Sony Pictures has countered the persistent attacks against it by launching a distributed denial-of-service (DDoS) attack to disrupt downloads of its most sensitive information.
According to Recode, Sony Pictures Entertainment is using hundreds of computers in Asia to execute the DDoS attack on sites where its stolen data is available and is using Amazon Web Services (AWS) to carry out the counter attack, according to sources. The DDoS attack is intended to slow download speeds of the Sony data and is being conducted via servers in Singapore and Tokyo.
Tim Erlin, director of security and risk at Tripwire, said that if this is taking place, then Sony is likely violating the AWS acceptable use policy, regardless of whether the targets are engaged in illegal activity or in possession of Sony property.
“The AWS AUP explicitly prohibits initiating Denial of Service attacks from their service,” he said. “It’s unlikely that Amazon would let this activity continue. Taking the step to ‘hack back’ against perceived legitimate targets, based on their own assessment of guilt, presents a myriad of potential legal problems. If Sony manages to disrupt, intentionally or accidentally, a legitimate service in the process, they may be adding to their problems, rather than improving the situation.”
In the past few days, further leaked documents have included details on deals with Netflix, on piracy prevention and candid discussions on Hollywood stars including Jonah Hill, George Clooney and Angelina Jolie.
Martin McKeay, security evangelist at Akamai, told IT Security Guru that it would have no visibility of the traffic as it does not work with the Bit Torrent websites, but he doubted the truth as it is based on two anonymous sources.
“It has the potential for being true and not utterly impossible to be some truth to this, and I don’t think it is utterly impossible that they are doing it through some third party who is doing this via AWS,” he said. “There are some systems out there for doing load testing and some of them can be done through AWS and can generate traffic like that, but what is more likely is that they are feeding the torrent sites with false information and causing a DDoS in that way.”