Sony Jabs Hornets Nest, Allegedly Engages In DDoS Attacks Against Sites Hosting Leaked Documents
from the Sony-Pictures-tells-astonished-reporter-studio-is-'bigger-than-logic' dept
To be sure, there is a large amount of schadenfreude contained within the hacking of Sony Pictures. To have your dirty laundry aired for the world to see is excruciatingly painful, but Sony Corporation's past actions have drawn a target on its back on multiple occasions.Rayne, a contributor to Marcy Wheeler's emptywheel blog, notes that Sony has been hacked 56 times in twelve years. And it has learned nothing. Passwords for Sony Pictures accounts were stashed away in a folder labeled "Passwords." The password for this folder? "Password."
So, when Sony fights back, as it is now, it's far too late. It had several chances to shore up its defenses, but it never made a serious effort to fix its security holes. Now, nearly everything has been exposed. Celebrities' personal data. Staffers' borderline racist opinions on Barack Obama's movie preferences. Its plan to join the MPAA in paying off states' attorneys general to go after Google.
Sony has issued hundreds of DMCA notices in response to the leaked documents. It has seeded bogus torrents to thwart further distribution. Now, it's allegedly decided to take an even more aggressive approach to the continuing leaks.
The company is using hundreds of computers in Asia to execute what’s known as a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter.Or not. Or possibly not at this moment. Re/code's updated post contains a denial from Amazon.
Sony is using Amazon Web Services, the Internet retailer’s cloud computing unit, which operates data centers in Tokyo and Singapore, to carry out the counterattack, one of the sources said.
“The activity being reported is not currently happening on AWS (Amazon Web Service),” Amazon said in an emailed statement to Re/code on Thursday. Amazon declined to comment further on whether the activity happened prior to Thursday.Re/code's sources say "yes." Others say this isn't happening.
“AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services,” according to Amazon’s statement. “In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse.”
CloudFlare, which offers denial-of-service protection and network monitoring, said it has not seen anything that would suggest Sony had conducted a counter-attack. The company said it would continue monitoring the situation.If Sony is indeed engaged in DDoS attacks, it's participating in the sort of behavior it's been quick to decry in the past. Sony Pictures may be relishing the chance to turn hackers' tools against them, but its history strongly suggests it really isn't in the position to be provoking further attacks. To pursue this option is pure hubris. It's hypocrisy and stupidity rolled into one. It may think it will escape this latest hack bowed but not broken, but whatever pride it has left at this point is delusional. It has opened everything up to criticism by failing to take proper precautions and destroyed its employees' trust that their employer would make the minimum of effort to keep their internal conversations internal.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cfaa, ddos, emails, hack back, sony emails, sony hack, sony picture emails
Companies: sony, sony pictures
Reader Comments
Subscribe: RSS
View by: Time | Thread
If they thought it was bad before...
As they have demonstrated, several times by this point, their technological capabilities and knowledge are sorely lacking, so any attacks they could mount would likely be little more than inconveniences. The same cannot be said however for their targets, who would likely be quite tech savy, and be more than capable of returning the favor(after all, assuming Sony went after the right target, they've already done so).
Not only that, but a large company like Sony attacking hacker groups would likely draw the attention of previously uninvolved groups, who I'm sure would relish the chance to inflict a little damage 'in self-defense'.
I can certainly understand why they might desire a little payback after being humiliated and embarrassed like this(humiliation and embarrassment that they have only themselves to blame for mind), but to put it bluntly, they would be going into battle with a BB-gun, while their opponents are packing military-grade hardware. It would not end well for them.
[ link to this | view in thread ]
http://www.engadget.com/2014/12/15/sony-hackers-offer-to-withhold-data/
Media: Shut up or we'll sue you.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
I don't thing this will produce much change though. Not if America doesn't revolt (and Snowden wasn't enough to make enough people wake up).
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Amazon does no such thing
It is well-known that Amazon (a) makes it as difficult as possible to report abuse (b) forwards abuse reports TO THE ATTACKERS and (c) does little, if anything, to acknowledge abuse reports, act on them promptly, remove abusers, and notify reports of these actions.
That's why, for example, it's a best practice in anti-spam engineering to refuse to accept SMTP traffic from Amazon's cloud. It's overrun with spammers and Amazon -- happy to accept their payments, no doubt - will not remove them. See recent traffic on both the mailop and nanog mailing lists for brief discussion of this.
If Amazon was serious about mitigating abuse, then (1) they would accept reports at the address mandated by RFC 2142 -- 'abuse" (2) they would act immediately on all such reports (3) beginning with acknowledgement (4) they would not notify abusers of their investigation (5) they would promptly shut down the abuse and remove the abusers (6) they would not permit the abusers back on their service (7) they would provide a full report to the people complaining -- the victims -- and would provide them with a substantial thank-you -- after all, they're doing Amazon's job for them, FOR FREE.
[ link to this | view in thread ]
When the hack happened, the immediately issued a statement. This only served to confirm exactly how bad the hack actually was. In every other hack, they opted to ignore it and only when pressed very hard issued confusing denials.
They immediately blamed North Korea, citing an asinine movie they produced as the impetus. Pretending ONLY a nation-state could have the power to hack them, given the lengthy evidence that a 'skiddie' with a paperclip could own huge swaths of their global network, this is at best ill advised PR spin for a stupid movie.
Oooh the code for the hack is in Korean! Because tools are never sold, stolen, recompiled, reused by bad actors. If you have something that works why would you recode it into your local language?
Report on this and we'll sue you!!! You will be responsible legally for all of the bad things that happen, is the popular game of put the blame on someone else and never accept that it was your failure in the first place. If we end up putting out a shitty movie, it will be the fault of the leaks!!
We're going to shut down everything we are doing because bad things might happen!!! The script might make it online, and we'll ignore all of the past incidents where early leaks improved the box office.
It is very possible that someone inside Sony might have greenlighted a project to try and stop the information getting out in a panic, ignoring how badly it will bite them in the ass. When people started asking questions, everyone wants to pretend nothing happened in the most noncommittal language possible. When their network got DDOS'ed they screamed, but when they do it - it is a righteous thing to do. When 'skiddies' DDOS they face a worldwide manhunt & jailtime, when corporations do it nothing happens.
It would be nice to see the MPAA taken to task for buying bad publicity using state AGs. The impunity with which they operate on a daily basis is a perfect example of how broken the system is. Money buys the "laws" you want at the expense of everyone else, when the purpose of laws is to protect the many not the one.
I look forward to what else will be coming out, and one can only hope that a hack of this scale is running inside both the **AA's. If you think producers bad mouthing actors was horrible, imagine how horrified to see emails "asking" that offers being sweetened to get laws passed.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Where are those overly ambitious proscecutors now?
[ link to this | view in thread ]
[ link to this | view in thread ]
rules for one, different for another, including threats of lawsuits to the press! how can that be?
the old dont do what we do, do as you're told!!
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
That's within the realm of executive jailtime.
There already in hot water, but at least its mostly Civil hot water related to shareholders, employees and suppliers at the moment.
I doubt they would want to even risk criminal hot water as well, even as if you say, the chances of them actually going down are remote.
[ link to this | view in thread ]
Re: Re:
o_O
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
The Real Threat Is From South America
http://www.businessweek.com/articles/2014-12-12/with-oil-prices-falling-venezuela-needs-china-mo re-than-ever#r=hpt-ls
For its own political and internal social reasons, China is willing to supply Venezuela with manufactured goods "on the never-never." What is relevant to our concerns is that the deal includes three communications satellites, which mystify Business Week.
There are basically two feasible projects with communications satellites at this point. One is to put up a "constellation" of satellites, at least twenty, in low earth orbit, and use them for satellite phone, or satellite internet. This would be an inherently global project, in any case, and I cannot see why China, having built and paid for it, would want to hand it over to someone else.
The other project would be geostationary broadcasting satellites. What mystifies Business Week is of course that Venezuela is, in effect, a city, Caracas, which has a jungle. Caracas sits on a ridge a mile high, and about a hundred miles long, which provides a decent climate near the equator, and there are obviously more economical methods of broadcasting to so small an area. Three satellites sounds like a proposal to broadcast to most of both North and South America. That is precisely the point. Venezuela is disposed to "mess up" as many American entertainment businesses as possible, by rebroadcasting their material for free, sans advertisements.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re:
Unless of course they claim copyright on the stolen documents, then they're DDoSing pirate sites which are doubleplusungood and have no rights.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
So, that's Sony Music, but I guess if corporations are people all the sums of their parts are one and the same.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
This is why disabling autorun was one way to avoid the issue, but IIRC at the time WinXP had autorun enabled by default.
I've never bought any Sony music since.
[ link to this | view in thread ]
Hubris
Which, you must admit, fits completely with Sony's corporate culture.
[ link to this | view in thread ]
I'm going to have to call bull on this.
This would be a concerted, technologically capable event, and Sony has proven time and time and time again that it knows jack shit about technology or IT protection, even the most basic stuff.
[ link to this | view in thread ]
Re:
Lisa, on The Simpsons, has been using it for about a decade now. It's common usage on the net these days.
[ link to this | view in thread ]
Re:
They also appear to outright resent the idea of having to pay for such things (competent and sufficient IT staffing), considering it an unnecessary drain on the bottom line, which is bloody amazing in itself.
Price Waterhouse Coppers delivered their damning IT security audit report at least a month before the hack happened. That's extraordinary. Any cluefull org would have gone into crisis mode at that point, and with Sony's past history, they should have felt like deer in the headlights.
I agree with your "bull." Sony wouldn't know where to begin.
[ link to this | view in thread ]
It wasn't a DDoS.
[ link to this | view in thread ]
Re: Re:
And everywhere else.
[ link to this | view in thread ]
Re: The Real Threat Is From South America
[ link to this | view in thread ]
Re: Re:
They bankroll some insane as shit plan that someone conned them thinking would work and solve the problem.
It of course does not solve the problem, creates more problems, and then they pay a PR firm even more to shout North Korea did it much louder.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
If I still watched TV, I suppose I'd know that. We all choose our personal blinkers, or points of view. Where's that omniscience upgrade I've been waiting for? :-P
[ link to this | view in thread ]
Re: Re: Re:
The general wisdom in IT security is that the safest organizations are the ones who had a major breach a year earlier. However, organizations run by lawyers and accountants appear to be impervious to learning from the past. Real reputation means nothing, and they can pay to rehabilitate an "image".
[ link to this | view in thread ]
Re: Re:
That would depend on the country you are in and the country the target is in. Keep in mind that we are not talking about a US company.
I don't think they have engaged in DDOS attacks for a few reasons, but avoiding jail seems like an unlikely reason.
More importantly, for them, engaging in an attack that they may want someone prosecuted for sometime in the future is a really bad idea. In addition, I would guess that the resources that they have that might be able to pull off a somewhat-secretive DDOS attack on anyone are REALLY busy right now trying to get a handle on the current hack they have suffered.
[ link to this | view in thread ]
Re: Re: Re: Re:
They might actively work to make sure they don't happen again.
More often that not the costs of these things are shoved onto everyone else, never the management who made the stupid decisions to pad their own cheques a little bit more.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
"If I still watched TV, I suppose I'd know that."
Not sure how that's connected. I don't watch TV myself.
[ link to this | view in thread ]
Re: Hubris
So here's a little thought: If a hypothetical technically inclined 3rd party was angry at Sony for whatever reason, Everything required to build"Sony" for an AWS account was included in the data breech. Email accounts. Passwords. Credit card information (probably flagged already, but still). Servers to use as bounce points. Hair-trigger lawyers ready to sue anyone who dares to speak ill of Sony.
Frankly, if a hypothetical 3rd party wanted to mess with Sony this way, it's not a stretch to think they could.
[ link to this | view in thread ]
Re: Re:
1) "Sony" the umbrella company may not be a US Company, but it has subsidiaries in the US which are.
2) The US Government is perfectly willing to dispense with nuisances like territorial boundaries and extend a long arm into other countries when it pleases them to do so.
[ link to this | view in thread ]
Re: Re: Hubris
They surely do. Sony does have actual skilled engineers in their employ. The problem with Sony is on the management side. Even if they can't, hubris, hypocrisy, and stupidity are still strong parts of Sony's corporate culture.
[ link to this | view in thread ]
Re: Re: Hubris
I like this game. In the vein of "Let's spin a movie plot", try this. Some hypothetical movie studio gets hacked. Much hand-wringing ensues, leading one of the staff alpha male "Master of The Universe" types to say to him/herself, "Hmm, 4chan! I wonder if I can get some Anonymous Hackers to attack our attackers." I can just see 4chan snickering in the background while stringing this doofus along, meanwhile ripping off Russian black market types in his/her name, whereupon much hilarity ensues.
I wonder if I can sell this idea to Sony. They could even use that old saw, "Based on a true story."
[ link to this | view in thread ]
Re: Hubris
Hypocridity? Stupocrisy?
[ link to this | view in thread ]
Re: Re: The Real Threat Is From South America
[ link to this | view in thread ]
Re: Re:
Akio Morita's ashes must be churning in their urn. He'd never condone Sony's actions if he was still at the helm.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
FUCK YOU SONY IDIOTS
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Cyberlocker
IME when stealing something it's always best to implicate a politician or the head of a multinational. It makes it so much easier to get away with things.
[ link to this | view in thread ]
Re: Cyberlocker
[ link to this | view in thread ]
Re: Cyberlocker
[ link to this | view in thread ]
Sony re Hacking
[ link to this | view in thread ]
Re: Sony re Hacking
Seriously the DOD, IRS, CIA FBI, all get hacked several times a day..... and SENSITIVE DATA? ...what? none of you knew that Jollie was a self mutilating brat...? ...or that Obama is a race baiter who goes out of his way to help gays ,blacks, Muslims, communists, and any other "anti-American" identity around the world. Just saying. Sony? Who gives a flying flip.
[ link to this | view in thread ]
Re: FUCK YOU SONY IDIOTS
[ link to this | view in thread ]
XMAS Gifts for North Korea
http://www.firehow.com/2013041237025/how-to-deal-with-little-fatty-the-third.html
Since they don't like XMAS in NK, someone needs to sell Christmas ornaments with Dear Leader likeness.
There is one scene in #TheInterview that would make a particularly incendiary XMAS bauble!
[ link to this | view in thread ]