PlayStation owners will have to wait a while longer before regaining access to the PlayStation Network and Qriocity services. According to an official blog post on the PlayStation blog, the company began internal testing of the network last week. But until Sony is satisfied that the new security measures are working properly, the company won’t restore partial network service to the public. And Bloomberg reports that Sony executives are assuring users that full service to the network will return by May 31st. A blog post from April 27th said that Sony hoped to restore service within a week. But that was before Sony was fully aware of the extent of the security breach.
Potentially, hackers have access to over 100 million Sony customers’ data. That includes between 70 and 77 million PSN customers and nearly 25 million Sony Online Entertainment customers. There was a report over the weekend that another hacker gained access to around 2,500 names and addresses of people who entered a Sony sweepstakes back in 2001. The truth of the matter is that information was in a publicly-available file on a Sony website. In other words, you didn’t even have to hack Sony to get the information — the company had mistakenly made that information available. Sony has since removed the file.
While Sony deals with the fallout of the service outage and mistakenly making contestant information available, the search is on for the responsible parties behind the actual hack attack. Sony says that during its investigation, the company discovered a file named Anonymous. The content of the file contained the slogan “We are legion.” Could this mean that the hacktivist group Anonymous is behind the attack?
A press release from Anonymous disputes the possibility. While the group of loosely-affiliated activists and hackers has targeted companies, including Sony, the group’s goals tend to lean toward disruption rather than theft. However, according to The Financial Times, some veteran members of the group say that other Anonymous members may be behind the attacks. The nature of Anonymous makes it hard to attribute any action to the group as a whole. The membership of Anonymous is, as you’d suspect, anonymous.
Calling Anonymous an organization is problematic. The members tend to hold similar views and the group does direct focused attacks or actions from time to time. But it’s such a loosely-defined group that splinter groups pop up all the time. A few members might join forces for a particular task, leaving the rest of the group behind. The splinter group could take actions that the rest of Anonymous might condemn (or at least not endorse). Once that task is complete, the splinter group may dissolve. It’s possible all of this could happen without the majority of Anonymous being aware of what happened. Is it correct to say Anonymous is responsible for a crime if a few people associated with the group committed it?
The entire situation is murky and difficult to address. But one thing is clear — Sony customers will need reassurance that the company will protect their information both from attacks and foolish errors.