Skip to main content

In a panic, Sony Pictures tries to disrupt downloads of its stolen data

” id=”attachment_686944″]sony gets out its check book agrees to pay up 8m settle hack lawsuit pictures
”[Image

[UPDATE – A statement from Amazon Web Services relating to Sony Pictures’ reported efforts to disrupt downloads of stolen data has been added to the end of this article.]

A red-faced Sony Pictures is now attempting to disrupt downloads of its stolen data by executing denial-of-service attacks on file-sharing sites where hackers have been posting the content, a report claims.

The movie studio, which is reeling from a recent security breach that saw masses of sensitive material stolen, is reportedly using data centers operated by Amazon Web Services (AWS) in Tokyo and Singapore to disrupt downloads of the content by slowing the data transfer to a crawl, people with knowledge of the matter told Re/code on Wednesday.

However, with so much of the data already in the public domain, Sony’s attempt at blocking the flow of information looks to have come too late to have any meaningful effect.

The hack, carried out by a group calling itself the Guardians of Peace, appears to be in retaliation for the movie studio’s backing of The Interview, a comedy about an attempt by the CIA to assassinate North Korean leader Kim Jong-un. The movie is slated for release on December 25.

Sony’s fightback comes as hackers on Wednesday posted online a fifth data dump containing more sensitive content, which has so far included unreleased movies, scripts of unreleased TV and movie productions, Social Security numbers for staff and celebrities, and most embarrassingly of all, masses of emails between top executives and others in the movie business, many of which have exposed not only feuds between movie makers but also forthright opinions on actors in the business.

For example, in one reported email exchange between Oscar-winning producer Scott Rudin and Sony Pictures co-chairman Amy Pascal, Rudin calls Angelina Jolie a “minimally talented spoiled brat,” while in another he describes Her and True Grit producer Megan Ellison as a “bipolar 28 year old lunatic.”

If nothing else, the exposed communications look certain to make for some highly awkward meetings in Tinseltown in the coming weeks and months.

The unfolding incident is a major embarrassment for the movie studio, with many incredulous at the fact that the company had so much sensitive material on servers hooked up to the Internet, with many of the files stored without password protection.

Although North Korea appears to be the obvious suspect in the case, the regime recently denied any involvement. The FBI, too, said that so far it has found no evidence to suggest that the country was behind the hack.

—–

Statement from an AWS spokesperson on December 11:

“AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services. In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse. Our terms are clear about this. The activity being reported is not currently happening on AWS.”

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Sony’s Japan music site hacked; UPDATE: Sony Ericsson Canada hacked, user data compromised

Sony just can’t catch a break. Yesterday, SonyMusic.gr was infiltrated by hackers via an SQL injection tool. The unsophisticated attack compromised the site’s user database, leaking name, e-mails, and addresses of those registered.

Today, Sony’s Japan music site has suffered the same fate. Sophos, which discovered yesterday’s hack, found similar damage to SonyMusic.co.jp. According to Chester Wisniewski via the site’s Naked Security IT blog, Hacker News first found the affected web pages. As reported yesterday, an SQL injection was used to access the site’s contents, including its user database. Fortunately, this instance did not concede as much user information, and names, passwords, and other “personally identifiable information” are believed to be safe. But it’s still unknown what exactly hackers were able to access. Wisniewski says it is possible they could have inserted malicious code that would then affect the site’s visitors.

Read more
Sony BMG Greece website hacked, user data revealed
sony-logo-large

Sony's nightmare continues this week, with with news out today that hackers infiltrated the Sony BMG Greece on May 5, and stole users' personal data, some of which was then posted online this weekend.

News of the hack comes via Hacker News, which reports that an anonymous user, who goes by the name b4d_vipera, uploaded a database of user information to pastebin.com. The database includes the names and email addresses of people registered to the SonyMusic.gr website.

Read more
Sony blames Anonymous for PlayStation Network data theft debacle

In response to a Congressional subcommittee's inquiry into the massive data breach of its PlayStation Network that exposed the personal data of more than 100 million gamers, Sony claims to have evidence that those responsible are part of the infamous international hacktivist group "Anonymous."

"Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack," writes Patrick Seybold, senior director of communications for Sony, in a summary of its letter to Congress, which was posted to the PlayStation Blog. "We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named 'Anonymous' with the words 'We are Legion."

Read more