Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Sony Piracy Security

Sony Reportedly Is Using Cyber-Attacks To Keep Leaked Files From Spreading 190

HughPickens.com writes Lily Hay Newman reports at Slate that Sony is counterhacking to keep its leaked files from spreading across torrent sites. According to Recode, Sony is using hundreds of computers in Asia to execute a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter. Sony used a similar approach in the early 2000s working with an anti-piracy firm called MediaDefender, when illegal file sharing exploded. The firm populated file-sharing networks with decoy files labeled with the names of such popular movies as "Spider-Man," to entice users to spend hours downloading an empty file. "Using counterattacks to contain leaks and deal with malicious hackers has been gaining legitimacy," writes Newman. "Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'."
This discussion has been archived. No new comments can be posted.

Sony Reportedly Is Using Cyber-Attacks To Keep Leaked Files From Spreading

Comments Filter:
  • but where can I find this juicy info? What the the websites being attacked by Sony?

    • by The Grim Reefer ( 1162755 ) on Thursday December 11, 2014 @09:27PM (#48578633)

      but where can I find this juicy info? What the the websites being attacked by Sony?

      As competent as Sony has been with security lately, I'd guess they are using DDS attacks against The Pirate Bay.

      • by jythie ( 914043 )
        Pirate Bay? Knowing Sony they are attacking themselves. The battles between their electronics and media divisions have been pretty comic over the years...
        • Pirate Bay? Knowing Sony they are attacking themselves. The battles between their electronics and media divisions have been pretty comic over the years...

          Ironically, TPB prolly could have hosted on Sony servers for years without Sony actually noticing!

    • Google is being surprisingly unhelpful here. Maybe Sony execs made an emergency call to Sergei?

      This is all I could find after ~1 min of searching DuckDuckGo:

      http://www.magnetdl.com/file/1... [magnetdl.com]

  • by Anonymous Coward on Thursday December 11, 2014 @08:24PM (#48578345)

    Then they are no better than those that hacked into their systems, and should be prosecuted like any criminal hacker
    Those that have helped them in this, should be prosecuted as accessories.
    Or, if what SONY is doing is acceptable, Than it was okay for those that hacked SONY to do what they did.

    The law applies to all, big and small.

    • Of course it was ok for the guys to hack Sony.
      Sony fired the first shots years ago.

      If we are using second amendment as an analogy, then Sony has been breaking in to houses all around the world.
      The hackers who screwed them up royally are just friendly neighbours helping defend the neighbourhood.

      • by Artifakt ( 700173 ) on Thursday December 11, 2014 @09:40PM (#48578701)

        If there are any legitmate files hosted on those servers Sony's hired guns are DOSing, a "second amendment analogy" means Sony just fired back at both their opponents and some innocent bystanders. How about that, posters defending Sony's right to use such tactics - does that right include unlimited collateral damage to random bystanders? If sony isn't breaking the law, then does that make the law right even if innocents get caught in the 'crossfire'?

        • by TiggertheMad ( 556308 ) on Thursday December 11, 2014 @09:55PM (#48578777) Journal
          The interesting thing is that, if they are using outsourced servers strategically located in Asia to avoid the long arm of the law, that people should be able attack those same servers and do pretty much anything they want to them without fear of consequences. Being beyond the law is a double edged sword, and I personally would not bet against all the hackers on the Internet in that fight...
          • The interesting thing is that, if they are using outsourced servers strategically located in Asia to avoid the long arm of the law, that people should be able attack those same servers and do pretty much anything they want to them without fear of consequences. Being beyond the law is a double edged sword, and I personally would not bet against all the hackers on the Internet in that fight...

            Yes Japan and Singapore are so well known for being lawless.

        • by AmiMoJo ( 196126 ) * on Friday December 12, 2014 @04:40AM (#48579955) Homepage Journal

          I don't think they are actually DDOS'ing servers as TFS claims. They are using a "bad seed" attack on Bittorrent, which is where they run modified Bittorrent clients that claim to be seeding the stolen data but actually just return /dev/random. Of course the receiver notices that the checksum is wrong and discards the data, but if there are enough bad seeds in a swarm it can make getting a complete set of data quite difficult.

          Some US anti-piracy companies used to do it a few years ago, but the trackers quickly banned all their IP addresses and they gave up.

          • by DarkOx ( 621550 )

            Its distributed and it denies service (or at least the service users are expecting), just because they are not necessarily "packeting" the targets does not make it not a DDOS.

            • by AmiMoJo ( 196126 ) *

              Well, I suppose it is some kind of denial of service attack, but it isn't a DDOS in the traditional sense of attacking a server. It's a passive attack, the bad clients just offer up junk data and at worst spam the tracker. I'm not sure if there is a difference in legal terms.

              It's kind of interesting to think about where the line actually is. For example, sometimes people stand for election with a very similar name to one of the popular candidates in order make careless people accidentally vote for the wrong

      • Re: (Score:2, Funny)

        is all this still due to that ps3 linux thing? why are people so butthurt about that? who cars any more?

        • There was also the Sony rootkit if you have forgotten: http://en.wikipedia.org/wiki/S... [wikipedia.org]
          Destroying people's computers is not quite a nice thing to do.

          • the first paragraph of that wiki article was very damning! I thought wikis were supposed to be neutral. also, I could have sworn tha this ithing was in the nineties. i had a mac in 2005-7 so no shit stuck on me.

          • Ever notice the other betrayal there? Anti-malware software uniformly missed the Sony rootkit, probably deliberately. It was finally found by independent researchers. The story is that Sony asked the antivirus people to let their rootkit through, and they did. If so, that's some pretty serious malfeasance on the part of antivirus vendors.

        • No
          Sony execs have been sacking lots of writers/artists/3d anims just to save another $100m, and yet they are still making $600m per $1000m spent on movies. They dont need to make MORE profits.

          The execs of sony are greedy scum that want nothing but 100000000% profits, based on zero expenses for zero effort on their behalf.

        • by AmiMoJo ( 196126 ) * on Friday December 12, 2014 @04:43AM (#48579961) Homepage Journal

          It set a dangerous and horrible precedent. A company can remove features from a product that you already own on a whim. Some people managed to get refunds, but most were simply screwed.

          If it becomes acceptable then you will find that things you own start to self destruct after a year or two. It already happens with some smart TVs, where the manufacturer drops support for certain apps on older models so you lose the ability to watch NetFlix or Amazon Instant. Your TV breaks because they couldn't be bothered to pay the license fee for another year, or because they feel that it's time you upgraded.

      • by rtb61 ( 674572 )

        Gotta be carefull there pardner, there's a huge difference between carrying arms and using arms. Just as you are not entitled to shoot your noisy neighbour, there are no laws that allow computer hacking except for policing agencies with warrants. Of course a denial of service attack is in this guise even worse, guilty until proven innocent based purely upon accusation based upon circumstantial evidence. Of course this really is about a specific level of public corruption where justice is blatant for sale t

        • by DarkOx ( 621550 ) on Friday December 12, 2014 @08:51AM (#48580649) Journal

          Speaking as a computer security professional the entire second amendment argument is juvenile and stupid, if not harmful. On top of this we continue as a society to tolerate an obviously corrupt system of double standards. I completely agree with you.

            We have corporations that now seem to operate under an entirely different set of lows than the rest of use do. We have HS and College kids being aggressively prosecuted for acts that cause tiny amounts of harm if any. Sony deploys a root-kit that puts the security of the systems of millions of customers in danger, and impairs those systems in general and they get basically asked to apologize and replace the defective product, they are not asked to do anything about the real damage. I don't recall prosecutors asking Aaron if he would like kindly remove his machine from MIT's wiring closet, delete the copies of the journals he made, tidy up and than forget the whole thing; no he was threatened with prison and a ruinous legal process until he killed himself. Yet for some reason Sony gets off without even having to clean up the mess they made.

          Meanwhile the security community continues to want play army. Weather its with red vs blue rhetoric, or bizarre and ill considered Second Amendment analogies. To anything thinking person software it self and digital communications are more closely tied to the First Amendment, in terms of speech and anything you might do with a computer or network is more relate-able to expression or assembly.

          A computer is not a weapon, let me repeat that a computer is not a weapon. Now it might control a weapon, be a component in or of a weapon but a computer it self is not a weapon. We don't need to conflate these things. By the logic they are using anything that can be weaponized is an arm. Which would mean I have the right to keep and bare well anything. "Sorry mister DEA agent, that brick of cocaine isn't drugs, I use it throw at people I don't like. Its a great arm, if you get hit with the corners of the package it really hurts; yet at only one kilo its light enough to carry around throw easily!" To say nothing of the implications for cars, kitchen knives etc.

          This is about impotent little pricks that want to feel powerful, without having to leave their desks. The CFAA is a terrible law that is vague and potentially criminalizes lots of very innocent activity. Still I hardly think given the number of shared resources out there we want go to a total free for all where anyone can do anything the like online with no real/physical world consequences either. I am not even necessarily against "attack back" if its allowed under a prescribe limited set of circumstances, just like castle doctrines or stand your ground laws. The important parts of that though are "limited" and "prescribed" none of which applies to what Sony is doing here.

           

    • by bill_mcgonigle ( 4333 ) * on Thursday December 11, 2014 @09:59PM (#48578795) Homepage Journal

      The law applies to all, big and small.

      Which jurisdiction or period in time are you referring to? I can't think of a single example where this is true.

      Pretending life is the same as fantasy is a sign of mental illness.

      • by Anonymous Coward

        | The law applies to all, big and small.
        |
        | Which jurisdiction or period in time are you referring to? I can't think of a single example where this is true.
        |
        | Pretending life is the same as fantasy is a sign of mental illness.

        Or merely an expression of belief in the rule of law.

      • Which jurisdiction or period in time are you referring to? I can't think of a single example where this is true.

        Look up the reign of Caligula (short as it was). One reason he was so popular among the common people was that he treated everybody equally (badly), and wasn't above throwing hordes of rich people to the lions. (When he ordered the first five rows of the Colosseum thrown into the arena, those were the ring side seats, filled with the rich and famous, which went down very well with the common man).

        • (When he ordered the first five rows of the Colosseum thrown into the arena, those were the ring side seats, filled with the rich and famous, which went down very well with the common man).

          But he's a *populist* sociopath. :) Awesome, thanks for the correction!

          • Yepp, the disheartening lesson is that everybody is equal at the very bottom. :-)

            We've had something similar in historic Sweden. One reason we never really had any feudalistic oppression in Sweden was that there wasn't room for more than the king. He didn't have to barter with feudal lords, cause there wasn't room for anyone else to grow in strength enough to get out from under the kings thumb.

            That's not to say that Swedish pheasants at the time were much better off than their European brethren. No, more th

      • by yarbo ( 626329 )

        "In its majestic equality, the law forbids rich and poor alike to sleep under bridges, beg in the streets and steal loaves of bread."
        Anatole France

        • "In its majestic equality, the law forbids rich and poor alike to sleep under bridges, beg in the streets and steal loaves of bread."
          Anatole France

          Fantastic quote. Thank you for sharing - I'm sure I'll use it frequently.

    • by gl4ss ( 559668 )

      breaking the law? yes, if it is sony behind the attack then they are. there's not really much discussion to be had about the subject if you any grasp of the usual laws.

      but if it is happening from an asian country to another asian country, probably nothing will come out of it. maybe someone needs bribed but that's about it.

      and right to bear arms applying to executing a cyber attack? that's like saying that right to bear arms should be interpreted as the right to form a lynch mob, WHICH IT IS NOT. this is not

    • we can just pass the blame to guy who can't speak english or some independent contractor

    • umm, Sony was worse to begin with, whole reason they got hackled is because Sony is FUCKING EVIL!

    • Then they are no better than those that hacked into their systems, and should be prosecuted like any criminal hacker Those that have helped them in this, should be prosecuted as accessories. Or, if what SONY is doing is acceptable, Than it was okay for those that hacked SONY to do what they did.

      The law applies to all, big and small.

      Keep telling yourself that as you scratch off the days, months and years on the walls of your prison cell while imagining the guffawing of Sony suits snorting cocaine off prostitutes' asses like Doogie Howser and rolling around in piles of money like Scrooge McDuck. Sony does what it likes, and if anyone disagrees they get beaten with socks filled with 100 dollar bill stacks until they shut up. Don't believe the fairy tale of equal justice under law.

    • by jythie ( 914043 )
      In theory yes, in practice no. Laws are often written to be neutral, but their implementation has always been highly political, with judges and prosecutors factoring their careers into every case since their future advancements and opportunities do actually depend on it. Even if they are blatantly breaking the law it would be unlikely to make it to court. Finding someone who has standing (otherwise the court would throw out the case) would be tricky since their targets could easily be slut-shamed into b
  • by Anonymous Coward on Thursday December 11, 2014 @08:24PM (#48578347)

    Sony doesn't just poke the hornets nest, they go balls deep and windmill

  • by Anonymous Coward

    If this is going to be the M.O. of companies that thing the internet is their plaything and they can do whatever they want then the biggest inovation since planes is going to be dead. The internet if constantly hacked is going to be more than useless. The big players always want to criminalize hacking and file shareing etc but when they are incompetant its ok for them to disregard the DMCA and crack others sites and totally try to trash the usefullness of the internet. These companies need to die. fuck them

    • by Anonymous Coward

      The Internet died about 10 years ago. Just like everything else, the capitalists took something good and turned it into a giant cesspool of greed.

      • irc still exists, and at least the money has paid for billion dollar fibre cables all over the oceans.

        Who else would pay for that?

    • by namgge ( 777284 )
      And fuck Betamax!
  • Go to youtube and see how many fake files are there, with how many fake users of any sony (or MGM) movies.
  • can it continue? Denial costs Denari.
  • There is no real evidence of this, just a bunch of speculation and innuendo from the Torrent fans.

    Could Sony do this? Of course. But there would certainly be corporate liability involved.

    So would they? Probably not.

    Sony knows these movies will make it to the illegal market sooner or later, so why would they open themselves to this kind of liability? They would not.

    Internal emails are probably more of a concern, but anything that could be relieased would already be the subject of internal roumors amoung th

    • by PPH ( 736903 )

      But there would certainly be corporate liability involved.

      Liability? I'd like to see how that would play out. Torrent sites would sue because Sony interfered with their distribution of misappropriated goods?

    • by Khyber ( 864651 ) <techkitsune@gmail.com> on Thursday December 11, 2014 @09:34PM (#48578659) Homepage Journal

      "No real evidence"

      Anyone with half a brain can use map.ipviking.com and watch the shit happen. There's your evidence.

      • Anyone with half a brain can use map.ipviking.com and watch the shit happen. There's your evidence.

        That China attacks this and that all the time is a known fact. The "attack map" connects nothing to Sony.

        Yes, "SONY BAD" but yet there is zero evidence that Sony has anything to do with this.

        Could be that they do, but nothing but Sony haters pontification on foundations of nothing at the moment...

        I have no love for Sony, other than my 70's vintage 4 track reel-to-reel. But this kind of story is really no story at all.

    • But there would certainly be corporate liability involved.

      This is Sony. That comment should have gotten you at least a (+2, Funny), after the rootkit attacks.

  • Really... (Score:5, Insightful)

    by the_skywise ( 189793 ) on Thursday December 11, 2014 @08:59PM (#48578495)

    > Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'."

    Uh huh... the 2nd amendment says I have the right to defend myself. That means I can own guns to defend myself when I'm being attacked... PHYSICALLY.

    The proper analogy is that I have the right to secure my computer systems from being hacked by malcontents or governments (or both).

    It does not give me the right to go over to the local printing press and blow them up if they're xeroxing my naked selfies. That's not defense, that's just vandalism.

    Good lord can this world get any dumber...

    • TFS includes "2nd amendment" and "Asia."

      And, Momma, that ain't right.

    • The second amendment says nothing about defending yourself. It is simply about being free from harassment by government in owning and carrying 'arms'. It says nothing about using them against another person, and it seems to imply that it is for the purpose for maintaining a well regulated militia. The definition of 'arms' is intentionally generic so as to not exclude any particular type or category of 'armament'. Obviously it has been watered down by various States and case law, but not yet to the point of

      • by dbc ( 135354 )

        Try to keep up. In the Heller decision, the Supreme Court said in it's holdings that self-defense is a "core right" protected by the second amendment, and that right is independent from any tie to militia service.

        • Self defence is a core right independent of the second amendment. SCOTUS upheld that the right to bear arms is not exclusively tied to militia service.

    • by jrumney ( 197329 )
      Yes, saying that Sony might have the second amendment on their side is like claiming that vigilante groups in white hoods that go around shooting anyone with dark complexion because one guy who they think was probably black robbed a store in their neighborhood once, have the second amendment on their side. The second amendment is not about that at all. It is about the maintaining the ability of the people to form a militia to overthrow a tyrannical government if the need arises. The funny thing is, the con
    • The proper analogy is that I have the right to secure my computer systems from being hacked by malcontents or governments (or both).

      The proper analogy is that you have the right to have tools that can be used to DDoS, not that you have the right to DDoS. Just as you have the right to keep and bear arms, but not to use them to go around shooting people because they needed shootin'.

  • Mao Zedong opined that "the only real defense is active defense", meaning defense for the purpose of counter-attacking and taking the offensive. Often success rests on destroying the enemy's ability to attack. This principle is paralleled in the writings of Machiavelli and Sun Tzu.
    http://en.wikipedia.org/wiki/T... [wikipedia.org]

  • Mixed Feelings (Score:5, Insightful)

    by smashr ( 307484 ) on Thursday December 11, 2014 @09:48PM (#48578733)

    So it's strange, I have completely mixed feelings about this. If Sony is using such borderline techniques to try and prevent people from downloading torrents of PII data pilfered from their servers such as SSNs, tax returns, W2s, celebrity phone numbers, etc, then I am willing to give them the benefit of the doubt. This may be slightly over the line, but if it is to protect the data belonging to outside people, then I am inclined to view it more favorably.

    If, on the other hand, this is about preventing the latest ZOMG HD SCREENER TORRENT of their most popular film from being shared one more time, I view such activities much less favorably.

    There is probably not a legal distinction between protecting future profits and protecting the private data of one's employees, but it certainly makes me struggle with how to view this..

    • If Sony were at all concerned about the safety of their employees' private data then they would have taken steps to protect it BEFORE they were hacked. Sony have an abysmal history of computer security and this latest travesty is them trying to close the stable door after the horse has bolted in an attempt to stop their chickens coming home to roost.
  • I hate Sony (Score:2, Interesting)

    I hate Sony. I don't buy their products. I have a person vendetta against that company for reasons I'll not detail here because they're not relevant.

    That said... I'm ok with this. Seems fair to me. Hack away Sony.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Did Sony make fun of your small peepee?

    • I hate Sony. I don't buy their products. I have a person vendetta against that company for reasons I'll not detail here because they're not relevant.

      That said... I'm ok with this. Seems fair to me. Hack away Sony.

      A vendetta?

      Against every single innocent employee or former employee who had their HR records leaked?

      Oh yeah, seems "fair" alright.

      About as fair as dropping a nuke or two to get rid of those pesky terrorists. Apparently a blanket fixes everything.

  • ... how the hackers penetrated Sony? OK, I walked into that one.

    How did the hackers breach the wall? Was it via an exploit or unpatched server or weak firewall? Was it an inside job? Phishing?

    A link would be great.

    Thanks.

    • It helps that Sony admins liked to keep nice handy unencrypted text files listing every login and password conveniently in one place. The hackers needed to use technical attacks to get that far, but once they compromised the server holding those it was plain sailing from then on. Office staff had their own password list too, where they recorded company credit cards and passwords for external services.

      • I saw that and, while it's just insane, I am trying to find the forensics of just how the hackers got in, in the first place.

        Network admins lose sleep over stuff like that and it's critical they we determine the mechanics so we can avoid this type of attack ourselves.

  • From TFB:

    According to Recode, Sony is using hundreds of computers in Asia to execute a denial of service attack on sites where its pilfered data is available

    So it's legal when Sony does it? How, exactly?

  • The nature of the Internet will make it impossible for this approach to succeed. Sony may shut down one site, but the files will simply appear somewhere else.

  • I don't like the idea of DDOS being legitimized in any way, so I'm not going to address that aspect.

    But...
    Why piss in the figurative lemonade by using an empty file for the mislabeled torrent?

    Remember me during the old Limewire/Napster days, anyone?
    File Titled: Something new and legit like "Track 01 Elton John --Rocketman-- 2014 Digitally Remastered Release.mp3".
    Actual file: William Shatner spoken word version

  • I may defend myself now against people and organizations threatening my personal freedom?

    Can I have that in writing?

  • As far as I know it's not exactly the whole site they are targetting, but the specified files by seeding corrupt packages.. That's a completely different story then the mediahorny/clickbait story that is told here...
  • Comment removed based on user account deletion

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...