Sony Pictures has been dealing with a terrible hack since late November, but the company is taking a stand and counterhacking to keep its leaked files, which include five unreleased movies, from spreading across torrent sites.
Two sources told Recode that Sony is using hundreds of computers in Asia to perform distributed denial of service, or DDoS, attacks on sites that are hosting exposed files from the original hack. But apparently this isn’t happening in a sketchy warehouse somewhere—sources say that Sony is working with Amazon Web Services (Amazon’s cloud service) to launch the counterattacks.
The hackers who infiltrated Sony Pictures, known as “Guardians of the Peace,” have released five troves of Sony data over the past few weeks. The company’s countermeasure involves overwhelming torrenters with network requests if they attempt to download files from the leak.
Sony used to use a similar approach in the early 2000s, when illegal file sharing exploded. Sony would plant fake torrent “seeds” on popular sites, and when someone tried to use them, the download would take hours, be extremely processor-intensive, and yield … nothing. Sony developed the strategy with anti-piracy firm MediaDefender, and the idea was to make the experience painful enough for torrenters that they would want to avoid it in the future by purchasing legitimate media.
Using counterattacks to contain leaks and deal with malicious hackers has been gaining legitimacy. Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to “cyber arms.” But this approach could also escalate cyber-battles in unintended ways. It’s understandable that Sony Pictures wants to take countermeasures, but it also probably shouldn’t have kept its passwords in a folder named “Password.”