The hacking group Anonymous has denied responsibility for the attack on Sony's networks, claiming that it has "never...engaged in credit card theft."
In a long statement posted to the Daily KOS site, the group said others were trying to frame it for the hack of Sony's PlayStation and Online Entertainment networks.
"Whoever broke into Sony's servers to steal the credit card info and left a document blaming Anonymous clearly wanted Anonymous to be blamed for the most significant digital theft in history," said Anonymous. "No one who is actually associated with our movement would do something that would prompt a massive law enforcement response."
Although Sony declined to testify yesterday before a House subcommittee investigating data breaches, in its written response Tuesday to questions ( download PDF ) the company said Anonymous was at least partially responsible for the hacks because it had conducted denial-of-service (DoS) attacks against Sony in the weeks prior to the credit card hack.
"Whether those who participated in the in the denial of services attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," said Sony. "In any case, those who participated in the denial of service attacks should understand that -- whether they knew it or not -- they were aiding in a well planned, well executed, large-scale that that left not only Sony a victim, but also Sony's many customers around the world."
Sony also said the credit card hackers had left a file named "Anonymous" on one of its servers. The file contained the words "We are legion," a trademark phrase of the group.
"Anonymous has never been known to have engaged in credit card theft," the group countered Wednesday.
Tuesday's accusations that Anonymous may have been involved was a reversal for Sony.
In a Tokyo press conference Monday, Kaz Hirai, CEO of Sony's games subsidiary, said the company had not found find any link between Anonymous and the newest attacks.
Anonymous had denied responsibility for the Sony network breaches before. On April 22, it issued a statement titled, "For Once We Didn't Do It" that argued "Sony is taking advantage of Anonymous' previous ill-will toward the company to distract users from the fact that the [PlayStation Network] outage is actually an internal problem with the company's servers."
The group had taken credit for the DoS attacks against Sony two weeks before the April breach. Those attacks were launched as a protest of Sony's legal pursuit of George Hotz, who had hacked the PlayStation 3 to run Linux OS.
Hotz, who settled with Sony, has also said he had nothing to do with the network attacks.
"I'm not crazy, and would prefer to not have the FBI knocking on my door," Hotz said in an April 28 blog post . "Hacking into someone else's server and stealing databases of user info is not cool. You make the hacking community look bad, even if it is aimed at douches like Sony."
But Hotz also said Sony had essentially reaped the whirlwind.
"The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts," said Hotz. "Alienating the hacker community is not a good idea."
It would obviously be in Anonymous' interest to deny responsibility for the credit card theft. Sony contacted the Federal Bureau of Investigation (FBI) three days after it discovered the intrusion, and five days later met with the agency to provide details of the attack.
The FBI, along with law enforcement authorities in other countries, have been pursuing Anonymous since last year, when the group targeted a large number of Web sites -- including those for Amazon, PayPal, MasterCard and Visa -- for withdrawing services from Wikileaks , the document leaking organization that began publishing U.S. diplomatic cables in November 2010.
Sony took its PlayStation Network offline on April 20. As of today, that network, as well as the Online Entertainment network, was not operational.
The company told Congress on Tuesday that it had not identified the people who broke into its servers and lifted the personal information -- and possibly credit card numbers, as well -- of millions of customers.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is [email protected] .
Read more about security in Computerworld's Security Topic Center.