This weekend, according to what appears to be a bulletproof source, Sony faces yet another set of attacks on its networks, this time in retaliation for how badly it handled the last set of attacks.
The specific, supposed, sin is not notifying Qriocity users of the breach until 10 days after it happened. That was thoughtless, careless of customers' privacy and security and a stupid way to handle something that could have blown up into a major embarrassment if Sony didn't handle it juuusst right.
It didn't, of course, so if embarrassment is all it suffers, it will have gotten off pretty lightly.
The idea that someone, or some group of someones, is going to DDOS or penetrate a Sony network (if there are any still unhacked) in revenge for not being notified for the last time someone hacked Sony is a stretch.
Not that it's unrealistic, of course; just that it's likely to make any security or customer-support situation with Sony worse, not better.
And there's a good chance the whole thing is just loud (and completely justified) complaining by customers of Sony's Qriocity, Playstation Network and SEO online gaming sites.
The warning comes from CNET, which cites an anonymous tip culled from chatter on an "IRC channel used by hackers."
The immediate assumption – which Sony made after the April 21 attack that penetrated its network instead of just flooding and crashing it -- is that the hactivist group "Anonymous" is back on the attack.
Anonymous did hit Sony with DDOS attacks April 5 as a reprisal for Sony's lawsuit against George Hotz ("geohot"), who committed the sin of hacking a PS3 to restore access to the Linux kernel Sony had just cut off.
Sony sued in January, claiming Hotz and 100 others, most unnamed, circumvented security measures Sony built in to protect its intellectual property.
(The other Sony customer using Linux on PS3s, against Sony policy, is the Air Force, whose "Condor Cluster" supercomputer depends on Linux and on direct access to the PS3's GPU. Sony was kind enough to give it special permission to keep using the Linux kernel for the 2,016 PS3s the Air Force had already bought.)
The accusation and justification for the April 5 attack Anonymous posted on its public-information site is still there, but so is a follow-up from April 6 saying Anonymous had cut off the DDOS attack because it was hurting Sony customers more than Sony itself.
There's also a wry announcement from April 22 averring that "For Once We Didn't Do It."
There is a link to the CNET story warning of a third attack. The only response from Anonymi, who normally flock and argue about any big project even while conducting it, the only comments by mid-morning Eastern time were "[WTF] is that?" from one Anonymous, and "Can anonymous stop the hackers?" from another.
Sony may be attacked this weekend, but it's unlikely to come from Anonymous – at least not from the bulk of it.
Rather than a penetration attempt or DDOS attack, Sony could be suffering a different kind of social-engineering exploit – one that uses the resentment poor treatment has built up in its user base as an echo chamber in which to raise unsubstantiated fear of more attacks, prompting even more defensive measures from Sony, and even more public Sony bashing from its customers.
At this point it may not be necessary to mount any kind of credible attack at all to spook Sony. All it may take is sneaking up behind it and yelling 'Boo!'