Sony May Have Succumbed to DDoS Temptation

Sony has used Amazon Web Services to launch Distributed Denial of Service attacks on sites carrying files stolen from its network, according to Re/code.

Those attacks apparently involved “hundreds of computers” in Tokyo and Singapore.

Amazon reportedly issued a statement to Re/code denying the claim, but the language it used was vague: “The activity being reported is not currently happening on AWS.”

That obviously leaves open the possibility that such activity might have occurred in the past.

Neither Sony nor Amazon responded to our request to comment for this story.

Laws Against DDoS Attacks

“I find it hard to believe Sony would be doing this, given the legal implications of mounting DDoS attacks” Incapsula CEO Marc Gaffan told the E-Commerce Times.

Perpetrators of a DDoS attacks may be subject to civil and criminal liability, including fines and imprisonment under state or federal laws.

For example, a DDoS attack may constitute a federal criminal offense under the Computer Fraud and Abuse Act. It could constitute a trespass to chattels. It could be considered a breach of contract, if it should violate the terms of service of a website owner or ISP.

Dangerously Crowded With Crazy People

If Sony has engaged in such behavior, it may not be the only company to have done so.

In 2010, antipiracy firm Aiplex Software launched DDoS attacks against torrent sites, triggering a DDoS counterattack from 4Chan users.

NSA director Admiral Michael Rogers earlier this year warned against revenge hacking at a cybersecurity event hosted by the United States Chamber of Commerce.

The abundance of cloud infrastructure for hire makes it easier to launch DDoS attacks, Incapsula’s Gaffan said, adding that it “wouldn’t be hard for Sony to hire some serious power to initiate these attacks.”

Enter the Booter

Legitimate cloud service providers likely would not want to run afoul of the law by allowing DDoS attacks to be launched from their infrastructure, but there are other options.

DDoS as a Service is available from shady firms offering infrastructure that can generate more than 800 Mbits of traffic per second for as little as US$10 a month, researchers at George Mason University found.

There is an entire underground economy offering these low-cost “booter” services, as they’re called.

One such company, twBooter, earned more than $7,500 a month and launched more than 48,000 DDoS attacks against 11,000 distinct victims, including government websites and news sites, in less than two months of operation last year, the GMU researchers said. One of its targets was the Ars Technica website.

Some booter services use compromised servers to launch their DDoS attacks, using open proxies to mask their IP addresses, while others rent servers for the attacks. Most of the services are based on the Asylum booter source code.

Vengeance Is Not the Answer

“If Sony has identified the hosting location of the content it’s looking to protect, it could attempt to contact the hosting provider and have it removed,” Gaffan remarked.

“Corporations have to operate under a much different code than hacker groups,” said Todd Harris, a director at Core Security.

“The last thing we need is a Wild West approach to information security,” he told the E-Commerce Times. “If we begin to counterattack like this, in the end it will cause more financial damage to companies like Sony, as well as increase political strain on the United States in the case of nation-state attacks.”