US law enforcement agencies are already looking closely at Anonymous as part of their investigation into last month’s incursion, which put as many as 100m Sony customers’ personal details at risk.
“They are one of the key targets,” one source close to the case told the FT, though it is not the only possibility being explored. Earlier this week, Sony indicated that it found evidence that the amorphous group was involved in the hacking.
The admission by Anonymous members comes as reports emergedof a further planned attack against Sony’s systems this weekend.
Sony said in its letter to Congress that the hackers who penetrated one of its systems left a file titled “Anonymous” behind that contained part of the group slogan “we are legion”.
Just weeks before the breach, Anonymous publicly launched OpSony against the Japanese electronics company in retaliation for a lawsuit against a gamer who had modified his equipment.
Sony added that at a minimum, its security staff had been distracted fighting follow-on denial-of-service attacks when the criminal penetration occurred.
Sir Howard Stringer, chief executive of Sony, on Thursday apologised for the breachand promised to give customers identity protection services and insurance cover worth up to $1m.
Anonymous has officially denied responsibility, disavowing any financially motivated crimes, while allowing for the possibility that some of its members had gone beyond the established goals of hampering and shaming Sony.
“Let’s be clear, we are legion, but it wasn’t us. You are incompetent Sony,” Anonymous
on Thursday via one of its many blogs and Twitter accounts.
Its loose, anti-hierarchical organisation means that anybody can join it and act under its secretive umbrella. Normally, somebody posts an idea for a campaign on Anonymous’ chatrooms and if enough people support it, the group takes it on.
This amorphous nature has been useful to help Anonymous activists evade law enforcement, but the lax command structure can backfire when hacking information spreads to more run-of-the-mill criminals.
One Anonymous member said of the Sony hack: “So it’s Anon’s work. But you can’t blame the whole collective for what one or two guys do. We’re a gathering of Anonymous activists, not some scary organised hacking group. It was uncalled for this early in the fight.”
He claimed only a few Sony administrator accounts were stolen and distributed by the other members, though they could have been used later for wider theft of data.
Barrett Brown, an Anonymous member who has admitted to roles in other group operations, said that the postings in question could have been planted by enemies of the organisation.
But another Anonymous member said: “Of course, the ones behind Operation Sony started denying everything when FBI and Homeland security was put on the case...because they were afraid they were going to get caught...A few operators disappeared.”
It remains unclear what the actual fallout to Sony customers will be. The company has said that only 12,700 credit and debit card numbers were taken, and the passwords to user accounts were obscured through a technique called hashing, which might be hard to crack.
“No credit card information was ever exposed, neither was over 100 million accounts,” the Anon said. “They had access to their databases, yes, but nothing was downloaded except a few admin accounts. Nothing has been exposed, no one is selling anything.”