Something went wrong. Try again later

Burn1n9m4n

This user has not updated recently.

321 7455 157 41
Forum Posts Wiki Points Following Followers

Anonymous issues a Press Release

By Burn1n9m4n 18 Comments

First let me start by apologising if there is a forum topic for this already, but I didn't see anything on the forums regarding this and thought that I would post it up.

So the hacker group Anonymous has issued a new press release to debunk some things said in the Financial Times and issue some other statements regarding their take on the PSN outage and its effects on Sony. The group continues to claim its innocence in the PSN outage which has now gone on for more than 2 weeks. They even go on to assert that the hacker community at large is not responsible for this, but that it was Sony's own negligence in the matter which has lead to this point.  


In order to process credit cards, every company needs to be PCI compliant. “If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard” [4]. Since Sony’s network was “unpatched and had no firewall installed” [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence [see Further Reading]. More importantly, “I can’t think of a major data breach where the company was PCI compliant,” said Ira Rothken, the lead attorney handling the class action lawsuit [6].

The full press release can be read here. Of course a quick check of our forums here at Giant Bomb reveals that the comments by Dr. Spafford (They have misspelled his name to Stafford) to a Congressional Subcommittee regarding Sony's Apache Webserver may have been false. According to an article on bitmob (which was subsequently also posted on GB's forums) Sony was in fact running the update-to-date version of the Apache software. Also looking at the above quote from Anonymous's press release I'm also inclined to question the statement regarding the firewalls. Sony's own executives have stated that the website contained 3 separate parts each with firewalls between them

As this story has evolved its become increasingly harder to keep track of what the fuck has happened and all of the he said, she said stuff that has arisen. Regardless, one statement from Anonymous's press release certainly rings true regardless of your take on the matter:

Until the forensics reports are released we don’t know which exploit was used. The forensic investigators need to conclude their work, and speculation in articles, blogs and comments brings the factual results no closer.    

Still that doesn't stop me from keeping informed and providing information to all of you about this as well. So I'll continue to post blogs about it when I can and hopefully not double post something already on the forums. Sorry again if this was already posted, but I thought that these comments were interesting in light of the evidence against regarding Dr. Spafford's testimony.


18 Comments

18 Comments

Avatar image for burn1n9m4n
Burn1n9m4n

321

Forum Posts

7455

Wiki Points

0

Followers

Reviews: 9

User Lists: 6

Edited By Burn1n9m4n

First let me start by apologising if there is a forum topic for this already, but I didn't see anything on the forums regarding this and thought that I would post it up.

So the hacker group Anonymous has issued a new press release to debunk some things said in the Financial Times and issue some other statements regarding their take on the PSN outage and its effects on Sony. The group continues to claim its innocence in the PSN outage which has now gone on for more than 2 weeks. They even go on to assert that the hacker community at large is not responsible for this, but that it was Sony's own negligence in the matter which has lead to this point.  


In order to process credit cards, every company needs to be PCI compliant. “If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard” [4]. Since Sony’s network was “unpatched and had no firewall installed” [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence [see Further Reading]. More importantly, “I can’t think of a major data breach where the company was PCI compliant,” said Ira Rothken, the lead attorney handling the class action lawsuit [6].

The full press release can be read here. Of course a quick check of our forums here at Giant Bomb reveals that the comments by Dr. Spafford (They have misspelled his name to Stafford) to a Congressional Subcommittee regarding Sony's Apache Webserver may have been false. According to an article on bitmob (which was subsequently also posted on GB's forums) Sony was in fact running the update-to-date version of the Apache software. Also looking at the above quote from Anonymous's press release I'm also inclined to question the statement regarding the firewalls. Sony's own executives have stated that the website contained 3 separate parts each with firewalls between them

As this story has evolved its become increasingly harder to keep track of what the fuck has happened and all of the he said, she said stuff that has arisen. Regardless, one statement from Anonymous's press release certainly rings true regardless of your take on the matter:

Until the forensics reports are released we don’t know which exploit was used. The forensic investigators need to conclude their work, and speculation in articles, blogs and comments brings the factual results no closer.    

Still that doesn't stop me from keeping informed and providing information to all of you about this as well. So I'll continue to post blogs about it when I can and hopefully not double post something already on the forums. Sorry again if this was already posted, but I thought that these comments were interesting in light of the evidence against regarding Dr. Spafford's testimony.


Avatar image for xero0
Xero0

61

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Edited By Xero0

i just want psn back online T_T

Avatar image for powerpc127
powerpc127

101

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Edited By powerpc127

^Ditto. I went nuts a few weeks ago and ended up buying MK9, Portal 2, and Crysis 2 all within a week of each other, and now I really want to play them online but I can't.

Avatar image for portis
Portis

1295

Forum Posts

7315

Wiki Points

0

Followers

Reviews: 0

User Lists: 1

Edited By Portis

All of this stuff is just getting so silly, I just to play games, dawg.


Nice write up, though.
Avatar image for benjaebe
benjaebe

2868

Forum Posts

7204

Wiki Points

0

Followers

Reviews: 1

User Lists: 6

Edited By benjaebe

Am I the only one who thinks all of this PSN stuff is all so fucking stupid? Especially these faux "press releases" from a group that can't release a press release because it's not centralized or organized in any way, shape or form. I'm sorry, but the shitstorm of false information, fearmongering and uninformed/hilarious claims by media outlets that Anonymous is any kind of "hacker group" is completely ridiculous and really disappointing. I'm just depressed that this has become some kind of internet pissing match.

Avatar image for burn1n9m4n
Burn1n9m4n

321

Forum Posts

7455

Wiki Points

0

Followers

Reviews: 9

User Lists: 6

Edited By Burn1n9m4n
@Xero0 said:
" i just want psn back online T_T "
@powerpc127 said:
" ^Ditto. I went nuts a few weeks ago and ended up buying MK9, Portal 2, and Crysis 2 all within a week of each other, and now I really want to play them online but I can't. "
I concur. In fact, I've almost finished the whole challenge tower in MK. No joke I'm almost done with all 300 of those damn things. Ugh...I just want to rip someone's head off. Online of course...
Avatar image for gunslingerpanda
GunslingerPanda

5263

Forum Posts

40

Wiki Points

0

Followers

Reviews: 0

User Lists: 2

Edited By GunslingerPanda

Wait, Sony had no firewall installed on a network containing all their customers' personal details and credit cards?

Yeah, they need to be sued or something if that's accurate.
Avatar image for burn1n9m4n
Burn1n9m4n

321

Forum Posts

7455

Wiki Points

0

Followers

Reviews: 9

User Lists: 6

Edited By Burn1n9m4n
@benjaebe: That's a good point man, but you're forgetting that in matters like this there are multiple sides to the story. Sadly, since Anonymous had claimed they were going to attack Sony they are the immediate suspects of this outage. Given the press release from Sony regarding the finding of a text file with Anonymous's own motto it has obviously brought some major heat on their heads regarding this. So in the interest of news, of course people are going to pay attention to this. I mean, its like al Qaeda offering press releases and taking responsibility for terrorist attacks. Sure, those press statements and stuff don't speak for the whole group, but in terms of societal norms (especially mass media) silence is often considered to be consent. So if another part of al Qaeda doesn't speak up then its believed by everyone that all of their members are complicit with the act. In a similar fashion Anonymous is attempting to state that not all of its members are complicit and is trying to distance itself from the fallout. 

What would really help Anonymous's case would be if the splinter group (or if you really read into Sony's press statements, the lone hacker) were to issue a press statement regarding his/her exploits. Of course with all the heat from this I doubt that we'll see that and in the end the only parties to blame for this hack are Anonymous and Sony. One for the perpetration and the other for their negligence. 

I also agree there have been a lot of wild stories about this in the media and until the forensic reports are in we won't know what happened. However, you can't blame people for being upset and afraid at what amounts to the largest data breach in history. A data breach so huge that its shaken consumer confidence. Hell that's the whole reason Congress has gotten involved and that this story has spun out from the gaming press to more major outlets like the New York TImes or the Wall Streat Journal.
Avatar image for burn1n9m4n
Burn1n9m4n

321

Forum Posts

7455

Wiki Points

0

Followers

Reviews: 9

User Lists: 6

Edited By Burn1n9m4n
@GunslingerPanda: That's what is believed, but according to the trace of the hack itself from Sony they have firewalls between each part of their existing network setup.
Avatar image for benjaebe
benjaebe

2868

Forum Posts

7204

Wiki Points

0

Followers

Reviews: 1

User Lists: 6

Edited By benjaebe
@Burn1n9m4n: I understand, but the inherent problem with a "press release" from a 'group' like Anon is that literally anyone can do it. I could go write an Anon press release, right now, saying that I hacked Sony because a Bravia TV fell on my dog and it would be attributed to the entire group. You just can't take that kind of information seriously coming from a group that by it's very nature can offer no credibility. I also understand that the theft of all that information was huge so people are going to pay attention to it, but I'm not impressed at all with the rumors that have come from the testimony of a guy who literally said that he had no idea what kind of security measures Sony had in place, but went on to name things that they did wrong despite his previous admission - something that was also cited in that press release. On the part of major news outlets, it's lazy journalism.
Avatar image for jaketaylor
jaketaylor

365

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Edited By jaketaylor

dem internet hacker gangs

Avatar image for ninjakiller
ninjakiller

3427

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Edited By ninjakiller

Fuck anonymous.  Hunt them down, and lock every member up for 20 years.  Long live the corporate oligarchy!!  No but for serious, they're all pieces of shit for thinking attacking the userbase rather than the corporation itself was a viable pr move.  



@GunslingerPanda said:
" Wait, Sony had no firewall installed on a network containing all their customers' personal details and credit cards?
Yeah, they need to be sued or something if that's accurate.
"
It's not.  They had firewalls that were unpatched and out of date.  Their apache was also unpatched.  It all boiled down to sloppy admins, and poor network design.  
Avatar image for babychoochoo
BabyChooChoo

7106

Forum Posts

2094

Wiki Points

0

Followers

Reviews: 2

User Lists: 2

Edited By BabyChooChoo
@benjaebe said:
" Am I the only one who thinks all of this PSN stuff is all so fucking stupid? Especially these faux "press releases" from a group that can't release a press release because it's not centralized or organized in any way, shape or form. I'm sorry, but the shitstorm of false information, fearmongering and uninformed/hilarious claims by media outlets that Anonymous is any kind of "hacker group" is completely ridiculous and really disappointing. I'm just depressed that this has become some kind of internet pissing match. "
Exactly. There has been so much fucking bullshit from so many different sources that this whole thing has become more annoying than anything else. This is more of a joke than an actual problem now.
Avatar image for burn1n9m4n
Burn1n9m4n

321

Forum Posts

7455

Wiki Points

0

Followers

Reviews: 9

User Lists: 6

Edited By Burn1n9m4n
@ninjakiller: The bitmob story states that the Apache servers were up to date.
Avatar image for doctorchimp
Doctorchimp

4190

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 2

Edited By Doctorchimp
@ninjakiller:

That is still a joke, and I'm sure Sony will shoulder a good portion of the blame. A lot more than people think.
Avatar image for n7
N7

4159

Forum Posts

23

Wiki Points

0

Followers

Reviews: 4

User Lists: 2

Edited By N7
@Burn1n9m4n said:
" @ninjakiller: The bitmob story states that the Apache servers were up to date. "
Which proves the point that this whole thing is a clusterfuck and is also the reason I don't listen to or believe anything that isn't said by Sony or the security firms involved, because anything else is rumor or speculation and not an official statement, therefore is just stupid flame bait that leads to nowhere.

Sony is also working closely with the FBI and some other security firms, I'd like to think that these people would point out, at ANY point in time, if Sony has lied at all or their servers were outdated.

When the PSN comes back up, I'm sure everything will be released and sorted out and we'll have the full story.
Avatar image for valkyr
Valkyr

746

Forum Posts

1196

Wiki Points

0

Followers

Reviews: 0

User Lists: 37

Edited By Valkyr

Someone posted on the forums today news that the Apache web servers were indeed up to date , it was stupid to think the contrary

Avatar image for p_p_o_d
p_p_o_d

578

Forum Posts

24

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Edited By p_p_o_d

I find this PR offensive Anonymous are doing so weird.

this whole PSN attack kind of didnt work out as planned for them,


Hey lets attacks PSN... gamers bitch about not being able to play COD.... ok lets stop the attack this isnt working.

Oh shit someone stole PSN user data around the time we attacked PSN... better release a statement  saying we didn't  do it.

Oh fuck someone left a file on Sony's Servers basically saying we did it... better release a Statement  saying we REALLY didn't  do it.

Now they are just playing damage control because maybe one of there followers crossed a line and there just coming across like assholes.


Maybe they will do something useful and catch who ever caused this mess  instead of just trying to blame someone else.     

hell I think Anon have released about as many pointless statements as sony during this mess.