Sony Jabs Hornets Nest, Allegedly Engages In DDoS Attacks Against Sites Hosting Leaked Documents

from the Sony-Pictures-tells-astonished-reporter-studio-is-'bigger-than-logic' dept

To be sure, there is a large amount of schadenfreude contained within the hacking of Sony Pictures. To have your dirty laundry aired for the world to see is excruciatingly painful, but Sony Corporation’s past actions have drawn a target on its back on multiple occasions.

Rayne, a contributor to Marcy Wheeler’s emptywheel blog, notes that Sony has been hacked 56 times in twelve years. And it has learned nothing. Passwords for Sony Pictures accounts were stashed away in a folder labeled “Passwords.” The password for this folder? “Password.”

So, when Sony fights back, as it is now, it’s far too late. It had several chances to shore up its defenses, but it never made a serious effort to fix its security holes. Now, nearly everything has been exposed. Celebrities’ personal data. Staffers’ borderline racist opinions on Barack Obama’s movie preferences. Its plan to join the MPAA in paying off states’ attorneys general to go after Google.

Sony has issued hundreds of DMCA notices in response to the leaked documents. It has seeded bogus torrents to thwart further distribution. Now, it’s allegedly decided to take an even more aggressive approach to the continuing leaks.

The company is using hundreds of computers in Asia to execute what’s known as a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter.

Sony is using Amazon Web Services, the Internet retailer’s cloud computing unit, which operates data centers in Tokyo and Singapore, to carry out the counterattack, one of the sources said.

Or not. Or possibly not at this moment. Re/code’s updated post contains a denial from Amazon.

“The activity being reported is not currently happening on AWS (Amazon Web Service),” Amazon said in an emailed statement to Re/code on Thursday. Amazon declined to comment further on whether the activity happened prior to Thursday.

“AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services,” according to Amazon’s statement. “In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse.”

Re/code’s sources say “yes.” Others say this isn’t happening.

CloudFlare, which offers denial-of-service protection and network monitoring, said it has not seen anything that would suggest Sony had conducted a counter-attack. The company said it would continue monitoring the situation.

If Sony is indeed engaged in DDoS attacks, it’s participating in the sort of behavior it’s been quick to decry in the past. Sony Pictures may be relishing the chance to turn hackers’ tools against them, but its history strongly suggests it really isn’t in the position to be provoking further attacks. To pursue this option is pure hubris. It’s hypocrisy and stupidity rolled into one. It may think it will escape this latest hack bowed but not broken, but whatever pride it has left at this point is delusional. It has opened everything up to criticism by failing to take proper precautions and destroyed its employees’ trust that their employer would make the minimum of effort to keep their internal conversations internal.

Filed Under: , , , , , ,
Companies: sony, sony pictures

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Sony Jabs Hornets Nest, Allegedly Engages In DDoS Attacks Against Sites Hosting Leaked Documents”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

If they thought it was bad before...

If they really were stupid enough to try and go on the counter-offensive, the results would almost certainly make the previous hack look like a temporary computer glitch in comparison.

As they have demonstrated, several times by this point, their technological capabilities and knowledge are sorely lacking, so any attacks they could mount would likely be little more than inconveniences. The same cannot be said however for their targets, who would likely be quite tech savy, and be more than capable of returning the favor(after all, assuming Sony went after the right target, they’ve already done so).

Not only that, but a large company like Sony attacking hacker groups would likely draw the attention of previously uninvolved groups, who I’m sure would relish the chance to inflict a little damage ‘in self-defense’.

I can certainly understand why they might desire a little payback after being humiliated and embarrassed like this(humiliation and embarrassment that they have only themselves to blame for mind), but to put it bluntly, they would be going into battle with a BB-gun, while their opponents are packing military-grade hardware. It would not end well for them.

That One Guy (profile) says:

Re: Re:

Nice, Sony looks to be in full panic mode here if they’re lashing out at the press like that. It may make smaller outfits hesitant about publishing or reporting on the leaks, due to them not having the money to defend themselves(The US legal system: The best ‘justice’ money can buy), but I imagine a threat like that would just encourage larger press organizations, as it would just draw even more attention to the leaks.

Rich Kulawiec (profile) says:

Amazon does no such thing

““AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services,” according to Amazon’s statement. “In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse.”

It is well-known that Amazon (a) makes it as difficult as possible to report abuse (b) forwards abuse reports TO THE ATTACKERS and (c) does little, if anything, to acknowledge abuse reports, act on them promptly, remove abusers, and notify reports of these actions.

That’s why, for example, it’s a best practice in anti-spam engineering to refuse to accept SMTP traffic from Amazon’s cloud. It’s overrun with spammers and Amazon — happy to accept their payments, no doubt – will not remove them. See recent traffic on both the mailop and nanog mailing lists for brief discussion of this.

If Amazon was serious about mitigating abuse, then (1) they would accept reports at the address mandated by RFC 2142 — ‘abuse” (2) they would act immediately on all such reports (3) beginning with acknowledgement (4) they would not notify abusers of their investigation (5) they would promptly shut down the abuse and remove the abusers (6) they would not permit the abusers back on their service (7) they would provide a full report to the people complaining — the victims — and would provide them with a substantial thank-you — after all, they’re doing Amazon’s job for them, FOR FREE.

That Anonymous Coward (profile) says:

The spin is strong with this one.

When the hack happened, the immediately issued a statement. This only served to confirm exactly how bad the hack actually was. In every other hack, they opted to ignore it and only when pressed very hard issued confusing denials.

They immediately blamed North Korea, citing an asinine movie they produced as the impetus. Pretending ONLY a nation-state could have the power to hack them, given the lengthy evidence that a ‘skiddie’ with a paperclip could own huge swaths of their global network, this is at best ill advised PR spin for a stupid movie.

Oooh the code for the hack is in Korean! Because tools are never sold, stolen, recompiled, reused by bad actors. If you have something that works why would you recode it into your local language?

Report on this and we’ll sue you!!! You will be responsible legally for all of the bad things that happen, is the popular game of put the blame on someone else and never accept that it was your failure in the first place. If we end up putting out a shitty movie, it will be the fault of the leaks!!

We’re going to shut down everything we are doing because bad things might happen!!! The script might make it online, and we’ll ignore all of the past incidents where early leaks improved the box office.

It is very possible that someone inside Sony might have greenlighted a project to try and stop the information getting out in a panic, ignoring how badly it will bite them in the ass. When people started asking questions, everyone wants to pretend nothing happened in the most noncommittal language possible. When their network got DDOS’ed they screamed, but when they do it – it is a righteous thing to do. When ‘skiddies’ DDOS they face a worldwide manhunt & jailtime, when corporations do it nothing happens.

It would be nice to see the MPAA taken to task for buying bad publicity using state AGs. The impunity with which they operate on a daily basis is a perfect example of how broken the system is. Money buys the “laws” you want at the expense of everyone else, when the purpose of laws is to protect the many not the one.

I look forward to what else will be coming out, and one can only hope that a hack of this scale is running inside both the **AA’s. If you think producers bad mouthing actors was horrible, imagine how horrified to see emails “asking” that offers being sweetened to get laws passed.

Anonymous Coward says:

haven’t seen where at least one AG is going after Sony for using DDoS! that is illegal, as we all know, but it seems that it’s only illegal if you are not a member of the Entertainment Industries or Hollywood!!

rules for one, different for another, including threats of lawsuits to the press! how can that be?

the old dont do what we do, do as you’re told!!

spodula (profile) says:

Re: Re:

I seriously doubt that Sony are engaged in DDOS.
That’s within the realm of executive jailtime.

There already in hot water, but at least its mostly Civil hot water related to shareholders, employees and suppliers at the moment.

I doubt they would want to even risk criminal hot water as well, even as if you say, the chances of them actually going down are remote.

That Anonymous Coward (profile) says:

Re: Re: Re:

yes after all of the jail time they ended up serving for handing out rootkits and leaving peoples computers unusable after the root kit was removed, not to mention the additional jail-time when it was revealed they stole others code for the bundled player on the disc, they would be very wary of doing something childish and asinine.


Michael (profile) says:

Re: Re: Re:

That’s within the realm of executive jailtime.

That would depend on the country you are in and the country the target is in. Keep in mind that we are not talking about a US company.

I don’t think they have engaged in DDOS attacks for a few reasons, but avoiding jail seems like an unlikely reason.

More importantly, for them, engaging in an attack that they may want someone prosecuted for sometime in the future is a really bad idea. In addition, I would guess that the resources that they have that might be able to pull off a somewhat-secretive DDOS attack on anyone are REALLY busy right now trying to get a handle on the current hack they have suffered.

Anonymous Coward says:

Re: Re: Re:2 Cyberlocker

Could all you guys working for GOD or Anonymous who hang out here set up a cyberlocker service with some breadcrumbs leading back to the bosses at Sony?

IME when stealing something it’s always best to implicate a politician or the head of a multinational. It makes it so much easier to get away with things.

Anonymous Coward says:

Sony has a long history of resorting to below-the-belt tactics in its fight against so-called “piracy” — such as infecting millions of innocent people’s computers with a rootkit virus. Since the ruling establishment won’t ever touch the big corporate criminals, the only form of justice we will ever see is vigilante justice. It’s always nice to see the hacker community strike a blow against evil entities by using their own tactics against them, as with MediaDefender, Aiplex, H.B. Gary Federal, and now Sony.

Anonymous Coward says:

Re: Re:

Was the Sony rootkit installing itself from music cd’s ? I’m out of the loop a bit on this, but I remember the Beastie Boys had to fight like hell to not have some kind of DRM tech installing itself from their 2004 album To The 5 Boroughs (I think it’s that one), it turned out their album would install a rootkit ‘only’ in the american distributed cd’s.

So, that’s Sony Music, but I guess if corporations are people all the sums of their parts are one and the same.

Namel3ss (profile) says:

Re: Re: Re:

Yes, the CDs had a data track with the rootkit on it, and it would install itself even if the user declined the EULA. Also there was no uninstaller until Sony released one after the s**t hit the fan, and even then it didn’t work until they patched it a couple times. Obviously the whole thing was never intended to be uninstalled, and of course extremely intrusive. How no one (AFAIK) went to jail is just amazing.

This is why disabling autorun was one way to avoid the issue, but IIRC at the time WinXP had autorun enabled by default.

I’ve never bought any Sony music since.

Andrew D. Todd (user link) says:

The Real Threat Is From South America

Look at: Peter Wilson, “Falling Oil Prices Push Venezuela Deeper Into China’s Orbit.” Business Week, December 12, 2014

For its own political and internal social reasons, China is willing to supply Venezuela with manufactured goods “on the never-never.” What is relevant to our concerns is that the deal includes three communications satellites, which mystify Business Week.

There are basically two feasible projects with communications satellites at this point. One is to put up a “constellation” of satellites, at least twenty, in low earth orbit, and use them for satellite phone, or satellite internet. This would be an inherently global project, in any case, and I cannot see why China, having built and paid for it, would want to hand it over to someone else.

The other project would be geostationary broadcasting satellites. What mystifies Business Week is of course that Venezuela is, in effect, a city, Caracas, which has a jungle. Caracas sits on a ridge a mile high, and about a hundred miles long, which provides a decent climate near the equator, and there are obviously more economical methods of broadcasting to so small an area. Three satellites sounds like a proposal to broadcast to most of both North and South America. That is precisely the point. Venezuela is disposed to “mess up” as many American entertainment businesses as possible, by rebroadcasting their material for free, sans advertisements.

sigalrm says:

Re: Hubris

Frankly, While I buy that Sony proper is sending legal threats to news agencies, I think people are giving Sony too much credit here on the technical side. Frankly, it doesn’t sound like they have the technical wherewithal to pull off a DDOS Attack.

So here’s a little thought: If a hypothetical technically inclined 3rd party was angry at Sony for whatever reason, Everything required to build”Sony” for an AWS account was included in the data breech. Email accounts. Passwords. Credit card information (probably flagged already, but still). Servers to use as bounce points. Hair-trigger lawyers ready to sue anyone who dares to speak ill of Sony.

Frankly, if a hypothetical 3rd party wanted to mess with Sony this way, it’s not a stretch to think they could.

John Fenderson (profile) says:

Re: Re: Hubris

“Frankly, it doesn’t sound like they have the technical wherewithal to pull off a DDOS Attack.”

They surely do. Sony does have actual skilled engineers in their employ. The problem with Sony is on the management side. Even if they can’t, hubris, hypocrisy, and stupidity are still strong parts of Sony’s corporate culture.

tqk (profile) says:

Re: Re: Hubris

Frankly, if a hypothetical 3rd party wanted to mess with Sony this way, it’s not a stretch to think they could.

I like this game. In the vein of “Let’s spin a movie plot”, try this. Some hypothetical movie studio gets hacked. Much hand-wringing ensues, leading one of the staff alpha male “Master of The Universe” types to say to him/herself, “Hmm, 4chan! I wonder if I can get some Anonymous Hackers to attack our attackers.” I can just see 4chan snickering in the background while stringing this doofus along, meanwhile ripping off Russian black market types in his/her name, whereupon much hilarity ensues.

I wonder if I can sell this idea to Sony. They could even use that old saw, “Based on a true story.”

tqk (profile) says:

Re: Re:

… it knows jack shit about technology or IT protection, even the most basic stuff.

They also appear to outright resent the idea of having to pay for such things (competent and sufficient IT staffing), considering it an unnecessary drain on the bottom line, which is bloody amazing in itself.

Price Waterhouse Coppers delivered their damning IT security audit report at least a month before the hack happened. That’s extraordinary. Any cluefull org would have gone into crisis mode at that point, and with Sony’s past history, they should have felt like deer in the headlights.

I agree with your “bull.” Sony wouldn’t know where to begin.

That Anonymous Coward (profile) says:

Re: Re: Re:

Yes they would, they pay money to someone to “fix” the problem for them like they always do.
They bankroll some insane as shit plan that someone conned them thinking would work and solve the problem.
It of course does not solve the problem, creates more problems, and then they pay a PR firm even more to shout North Korea did it much louder.

New Mexico Mark says:

Re: Re: Re: Re:

Exactly. They may be clueless about “baked in” security, but they sure know how to throw money at problems after they occur. By the time this is over with, Sony will probably have lost over $300M in the past few years due to security issues. That would have paid for some good security staff and top-notch equipment.

The general wisdom in IT security is that the safest organizations are the ones who had a major breach a year earlier. However, organizations run by lawyers and accountants appear to be impervious to learning from the past. Real reputation means nothing, and they can pay to rehabilitate an “image”.

That Anonymous Coward (profile) says:

Re: Re: Re:2 Re:

imagine if the shareholders managed to stand up and take the costs out of the CEO & top staffs cheques.
They might actively work to make sure they don’t happen again.
More often that not the costs of these things are shoved onto everyone else, never the management who made the stupid decisions to pad their own cheques a little bit more.

Michael says:

Sony re Hacking

As I set and listen to all this banter about who is right who did this, how stupid is he, on and on…it reminds me of the recent EBola quarantine proposals…. ah yes, as an average Joe, with average education, it comes down to a very simple solution ….. separate (quarantine) the server (disconnect the internet) from those “sensitive” systems…just like we should have stopped flights from countries where there was an outbreak. I mean, if it is “SENSITIVE” and “INTERNAL” then why was it even connected to internet access? Do these high tech gurus not know how to create a stand alone INTRANET for INTERNAL emails?… or how to store sensitive data on tape or drives that are not connected to the internet…..(yes I know about office locations, etc ) BUT…with all the cash at SONY….it must be LAZY.

Michael says:

Re: Sony re Hacking

I forgot to mention…. why is this a big story?
Seriously the DOD, IRS, CIA FBI, all get hacked several times a day….. and SENSITIVE DATA? …what? none of you knew that Jollie was a self mutilating brat…? …or that Obama is a race baiter who goes out of his way to help gays ,blacks, Muslims, communists, and any other “anti-American” identity around the world. Just saying. Sony? Who gives a flying flip.

Sweet Sticky Rainbow (user link) says:

XMAS Gifts for North Korea

While corporate cretins cringe and cower…

Since they don’t like XMAS in NK, someone needs to sell Christmas ornaments with Dear Leader likeness.

There is one scene in #TheInterview that would make a particularly incendiary XMAS bauble!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...