May 05, 2011, 12:25 PM — It’s been a bad couple of weeks for Sony, and I suspect it’s about to get much much worse.
First, there was that inexplicable outage on its PlayStation Network. Since April 20, PSN subscribers have been unable to get online. For the first five days, Sony was as silent as a department store mannequin about the cause. On April 26 Sony finally owned up to the fact that it got hacked and oh, by the way, the identities of 77 million users were stolen. Nice.
It gets worse. Sony then revealed that its PC-based gaming network, Sony Online Entertainment, also got hacked, putting another 25 million identities into the hands of criminals.
Sony claimed that the financial information for these users was encrypted, and thus not at risk from hackers. But the New York Times reports that credit card numbers allegedly taken from the PSN have been listed for sale on the Internet black market.
[ See also: Is Facebook really ‘the most appalling spying machine’? ]
Yesterday, having been called on the carpet by Congress to address the hacking incidents (it sent a letter instead), Sony made another egregious error: It pointed the finger at Anonymous, that collective of prankster vigilantes that have made life a living hell for several organizations it took a dislike to.
Sony’s “proof”? Pretty flimsy, really. One is that Anonymous launched a DDOS attack against Sony’s corporate sites (to protest Sony bringing the hammer down on white hat hacker George Hotz) at or around the same time as the PSN got hacked. The other is a mysterious file, left on Sony’s servers by the attackers. Per Sony’s letter to Congress:
When Sony Online Entertainment discovered this past Sunday afternoon that data from its servers had been stolen, it also discovered that the intruders had planted a file on one of those servers named "Anonymous" with the words "We are Legion." Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group Called Anonymous…