Sony Pictures Entertainment is fighting back

Sony Pictures is adopting various measures to contains damages including a “fighting back” activity against website that share the stolen data.

We will talk about the Sony Pictures data breach for a long time, the cyber attacks conducted by the GOP hacking team is causing serious damages to the company. It is early to estimate the overall economic impact of the attack, but as explained by the experts the damage could cost to the Sony Pictures several hundred million dollars.

What’s new on the investigation and the response of the Sony Pictures?

While various companies are analyzing the wiper malware used in the cyber attack, Sony Pictures has asked the media to avoid spreading data related the data breach. In a letter sent to various newspapers and TV, David Boies, an attorney for Sony, asks to delete any information and documents obtained by the circulation of the material following the cyber attack.

But Sony Pictures appearing to be intentioned to do much more, the company has launched a counter-attack against netizens trying to downloaded leaked files stolen from its servers. The news was reported by the Re/code portal, which explains that Sony Pictures is fighting back the website offering the stolen material for download.

“The company is using hundreds of computers in Asia to execute what’s known as a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter. Sony is using Amazon Web Services, the Internet retailer’s cloud computing unit, which operates data centers in Tokyo and Singapore, to carry out the counterattack, one of the sources said. The tactic was once commonly employed by media companies to combat Internet movie and music piracy.” states the Re/code

The company is running DDoS attacks against the sharing platforms that are proposing the data stolen from its server. Re/code revealed that Sony Pictures is using Amazon’s online cloud computing resources to flood fake “seed” sources of the stolen documents that are available as torrent files. In this way when an Internet user tries to download one of the stolen documents via torrent, he will receive a fake seed that will not provide the file.

The technique is not new, security experts used it in the past to discourage the downloading of pirated copies of movies via torrent. Basically, they flooded file-sharing platforms with decoy files with the name of the most popular movies, in this way it was very difficult to download the original file selecting the right “link “among a large number of false seeds.

“Sony’s technique is similar to the one it employed in the early days of file sharing, when it worked with an anti-piracy firm called MediaDefender. The firm populated file-sharing networks with decoy files labeled with the names of such popular movies as “Spider-Man,” to entice users to spend hours downloading an empty file. The goal was to frustrate users and prod them to turn to legitimate movie sites. It was a temporary fix that worked until file-sharing sites grew more sophisticated and provided information that allowed users to easily identify these so-called spoof files.” continues the post.

The concept of active defense has been debated for a long time, victims can run DDoS on alleged attackers or in a scaring scenario trying to compromise their system with a malware, that could be spread in an uncontrolled way on the internet impacting the security of other entities.

The active defense is a topic that must be approached carefully, the possible side effects could have disastrous consequences on the security of the Web.

Pierluigi Paganini

(Security Affairs –  Sony Pictures, Active Defense)