Sony Pictures Capitulation Sets a Worrying precedent
Sony Pictures is using denial of service attacks to stop the spread of stolen files on torrent sites which have been posted by hackers Guardians of Peace. Reuters

As Sony Pictures continues to struggle to come to terms with one of the most devastating cyber-attacks in recent memory, it has taken to using one of the favoured tools of hackers to attempt to stifle websites which are spreading stolen files.

Denial of service attacks are typically seen as a very basic form of cyber-attack, which has been popularised in recent years by the hacktivist group Anonymous.

Now, according to two sources with knowledge of the matter speaking to Re/Code, Sony is using this technique to try and cripple the download speeds of those looking to access the stolen data, which includes personal and financial information on the company's employees as well as feature films such as Brad Pitt's Fury and the yet-to-be-released remake of Annie.

The sources say Sony is using "hundreds of computers in Asia" which are part of the Amazon Web Services (AWS) infrastructure in Tokyo and Singapore.

If this is the case, then Sony could be breaching Amazon's terms of use, according to Tim Erlin from Tripwire:

"If Sony is indeed conducting denial of service attacks from Amazon Web Services, they are likely violating the AWS acceptable use policy, regardless of whether the targets are engaged in illegal activity or in possession of Sony property. The AWS AUP explicitly prohibits initiating Denial of Service attacks from their service. It's unlikely that Amazon would let this activity continue.

"Taking the step to 'hack back' against perceived legitimate targets, based on their own assessment of guilt, presents a myriad of potential legal problems. If Sony manages to disrupt, intentionally or accidentally, a legitimate service in the process, they may be adding to their problems, rather than improving the situation."

DoS

Denial of service attacks work by overwhelming a server with traffic, meaning that people trying to access a website (or in this case a torrent file) will be unable to do so. It is a technique which Sony previously employed to stop the spread of pirated copies of its films.

Sony Pictures has not commented on the report, but the company is still trying to get its systems back fully under its control since the studio was attacked by a group of mysterious hackers called Guardians of Peace over two weeks ago.

"The movie of terrorism"

The group, which claims to have stolen "tens of terabytes" of information from Sony Pictures, released the latest tranche of stolen documents on Wednesday.

Along with releasing copies of Sony Pictures' films, the leak includes personal and financial information of thousands of the company's employees, internal emails from executive discussing high profile stars like Angelina Jolie and films like Jobs, the Steve Jobs biopic.

The leaked data has also included highly sensitive information on actors' salaries and the amount of money that it is being paid by Netflix for its films.

The company has called in the FBI and security experts Mendicant to investigate the attack and while North Korea is widely being blamed, the FBI has poured cold water on this, with Joe Demarest, assistant director of the FBI's cyber division, saying: "There is no attribution to North Korea at this point."

The reason North Korea is being blamed is The Interview, a comedy about an assassination attempt on dictator Kim Jong-un. The Guardians of Peace hackers have demanded that Sony Pictures not release what they call "the movie of terrorism which can break the regional peace and cause the war."