Sony does not know who hacked its Playstation and Quorisity networks, but it has a hunch on how they broke in and what they stole.
In a letter (pdf) to US republican Bono Mack, Sony Computer Entertainment chairman Kazuo Hirai said it is still investigating the breach.
"As yet, we do not know who was responsible for the intrusion; nor do we know precisely the amount of information that was taken; nor do we know with certainty the number of users whose data was actually affected," Hirai wrote in the letter.
"These gaps in what we know are not for lack of trying by experts, but rather an unfortunate testament to the skill of those who perpetrated the attacks.
“Some aspects of the intrusion may never be known.”
But in a response to questions, Hirai said Sony “has information that suggests what the hacker was accessing and may have downloaded” but not which accounts were compromised.
Hirai said Sony was initially slow to react after the attack because forensic investigators had to “capture and protect evidence through the ‘mirroring’ process that often conflicts with” the need to understand the scope of the breach.
Sony said it was reluctant to release technical information because it could jeopardise other network systems.
It said that a master database of account information was skimmed.
Security has improved, Harai said, that included reviewing threats, testing security and talking to law enforcement
“In light of the sophistication of the attack, each company has made further refinements to its overall network security including new intrusion detection methods, policy changes, additional firewall protection, and more in-depth application testing prior to deployment,” he said.