The PlayStation 3 controversy - Anonymous enters the scene (UPDATED 2011-04-12)

Background

In our security article in January this year we wrote about the fact that program code for jailbreaking Sony PlayStation 3 (PS3) as well as the private key used for securing this device, had been published.  A few days after, some of those involved, including the profiled hacker geohot - under his real name George Hotz - were met by a lawsuit from Sony. Among other claims the lawsuit included removing the code from the Internet!
[Removing the key from the Internet may be a challenging task, as a Google search for the PlayStation 3 secret key shows several million results.]

In the following weeks, U.S. courts allowed Sony to get information from Holtz's accounts with Internet companies like PayPal, YouTube, as well as log files from his web server. The purpose seems to attempt to identify anyone who had access to the data that was relevant to the PlayStation 3 jailbreak.

Those interested in more background will find a good summary of the events involving geohot and Sony in Wired's Threat level.

Anonymous' statement about Sony

Sunday 3 April the hacker group Anonymous stepped up its involvement in this case.

True to its usual form, the group published a statement that said:

Congratulations, Sony.

You have now received the undivided attention of Anonymous. Your recent legal action against our fellow hackers, GeoHot and Graf_Chokolo, has not only alarmed us, it has been deemed wholly unforgivable.
(...)
Now you will experience the wrath of Anonymous.
(...)

The statement was also - as usual - published as a video on YouTube.

Anonymous was mentioned in our security article DDoS war in September last year, when the group engaged in attacks against the recording and music industry. Previously the group was known mostly for attacking the Church of Scientology.

Last autumn the group rose to major (in)fame when it engaged in attacking organizations that Anonymous meant acted against WikliLeaks and the public's right to information (PayPal, VISA, MasterCard and other).

Anonymous biggest success is arguably the attack against the security company HBGary Federal, where many confidential emails were subsequently published.

The group has also been involved in the uprising in several Middle East countries, and attacked government web sites.

Attacking Sony

DDoS attacks

Not long after the abovementioned message from Anonymous, attacks on Sony's network infrastructure commenced. According to reports, some of Sony's resources around the world were down, while others seem to be unaffected by the attack.

As of this writing, all the Sony resources we tested seem to be functioning normally. However, from previous experience, Anonymous' attacks often come in waves, so this may change at any point in time. Anonymous' attacks have previously been quite effective in disrupting web resources by use of the group's tool of choice: Low Orbit Ion Cannon (LOIC) - a piece of software that may be used for Distributed Denial of Service (DDoS) attacks.

Some have compared the use of DDoS as a tool against corporations' and governments Internet resources to a kind of innocent demonstration. Whether using such a tool is illegal is also discussed, and this may differ between countries and legislations. It is known that arrests were made in various countries after Anonymous' involvement in supporting WikiLeaks.

We shall not pursue this debate in this article. The entity that is attacked, however, will no doubt perceive it as highly unpleasant as the DDoS interfers with the ability to perform day-to-day tasks (which of course is also the general idea by such attacks).

It should also be noted that any action that disables the presence of any Internet resource, hardly seems in line with the view of the Internet as a repository for all kinds of information and data freely accessable by anyone.

Attacking Sony employees and their families(?)

According to PlayStation LifeStyle another(?) group calling itself SonyRecon, which may or may not be affiliated with Anonymous, has taken a more aggressive approach and targets Sony's executive and their families, as well as the judge in the lawsuit case.

Actions that could be performed include:

• publishing names, phone numbers and addresses on the Internet,
• posting fake advertisements in 'erotic services' web sites,
• making fake phone calls to the employees, telling that they are infected by serious illnesses.

This types of attacks are obviously more serious, not the least because they are not targeting the company, but individuals (including completely innocent family members). Most people would deplore protests of this type.

Losing public support?

One may like it or not, but it is a fact that some of the previous 'operations' that Anonymous has initiated, have received quite a lot of public support. The reason why may be that the targets have often been big corporations, government agencies and other organizations. These may have been regarded with quite a lot skepticism in the first place, and the fact that they are 'messed with' has not caused any kind of dissatisfaction by the general public. Previous Anonymous operations have also not harmed the general public significantly.

This new Sony operation may seem to be different. One of the targets that seem to be hit by Anonymous' actions, is the PlayStation Network. This is a closed network used by the owners of PlayStations - people that initially may have been positive to the actions performed by the PlayStation 3 hackers earlier this year. By targeting this network, the users of PS3 are hit, which they do not like (obviously).

Some of the participants in PlayStation 3 forums are quite harsh in their comments about Anonymous.

From GAMESPOT

• (...)The hackers aren't fighting for anything but their own selfish ambitions. Don't fight for my freedom, please. All you are doing is taking away from me and other paying customers. (...)
• these **** idiots realise there hurting the ps3 users and not sony right

From EUROGAMER

• How to lose support of PSN users in one fell swoop.
• (...) I'm a paying customer who's more than happy with te service Sony offer me. Why the fuck should I lose out because some "hackers" have decided to develop some deluded moral stance?
  Let's just say your wish comes true and they "take Sony down". What then? 80 million customers unable to use their gaming platform of choice, umpteen games developers out of business because they can't afford to shift platforms across to one of the remaining holders...
  Really can't see what anonymous are hoping to get out of this, I have to say
• There is a large difference between helping a suppressed populous and terrorising a company by targeting their innocent user base (...)

The anatomy of Anonymous

Anonymous characterizes itself as a hive and a nest. One potential issue with such free structures is the potential for different actions that may conflict with each other. One fraction's actions may not be in line with the activities carried out by another. This represents a problem and a strength with organizations set up as loosely as Anonymous appears to be.

The outcome of the Anonymous vs. Sony affair is not clear yet. Neither should one conclude about any permanent change in Anonymous standing by its former supporters.

Update 2011-04-07

Anomymous has now made a statement regarding the ongoing attacks against Sony and the PlayStation Network (PSN):

(...)
Anonymous is not attacking the PSN at this time. Sony's official position is that the PSN is undergoing maintenance. We realize that targeting the PSN is not a good idea. We have therefore temporarily suspended our action, until a method is found that will not severely impact Sony customers.

Anonymous is on your side, standing up for your rights. We are not aiming to attack customers of Sony. This attack is aimed solely at Sony, and we will try our best to not affect the gamers, as this would defeat the purpose of our actions. If we did inconvenience users, please know that this was not our goal.
(...)

Update 2011-04-12

George Hotz and Sony have entered a settlement on the lawsuit case.

On the PlayStation.Blog a joint statement was posted 11 April:

Sony Computer Entertainment America (“SCEA”) and George Hotz (“Hotz”) today announced the settlement of the lawsuit filed by SCEA against Hotz in federal court in San Francisco, California. The parties reached an agreement in principle on March 31, 2011. As part of the settlement, Hotz consented to a permanent injunction.

Both parties expressed satisfaction that litigation had been quickly resolved. “Sony is glad to put this litigation behind us,” said Riley Russell, General Counsel for SCEA. “Our motivation for bringing this litigation was to protect our intellectual property and our consumers. We believe this settlement and the permanent injunction achieve this goal.”

“It was never my intention to cause any users trouble or to make piracy easier,” said Hotz, “I’m happy to have the litigation behind me.” Hotz was not involved in the recent attacks on Sony’s internet services and websites.

In the action, SCEA accused Hotz of violating federal law by posting online information about the security system in the PlayStation 3 videogame console and software that SCEA claimed could be used to circumvent the security system in the console and allow the playing of pirated videogames. Hotz denies any wrongdoing on his part. Hotz’s motion to dismiss for lack of personal jurisdiction was still pending before the federal court in San Francisco but a preliminary injunction was issued requiring Hotz to take down the postings challenged by SCEA.

“We want our consumers to be able to enjoy our devices and products in a safe and fun environment and we want to protect the hard work of the talented engineers, artists, musicians and game designers who make PlayStation games and support the PlayStation Network,” added Russell. “We appreciate Mr. Hotz’s willingness to address the legal issues involved in this case and work with us to quickly bring this matter to an early resolution.”

Anonymous comments in an OpSony update, where the group states that it will cease the DDoS attacks on Sony, and "pursue other ways of getting Sony's attention". They group does not accept that the case is closed by the settlement: 

(...) In the eyes of the law, this case is over. We disagree. (...)
The current solution will only embolden other greedy corporations to employ similar unfair tactics, so it is necessary to continue our protest to make our voices heard. (...)