[UPDATE – A statement from Amazon Web Services relating to Sony Pictures’ reported efforts to disrupt downloads of stolen data has been added to the end of this article.]
A red-faced Sony Pictures is now attempting to disrupt downloads of its stolen data by executing denial-of-service attacks on file-sharing sites where hackers have been posting the content, a report claims.
The movie studio, which is reeling from a recent security breach that saw masses of sensitive material stolen, is reportedly using data centers operated by Amazon Web Services (AWS) in Tokyo and Singapore to disrupt downloads of the content by slowing the data transfer to a crawl, people with knowledge of the matter told Re/code on Wednesday.
However, with so much of the data already in the public domain, Sony’s attempt at blocking the flow of information looks to have come too late to have any meaningful effect.
The hack, carried out by a group calling itself the Guardians of Peace, appears to be in retaliation for the movie studio’s backing of The Interview, a comedy about an attempt by the CIA to assassinate North Korean leader Kim Jong-un. The movie is slated for release on December 25.
Sony’s fightback comes as hackers on Wednesday posted online a fifth data dump containing more sensitive content, which has so far included unreleased movies, scripts of unreleased TV and movie productions, Social Security numbers for staff and celebrities, and most embarrassingly of all, masses of emails between top executives and others in the movie business, many of which have exposed not only feuds between movie makers but also forthright opinions on actors in the business.
For example, in one reported email exchange between Oscar-winning producer Scott Rudin and Sony Pictures co-chairman Amy Pascal, Rudin calls Angelina Jolie a “minimally talented spoiled brat,” while in another he describes Her and True Grit producer Megan Ellison as a “bipolar 28 year old lunatic.”
If nothing else, the exposed communications look certain to make for some highly awkward meetings in Tinseltown in the coming weeks and months.
The unfolding incident is a major embarrassment for the movie studio, with many incredulous at the fact that the company had so much sensitive material on servers hooked up to the Internet, with many of the files stored without password protection.
Although North Korea appears to be the obvious suspect in the case, the regime recently denied any involvement. The FBI, too, said that so far it has found no evidence to suggest that the country was behind the hack.
Statement from an AWS spokesperson on December 11:
“AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services. In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse. Our terms are clear about this. The activity being reported is not currently happening on AWS.”