Sony Pictures is reported to be launching distributed denial of service (DDoS)-type attacks on websites containing its stolen data.
According to a report on US website Re/code, which cited "two people with direct knowledge of the matter", the entertainment firm is using hundreds of computers in Asia to execute the attacks via Amazon's Web Services (AWS) cloud computing unit. Sony has not commented on the report.
It is technically possible to use Amazon for this type of attack, but the move is in violation of the cloud provider's terms of service, Tony Reeves, IT security expert at PA Consulting Group, told SCMagazineUK.com.
If Sony is responsible, it is apparently using a method of restricted access to "make the website crawl", Reeves explained to SC. "Instead of bombarding the address, it is a slow trickle attack on it. A crawling attack makes it awkward to access the information: it chews up bandwidth but doesn't deny it."
Alex Gostev, chief security expert at Kaspersky Lab commented to SC: "By their very design, attacks of this kind are an aggressive technique with a sole purpose of influencing the availability of targeted websites and, in many countries, their use considered as a criminal act.”
Yet media companies have reportedly used a similar tactic in the past to hit back at film and music piracy. Sony allegedly worked with MediaDefender, which populated file sharing networks with decoy, empty files. However, the technique was short-lived as the sites soon developed methods of identifying the decoys.
Meanwhile, Sony is still suffering in the aftermath of November's blackmailing hacker attack. Hackers Guardians of Peace (GOP) are now demanding a halt on the release of 'The Interview' - a comedy film starring Seth Rogen and James Franco, which features a plot by the CIA to assassinate North Korea's leader Kim Jong-un.
North Korea has not taken responsibility for the attack on Sony Pictures and an investigation is on-going.
The latest revelations highlight a need for better security protocols, according to experts. Ian Pratt, co-founder at Bromium commented to SC: "We need to look at different technologies to defend our systems as the attack surface is so huge, letting attackers explore the networks undiscovered.
"Pretty much all the tools that we have today rely on detection as the primary means of which they function but of course, if someone can come up with a new attack or change an existing one so that it looks just slightly different, they can get past these detection approaches very easily.”