I don't think Anonymous did this, but if they did, that's excellent. The attorney general's office is "taking the matter seriously", which is fine... one dude will go to jail for this. If one person is willing to "go down" and take a big corporation with them, we're going to run out of big corporations long before we run out of hackers.<p>(I personally wouldn't do this, but I do consider it respectable.)<p>You could argue that selling the credit card numbers makes it look more criminal than "for spite", but I think you have to sell the credit card numbers in order to damage Sony.
FTA:<p>"The attack that stole the personal data of millions of Sony customers was launched separately, while the company was distracted protecting itself against the denial-of-service campaign, Sony said."<p>Wow. I didn't think they could do better than "most people don't know what a rootkit is, so why should they care about it?" but I was wrong.<p>Sony Command: Quick! All security personnel are immediately ordered to drop what they're doing and guard against that DOS attack!<p>Sony Security: But Sir, won't that leave our user data "un-guarded"<p>Sony Command: We don't have time for that now, Soldier, now move Move MOVE!!
<i>"Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack"</i><p>Uggh. First off, sorry Sony.. <i>Who</i> has been the victim?<p>Second, wrapping big fancy words to make this seem like some sort of magical act of God that no company could have with-standed is patently obnoxious. Is Sony not equally capable of careful planning, and stocked with highly professional and sophisticated criminal cyber defense professionals?
What's the connection between a denial of service attack and intrusion? The only connection I see is a DoS could make detecting intrusion more difficult. I don't see how it would make actually getting in any easier.
"They released a statement via YouTube last month saying that while the group's organizers had not stolen the data, it was possible some members of the group were involved in the matter."<p>Just about anyone could claim to be part of "Anonymous" and submit a video saying just about anything. If you can't verify something, you probably shouldn't be including it in the news.
Someone needs to explain to business people that these types of internet-based intrusions can <i>only</i> happen as a result of poor technical security.<p>Where is the incentive for real security? Businesses need to be directly responsible when these kind of break-ins happen. It can't be treated as if they had a physical break-in where we go looking for the thieves. It must be treated as a security failure and the company must take full responsibility. Of course, this doesn't happen, so Sony is free to blame "the hackers" and call it a day.<p>Meanwhile, everyone's data on PSN is compromised. Even if you think that perfect internet security is impossible, there is absolutely no excuse for not hashing passwords or encrypting credit card data.<p>The public needs to realize that break-ins to a physical location (which are always possible with enough firepower) are distinctly different from internet-based break-ins, which are almost always avoidable or can at least have their scope greatly limited.<p>If technical holes exist, it's inevitable that they'll be exploited. I blame Sony far more than the intruders.
What does this have to do with the data lost in a hack from 2007? It seems to me that Sony has, in general, bad security and this whole ordeal recently has made them aware that they have been in a vulnerable position.