Has Sony Instigated Retaliatory DDoS attacks?

9th January 2015

As 2014 has come to an end, it’s only natural to look back on the past year. Maybe you’ve had a great one, full of love, laughter, and personal growth. But maybe you haven’t. Maybe the only growth you experienced involved your belly, and most of the laughter you heard came only after you’d left the room.
That’s too bad, but hey – at least your year wasn’t as terrible as Sony’s.

As the shockwaves of the massive hack perpetrated against Sony finally seem to be dying down – the latest in a string of embarrassments for the entertainment giant – an intriguing rumor – has begun to make the rounds. Did Sony stoop to using large-scale DDoS attacks on websites, distributing and hosting their leaked information?

A tough year for Sony

When we look back on Sony’s troubles in 2014, most people will only remember the hack that hit at the end of November. Before that, however, Sony had its PlayStation Network taken offline by DDoS attacks by the hacker group the Lizard Squad. The same group also caused a major disruption to Sony’s Entertainment Network.

The cherry on top of that sundae? The Lizard Squad proceeded to Tweet enough bomb threats to American Airlines that the airline was forced into an early, unscheduled landing for a flight carrying Sony Online Entertainment president John Smedley.

Shortly after the major November hack, Sony’s PlayStation Network was once again pushed offline by DDoS attacks from the Lizard Squad. Just in time for Christmas.

The major hack

As bad as the DDoS attacks against Sony’s networks were, they almost seem insignificant compared to the breach we’ve all been reading about for weeks. On November 24, 2014, a group going by the name Guardians of Peace released lots of information from Sony Pictures Entertainment. The information had clearly been obtained from a massive hack and included previously unreleased films, personal information of employees, and extensive communications between executives that were insulting to many celebrities and public figures, including President Obama, Angelina Jolie, James Franco and Adam Sandler.

All in all, an estimated 100 TB of information was stolen. Sony’s computer networks were crippled by malware in the attack, and it is estimated that it will be another eight weeks before Sony’s networks are operating the way they should be. It has been alleged that the attack was tied to Sony’s planned release of the movie ‘The Interview’, a Seth Rogen and James Franco feature centered around an assassination attempt on Kim Jong-Un, the Supreme Leader of North Korea. As a result of the attack, wide release of the film was cancelled.

Sony dishing out what they’ve been taking?

With so much confidential information released, the after-effects of the hack quickly spiraled out of control with Sony seemingly unable to stop the onslaught. However, according to unnamed sources, Sony may not have been as helpless as they seemed. It is now being alleged that Sony has carried out large-scale DDoS attacks on websites hosting their stolen information. According to the unnamed sources, Sony used hundreds of computers in Asia via Amazon Web Services to carry out the attacks.

Amazon Web Services was quick to issue a denial, stating that if indeed Sony is carrying out these DDoS attacks, they are not doing so using Amazon’s infrastructure.

So far, Sony has declined to comment.

Counter-intuitive reasoning

Since Sony is no stranger to disrupted web services, thanks to DDoS attacks, it may seem almost understandable that they went after websites hosting their stolen information in this manner. However, as internet security firm Incapsula’s CEO Marc Gaffan points out, it may not have been the best idea.

“If, in fact, Sony is planning retaliatory attacks against websites that are keeping their leaked information, this probably won’t stop hackers from attacking them; it may only spur them to greater action,” said Gaffan. “Launching DDoS attacks is illegal, regardless if it is in response to an attack or in self-defence. While these types of attacks are effective in shutting down websites, it will also impact innocent parties that are caught in the line of fire. If Sony is fighting back, we hope that they are better prepared to thwart these attacks than they were two weeks ago.”

An ugly new trend in DDoS attacks

In the insanity that followed the attack on Sony, we saw North Korea blamed for the hack by the FBI. Shortly thereafter, North Korea’s internet went down due to a DDoS attack that many were quick to blame on retaliation from the United States government.

We know now that the U.S. government was almost certainly not involved in the DDoS attack on North Korea. Experts are also widely beginning to speculate that North Korea was not involved in the attack on Sony. In terms of the Sony hack, the finger is now being pointed at ex-Sony employees as well as the Lizard Squad, the hacker group that has been haunting Sony all year. They are allegedly perpetrating these high-profile attacks in order to promote their DDoS and hacking services for hire.

So far a few internet hacktivist groups have taken credit for the DDoS attack on North Korea, but none of the claims have been substantiated.

This is all bad news for website owners, of course, because it appears as though DDoS attacks are only going to continue to grow in popularity, which means they will also continue to grow in size, strength, speed, and level of devastation. In fact, as a recent survey has shown, a DDoS attack can cost a company $40,000 per hour.

With DDoS attacks set to potentially fire from all directions, it’s now more imperative than ever that companies and websites are prepared to deal with a reality in which they are targeted. The cost of professional DDoS protection or mitigation is low compared to the cost of an attack, regardless of the origin of the attacks.

Corey is an all round tech guru who has worked at some major blue chip companies. He started Poweronemedia to share his views and knowledge with the rest of the blogging world.