It looks like the first arrests in the April PlayStation Network hack have been made. The Spanish National Police say that they have detained three people – one man and two of unknown gender – in connection with the attacks that prompted Sony to shut down its online gaming service for over a month.
The NYT reports that the three people have all been identified as “local leadership” in hacktivist group Anonymous. One of the detained is a 31-year-old man who has been the target of an investigation stretching back to October of 2010. That investigation was started after hackers targeted the Spanish Ministry of Culture’s website.
He had a computer server in his apartment in the northern port city of Gijón, from which the group attacked the Web sites of the Sony PlayStation online gaming store.
The same computer was also employed in coordinated cyberattacks against two Spanish banks, BBVA and Bankia, the Italian energy company Enel, as well as government sites in Spain, Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand, the police said.
When the original PSN hack occurred Sony hinted that Anonymous was responsible, citing their prior conflicts with the group and a “We are Legion” file left behind by the hackers.
Anonymous quickly responded with an online letter of sorts. They said that the “We are Legion” file was a plant, put there to implicate Anonymous. They also hinted that by blaming them, Sony was simply attempting to cover up for their own failings. They also provided this argument, stating that it was against what they stood for to tamper with credit card info, as it was hinted that the PSN hackers did:
In the realm of criminal investigation, there is an important aspect of investigations that should never be overlooked. The “modus operandi” of a criminal rarely changes. Whoever did perform the credit card theft did so contrary to the “modus operandi” and intention of Anonymous. Public support is not gained by stealing credit card info and personal identities, we are trying to fight criminal activities by corporations and governments, not steal credit cards.
Later, some veteran members of Anonymous spoke out about the attacks. They said that just because Anonymous didn’t officially sanction the hacks, it doesn’t mean that members of Anonymous weren’t responsible:
If you say you are Anonymous, and do something as Anonymous, then Anonymous did it. Just because the rest of Anonymous might not agree with it, doesn’t mean Anonymous didn’t do it.
This news comes just days after a BBC interview with Sony’s Computer Entertainment Chief Kaz Hirai. In that interview, he said that Sony may never know who orchestrated the attacks that brought down the PSN.
With regard to the 100 million [compromised] accounts, we do know the information was accessed, we don’t know however what part of the 100 million accounts were taken from our servers. For example, it might be 100 million first names, it might be 100 million last four digits of a phone number, it could be the entire account information, we just don’t know, but I think the people that intruded our systems were very good in hiding their tracks as they left our systems, so we may not know for a very long time or we may never know.