Post-hack, is Sony Dishing Out Revenge DDoS?

The recent string of malicious attacks against Sony Pictures by hacker collective the Guardians of Peace has resulted in a range of personal and at times embarrassing information leaked to the public, from internal emails discussing Angelina Jolie and President Obama, to competitive secrets and upcoming movies like Annie. Supposedly, Sony hasn’t taken the situation lying down: some sources claim that the entertainment giant has conducted a retaliatory, large-scale DDoS attack against the websites hosting the leaked information.

According to unnamed sources speaking to Re|Code, Sony is “using hundreds of computers in Asia to execute what’s known as a denial-of-service attack on sites where its pilfered data is available,” via Amazon Web Services, which has data centers in Tokyo and Singapore. The idea is to disrupt downloads of sensitive information, the sources said.

Sony has declined to comment on the story. As for Amazon Web Services, a spokesperson told us that contrary to the report, Sony isn't using its infrastructure if indeed it's carrying out the activity. “AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services. In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse. Our terms are clear about this. The activity being reported is not currently happening on AWS.”

Regardless of how DDoS revenge attacks would be effected, what, if anything, would such an approach accomplish?

“If, in fact, Sony is planning retaliatory attacks against websites that are keeping their leaked information, this probably won't stop hackers from attacking them; it may only spur them to greater action,” said Marc Gaffan, CEO and co-founder of Incapsula, in an email.

That said, there’s no doubt that DDoS attacks are also very costly to the victims. Incapsula found that just one hour under the gun of a DDoS attack can cost a company upwards of $40,000. And, thanks to the abundance of cloud infrastructure for hire, it’s not difficult to initiate the attacks.

“However, launching DDoS attacks is illegal, regardless if it is in response to an attack or in self-defense,” Gaffan said. “While these types of attacks are effective in shutting down websites, it will also impact innocent parties that are caught in the line of fire. If Sony is fighting back, we hope that they are better prepared to thwart these attacks than they were two weeks ago.”

As we previously reported, it’s believed that North Korea is behind the incident, in retaliation for the release of the comedy The Interview, which features Seth Rogan and James Franco as hapless journalists recruited by the CIA to assassinate North Korean leader Kim Jong-un. Pyongyang has called the film “an act of war.”

Sony chiefs Michael Lynton and Amy Pascal have sent an email to employees noting that the company was still examining the full extent of the attack, which resulted in the leaking of upcoming movies like Fury and Annie online, as well as the lifting of various corporate data. It also wiped out data on a swath of its network.

What’s Hot on Infosecurity Magazine?