Sony Reportedly Is Using Cyber-Attacks To Keep Leaked Files From Spreading 190
HughPickens.com writes Lily Hay Newman reports at Slate that Sony is counterhacking to keep its leaked files from spreading across torrent sites. According to Recode, Sony is using hundreds of computers in Asia to execute a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter. Sony used a similar approach in the early 2000s working with an anti-piracy firm called MediaDefender, when illegal file sharing exploded. The firm populated file-sharing networks with decoy files labeled with the names of such popular movies as "Spider-Man," to entice users to spend hours downloading an empty file. "Using counterattacks to contain leaks and deal with malicious hackers has been gaining legitimacy," writes Newman. "Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'."
I didn't care before (Score:2)
but where can I find this juicy info? What the the websites being attacked by Sony?
Re:I didn't care before (Score:5, Funny)
but where can I find this juicy info? What the the websites being attacked by Sony?
As competent as Sony has been with security lately, I'd guess they are using DDS attacks against The Pirate Bay.
Re: (Score:3)
Re: (Score:2)
Pirate Bay? Knowing Sony they are attacking themselves. The battles between their electronics and media divisions have been pretty comic over the years...
Ironically, TPB prolly could have hosted on Sony servers for years without Sony actually noticing!
Re: (Score:2)
Google is being surprisingly unhelpful here. Maybe Sony execs made an emergency call to Sergei?
This is all I could find after ~1 min of searching DuckDuckGo:
http://www.magnetdl.com/file/1... [magnetdl.com]
Is SONY breaking the law with this "defense"? (Score:5, Insightful)
Then they are no better than those that hacked into their systems, and should be prosecuted like any criminal hacker
Those that have helped them in this, should be prosecuted as accessories.
Or, if what SONY is doing is acceptable, Than it was okay for those that hacked SONY to do what they did.
The law applies to all, big and small.
Re:Is SONY breaking the law with this "defense"? (Score:5, Funny)
Of course it was ok for the guys to hack Sony.
Sony fired the first shots years ago.
If we are using second amendment as an analogy, then Sony has been breaking in to houses all around the world.
The hackers who screwed them up royally are just friendly neighbours helping defend the neighbourhood.
Re:Is SONY breaking the law with this "defense"? (Score:5, Insightful)
If there are any legitmate files hosted on those servers Sony's hired guns are DOSing, a "second amendment analogy" means Sony just fired back at both their opponents and some innocent bystanders. How about that, posters defending Sony's right to use such tactics - does that right include unlimited collateral damage to random bystanders? If sony isn't breaking the law, then does that make the law right even if innocents get caught in the 'crossfire'?
SONY breaking the law (yet again) (Score:5, Interesting)
Re: (Score:2)
The interesting thing is that, if they are using outsourced servers strategically located in Asia to avoid the long arm of the law, that people should be able attack those same servers and do pretty much anything they want to them without fear of consequences. Being beyond the law is a double edged sword, and I personally would not bet against all the hackers on the Internet in that fight...
Yes Japan and Singapore are so well known for being lawless.
Re:Is SONY breaking the law with this "defense"? (Score:4, Informative)
I don't think they are actually DDOS'ing servers as TFS claims. They are using a "bad seed" attack on Bittorrent, which is where they run modified Bittorrent clients that claim to be seeding the stolen data but actually just return /dev/random. Of course the receiver notices that the checksum is wrong and discards the data, but if there are enough bad seeds in a swarm it can make getting a complete set of data quite difficult.
Some US anti-piracy companies used to do it a few years ago, but the trackers quickly banned all their IP addresses and they gave up.
Re: (Score:2)
Its distributed and it denies service (or at least the service users are expecting), just because they are not necessarily "packeting" the targets does not make it not a DDOS.
Re: (Score:2)
Well, I suppose it is some kind of denial of service attack, but it isn't a DDOS in the traditional sense of attacking a server. It's a passive attack, the bad clients just offer up junk data and at worst spam the tracker. I'm not sure if there is a difference in legal terms.
It's kind of interesting to think about where the line actually is. For example, sometimes people stand for election with a very similar name to one of the popular candidates in order make careless people accidentally vote for the wrong
Re: (Score:2)
Some US laws are held by US courts to apply to US citizens outside the US, such as certain tax laws or laws against "sex tourism". The US Constitution is the empowering document of the Federal Government, and hence theoretically all US Federal Government actions either fall under its purview or are illegal, although this has not been consistently upheld.
Re: (Score:2, Funny)
is all this still due to that ps3 linux thing? why are people so butthurt about that? who cars any more?
Re: (Score:3)
There was also the Sony rootkit if you have forgotten: http://en.wikipedia.org/wiki/S... [wikipedia.org]
Destroying people's computers is not quite a nice thing to do.
Re: (Score:2)
the first paragraph of that wiki article was very damning! I thought wikis were supposed to be neutral. also, I could have sworn tha this ithing was in the nineties. i had a mac in 2005-7 so no shit stuck on me.
Re: (Score:2)
The rootkits worked on Macs as well. Linux was unaffected.
Re:Is SONY breaking the law with this "defense"? (Score:4, Insightful)
the first paragraph of that wiki article was very damning! I thought wikis were supposed to be neutral.
I thought that wikis were supposed to be factual. Sometimes the facts are damning.
Re: (Score:3)
Ever notice the other betrayal there? Anti-malware software uniformly missed the Sony rootkit, probably deliberately. It was finally found by independent researchers. The story is that Sony asked the antivirus people to let their rootkit through, and they did. If so, that's some pretty serious malfeasance on the part of antivirus vendors.
Re: (Score:3)
No
Sony execs have been sacking lots of writers/artists/3d anims just to save another $100m, and yet they are still making $600m per $1000m spent on movies. They dont need to make MORE profits.
The execs of sony are greedy scum that want nothing but 100000000% profits, based on zero expenses for zero effort on their behalf.
Re:Is SONY breaking the law with this "defense"? (Score:5, Interesting)
It set a dangerous and horrible precedent. A company can remove features from a product that you already own on a whim. Some people managed to get refunds, but most were simply screwed.
If it becomes acceptable then you will find that things you own start to self destruct after a year or two. It already happens with some smart TVs, where the manufacturer drops support for certain apps on older models so you lose the ability to watch NetFlix or Amazon Instant. Your TV breaks because they couldn't be bothered to pay the license fee for another year, or because they feel that it's time you upgraded.
Re: (Score:2)
Gotta be carefull there pardner, there's a huge difference between carrying arms and using arms. Just as you are not entitled to shoot your noisy neighbour, there are no laws that allow computer hacking except for policing agencies with warrants. Of course a denial of service attack is in this guise even worse, guilty until proven innocent based purely upon accusation based upon circumstantial evidence. Of course this really is about a specific level of public corruption where justice is blatant for sale t
Re:Is SONY breaking the law with this "defense"? (Score:5, Interesting)
Speaking as a computer security professional the entire second amendment argument is juvenile and stupid, if not harmful. On top of this we continue as a society to tolerate an obviously corrupt system of double standards. I completely agree with you.
We have corporations that now seem to operate under an entirely different set of lows than the rest of use do. We have HS and College kids being aggressively prosecuted for acts that cause tiny amounts of harm if any. Sony deploys a root-kit that puts the security of the systems of millions of customers in danger, and impairs those systems in general and they get basically asked to apologize and replace the defective product, they are not asked to do anything about the real damage. I don't recall prosecutors asking Aaron if he would like kindly remove his machine from MIT's wiring closet, delete the copies of the journals he made, tidy up and than forget the whole thing; no he was threatened with prison and a ruinous legal process until he killed himself. Yet for some reason Sony gets off without even having to clean up the mess they made.
Meanwhile the security community continues to want play army. Weather its with red vs blue rhetoric, or bizarre and ill considered Second Amendment analogies. To anything thinking person software it self and digital communications are more closely tied to the First Amendment, in terms of speech and anything you might do with a computer or network is more relate-able to expression or assembly.
A computer is not a weapon, let me repeat that a computer is not a weapon. Now it might control a weapon, be a component in or of a weapon but a computer it self is not a weapon. We don't need to conflate these things. By the logic they are using anything that can be weaponized is an arm. Which would mean I have the right to keep and bare well anything. "Sorry mister DEA agent, that brick of cocaine isn't drugs, I use it throw at people I don't like. Its a great arm, if you get hit with the corners of the package it really hurts; yet at only one kilo its light enough to carry around throw easily!" To say nothing of the implications for cars, kitchen knives etc.
This is about impotent little pricks that want to feel powerful, without having to leave their desks. The CFAA is a terrible law that is vague and potentially criminalizes lots of very innocent activity. Still I hardly think given the number of shared resources out there we want go to a total free for all where anyone can do anything the like online with no real/physical world consequences either. I am not even necessarily against "attack back" if its allowed under a prescribe limited set of circumstances, just like castle doctrines or stand your ground laws. The important parts of that though are "limited" and "prescribed" none of which applies to what Sony is doing here.
Is SONY breaking the law with this (Score:5, Interesting)
The law applies to all, big and small.
Which jurisdiction or period in time are you referring to? I can't think of a single example where this is true.
Pretending life is the same as fantasy is a sign of mental illness.
Re: (Score:1)
| The law applies to all, big and small.
|
| Which jurisdiction or period in time are you referring to? I can't think of a single example where this is true.
|
| Pretending life is the same as fantasy is a sign of mental illness.
Or merely an expression of belief in the rule of law.
Re: (Score:2)
Which jurisdiction or period in time are you referring to? I can't think of a single example where this is true.
Look up the reign of Caligula (short as it was). One reason he was so popular among the common people was that he treated everybody equally (badly), and wasn't above throwing hordes of rich people to the lions. (When he ordered the first five rows of the Colosseum thrown into the arena, those were the ring side seats, filled with the rich and famous, which went down very well with the common man).
Re: (Score:2)
(When he ordered the first five rows of the Colosseum thrown into the arena, those were the ring side seats, filled with the rich and famous, which went down very well with the common man).
But he's a *populist* sociopath. :) Awesome, thanks for the correction!
Re: (Score:2)
Yepp, the disheartening lesson is that everybody is equal at the very bottom. :-)
We've had something similar in historic Sweden. One reason we never really had any feudalistic oppression in Sweden was that there wasn't room for more than the king. He didn't have to barter with feudal lords, cause there wasn't room for anyone else to grow in strength enough to get out from under the kings thumb.
That's not to say that Swedish pheasants at the time were much better off than their European brethren. No, more th
Re: (Score:2)
"In its majestic equality, the law forbids rich and poor alike to sleep under bridges, beg in the streets and steal loaves of bread."
Anatole France
Re: (Score:2)
"In its majestic equality, the law forbids rich and poor alike to sleep under bridges, beg in the streets and steal loaves of bread."
Anatole France
Fantastic quote. Thank you for sharing - I'm sure I'll use it frequently.
Re: (Score:2)
breaking the law? yes, if it is sony behind the attack then they are. there's not really much discussion to be had about the subject if you any grasp of the usual laws.
but if it is happening from an asian country to another asian country, probably nothing will come out of it. maybe someone needs bribed but that's about it.
and right to bear arms applying to executing a cyber attack? that's like saying that right to bear arms should be interpreted as the right to form a lynch mob, WHICH IT IS NOT. this is not
Re: (Score:2)
we can just pass the blame to guy who can't speak english or some independent contractor
Re: (Score:2)
umm, Sony was worse to begin with, whole reason they got hackled is because Sony is FUCKING EVIL!
Re: (Score:2)
Then they are no better than those that hacked into their systems, and should be prosecuted like any criminal hacker Those that have helped them in this, should be prosecuted as accessories. Or, if what SONY is doing is acceptable, Than it was okay for those that hacked SONY to do what they did.
The law applies to all, big and small.
Keep telling yourself that as you scratch off the days, months and years on the walls of your prison cell while imagining the guffawing of Sony suits snorting cocaine off prostitutes' asses like Doogie Howser and rolling around in piles of money like Scrooge McDuck. Sony does what it likes, and if anyone disagrees they get beaten with socks filled with 100 dollar bill stacks until they shut up. Don't believe the fairy tale of equal justice under law.
Re: (Score:2)
Re: (Score:2)
How did that "more" end up 3 words down from where it's supposed to be?
Re:Is SONY breaking the law with this "defense"? (Score:5, Funny)
AC should have let his four year old daughter type it in.
Re:Is SONY breaking the law with this "defense"? (Score:5, Funny)
Try reading that without hearing it in the voice of a half-wit. It can't be done.
So you're saying you read that aloud and heard the voice of a half-wit? Imagine that!
Is anyone surprised? (Score:5, Funny)
Sony doesn't just poke the hornets nest, they go balls deep and windmill
Re: (Score:2)
Re: (Score:3, Insightful)
The Internet Will Die (Score:2)
If this is going to be the M.O. of companies that thing the internet is their plaything and they can do whatever they want then the biggest inovation since planes is going to be dead. The internet if constantly hacked is going to be more than useless. The big players always want to criminalize hacking and file shareing etc but when they are incompetant its ok for them to disregard the DMCA and crack others sites and totally try to trash the usefullness of the internet. These companies need to die. fuck them
Re: The Internet Will Die (Score:3, Insightful)
The Internet died about 10 years ago. Just like everything else, the capitalists took something good and turned it into a giant cesspool of greed.
Re: (Score:2)
irc still exists, and at least the money has paid for billion dollar fibre cables all over the oceans.
Who else would pay for that?
Re: (Score:2)
Only cyber attacks? (Score:2)
how long will the $ hold out? (Score:2)
Re: (Score:2)
With Sony sensors leading the camera market their imaging division isn't going anywhere.
True; but shareholders tend to have...finite...patience for using the proceeds of an actually profitable division to engage in an open ended clusterfuck somewhere else in the company.
If you can make a strategic case for it, or it promises to be temporary, they can usually be made to suck it up; but it's not a blank check, even if the other division is all kinds of healthy.
No real evidence... (Score:2)
There is no real evidence of this, just a bunch of speculation and innuendo from the Torrent fans.
Could Sony do this? Of course. But there would certainly be corporate liability involved.
So would they? Probably not.
Sony knows these movies will make it to the illegal market sooner or later, so why would they open themselves to this kind of liability? They would not.
Internal emails are probably more of a concern, but anything that could be relieased would already be the subject of internal roumors amoung th
Re: (Score:2)
But there would certainly be corporate liability involved.
Liability? I'd like to see how that would play out. Torrent sites would sue because Sony interfered with their distribution of misappropriated goods?
Re: (Score:2)
Liability? I'd like to see how that would play out. Torrent sites would sue because Sony interfered with their distribution of misappropriated goods?
Corporate sponsored hacking is frowned upon. Prove me wrong.
Re: (Score:2)
Corporate sponsored hacking is frowned upon. Prove me wrong.
If you have the cash, these guys will take care of the job for you: http://www.ibm.com/ibm/files/I... [ibm.com]
Re:No real evidence... (Score:5, Informative)
"No real evidence"
Anyone with half a brain can use map.ipviking.com and watch the shit happen. There's your evidence.
Re: (Score:2)
Anyone with half a brain can use map.ipviking.com and watch the shit happen. There's your evidence.
That China attacks this and that all the time is a known fact. The "attack map" connects nothing to Sony.
Yes, "SONY BAD" but yet there is zero evidence that Sony has anything to do with this.
Could be that they do, but nothing but Sony haters pontification on foundations of nothing at the moment...
I have no love for Sony, other than my 70's vintage 4 track reel-to-reel. But this kind of story is really no story at all.
Re: (Score:2)
And lo and behold, you find an IP that Sony uses in there.
You fail at basic network IT. You shouldn't even be in this conversation.
So we know a Sony machine is part of a DDoS, we don't know that Sony is doing it. It's clear that they're not in control of their networks. Who fails at basic IT?
Re: (Score:2)
This is Sony. That comment should have gotten you at least a (+2, Funny), after the rootkit attacks.
Really... (Score:5, Insightful)
> Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'."
Uh huh... the 2nd amendment says I have the right to defend myself. That means I can own guns to defend myself when I'm being attacked... PHYSICALLY.
The proper analogy is that I have the right to secure my computer systems from being hacked by malcontents or governments (or both).
It does not give me the right to go over to the local printing press and blow them up if they're xeroxing my naked selfies. That's not defense, that's just vandalism.
Good lord can this world get any dumber...
Re: (Score:2)
TFS includes "2nd amendment" and "Asia."
And, Momma, that ain't right.
Re: (Score:2)
The second amendment says nothing about defending yourself. It is simply about being free from harassment by government in owning and carrying 'arms'. It says nothing about using them against another person, and it seems to imply that it is for the purpose for maintaining a well regulated militia. The definition of 'arms' is intentionally generic so as to not exclude any particular type or category of 'armament'. Obviously it has been watered down by various States and case law, but not yet to the point of
Re: (Score:2)
Try to keep up. In the Heller decision, the Supreme Court said in it's holdings that self-defense is a "core right" protected by the second amendment, and that right is independent from any tie to militia service.
Re: (Score:2)
Self defence is a core right independent of the second amendment. SCOTUS upheld that the right to bear arms is not exclusively tied to militia service.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The proper analogy is that I have the right to secure my computer systems from being hacked by malcontents or governments (or both).
The proper analogy is that you have the right to have tools that can be used to DDoS, not that you have the right to DDoS. Just as you have the right to keep and bear arms, but not to use them to go around shooting people because they needed shootin'.
The only real defense ... (Score:2)
Mao Zedong opined that "the only real defense is active defense", meaning defense for the purpose of counter-attacking and taking the offensive. Often success rests on destroying the enemy's ability to attack. This principle is paralleled in the writings of Machiavelli and Sun Tzu.
http://en.wikipedia.org/wiki/T... [wikipedia.org]
Re: (Score:2)
"the best offense is a good defense - dennis rodman, Double Team
Re: (Score:2)
Re: (Score:2)
Mixed Feelings (Score:5, Insightful)
So it's strange, I have completely mixed feelings about this. If Sony is using such borderline techniques to try and prevent people from downloading torrents of PII data pilfered from their servers such as SSNs, tax returns, W2s, celebrity phone numbers, etc, then I am willing to give them the benefit of the doubt. This may be slightly over the line, but if it is to protect the data belonging to outside people, then I am inclined to view it more favorably.
If, on the other hand, this is about preventing the latest ZOMG HD SCREENER TORRENT of their most popular film from being shared one more time, I view such activities much less favorably.
There is probably not a legal distinction between protecting future profits and protecting the private data of one's employees, but it certainly makes me struggle with how to view this..
Re: (Score:2)
I hate Sony (Score:2, Interesting)
I hate Sony. I don't buy their products. I have a person vendetta against that company for reasons I'll not detail here because they're not relevant.
That said... I'm ok with this. Seems fair to me. Hack away Sony.
Re: (Score:2, Funny)
Did Sony make fun of your small peepee?
Re: (Score:2)
I hate Sony. I don't buy their products. I have a person vendetta against that company for reasons I'll not detail here because they're not relevant.
That said... I'm ok with this. Seems fair to me. Hack away Sony.
A vendetta?
Against every single innocent employee or former employee who had their HR records leaked?
Oh yeah, seems "fair" alright.
About as fair as dropping a nuke or two to get rid of those pesky terrorists. Apparently a blanket fixes everything.
Does anyone know ... (Score:2)
... how the hackers penetrated Sony? OK, I walked into that one.
How did the hackers breach the wall? Was it via an exploit or unpatched server or weak firewall? Was it an inside job? Phishing?
A link would be great.
Thanks.
Nm ... (Score:2)
Aparently, this is how [microsoft.com].
Re: (Score:2)
It helps that Sony admins liked to keep nice handy unencrypted text files listing every login and password conveniently in one place. The hackers needed to use technical attacks to get that far, but once they compromised the server holding those it was plain sailing from then on. Office staff had their own password list too, where they recorded company credit cards and passwords for external services.
Re: (Score:2)
I saw that and, while it's just insane, I am trying to find the forensics of just how the hackers got in, in the first place.
Network admins lose sleep over stuff like that and it's critical they we determine the mechanics so we can avoid this type of attack ourselves.
Re: (Score:2)
Thank you for the link. It provides information I have not seen before.
This was helpful:
Just like DarkSeoul, the Destover wiper executables were compiled somewhere between 48 hours prior to the attack and the actual day of attack. It is highly unlikely that the attackers spear-phished their way into large numbers of users, and highly likely that they had gained unfettered access to the entire network prior to the attack .
Bold italics mine.
Sony DOS? (Score:2)
From TFB:
According to Recode, Sony is using hundreds of computers in Asia to execute a denial of service attack on sites where its pilfered data is available
So it's legal when Sony does it? How, exactly?
Whack a mole (Score:2)
The nature of the Internet will make it impossible for this approach to succeed. Sony may shut down one site, but the files will simply appear somewhere else.
Sense of Humor lacking (Score:2)
I don't like the idea of DDOS being legitimized in any way, so I'm not going to address that aspect.
But...
Why piss in the figurative lemonade by using an empty file for the mislabeled torrent?
Remember me during the old Limewire/Napster days, anyone?
File Titled: Something new and legit like "Track 01 Elton John --Rocketman-- 2014 Digitally Remastered Release.mp3".
Actual file: William Shatner spoken word version
Wait, the 2nd applies to cyber arms? (Score:2)
I may defend myself now against people and organizations threatening my personal freedom?
Can I have that in writing?
too generic information (Score:2)
Unconfirmed quote from head of Sony Entertainment? (Score:2)
Re: (Score:2)
Even if the second amendment were to cover this, the second amendment doesn't allow you to actually shoot someone (or to DDoS them).
Re: (Score:2)
"Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'." - Name names of these idiots please.
Perhaps more importantly, even if that were true how would it be relevant?
It is, in fact, the case that (aside from one or two idiot jurisdictions that tried to ban 'hacker tools', an attempt that either bans absolutely nothing or bans all security research and every security and diagnostic utility right down to 'ping') possession of some fairly potent dual-use tools is downright white-hat, and even shameless sale of ready-weaponized exploits is done without legal risk(looking at you, Vulpen).
However,
Re: (Score:2)
I could see someone making a movie about this. But it probably wouldn't be Sony.
Re: (Score:3, Interesting)
The rootkit was far worse than this. The only reason it wasn't a huge PR disaster is that most non-techies have no idea what it was.
That and the invidious notion that 'consumers' really don't need or deserve control over their devices is fairly alarmingly entrenched. Even when the system in question isn't one that you 'licensed and not sold' to the sucker, you can have your merry way with them in ways that you'd never get away with in the context of real property.
If infiltration and covert execution of a rootkit were treated even as seriously as, say, physical trespass, Sony would have had a problem. As it was, the response was along
Re:defense against bennett (Score:5, Interesting)
the second amendment allows people to own firearms, but not to use firearms. so sony has it backwards. right now they are using firearms but don't own them. think much?
Re: (Score:2)
Though it does bring up some interesting legal questions regarding the limits of self defense online, something that could dovetail in interesting ways with things like castle doctrine (think of all the things commercial software and websites do to your home machine) or something like 'stand your ground' (if you have a legal right to be on a website and feel threatened by the owners or users, is that than legal justification for offensive actions?).
Given Sony's own sh
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The Second Amendment, as interpreted by the courts, doesn't allow me to buy a modern infantry rifle. (How are you supposed to have a well-regulated militia with obsolescent weapons?) I've given up speculating how the courts will interpret the Second.
Re: (Score:2)
your talking about assault rifles. assault =! defense.
Re: (Score:2)
The Second Amendment says nothing about defense. "A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed." What it says is something about a militia (which is a military force) and not infringing my right to keep and bear arms. What the Supreme Court gets out of that is that I don't get to buy a real M16, for reasoning I cannot fathom.
Re: (Score:2)
Another problem is that militia. To me it looks like a bunch of guys with (semi-) automatic weapons defending their lives, homes and way of living against the government. say, pretty much like what they're doing in the tribal areas of Pakistan or Yemen. But no, your militia isn't going to get Hellfire missiles legally. The second amendment is obsolete, just as
Re: (Score:2)
Why?
How will you using Sony's products without paying for them hurt them?
Re: (Score:2)
You appear to be trying to legitimise rape.