"Once again Anonymous has been blamed for a security breach, this time by the journalist Joseph Menn, in his article 'Hackers point finger over Sony incursion'," reads the message, referencing a recent Financial Times post. "Here, Anonymous wishes to lay out our case against these allegations and false assumptions.
"Is all of this attention on Anonymous acting as a distraction from other problems, and overhyping the nature of the DDoS attacks? ... Outraged about the blatant coverup and shameful misdeeds, other internet hacker groups will apparently proceed with attacks over Sony's mishandling of the matter. These reactions prove that requesting legislation to cover up corporate crimes and the abuse of law is frowned upon by all online communities, not just the Legion of Anonymous."
The full -- massive -- statement can be read below.
Yesterday, an article appeared in Financial Times, alleging Anonymous' involvement in the data and identity theft of some hundred million users of Sony's Playstation Network and Sony Online Entertainment. This crime is now being investigated by the Homeland Security Agency (HSA), the Department of Justice (DOJ), and other legal entities.
Once again Anonymous has been blamed for a security breach, this time by the journalist Joseph Menn, in his article "Hackers point finger over Sony incursion" [1]. Here, Anonymous wishes to lay out our case against these allegations and false assumptions:
First, let us consider a different article by Menn published on the Financial Times website and entitled "Hackers Warned of Arrest" [2]. This poor piece of journalism has already been extensively referenced in the Sony matter and is being used by many people who oppose Anonymous as proof of guilt. The only quoted source used by Menn was the now infamous Aaron Barr, former CEO of the humiliated HBGary. Barr made the claim that a chat room called #anonymous, founded by the identity "Q", was irrefutable proof that this "Q" began the movement known as Anonymous. Confident in his assertion, he attempted to sell this and other pieces of so-called "intelligence" about the nature of Anonymous to the U.S. FBI.
His information, however, was incorrect. It would be considered common knowledge that Anonymous began as a "meme", or shared belief, at the turn of the century and later developed to become a "global collective conscience" in 2006. But it was not until 2008 that Anonymous became a true display of "power in numbers". Organised protests against the "Church" of Scientology were staged in over 140 cities around the world, forever associating the Guy Fawkes mask and the right to protest with the movement.
Second, just like Anonymous, John Doe and Joe Bloggs are placeholders, rather than proper names, and are available for free use without repercussions. However because of this, there is no membership to Anonymous and anyone can claim to be a "member". It could be said that "Anonymous is anonymous to Anonymous".
Barr and Menn did not pause to protect the integrity of their professions, but instead made clearly misinformed assumptions, and accordingly published a factually incorrect article. The article was highly scrutinized as being blatantly biased against Anonymous and its participants, and many readers pointed out obvious inconsistencies in the technicalities, and the physical time line.
Third, in the primary article, Menn claims that a "member" of Anonymous, Kayla, made comments as an apparent admission of guilt from the "leaders". Kayla reportedly said, "If you say you are Anonymous, and do something as Anonymous, then Anonymous did it". This statement is inherently weak; an equivalent statement would be that "I confess to being human. Humans performed the attack". Andy Greenburg at Forbes [3] got it right.
Finally, Menn's reference to "technical details" [1] regarding a vulnerability in Sony's network without revealing actual content isn't useful. Until the forensics reports are released we don't know which exploit was used. The forensic investigators need to conclude their work, and speculation in articles, blogs and comments brings the factual results no closer.
Menn's anonymous source claims that "a few ops disappeared" but so has a solid chunk of software infrastructure including NickServ and channel bots over attacks during the PSN outages. Menn's other quotes are a vague mixture of assertions and denials. During the PSN downtime, Anonymous closed #opsony and put "sony" on the automatic kick list as 'profanity' last week.
Is all of this attention on Anonymous acting as a distraction from other problems, and overhyping the nature of the DDoS attacks? Sony's recurring issues are beyond providing free game credits:
In order to process credit cards, every company needs to be PCI compliant. "If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard" [4]. Since Sony's network was "unpatched and had no firewall installed" [5], that is a clear violation of the PCI standards and ongoing reviews [4], thus likely to be criminal negligence [see Further Reading]. More importantly, "I can't think of a major data breach where the company was PCI compliant," said Ira Rothken, the lead attorney handling the class action lawsuit [6].
Sony has been accused of false billing, especially in the repairs department: customers who provided credit card details for an MMORPG are charged $150 for repairs to PS3s that they don't own; repairs are double billed and then referred to retailers; equipment is charged $150 multiple times (2-4) for repairs that aren't performed. [7 and Further Reading]
A decent credit card transaction gateway includes recurring billing as an option. Data mining by corporations has a profit motive, but as Sony has demonstrated it can be a massive liability. Why not start a discussion about corporate responsibility to protect user information, especially since they didn't need it to begin with?
Sony's response to the U.S. Senate [8] is to request more laws and further the myth of "best practices." Since Sony was warned of security holes months in advance [5], one of those "best practices" would be to accept the advice of the experts. In Sony's passing the blame there is no justification for the collection and retention of personal information they didn't need.
Outraged about the blatant coverup and shameful misdeeds, other internet hacker groups will apparently proceed with attacks [9] over Sony's mishandling of the matter. These reactions prove that requesting legislation to cover up corporate crimes and the abuse of law is frowned upon by all online communities, not just the Legion of Anonymous. Apparently Sony will have to learn the hard way that corporate malfeasance will not go unpunished. When the dust settles Sony may have more to fear from a massive class action lawsuit by their user base than the brief actions of the Global Hacker Nerd Brigade, Anonymous... Let THE GAMEs begin. :>
Knowledge is free.
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
Contest:
10:20 AM on 05.09.2011 | 
So what else is new.
You're the Man With No Name, you should know better >D
ingenious.
STFU.
Sincerely, The Internet.
Seriously?
Although what is more likely the case, is Anon trying to take advantage of the general populations ignorance toward "what" they actually are.
By acting like a "group" they can deny this, the public might actually believe them. But in reality, the chances that this data theft was a carried out by a member of, assisted by, even if unintentional, Anonymous. Even if it wasn't done "in their name".
Anonymous, you make me sick, you spineless internet terrorists. DIE IN A FIRE.
Seriously?
Although what is more likely the case, is Anon trying to take advantage of the general populations ignorance toward "what" they actually are.
By acting like a "group" they can deny this, the public might actually believe them. But in reality, the chances that this data theft was a carried out by a member of, assisted by, even if unintentional, Anonymous. Even if it wasn't done "in their name".
Anonymous, you make me sick, you spineless internet terrorists. DIE IN A FIRE.
Always hated that stupid meme
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
fuck you anon
...not that it matters to me, since I've still got a 360 and my PC...
Please Sony and "anon group", stop being dicks.
...also: North Korean hackers no doubt.
It's one of two things. Either a handful of anons went off on their own and did this, or (and I think this is more likely) whoever did this wasn't affiliated with Anonymous at all and left that message to deflect blame.
Whatever the case, any group that refers to itself as a "movement" is automatically full of shit.
I don't trust Anonymous. I don't trust Sony. Neither of them care about you. Neither of them understand the difference between right and wrong. Neither will apologize if they do something they shouldn't.
I am completely certain that there are lies all around and I am also certain we'll never get the full story.
Actually the first scenario posed is very likely because numerous reports are claiming a breakaway group from Anonymous is responsible for the PSN attacks.
http://www.thinq.co.uk/2011/5/7/break-away-anonymites-likely-behind-psn-hack/
Seconded.
Also, it's clear to me they didn't do it. Why would an anonymous organization even need to hide anything? They've always been quick to go "IT WAS US, IT WAS US!". If they say they didn't do it, they didn't do it. Why the hell would they lie at this point?
I suppose people argue that they would lie about this due to the backlash. The idea is that they'd lose a lot of their popularity, even among the more educated people (where Anonymous is quite popular). I'm not sure that's such a plausible point if one thinks about it, but then who knows ?
None of us can say who did it, but quite frankly I wouldn't trust a company that didn't tell people that their data was stolen for a week.
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
this is most likley there fault if not directly them its some one inspired by them
o well got some la noire next week and thinking about majin and the forsaken kingdom also, psn can take its time.
The worst thing about this shit, like Pokota always says(love that guy), is that honest working people are loosing money because of this.
Sure its bad that i dont have access to PSN, but some small studios only income is PSN and they rely on it. People who havnt done shit and only want to make nice games for people to enjoy now may face 6 weeks of no sales what so ever, its fuckin heartbreaking.
And yet i see people here saying shit like "...not that it matters to me, since I've still got a 360 and my PC..." or just straight out laughing at the "ps3 fanboys for not having PSN" when it afflicts so much more then just them not beeing able to play online. I can only assume that these people havnt worked a day in their lives.
Shame on you
Just want you to know that your a prick. Your glad that people have had all their information stolen? Their credit card data stolen? That they can't play any games online for almost 3 weeks now? That small developers are literally losing their only source of income? That even some bigger titles are going to flop now like socom 4 which is useless without online, or even titles like brink will surfer now.
Nobody wishes that kind of shit upon people, and those that do and or enjoy it, karma is going be a bitch to you when it comes back around.
This message does sound a little full of itself, but to deny the points that it brought up is borderline blind idiocy. This is the actual situation, and if you still defend Sony, then you've lost the ability for rational thought and independent judgement. Stop the fanboyism and see the story for what it is - a group of hackers broke PSN/SOE to prove a point. That point is that Sony publicly stated that they weren't going to have any mercy against those that hacked their consoles, went after folks more interested in homebrew than CoD hacking, and set off a shitstorm of their own causing. SONY STARTED THIS. I don't side with any group on this issue, because both sides have gone about it ass-backwards, but this letter proves a fucking point. A blatant one. And if you disagree, then to be just as blunt, you are a 100%, Organic, Free-Range, Grass-fed RETARD.
As others have pointed out, what they should be doing is their own investigation to try and pinpoint who did the hacking and they should be working with law enforcement to bring those culprits to justice.
If it does turn out to be a "splinter group" all that means is that Anonymous may kick you "out" of the group if they don't like what you did. (Out being in quotes because no one can ever be truly kicked out of Anonymous because they are "anonymous to Anonymous".
The alternative is that Anonymous was played by real criminals, and, good news for criminals: this is a GREAT idea. Play your cards right and you have a cadre of followers unwittingly helping you, for free, and without consequence.
Here's a news flash: if you don't know who you're working with (or for, for that matter), you may be working with the worst kind of criminal.
Also, this report is super hypocritical. They're upset at Sony for allegedly trying to smokescreen their failures? Guess what, that's what Anonymous is doing by pointing fingers. Shouldn't the group be investigating whether they got played or if it is possible someone went "rogue", rather than pointing fingers and denying everything at face value? And for all we know, Sony could be telling the truth and this may not be a smokescreen after all.
You're right.
You are 'legion'
Now fuck off.