While Sony isn't showing up for the United States Congressional Hearings regarding their recent security breach, they have decided to answer all of the questions asked of them by the hearing committee.
Kaz Hirai himself answered all of the questions posed to Sony in a letter which Sony has made available here.
One very interesting piece of information revealed is the discovery of a file titled, "Anonymous" with the text "We are Legion" in it. While some might think this points the finger at the hacking group Anonymous, that isn't necessarily true and Sony doesn't point a finger, either, they simply state this file was found. Anonymous has already released a statement condemning the attacks, though they also admit it could have been perpetrated by rogue members of their group. Since hackers usually like to brag about their accomplishments, the far more likely scenario is the actual hackers inserted the document to cash in on the already prevalent attacks that WERE made by Anonymous shortly before the network outage.
I've also heard the arguement that a Sony employee may have planted this document. First off, this accusation is unfounded. Secondly, there is no benefit to Sony in doing this. We know somebody hacked the network, who did it will have no bearing on whether or not Sony will be found negligent in their ability to protect the data that was stolen, which is something they're under the magnifying glass for right now.
Some other pertinent answers, as summarized by the Sony Playstation Blog were:
- Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
- By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
- As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
- Protecting individuals’ personal data is the highest priority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
- We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Office.
These are just Sony's answers along with my own informed analysis of the situation, but the actual culprit of this intrusion has yet to be revealed. Do you think Anonymous had anything to do with the attack or is this a feint by the actual hackers?