In a letter to the US House of Representatives explaining Sony's actions during the recent PlayStation Network outage and data leak, company boss Kazuo Hirai cites "cybercrimes and cyber terrorism" as a mitigating factor, and applauds efforts "to put in place laws to protect us from these very real threats".
Blames PlayStation Network leak on 'cyber terrorism' by Anonymous
"Without addressing the need for strong criminal laws and sanctions and, most importantly, enforcement of these laws, there will not be any meaningful security on the internet," Hirai adds.
In the letter Sony suggests that the PSN collapse could be the work of the hacking organisation known as Anonymous. Anonymous declared war on Sony when it sued 'geohot', the hacker George Hotz who released cracking codes for the PS3, and launched denial-of-service attacks on Sony systems on 6 April 2011. But certain Anonymous members have stated that they at least had nothing to do with the recent PSN outage.
"We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named 'Anonymous' with the words 'We are Legion'," states Sony on its blog. 'We are Legion' is a phrase popularly associated with Anonymous.
By blaming the PSN hack on Anonymous and legislative shortcomings, Sony is attempting to shift the heat off itself; the company is under pressure to justify itself after failing to alert PSN users that their personal details were at risk for almost a week after it became aware of the possible data theft. (See Timeline: PSN hack.)
In the letter, Hirai explains that Sony became aware "that data of some kind had been transferred off the PlayStation Network servers without authorisation" on 20 April 2011, although security teams were unable to determine what type of data had been transferred. It then notified the FBI on 22 April, and notified consumers that personal information (and potentially credit card data) had been taken on 26 April.
The delay will infuriate many users, especially if it turns out that credit card details have indeed been stolen, but the company claims its investigations took that long.
"[Sony] has taken the almost unprecedented step of shutting down the affected systems as soon as threats were detected and is keeping them down, even at substantial cost to the company, until all changes to strengthen security are completed," adds Hirai. If he's waiting for the law to change and give Sony the protection it feels it's entitled to, PSN users could be offline for a while.
Update: In an interview with SCMagazineUS.com, Anonymous spokesman Barrett Brown has denied the group's involvement in the PSN hack in greater detail.
"Anonymous has no record of engaging in credit card theft and resale, and if we did, the FBI would've already come down on us," he stated.
Discussing the discovered files labelled 'Anonymous' and 'We are Legion', Brown said: "Any clever thief of that sort would be inclined to leave a document laying blame on someone else... They could've just as easily left documents saying: 'Congress. We investigate steroid use in baseball.'
"We're all mystified by this. Everyone just assumes - knows - it's some criminal group. But it wasn't us."