security firm F-Secure, told the E-Commerce Times.

Despite all the evidence in Sony’s favor, the company most likely is none to thrilled to be visited with a reminder of last year’s infamous attack on PSN, which cost the company and its users millions of dollars while the site went dark for several weeks.

Anonymous Hates Sony

One reason the tweet initially gained some credibility is that Anonymous clearly loathes Sony.

It is thought that Sony has been a target of Anonymous in retribution for Sony’s lawsuit against PS3 hacker George Hotz (aka “GeoHot”), said Axis Technology Principal Consultant Joseph Santangelo.

“But why would they falsely take credit for a hack? Creating doubt among Sony PSN customers could be one reason,” Santangelo told the E-Commerce Times.

Organizations experiencing a data breach incur costs across the board, found a survey conducted by the Ponemon Institute for law firm Scott and Scott. Seventy-four percent of the respondents reported a loss of customers, 59 percent faced potential litigation, 33 percent faced potential fines, and 32 percent experienced a decline in share value.

In the run-up to last year’s Sony breach, GeoHot “wanted to modify his own PlayStation so he could run his own programs on it. Sony sued him,” Hypponen recalled. “As an end result, Sony outraged people and was hacked over 30 times.”

Apple was targeted in a similar episode, he noted, but it responded differently.

“Nicholas Allegra (aka ‘Comex’) wanted to modify his own iPhone so he could run his own programs on it,” said Hypponen. “Apple did not sue him. Apple hired him. As an end result, nobody was outraged, and Comex is now inside Apple helping them to prevent future hacks. Good move.”

Users Yawn?

In this particular case, though, PSN users may dismiss reports since they are coupled with news that it is likely a hoax, said Robert Siciliano, CEO of IDTheftSecurity.com.

Or possibly they may not hear about it at all, he added.

“Unless users get a specific notification saying their account was compromised, then the majority will probably never know a fake has occurred,” he told the E-Commerce Times.

Sony did not respond to our request to comment for this story.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Erika Morphy
More in Enterprise Security

E-Commerce Times Channels