The Sony Hack: Who did it and why? UPDATED

Anna Leach Tech

STORY UPDATED: 17:00 03/05/11

Cyber criminals have just pulled off one of the biggest hacks in web history. The details of 43 million Playstation and Playstation online users have been stolen and Sony online services are still down. Three weeks after the Sony hack became public, the damage only seems to grow – with details emerging today of the Playstation online data theft affecting 25million.

Who did it? Why? It it a straightforward attempt to steal money from the victims? Is it a punishment on Sony? We look at what we know about the shady figures behind the attack –

Who did it?
The amorphous group Anonymous threatened Sony with attacks two weeks before the hack was revealed to the public. Anonymous – previously responsible for digs at Scientology and acts in defence of Wikileaks – published the message below a few days before Sony’s PS3 service went down. It uses the Anonymous classic Guy Fawkes mask as a background.


But – did they do it? No, according to Sony and according to posters on Anonymous forums – and well – commenters on this blog post who have leapt to defend the hacktivist group.

According to a statement by Sony, Anonymous had launched a separate and much milder attack on the company’s websites – a DDoS attack and the publishing of private details of Sony executives. The massive database hack was unrelated they said. Sony CEO Hirai released the following statement describing the Anonymous actions, but drawing clear lines between the two attacks:

“While there may be no relation to this attack, the Sony network has also been targeted by the Internet group Anonymous,” said Hirai. “In addition, the personal information on Sony’s top management, including the names of their children, the schools they attend, and the names of other family members, has been published on the Internet. They have also called for protests outside Sony stores around the world.”

According to a commenter on this post called, err, “Anonymous” – “Anonymous never hacks for monetary gain”. Certainly, it’s not in their high-minded mission statement about Freedom of Information which quotes the United Nations Human Rights declaration – read it here.

The name Anonymous is more a blanket term for a philosophy or behaviour than a set group of people. The Wikipedia article on them contains this description:

“Anonymous is the first Internet-based superconsciousness. Anonymous is a group, in the sense that a flock of birds is a group. How do you know they’re a group? Because they’re traveling in the same direction.”

Why was Sony targeted?
The Anonymous statement above suggests the hack was an act of revenge on Sony after they prosecuted two hackers for opening up the source-code of the Playstation 3 online. Sony had promised to prosecute everyone who downloaded the code as well as the two hackers who posted it online in the first place.

Even if it wasn’t the Anonymous group who initiated the attack, it could have been someone motivated by similar causes to them. Sony’s actions did stir up a lot of anger. Perhaps it was the 17 year old boy mentioned below by commenter below… “BULLSHIT its that 17yr old, dont know his name but got told it waass him, not anonymous” says ‘Anonymous’.

If it is actually a 17 year old – after he gets out of prison – there will be a lot of people queuing up to employ him.

Of course the third option is just some very organised, very smart cyber criminals. But still? Why Sony?

It’s hard to understand why Sony were targeted for a cyber crime of this magnitude. They are just one of many many big corporations who hold the credit card details of their customers online. And surely there other ones who would have been softer touches to hack.

Another thing that gets me about this affair is that though the hacking was very sophisticated and cut to the core of the multinational’s databases, the idea for monetising the stolen data is quite simple and to be honest a bit shit – selling the data over the internet. Surely a true cyber criminal with this kind of brain-power would have worked that bit out as well.

Maybe details of a sophisticated financial fraud plan will emerge later, but this makes the hack seem almost more symbolic than than about monetary gain. That to me makes it seem more like a hacker’s work than a criminals.

But the Anonymous spokespeople – such as there are any – have stepped back from it and condemned the hack. So their hands are clean as far as the internet is concerned.

What’s going to happen to the data that has been stolen?

Reports earlier today suggest that the data will be put on sale on the internet, meaning that that hackers in possession of the data will make some profit from their hack. The data will most likely be sold to cyber criminals with an interest in using it for scams and hacks in an attempt to get money out of the victims.

How are they going to catch them?

Efforts at Sony have been focussed on determining the scale of the hack, fixing their security holes and getting their services back online, however, when they finally do, they’ll be looking at a few more courtcases. The FBI’s cyber-crime division are already working with Sony who must be desperate to avoid this ever happening again. Other corporations with their customers credit card details stored online will be similarly keen to see an example made of the hackers behind this huge attack.

Any more comments? DO post them below.
I might even update the article again.

By Anna Leach | May 3rd, 2011

Must read posts: