AllThingsD.com

Yet now that the attacks have subsided, it’s time to see them for what they are: Nothing more than a blunt instrument that accomplishes nothing constructive.

As of today, only one of the Web sites attacked by the hacker troupe Anonymous is still apparently affected, and that belongs to the Universal Music Group recording label. It currently displays only a message saying “The Site is under maintenance. Please expect it to be back shortly.” Others that had been attacked yesterday, including the sites of the U.S. Department of Justice, the Recording Industry Association of America and the Motion Picture Association of America all seemed to be operating normally.

Thursday’s attacks, which have been described as the biggest action yet organized by Anonymous, were launched in apparent revenge for the FBI’s arrest of several people associated with the file-sharing site Megaupload.com over suspicions of online piracy. Taking place against the backdrop of a wider, more civil protest against anti-piracy legislation currently before the U.S. Congress, the atmosphere around the attacks has been politically charged.

As Molly Wood of CNET put it, the #OpMegaUpload attacks — coming as they did on the heels of Wednesday’s peaceful anti-SOPA protest — seem like an “unsettling wave of car-burning hooligans that sweep in and incite the riot portion of the play,” spurring equally unsettling reactions from the powers that be.

Many outlets have portrayed the attacks as “hacks,” implying that someone had picked a lock in order to commit some kind of sabotage. But the tactic used — a distributed denial-of-service (DDoS) attack — is more aptly compared to a blunt instrument, requiring neither skill nor knowledge, only large numbers of willing participants who team up to swarm a site with more requests than it can accommodate and thus overwhelm its ability to function normally.

The adjective “willing” is debatable, and perhaps inaccurate. Anonymous was able to generate such impressive numbers with the operation — it claimed more than 5,000 participants — by spamming a link in chat rooms and via Twitter that, when clicked, triggered a tool used to launch the attack. People tricked into following the link are given no context or information, and so may or may not have any idea that they’re participating in the execution of a crime.

For the record, it is illegal in the U.S., the U.K., Sweden and other countries to launch and participate in a DDoS attack like the one Anonymous organized. As anyone who has observed the evolution of Anonymous (and its various affiliates using the names LulzSec and AntiSec) should know, the FBI arrested 16 people last July, many of them charged with participating in a DDoS attack against PayPal in protest of its shutting down an account used by WikiLeaks.

In 2009, a New Jersey man was sentenced to a year and a day in prison for launching a DDoS attack against the Church of Scientology. And in 2010, a 23-year-old Ohio man was sentenced to 30 months in prison for launching DDoS attacks against several prominent U.S. conservatives, including the author Ann Coulter, former New York City mayor Rudolph Giuliani and Fox News commentator Bill O’Reilly.

Records like that suggest to me that DDoS attacks never accomplish anything that the people who organize and carry them out attempt to do. At most, they inconvenience the people who visit and operate the targeted sites for a few hours, until the attention spans of the attackers shift elsewhere. They also generate headlines that are forgotten by nearly everyone except the targets, and sometimes law enforcement.

And so it will be this time. Mark your calendars, because the Megaupload revenge attacks will spur a series of arrests later this year. Some of those arrested will be people who didn’t know they were committing a crime. And that certainly won’t help Anonymous’ image. Nor will it further a single bit of what passes for the Anonymous agenda.

This was a very apolitical group that had absolutely no understanding about the military-industrial complex whatsoever, and no understanding about international finance. As a result of joining our battle and trying to protect themselves, they have come to see that the threats related to Internet freedom come from the military-industrial complex, the banking system and the media.

– Julian Assange, in Rolling Stone, referring to Anonymous

But this one has a twist or two. The media company is Grooveshark, an increasingly popular music service that’s also being sued by all of the major music labels.

And Grooveshark doesn’t want information about alleged lawbreakers. Instead, it wants details about an anonymous user who posted comments on Digital Music News, an industry news site.

Paul Resnikoff, the site’s owner, publisher and primary writer, writes about the subpoenas (and posts them in their entirety) here. And Ben Sisario of the New York Times has a good summary of the story. So I’ll try to do my version very quickly:

• Universal Music Group, the world’s biggest label, is suing Grooveshark over copyright violations, and has cited an Oct. 2011 story that Resnikoff published, along with comments made by one more readers, in its case.
• The story concerned claims by musician Robert Fripp and his team, who argued that though they didn’t want Fripp’s music on Grooveshark, the company wouldn’t take his songs off its site.
• The comments in question came from someone who said they were a Grooveshark employee, and that they had specific instructions to upload music from the big labels to the site, without permission from the labels or artists. “And,” the commenter adds, “to confirm the fears of [Fripp], there is no way in hell you can get your stuff down.”
• Grooveshark is demanding that Resnikoff hand over “any and all correspondence or other communications” between himself and Universal Music over the story. They also want “any and all documents concerning the identity of the First Anonymous Commenter, including, without limitation, that person’s name, address, telephone number and e-mail address, and the IP Address and ISP associated with that person.”

Resnikoff says he won’t comply with the subpoenas. He tells me that even if he wanted to hand over information about his anonymous commenters, he couldn’t. He says that as a matter of policy his site routinely “flushes” any information about anonymous commenters within two days of their posts.

And Resnikoff says that even though the comments in this case contained explosive allegations about Grooveshark, he never tried to verify the commenter’s identity: “What the world sees is what we have.”

In his post, Resnikoff suggests he’ll be protected by whistleblower laws when he fights Grooveshark’s demands. But he tells me that his legal team isn’t sure what laws they’ll cite yet. “We’re just incredibly committed to protecting any informants or sources of information,” he says.

This fight has plenty of interesting gray areas. For instance: What kind of legal responsibility does a news site have for claims that its commenters make? But I’ll let media law experts weigh in on that. For me, the notion that a Web publisher that isn’t directly involved in a legal suit can be forced to cough up names and addresses of contributors makes me shiver.

That scenario also strikes me as similar to some of the worst-case scenarios that SOPA/PIPA opponents have been making in recent weeks — this is a Web site faced with big legal problems over the actions of a single user, right? So I’ll be interested to see if they jump on Grooveshark over this one.

But Grooveshark doesn’t seem to think anyone will get riled up about this. This afternoon, I received an unsolicited email from Edelman, its PR firm. The email contained a copy of the subpoena, and a statement Edelman wants attributed to Grooveshark: “Grooveshark reaffirms its confidence that it will prevail in this litigation and that this filing represents the next step in reaching that end.”

(Image courtesy of Shutterstock/photobank.ch)

I wrote then:

“The unvarnished fact is that the networked society to which we’ve become accustomed in the last several years has a soft, vulnerable underbelly.

And the more we rely upon it, the more people with a combination of advanced technical skills and repugnant motivations are going to look for ways to turn it against us.

Some will do so as a means of making a personal profit. Others may see it as a way of advancing a political or ideological agenda.

But others will want to use theirs skills to do serious harm to innocent people on a large scale.”

Part of these predictions or ruminations or whatever you care to call them makes me think of the hijinks of the group that started out in the spring variously known as LulzSec, Anonymous and later adopted the moniker AntiSec. This loosely affiliated group emerged from the wake of the various attacks against Sony, and seemed to have nothing to prove but that it could make mincemeat out of whatever security measures had been put in place by Sony or whatever video game outfit it had targeted on a given day.

Sony’s Playstation Network was a favorite target, and its service was at least partially offline during two months ended in July.

Then, as summer dawned, the group’s members became aware of global politics and teamed up with Anonymous, the Wikileaks-allied band of hackers known for their campaigns of digital civil disobedience. Together they declared “immediate and unremitting war” on governments and corporations, and said their top priority would be to steal and leak any classified government information, including but not limited to email and documentation. They attacked an Arizona police agency as a way of making a statement against anti-immigrant laws in that state, and published the names and home addresses of several officers.

Later they sought to earn some street cred by stealing “secret” documents from NATO, only to learn after the fact that the documents they released had not only been released before, but weren’t even really all that secret to begin with. It wasn’t long before alleged members of the group started showing up in handcuffs, which seemed not to faze them. The prospect of body bags and real-world violence during a confrontation with Mexican drug cartels, however, did.

Yet for all the headlines they garnered and the headaches they caused, the LulzSec/Anonymous/AntiSec gang wasn’t anywhere near the scariest thing to appear on the computer security landscape in 2011. To my mind, one of the top three scariest things was the disclosure of Operation Shady RAT, which Intel-unit McAfee said appeared to be the biggest large-scale compromise ever, affecting 72 organizations and governments around the world, including the U.S., Taiwan, Vietnam, South Korea, Canada and India — some of them dating back as far as 2006. McAfee said the attacker was a “state actor,” though it declined to name it. The candidate highest on the short list was, naturally, China.

The second truly scary incident was the attack carried out against RSA Security, a unit of the IT company EMC, the maker of the popular SecurID tokens that so many people have on their keychains and use to create an added layer of security that goes beyond the password. Months later, the U.S. defense contractor Lockheed Martin was attacked with duplicate SecurID tokens.

Finally, the Stuxnet Trojan (used by parties officially unknown, but probably Israel with a little help from the U.S.) continued to fascinate and confound security researchers in 2011. Having caused nuclear centrifuges in Iran to explode in an attempt to set back that country’s nuclear weapons research program, Stuxnet was found to have a sibling called Duqu. Unlike Stuxnet, which messed with industrial control computers and made them do things they wouldn’t normally do, Duqu’s mission was much simpler: Steal everything in sight.

And after that, it was discovered by researchers at Kaspersky labs that Stuxnet and Duqu are part of an even bigger family, with at least three more siblings still undetected by researchers, and that all five were created by the same people and with the same tools. Chances are we’ll see at least a few of those final three in 2012, particularly as tension with Iran heats up.

So while there was much to consider scary happening on the Internet in 2011, I’m grateful for being wrong on one key prediction: That we didn’t see a significant computer attack used to physically harm innocent people on a large scale. That’s one prediction I hope to miss for years to come.

Identity Finder, a New York-based identity theft protection firm, has analyzed the information breached and summarized what the attackers appear to have made off with.

• 50,277 unique credit card numbers, of which 9,651 are not expired
  
• 86,594 email addresses, of which 47,680 are unique
  
• 27,537 phone numbers, of which 25,680 are unique

• 44,188 encrypted passwords, of which roughly 50 percent could be easily cracked
• 73.7 percent of decrypted passwords were weak
• 21.7 percent of decrypted passwords were medium strength
• 4.6 percent of decrypted passwords were strong
• Average decrypted password length: 7.1 characters
• 10 percent of decrypted passwords were less than 5 characters long
• Only 4.8 percent of decrypted passwords were 10+ characters long
• Presumably the remaining non-decrypted passwords were stronger than the decrypted subset
• 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world

There are also an additional 2.7 million email messages that the attackers claim to have taken, but that have not yet been released.

Stratfor has promised to inform the customers whose information was taken no later than Dec. 28, which is tomorrow. Anonymous, ever seeking to justify its actions in the name of some higher moral purpose, said in a tweet that Stratfor, which sells subscriptions to its intelligence analysis reports to government, law enforcement agencies and businesses, isn’t “the harmless company it tries to paint itself as,” and that the emails will show that.

@techwriterjim It was conducted by #Antisec. Stratfor is not the “harmless company” it tries to paint itself as. You’ll see in those emails.

December 27, 2011 10:27 am via QwitReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

Whatever. Wired reported that someone who participated in the attack said that a total of four servers were breached, and the data on them wiped. The question that then logically arises is this: What was a firm that’s ostensibly in the business of advising business and government clients on security doing about its own?

Some people claiming to represent Anonymous — the lines and affiliations are always difficult to discern — said that the information taken in the attack included user names and passwords of some Stratfor subscribers, plus another 200 gigabytes worth of other data.

Stratfor founder George Friedman confirmed the attack in an email to subscribers; I received it because I’ve been an intermittent Stratfor subscriber over the years. Here’s Friedman’s email:

Dear Stratfor Member,

We have learned that Stratfor’s web site was hacked by an unauthorized party. As a result of this incident the operation of Stratfor’s servers and email have been suspended.

We have reason to believe that the names of our corporate subscribers have been posted on other web sites. We are diligently investigating the extent to which subscriber information may have been obtained.

Stratfor and I take this incident very seriously. Stratfor’s relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible.

Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters.

Sincerely,
George Friedman

And here’s an update to Stratfor subscribers, from Dec. 25:

Dear Stratfor Member,

On December 24th an unauthorized party disclosed personally identifiable information and related credit card data of some of our members. We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed.

Also publicly released was a list of our members which the unauthorized party claimed to be Stratfor’s “private clients.” Contrary to this assertion the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications.

We have also retained the services of a leading identity theft protection and monitoring service on behalf of the Stratfor members that have been impacted by these events. Details regarding the services to be provided will be forwarded in a subsequent email that is to be delivered to the impacted members no later than Wednesday, December 28th.

In the interim, precautions that can be taken by you to minimize and prevent the misuse of information which may have been disclosed include the following:

- contact your financial institution and inform them of this incident;
- if you see any unauthorized activity on your accounts promptly notify your financial institution;
- submit a complaint with the Federal Trade Commission (“FTC”) by calling 1-877-ID-THEFT (1-877- 438-4338) or online at https://www.ftccomplaintassistant.gov/; and
- contact the three U.S. credit reporting agencies: Equifax (http://www.equifax.com/ or (800) 685-1111), Experian (http://www.experian.com/ or (888) 397-3742), and TransUnion (http://www.transunion.com/ or (800) 888-4213), to obtain a free credit report from each.

Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically. Checking your credit reports can help you spot problems and address them quickly.

To ease any concerns you may have about your personal information going forward, we have also retained an experienced outside consultant that specializes in such security matters to bolster our existing efforts on these issues as we work to better serve you. We are on top of the situation and will continue to be vigilant in our implementation of the latest, and most comprehensive, data security measures.

We are also working to restore access to our website and continuing to work closely with law enforcement regarding these matters. We will continue to update you regarding the status of these matters.

Again, my sincerest apologies for this unfortunate incident.

Sincerely,
George Friedman

Then came reports that whoever had taken the information — which included credit card numbers — had used the numbers to make donations in the name of the hacking victims. Here’s a link to what is said to be a screen grab following just such a donation to CARE by an employee of the Defense Intelligence Agency.

While some might applaud the apparent cleverness of Anonymous’s “steal from the rich, give to the poor” attitude, it’s unlikely that the charities in question will ever see a dime of the money that’s been “donated” to them. As Mikko Hypponen of F-Secure pointed out here, once the credit cards in question are reported stolen, the charges will be reversed and the charities will more than likely be on the hook for any fees or penalties that result.

As is often the case with a headline-making attack carried out in the name of Anonymous, there followed a series of claims and counterclaims as to whether or not this was an “official” Anonymous attack, or just the work of someone falsely claiming the Anonymous cloak. There was, for instance, this “emergency press release,” claiming that the attack on Stratfor was “most definitely not the work of Anonymous”:

Following that, Anonymous tweeted, via its semi-official Twitter account @AnonymousIRC, that it “laughed so hard” in response to that message — essentially saying it’s a fake. The group has hinted that it is going to be busy over the next several days.

RT @FiloSottile: “Anonymous denies involvement in #STRATFOR hack. http://t.co/cQ1INYlh” | We laughed so hard at this!

December 26, 2011 5:30 am via QwitReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

In a weird sort of mash-up of villains, one decidedly more evil than the other, a Mexican affiliate of Anonymous Veracruz announced that it was going to start publishing the names and addresses of the cartel’s business associates in response to the kidnapping of an Anonymous member. Anonymous had accused taxi drivers, police officers and journalists of being Zeta “servants.”

Of course, the publication of that information would give an advantage to rival cartels, who would probably have them whacked. According to a report on Stratfor, the Zetas had taken the threat seriously enough that the cartel dispatched its own computer experts to track down the people behind various anti-cartel blogs. A few people have been killed.

Having hassled Sony over the summer, attacked targets as varied as NATO and the U.S. Senate, and posted the addresses of state cops in Arizona, all Anonymous seems to have accomplished is getting some of its lesser members arrested.

TalkingPointsMemo has a pretty good rundown. Basically, it comes down to this: Anonymous didn’t have the stomach for real-world violence.

Scotland Yard says it has nabbed two more people that it says are members of the group; one of them is said to be connected to crimes committed under cover of the online identity “Kayla.”

In a statement, police did not release the names of the two men arrested. They are aged 20 and 24, and one comes from the town of Mexborough, while the other comes from Warminster. The arrests were conducted in cooperation with local police and the FBI. In one case, a home was searched and computer equipment taken.

It was the second pair of arrests in as many days. On Thursday, police arrested two others as part of the growing worldwide investigation into the activities of LulzSec and Anonymous.

And yet the hacker crimes continue, seemingly unabated. Anonymous has dubbed today “Texas Takedown Thursday” or #TTT on Twitter. The target: Law enforcement agencies in the state of Texas, in apparent retaliation for the arrests earlier this summer of 16 people said to be associated with Anonymous.

The group says it has leaked about three gigabytes worth of email and other data from private email accounts it says belong to certain police officials in Texas. It also claimed credit for defacing a Web site belonging to the Texas Police Chiefs Association.

It’s the second such targeting of police officers in a particular state. In June, the group went after the Arizona State Police, posting home addresses of officers.

LulzSec and Anonymous, in their various contortions, have had a busy summer. The group and its sympathizers started out making Sony’s existence miserable, on the heels of an attack on the PlayStation network; the attack brought the network down for several weeks.

And these aren’t the kind of cyber attacks carried out by bumbling troublemakers like the LulzSec gang, which make headlines but really only cause a nuisance for companies like Sony. In these cases, networks were compromised by remote access tools — or RATs, as they’re known in the industry. These tools — and they are tools, because they have legitimate uses for system administrators — give someone the ability to access a computer from across the country or around the world. In this case, however, they were secretly placed on the target systems, hidden from the eyes of day-to-day users and administrators, and were used to rifle through confidential files for useful information. It’s not for nothing that McAfee is calling this Operation Shady RAT.

McAfee says the attacker was a “state actor,” though it declined to name it. I’ll give you three guesses who the leading candidate is, though you’ll probably need only one: China.

Dmitri Alperovitch, McAfee’s Vice President, Threat Research, makes a statement in his blog entry on the discovery that should give everyone minding a corporate or government network pause: “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact.” He further divides the worldwide corporate landscape into two camps: Those who have been compromised and know it, and those who simply don’t know it yet.

This has been a particularly nasty year on the cyber security front. (I hate to say it, but I told you so.) Prior to this, the big attack whose full impact has not yet been fully sized up was the one against the RSA SecureID system, which uses popular keychain devices that create a constantly changing series of numbers that in turn create a second password for access to system resources. They’re widely used in government and military circles and among defense contractors. Google has been a regular target in recent years.

The RSA attack and Operation Shady RAT are examples, Alperovitch says, of an “Advanced Persistent Threat.” The phrase has come to be a buzzword that, loosely translated into English, means the worst kind of cyber attack you can imagine. Unlike the denial-of-service attacks and network intrusions carried out by LulzSec and its ilk, which require only minimal skill and marginal understanding of how networks and servers work, an APT is carried out by someone of very high skill who picks his targets carefully and sneaks inside them in a way that is difficult to detect, which allows access to the target system on an ongoing basis that may persist for years.

How did these attacks happen? Its very simple: Someone at the target organization received an email that looked legitimate, but which contained an attachment that wasn’t. This is called “spear phishing,” and it has become the weapon of choice for sophisticated cyber attackers. The attachments are not what they appear to be — Word documents or spreadsheets or other routine things — and contain programs that piggyback on the targeted user’s level of access to the network. These programs then download malware which gives the attackers further access. This all happens in an automated way, but soon after, live attackers log in to the system to dig through what they can find, copy what they can, and make a getaway — though they often leave the doors unlocked so they can come back for repeat visits.

Alperovitch notes — correctly, to my mind — that the phrase has been picked up and overused by the marketing departments of numerous security companies. His larger point is that too often those attacked in this way refuse to come forward and disclose what they’ve learned, thereby allowing the danger to continue for everyone else.

Alperovitch says that the data taken in Operation Shady RAT adds up to several petabytes worth of information. It’s not clear how it has been used. But, as he says, “If even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth.” It’s also bad for a target’s national security, because defense contractors dealing in sensitive military matters are often the targets. The best thing that can happen is that victims start talking about their attacks and sharing information with each other so that everyone can be ready for the next one, which is surely coming.

The photo, which appeared on the U.K.-based tech site shinyshiny.tv, is of Jake Davis, an 18-year-old resident of Britain’s Shetland Islands, specifically the island of Yell. The original photo appeared in the Instagram account of a user known as timbr. Update: Timbr turns out to be Tim Bradshaw of the Financial Times.

After reports surfaced suggesting that police may have been tricked into arresting the wrong person, police say they’re certain they have their man.

Davis appeared in a City of Westminster court this morning and was granted bail; he is next scheduled to appear in court on Aug. 30. He faces five charges related to distributed denial-of-service attacks against several sites, including, notably, the U.K.’s Serious Organized Crimes Agency in June.

Using the online handle “Topiary,” Davis had functioned as the group’s spokesman and gave interviews to the media about its activities. The group attracted a great deal of media attention for its numerous attacks against, among others, Sony, PBS, Nintendo, Britain’s National Health Service, the U.S. Senate, the U.S. Central Intelligence Agency, private affiliates of the FBI, and the Arizona Department of Public Safety.

The arrest in the U.K. followed a string of arrests in the United States, in which 16 people have been accused of being involved with the distributed denial-of-service attack against PayPal, the payment unit of eBay. LulzSec had in recent days been organizing a protest against PayPal, encouraging people to kill their accounts with the service.

LulzSec’s Twitter account has been quiet since July 27, the day the arrest was announced. And the Twitter account belonging to Topiary has been wiped of all messages, save for one saying “You cannot arrest an idea.” The Twitter account belonging to AnonymousIRC, the group under whose banner LulzSec briefly operated, included a message of support.

http://bit.ly/obmiaW | Stay strong, @atopiary. We will continue this, as your last tweet is truth. We, the people, silent no more. #AntiSec

August 1, 2011 3:56 am via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

Topiary has a Twitter account, though it appears to have only one Tweet made on July 22.

You cannot arrest an idea.

July 21, 2011 6:02 pm via webReplyRetweetFavorite

@atopiary

Topiary

The arrest occurred as LulzSec and Anonymous jointly urged their supporters to boycott PayPal by closing their accounts and withdrawing any funds held in them and to use competing online money transfer products. PayPal, the payment unit of eBay, was the alleged victim of a series of denial of service attacks late last year for which numerous people in the U.S., U.K. and The Netherlands were arrested last week. The attacks were launched in sympathy for WikiLeaks after the PayPal account through which it accepted online donations was shut down.

“We encourage anyone using PayPal to immediately close their accounts and consider an alternative,” the group said in a statement released via Pastebin, which you can read in full below. “The first step to being truly free is not putting one’s trust into a company that freezes accounts when it feels like, or when it is pressured by the U.S. government.”

Anonymous claimed via its Twitter feed that 35,000 PayPal accounts had been closed.

Received some more information: At least 35.000 PayPal accounts have been closed today, likely much more to come. Proud of you! #OpPayPal

July 27, 2011 8:14 am via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

A PayPal spokesperson disputed that in an email statement: “We haven’t seen any changes to our normal operations (including account opening and closing).”

Even if Anonymous’ claim of that number of account closures were true, the impact would be minimal. PayPal says it has 100 million active accounts in 190 markets and 25 currencies around the world. A loss of 35,000 accounts would amount to 0.035 percent of the account base, and couldn’t possibly exceed the flow of account terminations in a normal day. At that number, account cancellations can’t possibly be material, so at this point don’t expect any additional statement on the subject from PayPal.

Even so, eBay shares are down about 2 percent today, but I wouldn’t draw any connection between the boycott and its share price. Google, Apple and the Nasdaq itself are all down about 2 percent today.

The hacking group Anonymous claimed via its Twitter feed to have breached servers belonging to NATO, the North Atlantic Treaty Organization military alliance that has largely been responsible for the military defense of Europe since the end of World War II.

So far, three PDF copies of documents the group claimed to have taken in the attack were circulating on a sharing site devoted to PDF documents. Two were marked “NATO Restricted” and appear to have been removed from the PDFCast site.

I haven’t seen the first two, but the Telegraph described one as a working paper on communications systems used by NATO forces in Afghanistan, and was said to include technical and procurement information. A second concerned a plan to outsource communications for NATO forces stationed in Kosovo. If it sounds exciting, then I have some news for you: It’s not.

“Restricted” may sound important. As the Register points out, in the taxonomy of document labels, “Restricted” is for documents of relatively low importance. Anonymous is crowing like it has just broken into a trove of NATO’s deepest secrets. It appears instead they’ve taken some documents relating to relatively mundane workaday operations.

Higher up the scale are documents that get stamped “Confidential,” then “Secret” and then “Top Secret.”

A third document which just emerged via the @AnonymousIRC Twitter feed is a 59-page document concerning NATO security procedures. It is marked “NATO Unclassified” which is actually even lower on the totem pole than “Restricted.” The only restriction is that they’re subject to NATO copyright and can only be released with NATO permission. Not that NATO is going to care very much. This very document has been floating around since 2006.

We are sitting on about one Gigabyte of data from NATO now, most of which we cannot publish as it would be irresponsible. But Oh NATO….

July 21, 2011 3:57 am via Power TwitterReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

Hi NATO. Yes we haz more of your delicious data. You wonder where from? No hints, your turn. You call it war; we laugh at your battleships.

July 21, 2011 6:23 am via Power TwitterReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

This one isn’t restricted but ironic: http://t.co/A86jUGX | It describes security procedures within NATO. Well, seems nobody ever read them.

July 21, 2011 7:29 am via Power TwitterReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

NATO issued a statement saying that it is aware of the claim of the breach and is investigating. And it certainly will, but it’s not as if significant alarm bells are likely to be ringing at NATO Headquarters over this, at least not from the documents seen so far, though the group claims to be holding back on releasing some documents it says “most of which we cannot publish as it would be irresponsible.” It promises more releases in the coming days.

Meanwhile, if that weren’t enough, Anonymous and its ally LulzSec jointly taunted the FBI today. Responding to a quote given to National Public Radio in the story below, the groups issued a joint statement saying, “Your threats to arrest us are meaningless.” The statement appears below the radio story.

For those not keeping score, LulzSec is the group that claimed credit for attacking Sony umpteen times, then went on to attack other game companies and the U.S. Senate, then stole emails and other documents from servers belonging to the Arizona State Police. It also stole internal documents from AT&T.

LulzSec in recent weeks claimed it had been absorbed by the larger group Anonymous, but the lines appear to be blurring again, as it is at times active under its own banner. Two people connected to LulzSec’s activities were among 16 arrested in a nationwide FBI operation earlier this week. Fourteen others were arrested in connection with a denial of service attack against PayPal in sympathy with WikiLeaks.

The new statement is in reaction to a statement by an FBI assistant director saying the bureau wants to “send a message” about computer crime. The hacker group’s reaction essentially dares law enforcement to take further action. Something tells me they may get their wish.

The 14 arrested in Alabama, Arizona, California, Colorado, the District of Columbia, Florida, Massachusetts, Nevada, New Mexico and Ohio have been indicted by a federal grand jury in San Jose, California. I’ve embedded the complaint below.

Two others were arrested on similar charges on two separate complaints in Florida. The Florida case concerns the attack on InfraGard, the public-private information-sharing partnership affiliated with the FBI. The New Jersey case concerns the release of confidential documents stolen from AT&T. These would appear to be the first U.S. arrests connected with the LulzSec crew that’s been so active this summer.

Additionally, police in the U.K. arrested another person and police in The Netherlands arrested four more people in connection with the case.

The indictment names 14 people: Christopher Wayne Cooper, 23, a.k.a. “Anthrophobic;” Joshua John Covelli, 26, a.k.a. “Absolem” and “Toxic;” Keith Wilson Downey, 26; Mercedes Renee Haefer, 20, a.k.a. “No” and “MMMM;” Donald Husband, 29, a.k.a. “Ananon;” Vincent Charles Kershaw, 27, a.k.a. “Trivette,” “Triv” and “Reaper;” Ethan Miles, 33; James C. Murphy, 36; Drew Alan Phillips, 26, a.k.a. “Drew010;” Jeffrey Puglisi, 28, a.k.a. “Jeffer,” “Jefferp” and “Ji;” Daniel Sullivan, 22; Tracy Ann Valenzuela, 42; and Christopher Quang Vo, 22. One individual’s name has been withheld by the court, which suggests he or she is a juvenile.

The defendants are charged with conspiracy and intentional damage to a protected computer.

The 14 are accused of carrying out a December distributed denial of service attack against PayPal, the payment site owned by eBay. DDOS attacks are when attackers overwhelm a Web server with fake requests for attention at such a high volume that legitimate users can’t get through.

The group has also claimed responsibility for attacks against Visa, and at one point planned to attack Amazon. Various other factions connected to Anonymous have also attacked Sony and recently claimed responsibility for a hacking attack against the defense contractor Booz Allen Hamilton.

The FBI also made arrests today in the attack on the Web site of InfraGard, a non-profit group affiliated with the FBI itself. Scott Matthew Arciszewski, 21, was arrested today by FBI agents and charged with intentional damage to a protected computer. He’s been charged in the Middle District of Florida and has already appeared in a federal court in Orlando.

The complaint alleges that Arciszewski accessed without authorization the Tampa Bay InfraGard website and uploaded three files, and then Tweeted about it on Twitter.

InfraGard is a public-private partnership for critical infrastructure protection sponsored by the FBI with chapters in all 50 states.

In a related complaint unsealed in the District of New Jersey, the DOJ charged Lance Moore, 21, of Las Cruces, New Mexico with stealing confidential business information stored on AT&T’s servers and posting it on a public file sharing site. Moore is charged with one count of accessing a protected computer without authorization.

According to the New Jersey complaint, Moore, a customer support contractor for AT&T, exceeded his authorized access to AT&T’s servers and downloaded thousands of documents, applications and other files that, on the same day, he allegedly posted on a public file hosting site. That would be The Pirate Bay.

According to the complaint, on June 25, the computer hacking group LulzSec publicized that they had obtained confidential AT&T documents and made them publicly available on the Internet. The documents were the ones Moore had previously uploaded. He faces a maximum penalty of 10 years in prison and a $250,000 fine. Each count of conspiracy carries a maximum penalty of five years in prison and a $250,000 fine.

Here’s the indictment.

Indictment 7.19.11

[Image via Foxnews.com]

I’ve spoken with contacts at three FBI field offices — one here in New York, one in Los Angeles and another in San Francisco. I’m told that in New York search warrants were executed on homes in Brooklyn and in the towns of Baldwin and Merrick on Long Island. A source familiar with the investigation says that IP addresses that have come under scrutiny in the course of the investigation have led agents to search those addresses, but that no arrests have yet been made in New York.

Agents in California have made arrests, though the number and the names of those arrested have not yet been released. Additionally, Fox News is reporting that the FBI made arrests related to the investigation this morning in Florida and New Jersey, and that as many as a dozen people have been arrested in the operation nationwide. Obviously more information will be forthcoming as the situation develops.

The investigation is related specifically to the distributed denial-of-service attacks that were carried out last year and early this year against several companies in the U.S. The attacks were in sympathy with Wikileaks, which had just started disclosing its cache of leaked U.S. diplomatic cables. Visa, the credit card company, was one of its victims.

The group has grown recently as it absorbed another group of hackers calling itself LulzSec, which had harassed Sony in response to its lawsuits against a person who reverse engineered the security on the Playstation gaming console.

Arrests of Anonymous members have previously been reported in the U.K. , in Turkey and in Spain.

Fox has some raw video from the scene where one of the search warrants was executed on Long Island today. It’s below.

[Image and video via Fox News]

Anonymity is not just in the group’s name; it’s a core aspect of the existing decentralized Anonymous community, as well as this yet-to-be-born social network, which the group says will be for “ALL people, not just Anonymous.” (Quote slightly altered for clarity and typos, the original is here.)

So how exactly would an anonymous social network work? There has been much discussion, but not a lot of success so far, about how to create a decentralized alternative to today’s social networks, but anonymity would take it to another level.

Think about it. Where would AnonPlus users post their vacation photos? Kidding… But would users feel comfortable submitting personal information into a void? How could it not be a risk to associate sensitive posts with a user profile that’s connected to other ones? Is an anonymous social network basically a Web forum or message board like 4chan, where Anonymous got its start? Would this just be a troll haven?

The file was 600-plus megabytes and contained several things, including evidence that the group, or someone helping it out, had defaced a Navy civilian jobs board and a list of corporate networks belonging to numerous companies, including the Walt Disney Company. But the biggest thing inside that folder was a trove of documents apparently taken from wireless giant AT&T concerning the planned construction and rollout of its LTE network. (Incidentally, AT&T isn’t commenting on the documents, and so won’t say whether they’re authentic.)

Also nestled within that folder was yet another folder labeled BootableUSB. I didn’t think anything of it on a Saturday night. It didn’t occur to me that it would be odd for a folder with such a name to be included among a folder of documents looted from a company. I promptly forgot about it.

I found out today that directory, which in hindsight should have set off alarm bells, contained malware — trojans and worms and all sorts of nasty things that no one in their right mind would want. Anonymous, which has in the last 24 hours taken all of LulzSec’s members under its organizational wing (more on that in a moment), confirmed that the original torrent was infected.

@AJRockacy Downloading the torrent is fine. Just avoid the Bootable USB folder that contains .exe files. Clean torrent: http://t.co/iO98ivz

June 26, 2011 2:10 pm via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

At least one of the folders, labeled WinRAR, contained malware that was masquerading as the legitimate version of WinRAR, a Windows compression utility. The StopMalvertising blog goes into significant detail here.

For the record, I took a screen shot of the directory’s contents, which to my eye looks a lot like a ticket to a headache-filled day for any Windows user. Thankfully I use a Mac. Anonymous says that a cleaned-up version of the torrent has been released. But if it’s all the same to you, I’ll avoid downloading this one. You can see the list of malware files in the pictures below. Click them to make them bigger. If you know what any of them are, leave a comment.

Word of the infected torrent — which I consider more supporting evidence that the LulzSec crew was really a bunch of neophytes and nowhere near the unstoppable super-hackers they’ve been made out to be — came on the same day that Anonymous announced it had absorbed LulzSec’s members under its own banner.

We like to clarify again: All LulzSec members are accounted for, nobody is hiding. Only a name was abandoned for the greater glory #AntiSec

June 27, 2011 3:37 am via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

“AntiSec” refers to the “Anti Security movement” that LulzSec, in a rare moment of thoughtfulness, came up with to describe the closest thing it has to a philosophy. It’s the sort of thing that Anonymous, the amorphous batch of hackers sympathetic to Wikileaks, would seem to find attractive. Plus, for the LulzSec gang, there is — at least in theory — some added safety in larger numbers, though there’s been a lot of speculation that the two groups already share several overlapping members.

PREVIOUSLY:

• Despite All the Attention, LulzSec Hackers Failed
• At The Height Of Their Infamy, LulzSec Hackers Call It Quits
• Arizona Confirms LulzSec Docs Are Authentic, Worries About Officer Safety
• LulzSec Goes All Wikileaks On Arizona State Cops
• LulzSec Shrugs After Scotland Yard Nabs Hacking Suspect (Updated)
• LulzSec And Anonymous Team Up to Hack Governments and Banks
• Viral Video: LulzSec Gets Taiwanesed
• CIA Web Site Goes Down; LulzSec Takes Credit
• LulzSec Blasts Space Game Eve Online, Other Gaming Sites
• LulzSec Strikes Again, Hits Bethesda Softworks And U.S. Senate
• Turkey Arrests 32 Alleged Members of Anonymous, Days After Arrests in Spain
• Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers
• No Hacks to Report at Xbox, But Microsoft Isn’t Letting Its Guard Down
• No LulzSec Hackers Have Been Arrested–At Least Not Yet
• LulzSec Posts More Sony Data, Amid Claim One of Them Is Arrested
  LulzSec Strikes Again, Claims Attack On Nintendo Server
  Sony Hacked for What Seems To Be the Umpteenth Time

• Sony’s Playstation Network Is Back. Sony’s Reputation Will Take a Little Longer.
• Exclusive: Sony Considers Offering Reward to Help Catch Hackers
• Anonymous Claims It Took No Credit Card Numbers From Sony
• Sony Implicates Anonymous in Attack; Group Denies Involvement
• Sony Apologizes For the Playstation Network Breach
• Sony Blames PlayStation Outage on “External Intrusion”

Mr. Gonlag admits taking part in several attacks on websites, but he recently had a change of heart as some hackers adopted increasingly aggressive tactics.

“People are starting to grow tired of” the hackers, he said in an interview. “People are also starting to realize that Anonymous is a loose cannon.”

Read the rest of this post on the original site »

First off, the group announced on Twitter an alliance of sorts with Anonymous, the hacker group that made headlines earlier this year for its attacks in support of Wikileaks.

#AntiSec begins today: http://t.co/2WuLmMQ Prepare yourselves. Join us, join #Anonymous, join the fleet – become a lulz lizard.

June 19, 2011 8:34 pm via webReplyRetweetFavorite

@LulzSec

The Lulz Boat

In its new campaign, which it has dubbed Operation Anti-Security (or by the Twitter hashtag #AntiSec), the group says it has declared “immediate and unremitting war” on governments and corporations. Its top priority is to “steal and leak any classified government information,” including but not limited to email and documentation. “Prime targets are banks and other high-ranking establishments,” it said in a document released via Pastebin.

Their first target appeared to be the U.K.’s Serious Organised Crime Agency, also known as SOCA. In yet another tweet, LulzSec announced that the agency’s Web site was “Tango Down,” indicating it had been hit with a denial of service attack meant to make it inaccessible to legitimate users.

Tango down – http://t.co/JhcjgO9 – in the name of #AntiSec

June 20, 2011 7:46 am via webReplyRetweetFavorite

@LulzSec

The Lulz Boat

In another development, which LulzSec is as yet ignoring, a rival faction has emerged calling itself the Web Ninjas and claiming to have named LulzSec’s various members. The claims were naturally impossible to independently verify, though they likely constitute leads that many law enforcement agencies will follow up on.

It’s not the first time someone has attempted to name a supposed member of LulzSec. Earlier this month, someone posting to the Full Disclosure mailing list claiming that a member of the group had been arrested by the FBI in Long Island, New York. The arrest claim didn’t check out, and the person who made the claim hasn’t been heard from again so far as I’m aware.

Besides, in the always shifting world of the hacker underground, allegiances and motivations can change faster than a teenager’s mood. The scene is rife with numerous cases of false flags and red herrings that may be meant to implicate an enemy, or indeed to throw investigators off the trail.

PREVIOUSLY:

• Viral Video: LulzSec Gets Taiwanesed
• CIA Web Site Goes Down; LulzSec Takes Credit
• LulzSec Blasts Space Game Eve Online, Other Gaming Sites
• LulzSec Strikes Again, Hits Bethesda Softworks And U.S. Senate
• Turkey Arrests 32 Alleged Members of Anonymous, Days After Arrests in Spain
• Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers
• No Hacks to Report at Xbox, But Microsoft Isn’t Letting Its Guard Down
• No LulzSec Hackers Have Been Arrested–At Least Not Yet
• LulzSec Posts More Sony Data, Amid Claim One of Them Is Arrested
  LulzSec Strikes Again, Claims Attack On Nintendo Server
  Sony Hacked for What Seems To Be the Umpteenth Time

• Sony’s Playstation Network Is Back. Sony’s Reputation Will Take a Little Longer.
• Exclusive: Sony Considers Offering Reward to Help Catch Hackers
• Anonymous Claims It Took No Credit Card Numbers From Sony
• Sony Implicates Anonymous in Attack; Group Denies Involvement
• Sony Apologizes For the Playstation Network Breach
• Sony Blames PlayStation Outage on “External Intrusion”

The arrests come only three days after police in Spain arrested three alleged members of the group in that country, apparently finding one of the servers used in the attacks in one of the houses raided. Anonymous retaliated in typical fashion, launching a distributed denial-of-service attack against the Web site of the Spanish National Police.

Anonymous stands accused of attacking the Web site of Turkey’s board of elections right before national elections held there Sunday. The group is also said to have attacked the Web site of the Turkish Directorate of Telecommunications in protest over Internet censorship. The ruling AK Party plans to introduce a new filtering system that the country’s Internet users will be required to use.

France and Spain aren’t the only European countries who have arrested alleged members of Anonymous. In January, police in the United Kingdom arrested five people ranging in age from 15 to 26 in an early morning raid following attacks against Mastercard and PayPal among others.

And if all that weren’t enough hacker news for you, LulzSec, the mysterious group that has been hacking Sony Web sites right, left and center, is still on the loose. Having made a Web security start-up famous in the course of its self-styled campaign of chaos, or what it would call lulz, over the weekend it released 26,000 user names and passwords to an adult site. Today it took to taunting game publisher Bethesda Softworks via its Twitter feed. The company just released a new game, Brink , and the group hinted that its next exploit will have something to do with that game.

Bethesda, we broke into your site over two months ago. We’ve had all of your Brink users for weeks. Please fix your junk, thanks! ^_^

June 13, 2011 8:57 am via webReplyRetweetFavorite

@LulzSec

The Lulz Boat

The Spanish national police identified the individuals as senior members within Anonymous in Spain. A computer server found in one of the homes was responsible for helping launch attacks against a number of government and corporate websites, according to the police. That included against websites of the Sony Playstation Store, two large Spanish banks, and Italian energy company Enel, as well as of the governments of Egypt, Libya, Iran and elsewhere, the police said.

Read the rest of this post on the original site

The company hasn’t reached a final decision concerning whether it will offer a reward, and may decide not to do it at all, but the option is on the table, sources told me today. The fact that Sony is considering a reward at all speaks to how seriously it wants the person or people who carried out the attacks that have forced its gaming services offline for nearly two weeks to face prosecution.

If Sony does decide to offer a reward, it will do so in cooperation with law enforcement agencies, including the FBI and the relevant law enforcement agencies in other countries. The discussions around the pros and cons of offering a reward are not complete and would require the sign-off of senior Sony executives in Tokyo, who have not given their go-ahead, these people say. The reward is being considered as one of many options Sony is mulling in consultation with law enforcement to try to jar loose any information on the identity of the attackers.

Word of a possible reward offering comes as the Financial Times reported that two members of the hacking group Anonymous have informed the FBI that members of the loosely-associated group of activist hackers carried out the attacks that compromised the system and prompted Sony to shut down two of its online gaming services. A person or people involved with the initial denial-of-service attacks carried out against Sony in support of a hacker named George Hotz may have gone beyond the bounds of the action that was intended simply to hit Sony’s Playstation Gaming Network with more requests for service than it could handle and temporarily knock it off the Web.

These denial-of-service attacks have been the method that Anonymous typically uses. Last year, Anonymous carried out denial-of-service attacks against PayPal and against the Web sites of Visa and Mastercard after those companies stopped allowing people to make financial contributions in support of Wikileaks. Police in the U.K. went on to make five arrests related to those attacks.

Meanwhile, Sony denied assertions by the computer security expert Gene Spafford during a Congressional hearing Thursday that it had been running outdated versions of Web server software and had not been using a firewall on its servers. In a statement from Patrick Seybold, Sony’s Senior Director, Corporate Communications & Social Media that’s expected to be published on Sony’s Playstation blog, the company was using updated software and had “multiple security measures in place.” Here’s the statement in full:

“The previous network for Sony Network Entertainment International and Sony Online Entertainment used servers that were patched and updated recently, and had multiple security measures in place, including firewalls.”

Separately, Sony President Kaz Hirai sent a letter to Connecticut Senator Richard Blumenthal containing a detailed timeline of the attack and Sony’s response to it. The letter contains previously undisclosed details about the attack and the hardware Sony uses to run its gaming services.

The letter, which is embedded below, says that the systems involved use 130 servers and 50 distinct software programs. Sony first noticed the attack on April 19, when its network team discovered that several PlayStation Network servers had rebooted themselves unexpectedly. Four servers were immediately taken offline in order to figure out what was going on. By the next day, it was clear that another six had been attacked, and they were taken offline as well. By April 23, computer forensic teams confirmed that intruders had used what Sony describes as “very sophisticated and aggressive techniques to obtain unauthorized access to the servers and hide their presence from the system administrators,” and deleted log files showing the footprints of where in the system they had been. By April 24, Sony had hired three different computer security firms to investigate the attack.

By April 25, it had determined that the attack had involved some credit card accounts. Consumers were notified the next day, though Sony did not know initially that the credit card accounts had been compromised. The Wall Street Journal has a play-by-play.

The letter also says that Sony had stored approximately 12.3 million active and expired credit cards, approximately 5.6 million of which belonged to customers in the U.S.

“We of course deeply regret that this incident has occured and have apologized to our customers,” Hirai wrote. “We believe we are taking aggressive action to right what you correctly perceive is a grievous wrong against our consumers: a wrong that is the result of a malicious, sophisticated and well orchestrated criminal attack on us and our consumers.”

Earlier in the day, rumors of a third attack circulated in online chat rooms, but those reports couldn’t be independently confirmed. Another attack couldn’t come at a worse time for Sony. Analysts are estimating that cleaning up the damage from the first two could cost the company $1 billion or more before the incident is fully resolved.

Earlier this week people claiming to represent Anonymous denied any role in the theft of credit card numbers from Sony. However, Sony said in a letter to Congress that a text file containing a catch phrase often invoked by Anonymous and intended to taunt the company was left behind by the attackers. On Monday, Sony disclosed that the attack had involved not only its Playstation Gaming Network, which has been offline since April 20, but also its Sony Online Entertainment division, which includes online games like Everquest and Star Wars: Galaxies.

Sony’s letter to Sen. Blumenthal is below.

Senator Blumenthal Letter from Sony

Indirectly accused by Sony in a letter to Congress yesterday, based on the appearance of a text file left behind to taunt system operators containing the phrase “we are legion,” the group says it has never been known to engage in credit card theft. “Whoever did perform the theft did so contrary to the ‘modus operandi’ and intentions of Anonymous,” the statement says. “If a legitimate and honest investigation into the credit card theft is conducted, Anonymous will not be found liable.” The group goes on to imply that the appearance of the text file is more likely an attempt to implicate and discredit Anonymous.

Sony’s gaming services, including the Playstation Gaming Network, have been down for more than two weeks while Sony Online Entertainment, the home of Everquest and Star Wars:Galaxies has been down for about four days, following an attack that has compromised some 100 million user accounts, including some credit card data.

Sony apologized over the weekend and the damage to its gaming business is as yet unknown. Lawsuits have since been filed, and lawmakers and regulators are asking tough questions.

The problem with parsing a statement like this is that it’s hard to know who speaks for the group and who doesn’t. For all its ideological rhetoric about fighting for transparency and individual liberty, it’s not hard to imagine someone who’s an occasional participant in Anonymous’ actions, breaking off and doing their own thing. But it’s also very easy to imagine an attacker wanting to leave behind a “false flag” in order to throw investigators off the trail and implicate a big target like Anonymous. The trick for Sony–and the investigators it is working with–is to figure out what really happened.

The message was contained in a file entitled “Anonymous,” and contained the sentence “We are legion,” the catchphrase of the loose affiliation that calls itself by the same name. Someone claiming to be a representative of the group has denied involvement in the attack, but conceded that it could have been carried out by someone who had been a member of the group in the past. As is usually the case with Anonymous, the claims and counterclaims are impossible to verify independently.

Sony summarized the letter on its blog and the original can be found here. Aside from the new disclosure of the creepy calling card, Sony reiterated information that it has disclosed previously, including the fact that the attack that initially hit its PlayStation Gaming Network was later discovered to be wider, affecting its online gaming site Sony Online Entertainment, home of games like Everquest and Star Wars: Galaxies. The total number of accounts compromised has now broken the 100 million mark.

Sony has apologized but the extent of the damage to the relationship it has with its customers is still unknown. The services are still down.

One other new detail: Sony has hired some third-party firms to help sort through all the evidence from the attack, including computer forensics firm Data Forte. Its president is Peter Garza, who’s a former head of the Naval Criminal Investigative Service, aka NCIS. It has also called in Guidance Software to help with the discovery process associated with the legal cases that are piling up and Protiviti, a risk consulting and auditing firm.

Speaking of the legal pile-on, it continued Tuesday as The Wall Street Journal reported that New York’s state attorney general, Eric Schneiderman, had issued subpoenas to Sony seeking documents related to its system security and promises it had made to its customers. As I said the other day, these hacker attacks have a way of getting expensive real fast.

The PlayStation network, which allows people to play games online and watch TV and stream other content, continues to be down after three days. The attack has also affected Sony’s Qriocity services, which provides streaming video and music to various Sony products.

It’s unclear when the two services will come back online. UPDATE: The PlayStation Network continues to be down with no estimated time for recovery.

A statement posted late yesterday to the PlayStation blog blames the outage on an “external intrusion”:

“An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th. Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share.”

Earlier this month, the PlayStation.com website was attacked by the distributed hacking group Anonymous, which is well known for trying to take down various web sites for their involvement in the Wikileaks scandal.

The group was reportedly angry at Sony after it sued two PlayStation 3 owners for releasing code that allows third-party software and operating systems to run on the console, reports ComputerWorld.

Anonymous has said it has nothing to do with the current problems.