Sony Jabs Hornets Nest, Allegedly Engages In DDoS Attacks Against Sites Hosting Leaked Documents
from the Sony-Pictures-tells-astonished-reporter-studio-is-'bigger-than-logic' dept
To be sure, there is a large amount of schadenfreude contained within the hacking of Sony Pictures. To have your dirty laundry aired for the world to see is excruciatingly painful, but Sony Corporation’s past actions have drawn a target on its back on multiple occasions.
Rayne, a contributor to Marcy Wheeler’s emptywheel blog, notes that Sony has been hacked 56 times in twelve years. And it has learned nothing. Passwords for Sony Pictures accounts were stashed away in a folder labeled “Passwords.” The password for this folder? “Password.”
So, when Sony fights back, as it is now, it’s far too late. It had several chances to shore up its defenses, but it never made a serious effort to fix its security holes. Now, nearly everything has been exposed. Celebrities’ personal data. Staffers’ borderline racist opinions on Barack Obama’s movie preferences. Its plan to join the MPAA in paying off states’ attorneys general to go after Google.
Sony has issued hundreds of DMCA notices in response to the leaked documents. It has seeded bogus torrents to thwart further distribution. Now, it’s allegedly decided to take an even more aggressive approach to the continuing leaks.
The company is using hundreds of computers in Asia to execute what’s known as a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter.
Sony is using Amazon Web Services, the Internet retailer’s cloud computing unit, which operates data centers in Tokyo and Singapore, to carry out the counterattack, one of the sources said.
Or not. Or possibly not at this moment. Re/code’s updated post contains a denial from Amazon.
“The activity being reported is not currently happening on AWS (Amazon Web Service),” Amazon said in an emailed statement to Re/code on Thursday. Amazon declined to comment further on whether the activity happened prior to Thursday.
“AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services,” according to Amazon’s statement. “In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse.”
Re/code’s sources say “yes.” Others say this isn’t happening.
CloudFlare, which offers denial-of-service protection and network monitoring, said it has not seen anything that would suggest Sony had conducted a counter-attack. The company said it would continue monitoring the situation.
If Sony is indeed engaged in DDoS attacks, it’s participating in the sort of behavior it’s been quick to decry in the past. Sony Pictures may be relishing the chance to turn hackers’ tools against them, but its history strongly suggests it really isn’t in the position to be provoking further attacks. To pursue this option is pure hubris. It’s hypocrisy and stupidity rolled into one. It may think it will escape this latest hack bowed but not broken, but whatever pride it has left at this point is delusional. It has opened everything up to criticism by failing to take proper precautions and destroyed its employees’ trust that their employer would make the minimum of effort to keep their internal conversations internal.