clock menu more-arrow no yes mobile

Filed under:

Sony Pictures Tries to Disrupt Downloads of Its Stolen Files

Sony borrows a page from hackers to slow down users who try to download pilfered Sony files.

Vjeran Pavic for Re/code

Sony Pictures Entertainment is fighting back.

The studio behind the “Spider-Man” franchise and “The Social Network” has taken technological countermeasures to disrupt downloads of its most sensitive information, which was exposed when a hacking attack crippled its systems in late November.

The company is using hundreds of computers in Asia to execute what’s known as a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter.

Sony is using Amazon Web Services, the Internet retailer’s cloud computing unit, which operates data centers in Tokyo and Singapore, to carry out the counterattack, one of the sources said. The tactic was once commonly employed by media companies to combat Internet movie and music piracy.

In one of the most devastating cyber security breaches in recent memory, a hacking group calling itself Guardians of Peace claimed to have stolen just under 100 terabytes of Sony Pictures’ financial information, budgets, payroll data, internal emails and feature films and has slowly leaked portions of it to public file-sharing sites such as PasteBin.

The breach has caused havoc within Hollywood’s inner circles as private correspondence between powerful producers and executives have exposed internal politics and petty gripes. More importantly, the data also appeared to include spreadsheets outlining financial deals Sony had with third parties, which could hurt its standing with its partners. These details also expose how much these third parties have paid Sony for rights to certain TV shows and films.

These files have not been verified by Sony Pictures, which also declined to comment for this story.

“The activity being reported is not currently happening on AWS (Amazon Web Service),” Amazon said in an emailed statement to Re/code on Thursday. Amazon declined to comment further on whether the activity happened prior to Thursday.

“AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services,” according to Amazon’s statement. “In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse.”

With the fifth such illicit data dump, made available earlier this week, individuals who attempted to access the torrent file encountered bogus “seeds” — or computers — that sapped the resources of their software, the sources said.

This variant on the hacker’s favorite tool, the denial of service attack, slowed download speeds to a crawl. The latest document leak, offered Wednesday, had a different type of file name which apparently fooled Sony’s interdiction efforts.

North Korea, or its sympathizers, are being investigated as suspects in the attack, and while the reclusive state denied any involvement, it praised the perpetrators for their “righteous deed.”

Sony’s technique is similar to one it employed in the early days of file sharing, when it worked with an anti-piracy firm called MediaDefender. The firm populated file-sharing networks with decoy files labeled with the names of such popular movies as “Spider-Man,” to entice users to spend hours downloading an empty file.

The goal was to frustrate users and prod them to turn to legitimate movie sites. It was a temporary fix that worked until file-sharing sites grew more sophisticated and provided information that allowed users to easily identify these so-called spoof files.

Updated (Dec 11, 2014 9:13 am PT): Adds Amazon statement.

This article originally appeared on

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.