Sony Passes The Buck, Blames Anonymous

    May 4, 2011

In what’s playing out as a “it wasn’t us, it was them” level of whining, Sony is working as hard as it can to remove themselves as the responsible party in regards to the PlayStation Network outing. Their latest move includes blaming Anonymous, because it’s easy to blame a faceless group instead of taking inventory of their own practices in regards to securing the PSN.

In a report that appeared at the BBC, Sony executives blamed an Anonymous-led denial-of-service attack as the culprit which ultimately allowed the PSN to fail. Needless to say, Anonymous denied stealing any of the credit card numbers that Sony got around to reporting as missing. Apparently, some Sony developers discovered a line of code in a file that said “We are legion,” one the Anonymous catchphrases, which allows them to use the underground group as scapegoats.

Meanwhile, Sony hasn’t responded to the fact they knew their PSN software was obsolete and had security issues months before the GeoHot hubbub began. I guess that’s Anonymous’ fault too? Was Sony so distracted by the idea of D-O-S attack they couldn’t take the appropriate preventive measures at that time? Apparently not. A report in the Consumerist expands the topic:

According to [Dr. Gene Spafford of Purdue University], security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which “was unpatched and had no firewall installed.” The issue was “reported in an open forum monitored by Sony employees” two to three months prior to the recent security breaches, said Spafford.

Who’s to blame for this oversight, Sony? Perhaps they should worry about making a more secure online service instead of passing out blame.

Speaking of, Anonymous did weigh in:

#Sony Confirms #Anonymous Has Not Been Implicated With #PSN Intrusion In Any Way than a minute ago via bitly Favorite Retweet Reply

Be that as it may, Sony is still trying to use Anonymous as an excuse for their lack of effective network security.