Sony Claims ‘Anonymous’ Link To PSN Hack As Congress Blasts Them For Blowing Off Hearing
If it were up to us, Sony’s HR department would be locked shut this morning as the team pored over everyone in PR and Marketing in order to figure out how many can be terminated immediately.
First up, earlier this morning, the US House of Representatives Subcommittee on Commerce, Manufacturing and Tradeheld a hearing to address the issues related to the hack and subsequent data theft on the PlayStation Network. In attendance were David Vladeck, director of the Federal Trade Commission’s Bureau of Consumer Protection; Pablo Martinez, deputy special agent in charge of criminal investigations at the United States Secret Service; consumer advocate Justin Broookman; Technology and information security expert Eugene Spafford of Purdue University.
Conspicuously not appearing were the subjects of the hearing themselves, Sony Computer Entertainment. They issued a statement to committee chair Mary Bono Mack that they couldn’t attend due to “an ongoing investigation” involving law enforcement and a private security firm. Opinions vary on whether this was the right move, but we’re inclined to think Sony made a huge error. The history of their public response to the hack and its aftermath has been one of lies, followed by downplaying, followed by cheap evasion and misdirection. Their entire interaction with the public has been conducted via the PlayStation and Sony blogs.
Last week, the bulk of Senator Blumenthal’s criticism of Sony was that they failed to disclose the threat adequately or within compliance of the law. It illustrates that the attention they’re getting is largely their own fault. And now with their failure to appear before Congress, they’ve only worsened the perception that they’re failing to adequately address the problem. After receiving word that Sony wouldn’t be sending a representative, Congresswoman Bono unloaded on Sony:
As Chairman of this Subcommittee, I am deeply troubled by these latest data breaches, and the decision by both Epsilon and Sony not to testify today. This is unacceptable.
According to Epsilon, the company did not have time to prepare for our hearing—even though its data breach occurred more than a month ago. Sony, meanwhile, says it’s too busy with its ongoing investigation to appear. Well, what about the millions of American consumers who are still twisting in the wind because of these breaches? They deserve some straight answers, and I am determined to get them…
Yet for me, the single most important question is simply this: Why weren’t Sony’s customers notified sooner of the cyberattack? I fundamentally believe that all consumers have a right to know when their personal information has been compromised, and Sony – as well as all other companies—have an overriding responsibility to alert them… immediately.
That gets to the heart of every criticism being thrown at Sony over this debacle. And still not getting it, Sony submitted written answers to questions asked at this morning’s hearing and made them public… via the PlayStation Blog. The response is mostly boilerplate, but it contains a tantalizing announcement, namely that the hacker collective Anonymous left their signature in PSN servers:
“We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named ‘Anonymous’ with the words “We are Legion.”
This could mean nothing. Anonymous denies any involvement with the recent hack or associated data theft, and they already brought PSN down a few weeks earlier via DDOS attack. That note could have been left during that initial attack and the news still does nothing to address the thing we’ve been repeating for weeks: Why is Sony being so secretive and uncooperative about this? Maybe everything they’re saying is true, but now nearing the end of week two of the PSN outage, Sony continues to look like arrogant jerks. Blowing off the United States Congress didn’t really help the cause.