Slashdot Mirror
Sony Reportedly Is Using Cyber-Attacks To Keep Leaked Files From Spreading
HughPickens.com writes Lily Hay Newman reports at Slate that Sony is counterhacking to keep its leaked files from spreading across torrent sites. According to Recode, Sony is using hundreds of computers in Asia to execute a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter. Sony used a similar approach in the early 2000s working with an anti-piracy firm called MediaDefender, when illegal file sharing exploded. The firm populated file-sharing networks with decoy files labeled with the names of such popular movies as "Spider-Man," to entice users to spend hours downloading an empty file. "Using counterattacks to contain leaks and deal with malicious hackers has been gaining legitimacy," writes Newman. "Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'."
I can DL where now?
but where can I find this juicy info? What the the websites being attacked by Sony?
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Then they are no better than those that hacked into their systems, and should be prosecuted like any criminal hacker
Those that have helped them in this, should be prosecuted as accessories.
Or, if what SONY is doing is acceptable, Than it was okay for those that hacked SONY to do what they did.
The law applies to all, big and small.
Sony doesn't just poke the hornets nest, they go balls deep and windmill
If this is going to be the M.O. of companies that thing the internet is their plaything and they can do whatever they want then the biggest inovation since planes is going to be dead. The internet if constantly hacked is going to be more than useless. The big players always want to criminalize hacking and file shareing etc but when they are incompetant its ok for them to disregard the DMCA and crack others sites and totally try to trash the usefullness of the internet. These companies need to die. fuck them all. fuck the US Government as well and fuck Beta.
"Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'." - Name names of these idiots please.
Go to youtube and see how many fake files are there, with how many fake users of any sony (or MGM) movies.
can it continue? Denial costs Denari.
The rootkit was far worse than this. The only reason it wasn't a huge PR disaster is that most non-techies have no idea what it was.
There is no real evidence of this, just a bunch of speculation and innuendo from the Torrent fans.
Could Sony do this? Of course. But there would certainly be corporate liability involved.
So would they? Probably not.
Sony knows these movies will make it to the illegal market sooner or later, so why would they open themselves to this kind of liability? They would not.
Internal emails are probably more of a concern, but anything that could be relieased would already be the subject of internal roumors amoung those concerned.
This story is probably wishful thinking and a crock.
If you want news from today, you have to come back tomorrow.
Can anyone provide the torrents or magnet links?
I managed to find the 28GB spe_1 last week but I haven't seen any of the others. By what I'm sure is juuuuust a coincidence, TPB (where I found the first torrent) was shut down.
> Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'."
Uh huh... the 2nd amendment says I have the right to defend myself. That means I can own guns to defend myself when I'm being attacked... PHYSICALLY.
The proper analogy is that I have the right to secure my computer systems from being hacked by malcontents or governments (or both).
It does not give me the right to go over to the local printing press and blow them up if they're xeroxing my naked selfies. That's not defense, that's just vandalism.
Good lord can this world get any dumber...
Congrats Sony, I will now download every movie/game from you.
Mao Zedong opined that "the only real defense is active defense", meaning defense for the purpose of counter-attacking and taking the offensive. Often success rests on destroying the enemy's ability to attack. This principle is paralleled in the writings of Machiavelli and Sun Tzu.
http://en.wikipedia.org/wiki/T...
no really sony wont mess with me ....
millions of people already have these leaks.
boy, sony sure is fucking stupid
I think their man consultant is barbara streisand
So it's strange, I have completely mixed feelings about this. If Sony is using such borderline techniques to try and prevent people from downloading torrents of PII data pilfered from their servers such as SSNs, tax returns, W2s, celebrity phone numbers, etc, then I am willing to give them the benefit of the doubt. This may be slightly over the line, but if it is to protect the data belonging to outside people, then I am inclined to view it more favorably.
If, on the other hand, this is about preventing the latest ZOMG HD SCREENER TORRENT of their most popular film from being shared one more time, I view such activities much less favorably.
There is probably not a legal distinction between protecting future profits and protecting the private data of one's employees, but it certainly makes me struggle with how to view this..
the second amendment allows people to own firearms, but not to use firearms. so sony has it backwards. right now they are using firearms but don't own them. think much?
The interesting thing is that, if they are using outsourced servers strategically located in Asia to avoid the long arm of the law, that people should be able attack those same servers and do pretty much anything they want to them without fear of consequences. Being beyond the law is a double edged sword, and I personally would not bet against all the hackers on the Internet in that fight...
HA! I just wasted some of your bandwidth with a frivolous sig!
I hate Sony. I don't buy their products. I have a person vendetta against that company for reasons I'll not detail here because they're not relevant.
That said... I'm ok with this. Seems fair to me. Hack away Sony.
The law applies to all, big and small.
Which jurisdiction or period in time are you referring to? I can't think of a single example where this is true.
Pretending life is the same as fantasy is a sign of mental illness.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I honestly couldn't have cared less about their garbage movies. But you know what? Fuck It. I just grabbed "Fury" off of Usenet. And "Annie". I probably won't even watch either of those mkvs, but Christ, what assholes. Used to be such a great company, they're a mediocre joke sucking off the consumer like a tick. Hell, they're partly to blame for the shit homogenization of mainstream music and film into a focus-group nightmare of corporate ejaculate. Eat a dick, Sony.
... how the hackers penetrated Sony? OK, I walked into that one.
How did the hackers breach the wall? Was it via an exploit or unpatched server or weak firewall? Was it an inside job? Phishing?
A link would be great.
Thanks.
It little behooves the best of us to comment on the rest of us.
And DOS from Sony is OK?
From TFB:
According to Recode, Sony is using hundreds of computers in Asia to execute a denial of service attack on sites where its pilfered data is available
So it's legal when Sony does it? How, exactly?
Weaselmancer
rediculous.
Instead they should hack their own servers to look for security holes. The best offense is a good defense.
Also ditch Windows. It's better than it was but still it grants full API rights to installed software. You can still open up a socket and send data out to the wide world, even if your supposed to be a standalone utility, it doesn't even ask you to give it permission.
And ditch Android, you granted Facebook rights to everything on the tablet, then you connect through the company network and Facebook/NSA can help itself to anything it can find on the company network through the Facebook app. You should look at whats installed on your typical Samsung tablet, its got 4-5 pieces of pure spyware default installed on it. Stuff that lets Samsung (or spying agency) connect to the tablet, get any document, read the phone logs, messages, email, files, look around the network, location, camera, microphone, and then send the data back all with only the battery drain visible.
SeLinux distributions, and privacy focussed versions of Android like Cyanogenmod or BlackphoneOS, are pretty much all that is left.
It must totally suck that your POS Xbox One is 8 million units behind Sony's PS4.
Keep crying those bitter fanboy tears cheater512.
Aparently, this is how.
It little behooves the best of us to comment on the rest of us.
The nature of the Internet will make it impossible for this approach to succeed. Sony may shut down one site, but the files will simply appear somewhere else.
I agree with ditching Windows, but Android can be done right from the ground up, either with AOSP or with CyanogenMod. The bloatware-laden ROMs from carriers are not Google's fault, nor Linux's fault.
Windows, agreed. Too much shit running in the background that nobody knows what it does, and the only way to tell is to keep a packet monitor on the boxes and see what sites it tries to connect to.
But, this wouldn't give real security against remote attacks. If Sony wants that, there are a few things they can do:
1: Lay fiber or lease their own lines and create their own WAN that is disconnected from the Internet. In fact, it might run IPv4, but it would have a different DNS structure and traffic wouldn't be routable. In fact, add a virtual circuit architecture so machines can't talk to each other on it unless it was prearranged beforehand. Even better, make this a network shared by multiple large firms with endpoint encryption. That way, it takes some doing to even get on it, much less influence any of the boxes connected. It might even be a good idea to work on encryption at L2, perhaps with SIM cards in the machines (so a hardware replacement wouldn't mean the box has to have a new identity) to encrypt traffic in a tamper resistant way.
2: Toss Windows. Too old, too much cruft, have to wait on MS to fix it. It doesn't have to be Linux to be standardized on, but something open source... and more importantly vettable/auditable. Yes, it would cost something initially, but once a proven base is done, it would save pain down the road.
3: IDS/IPS. Where is the burglar alarm on internal networks? This might take a CCNA, to admin, but the cost of a network person who knows how to read/configure this is a lot cheaper than being called up in front of the EU or Congress about security breaches.
4: Segmentation. Put finance on a secure network that doesn't touch the world except through a WSUS box, and a terminal server (so Web browsing to external sites is doable, but malware won't get through the RDP host to the internal boxes.) A GPO will ensure drives don't get mapped from the RDP client to server.
5: Physical security. Around 2007, I worked at a place that had special cards that went into their servers. The cards had a fiber optic cable which was used to loop around some immovable object in the back of the machine, and could get a signal from external GPS or an internal "all is correct" machine (basically a signed nonce with the date and time). On boot, the card provided an encryption key. If the fiber cable was disconnected or the machine registered it was moved, the card would power the machine down. This was a prototype, but it did a good job at protecting servers against physical theft. If the card has issues, a recovery key was either able to be loaded from a SD card, or just typed in.
The technology is out there. The main thing is to create a WAN separate from the Internet for business traffic.
Virtual entities are treated as real for the purpose of exercising as much authority over as many people as government can get away with. This is how corporations become more real than the humans who create them. According to this view, the use of cyber-weapons over the Internet is a virtual expression of the real world equivalent of public firearm carry. THerefore, Sony can't get away with that in New Jersey, New York, Maryland, Rhode Island, Connecticut, Massachusetts, California and Hawaii unless the "justifiable need" standard can be met.
I don't like the idea of DDOS being legitimized in any way, so I'm not going to address that aspect.
But...
Why piss in the figurative lemonade by using an empty file for the mislabeled torrent?
Remember me during the old Limewire/Napster days, anyone?
File Titled: Something new and legit like "Track 01 Elton John --Rocketman-- 2014 Digitally Remastered Release.mp3".
Actual file: William Shatner spoken word version
Game: Player 'Donald J Trump' now has AI skill level 'experimental'.
The 2nd allows people to keep and bear firearms, legitimate self-defense allows people to use them. Of course the first rule of self-defense with a firearm is "have one handy".
I may defend myself now against people and organizations threatening my personal freedom?
Can I have that in writing?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
"Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'."
I picture an übernerd, a supergeek, taped horn-rimmed glasses, pocket-protector and pocket full of leaking pens, bashing away madly at a keyboard, hacking something, then turn to the camera and say "you can have my keyboard when you pry it from my cold, dead hands!"
2nd amendment... next you'll tell me that for people who use sex as a weapon, i.e., in relationships, that THAT is protected by the second amendment too.
"I have the constitutionally guaranteed right to deny you sex until you stop drinking with the guys after work!" she'd say.
As far as I know it's not exactly the whole site they are targetting, but the specified files by seeding corrupt packages.. That's a completely different story then the mediahorny/clickbait story that is told here...
I had no problem downloading the 20+GB torrent from the first leak set. I doubt anybody here will either.
the next time one of Sony's music discs tries to install a rootkit on my desktop, I'd be within my rights to head over to their executives offices and shoot at them.
(No three letter agencies, that is not a plan, it's sarcasm. Go do something useful.)
I really doubt Sony management would be mentally deficient enough to authorise what would clearly be criminal behaviour. Haven't they already done enough damage to their reputation thorough incompetence.
There is a certain irony in that yeah.
Though it does bring up some interesting legal questions regarding the limits of self defense online, something that could dovetail in interesting ways with things like castle doctrine (think of all the things commercial software and websites do to your home machine) or something like 'stand your ground' (if you have a legal right to be on a website and feel threatened by the owners or users, is that than legal justification for offensive actions?).
Given Sony's own shady history, this could open up a can of worms for them. Not legally of course since even in the cases of the above meatspace laws stats have demonstrated their successful application depends more on who the parties involved are then anything else), but from a PR and ethics perspective they could be digging themselves a hole.
Though I would be surprised if they actually care.
Sony applies such heavy handed strategy against hackers, what makes them thing hackers dont take glows off and use their own super weapons to fight back? After all nothing is as devious as someone plotting a counter strike in cyber game...
the 2nd amendment obviously applies: "arms" are not limited to the 18th century definition, and ITAR defines s/w as arms.
https://en.wikipedia.org/wiki/...
the 1st amendment protects the expression of code: see
https://en.wikipedia.org/wiki/...
as well as the 2nd: "keeping" arms, but to "bear" arms means using them: code must be executed on h/w, so the 2nd amendment protects the right to jailbreak (if u r not root, u don't really possess ur h/w;-) and execute anything you want.
i don't see how this could be any clearer. of course this makes the implementation of asimov's 3 laws problematic...
https://en.wikipedia.org/wiki/...
apparently defending against accusations by denying them, implicitly calling the accuser a liar, isn't protected by the 1st amendment;-\
http://www.washingtonpost.com/...
otoh, it's a clever ploy to drag him into court & examine alleged crimes after the statute of limitation has passed...or should we now retroactively prosecute?
I use my firearms all the time. Hint much? Shoot trap much? Target practice much? Awwe yeah... I use my firearms year around.
I've said it before and I'm sure I will say it again.
Nothing else really useful here. Just needed to say it again. It soothes me.
Fuck you Sony.
(there, said it again).
That's okay. Because I have a file that contains all the information ever taken from Sony, and it's about 1TB in size, and they will have to download it from me, and decrypt it.
On a side note, encrypting 1 TB of garbage would take hostiles a long time to decrypt it.
Do you understand the "why" of stand your ground and castle? It is an extension of self defense justifications. Self defense justifications are for protection against crimes that result in intentional, direct, grievous harm to a specific person; things like rape and murder. Online interactions just don't bear those consequences in any normal case (maybe at some point for connected medical implants); certainly not in the case of Sony protecting itself from monetary loss. Anyone trying to extend SYG or castle that direction is undermining the entire justice system. SYG, castle, and self defense exist because the justice system is not fast enough to protect victims from irreversible damage from the most heinous of crimes. Property loss can wait on investigation, prosecution, and judgement.
I understand the 'why', but we are talking about how laws written before such cases were possible might interact in literal ways. The spirit of a law or its philosophical underpinnings and how a properly motivated judge interpret them are not always terribly in sync.
Data moves trough routers and servers, somebody tryiing to hammer a specific server could be slowing down other trafic, or interrupting other trafic in the same ISP the attacked. This shit is a big NONO in computer security. Another reason to avoid this type of stuff is somebody faking the origin, using this attack to DDOS a different system... so Sony could be attacking (maybe) the FBI website or a gov server. Would that be nice?
Of those types of laws that I have read, they have been very specific. Even with the precedent that corporations are people, the wording doesn't apply to corporate entities.
"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."
The Second Amendment, as interpreted by the courts, doesn't allow me to buy a modern infantry rifle. (How are you supposed to have a well-regulated militia with obsolescent weapons?) I've given up speculating how the courts will interpret the Second.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
your talking about assault rifles. assault =! defense.
Immortal psychopathic people which are not subject to the rule of law.
Its time we got out the peoples razor & sharpened it up.
Does not allow murders and rapes. It allows for personal protection and defense when you are under assault, and at risk for physical harm only.
It doesn't allow offensive assaults over the internet. It also would seem, the 2nd amendment does not apply to none private citizens who don't live in the United States. Sony, being based in Japan, should not have any 2nd amendment right, especially when they are basing their attacks from Asian computers.
This also sounds like disruptive tactics usually seen as criminal .. Especially when countries do it. I support citizens right to hack and protest, not a corporations right to hack and disrupt people who owe Sony nothing.
http://www.myronmays.com/
The Second Amendment says nothing about defense. "A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed." What it says is something about a militia (which is a military force) and not infringing my right to keep and bear arms. What the Supreme Court gets out of that is that I don't get to buy a real M16, for reasoning I cannot fathom.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
You can still buy a M-16, it'll be fucking expensive but they're for sale for USA citizens. Any full auto from before 1986 but that's modern enough.
Another problem is that militia. To me it looks like a bunch of guys with (semi-) automatic weapons defending their lives, homes and way of living against the government. say, pretty much like what they're doing in the tribal areas of Pakistan or Yemen. But no, your militia isn't going to get Hellfire missiles legally. The second amendment is obsolete, just as the wigs the founding fathers wore.
"I'm not much interested in interoperability. I want substitutability. I want to be able to throw your software out."
What's it like getting your ass kicked by apk + downmodding to hide it 20x http://tech.slashdot.org/comme... ?