Sony’s refusal to attend hearings has sparked the outrage of its skeptics as the company turns a deaf ear to them, calling on the FBI and private investigators to help out in determining who is behind the recent attacks on their networks. The delays in publicly informing both clients and bodies of authority have not won them pity, but the company has slowly been dealing with the repercussions in their own way.
In the letter sent May 3 to the US House of Representatives subcommittee created to deal with the matter, Sony executive Kazuo Hirai broke down the happenings in details, beginning with a start of a series of denial-of-service attacks on several of their companies and servers. These were DoS attacks that aim to disable user access to intended resources. Sony claims that the attacks coincided with the hacking, and the cybercriminals used it as a cover for their entrance into the system as Sony noticed the suspicious activities on April 19. By April 20 they had confirmed a breach, discovering that despite the “very carefully planned, very professional, highly sophisticated criminal cyber attack” the perpetrators have left behind a file named “Anonymous” and contained the phrase, “We are Legion.”
The phrase is a group motto of hacking syndicate Anonymous who has actually denied the allegations saying “For once we didn’t do it,” and that it was possible that some of their members have been working on their own. The group is powerful yet is not known for stealing financial information, 24,000 of which was compromised in the latest Sony attacks, and in the past was glad to own up to their doings.
Sony explained that the 2-day lag between their knowledge and informing the FBI on April 22 had been to confirm the magnitude of the attack and the scope of the data that had been taken. It took three more days for them to actually meet, and another three days after that to inform their own customers on April 26. The discovery of the second attack, by comparison, took less than 24 hours before public broadcast and cast doubts on the original hacking announcement. Critics berate that Sony had initially hoped that the attacks were limited until it was too late.
Sony took 2 days to contact the FBI after the attacks and that has many concerned as to whether Sony was trying to limit information to the public and requesting the FBI would have been made public and increased public concern by their presence. All of this is making Sony look very bad given the scope of the attacks and the amount of user account information that has been exposed.
The UK Information Commissioner’s Office has contacted Sony and offered its services, meanwhile a Canadian law firm proposed a $1 billion class-action lawsuit citing breach of privacy.