Lessons Learned from the Sony DDoS Attack

Paul Mah
Slide Show

Tracking Data Breaches by Industry

Data breaches examined across finance, health care, retail, government and education.

Hacker collective "Anonymous" has made good on its threat and launched a Distributed Denial of Service (DDoS) attack on Sony on Wednesday. The attack was in response to Sony's lawsuits filed under the Digital Millennium Copyright Act against a security researcher popularly known as "Geohot" (George Hotz) and a hacker identified as "Graf_Chokolo" (Alexander Egorenkov). Sony has accused them of releasing tools and information that enable a PlayStation 3 console to run homegrown applications.

 

Calling Sony "greedy," Anonymous has released a YouTube video that explains the rationale for the attack. As reported by The Daily Caller, Anonymous said in the video that:

It has come to our attention that you have decided to interfere in the free flow of information. We will not stand for this ... We do not forgive the denial of the free flow of information.

Sony wanting to protect the gaming platform that it has built is understandable, though perhaps it could have opted for other ways to go about it. Still, the sad reality is that the tools that modify the behavior of gaming consoles and smartphones are typically abused by the majority of users. For example, I have personally found it difficult to find an iOS user who did not jailbreak their device for the express purpose of getting "free" (aka pirated) software, despite the low cost of iPhone apps.

 

So how does this development affect us? While it probably won't be possible for an SMB to defend itself against a DDoS without specialized external assistance, there are a couple of lessons to be gained from this incident.


 

Exercise Social Media Intelligence

 

It is clear that the days of companies silencing individuals by strongly worded cease-and-desist letters or lawsuits have since passed. In the same token, bad customer experiences or complaints can sometimes go "viral," generating huge interest that can culminate in a DDoS or other acts of sabotage against a company. Savvy SMBs will know to monitor social media channels and forums to react quickly and address genuine grievances before they spiral out of control.

 

Architect Systems with Scalability in Mind

 

Defending a DDoS is a complex task. As reported by the International Business Times, Prolexic CTO Paul Sop explains that a DDoS is not necessarily a simple flood of data and is often a lot more sophisticated. Sop was quoted as saying:

The damage Anonymous does is real ... And they have a lot of smart people there.

Regardless, SMBs can design their infrastructure with best practices that makes it easier to defend in the face of such attacks.

 

Specifically, rather than bundling up all systems into a couple of servers, businesses can build with scalability in mind. Not only will this stand SMBs in good stead as their business grows, this might also allow them to successfully defend against a smaller DDoS. Moreover, spreading computing capabilities between different physical machines or hosts can also help limit damage against less experienced attackers.

 

In the meantime, I would love to hear your thoughts on the Sony DDoS attack. Feel free to drop me an email or add a comment below.



Add Comment      Leave a comment on this blog post
Apr 7, 2011 3:19 AM Chanse Chanse  says:

It's the killer bee affect. If you step on a killer bee it makes a sound that can be heard for miles by other killer bees; and guess what? Those other bees will come to the rescue or their friend and kill you. The problem I see here (and I am only getting bits and pieces of the truth) is not that he hacked the PlayStation 3, but that he hacked it and then sold the instructions on how to do it on the web. At least that is what Sony is complaining about. I personally don't see anything wrong with that. I think from a legal standpoint it is the only gray area Sony could find to go after him on. Hey Sony, this is the digital age, don't blame others because you're not smart enough to protect your own investment. When I was a kid I took my 67 cougar apart and rebuilt it to be louder and go faster. I sold that car and made a profit; I guess I was lucky that Mercury didn't sue me.  Sony is upset because they created the Blu-ray and if you hack their equipment right, you can download and play the pirated Blu-ray's on the same machine that was designed to play the disks; sounds to me like they created their own problems.

Reply
Apr 7, 2011 6:38 AM Don Dilly Don Dilly  says: in response to Chanse

One fact that needs to be straightened out is that while this article is correct in stating that the hack enables the running of homegrown software. what It fails to state is that when Launched, the PS3 like its predecessor had an 'otherOS' facility that nabled you to run Linux and both consoles were promoted by sony as having this facility.

Many hobbyists bought the PS3 in good faith and were cheated when Sony removed the otherOS function via a firmware update. Geohot's hack restores this facility.

Reply
Apr 7, 2011 8:54 AM Jordan Jordan  says: in response to Chanse

"Hey Sony, this is the digital age, don't blame others because you're not smart enough to protect your own investment."

So Sony can't protect and pursue those who stole their investment?

"Sony is upset because they created the Blu-ray and if you hack their equipment right, you can download and play the pirated Blu-ray's on the same machine that was designed to play the disks;"

Are you advocating piracy?

As long as your 67 courgar is street legal, than its fine. but this guy released instructions to a system that can enable piracy, which is illegal.

Reply
Apr 8, 2011 12:01 PM Billy Bob Billy Bob  says:

To Chanse: Geohot never sold any information... everything he distributed was free.

and to Jordan: Sony can and did protect their investment, their protections were broken. They knew to expect hackers to try and break that protection, and they knew it would happen eventually.

Every playstation system has been hacked in the past, this is the first time they made a big stink about it... by propping up geohot and others in the spotlight and saying "look what we do to hackers that mess with us, dont fuck with sony!" obviously hackers noticed and were like "hey, we should fuck with sony" their intimidation campaign unsurprisingly invited trouble rather than scaring trouble away.

Btw, Geohot and failoverflow never released instructions that enabled piracy.. none of their releases were capable of breaking the lvl 2 security which is necessary for piracy. That came later, and im not sure who did it... and i dont even think that person is being sued.

Failoverflow never actually released any hacking tools, and geohot only released tools that allowed homebrew, not piracy.

Reply
Apr 8, 2011 12:06 PM Paul Mah Paul Mah  says: in response to Billy Bob

Thanks Billy, for your clarification of the case by adding in the details. I do suppose Sony simply opted to make their move based on the most prominent hacker they can identify. On the business-end of things though, I think it is sobering indeed that SMBs have no practical way from protecting themselves from parties that are determined enough to leave a mark via DDoS.

Reply
Apr 9, 2011 6:48 AM Lulz Lulz  says: in response to Jordan

Geohot made the TOOL. He did not tell people to use it for piracy. Can we sue the inventors of the screw driver because we can use them to take apart and hard mod a ps3? I mean I can even take that screw driver and jam it into you, does that mean that you should sue the screw drivers company instead of me? Unless he actually pirated games with the tool he can't be held responsible. The ones who use the tool for piracy is who sony should be after. Not the man who made a tool. The only thing he used the tool for was to restore an advertised function for the ps3 that was removed without reason.

This lawsuit will set the precedent for jailbreaking. The iphone case will help geohot vs Sony.

I will admit to piracy, because in my country it is not a crime. Until someone can justify why a piece of plastic costs over 80$ I will not stop. Prime example, COD Black OPs came out over a year ago, a Used copy is 10$ cheaper then the still full price new copy.  Its greed.

You have an opinion and I have mine. You can't control technology. When you impose limits on items people buy, you are stifling creativity. Look at the PC, imagine if you couldn't chose the internet browser you used. You had to use IE even though you know Firefox is more stable.

What about people who are not inventors and just build on other peoples inventions. The guy who made the clock should be able to stop buddy from making a clock/radio? Where would clocks be today if creativity was banned?

You need to think outside the box.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.