Justice Department probes hacker attack at Sony’s PlayStation network

The Justice Department has opened an investigation into the security breach at Sony Corp., in which two separate attacks over the last month shut down Sony’s PlayStation network and an online-gaming unit.

The federal probe comes as Sony said Wednesday that its network might have been breached while it was defending itself from denial-of-service attacks by Anonymous, a loosely connected group of Internet activists who have successfully brought down the websites of other big corporations and was retaliating against Sony for bringing a civil suit against a hacker in federal court in San Francisco.

“Whether those who participated in the denial-of-service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know,” the letter said.

In the course of its investigation, Sony said, it discovered that the hackers planted a file on a server named “Anonymous” with the words “We are Legion,” the tagline for the group.


On a Twitter account that frequently speaks for the group, Anonymous denied that it was involved in the attacks. “For once we didn’t do it,” it wrote.

During a hearing before the Senate Judiciary Committee on Wednesday, U.S. Atty. Gen. Eric H. Holder Jr. said the Justice Department has “open investigations with regard to those hacking situations that have gotten publicity over the last few weeks, the Sony incident among them.”

Federal prosecutors in San Diego are working with FBI agents to look into the alleged hacking crimes, according to a news report.

Also Wednesday, Kaz Hirai, Sony’s executive deputy president, wrote in a letter to the House Subcommittee on Commerce, Manufacturing and Trade that the company “has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes.”

In the letter, Hirai said Sony learned of the first breach April 19 and shut down the PlayStation network the next day. The company informed account holders that their personal data was potentially exposed about a week later.

“Throughout this challenging period, [employees] acted carefully and cautiously and strove to provide correct and accurate information while balancing concerns for our consumers’ privacy and need for information,” the letter said.

The attack on Sony’s PlayStation network and Qriocity music-streaming service compromised the personal information of 77 million customers accounts. On Sunday, the company suspended service for Sony Online Entertainment, best known for creating online multiplayer games such as EverQuest and the Matrix Online, after an intrusion exposed personal data for about 24.6 million subscribers.

Sony apologized Saturday and announced several “welcome back” freebies for PlayStation customers, including 30 days of free access to Qriocity for affected customers as well as 30 days of access to the PlayStation Plus online game service. The company will also provide credit card protection services to relevant customers, Hirai said.


New York Atty. Gen. Eric Schneiderman on Wednesday subpoenaed three Sony divisions — Sony Computer Entertainment, Sony Network Entertainment and Sony Online Entertainment — for documents regarding their security, CNBC reported

Consumers have filed at least two lawsuits in California against Sony and are seeking federal class-action status.