Anonymous issues a Press Release
By Burn1n9m4n 18 Comments
First let me start by apologising if there is a forum topic for this already, but I didn't see anything on the forums regarding this and thought that I would post it up.
So the hacker group Anonymous has issued a new press release to debunk some things said in the Financial Times and issue some other statements regarding their take on the PSN outage and its effects on Sony. The group continues to claim its innocence in the PSN outage which has now gone on for more than 2 weeks. They even go on to assert that the hacker community at large is not responsible for this, but that it was Sony's own negligence in the matter which has lead to this point.
In order to process credit cards, every company needs to be PCI compliant. “If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard” [4]. Since Sony’s network was “unpatched and had no firewall installed” [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence [see Further Reading]. More importantly, “I can’t think of a major data breach where the company was PCI compliant,” said Ira Rothken, the lead attorney handling the class action lawsuit [6].
The full press release can be read here. Of course a quick check of our forums here at Giant Bomb reveals that the comments by Dr. Spafford (They have misspelled his name to Stafford) to a Congressional Subcommittee regarding Sony's Apache Webserver may have been false. According to an article on bitmob (which was subsequently also posted on GB's forums) Sony was in fact running the update-to-date version of the Apache software. Also looking at the above quote from Anonymous's press release I'm also inclined to question the statement regarding the firewalls. Sony's own executives have stated that the website contained 3 separate parts each with firewalls between them.
As this story has evolved its become increasingly harder to keep track of what the fuck has happened and all of the he said, she said stuff that has arisen. Regardless, one statement from Anonymous's press release certainly rings true regardless of your take on the matter:
Until the forensics reports are released we don’t know which exploit was used. The forensic investigators need to conclude their work, and speculation in articles, blogs and comments brings the factual results no closer.
Still that doesn't stop me from keeping informed and providing information to all of you about this as well. So I'll continue to post blogs about it when I can and hopefully not double post something already on the forums. Sorry again if this was already posted, but I thought that these comments were interesting in light of the evidence against regarding Dr. Spafford's testimony.