Lessons Learned from the Sony DDoS Attack

Paul Mah
Slide Show

Tracking Data Breaches by Industry

Data breaches examined across finance, health care, retail, government and education.

Hacker collective "Anonymous" has made good on its threat and launched a Distributed Denial of Service (DDoS) attack on Sony on Wednesday. The attack was in response to Sony's lawsuits filed under the Digital Millennium Copyright Act against a security researcher popularly known as "Geohot" (George Hotz) and a hacker identified as "Graf_Chokolo" (Alexander Egorenkov). Sony has accused them of releasing tools and information that enable a PlayStation 3 console to run homegrown applications.


Calling Sony "greedy," Anonymous has released a YouTube video that explains the rationale for the attack. As reported by The Daily Caller, Anonymous said in the video that:

It has come to our attention that you have decided to interfere in the free flow of information. We will not stand for this ... We do not forgive the denial of the free flow of information.

Sony wanting to protect the gaming platform that it has built is understandable, though perhaps it could have opted for other ways to go about it. Still, the sad reality is that the tools that modify the behavior of gaming consoles and smartphones are typically abused by the majority of users. For example, I have personally found it difficult to find an iOS user who did not jailbreak their device for the express purpose of getting "free" (aka pirated) software, despite the low cost of iPhone apps.


So how does this development affect us? While it probably won't be possible for an SMB to defend itself against a DDoS without specialized external assistance, there are a couple of lessons to be gained from this incident.


Exercise Social Media Intelligence


It is clear that the days of companies silencing individuals by strongly worded cease-and-desist letters or lawsuits have since passed. In the same token, bad customer experiences or complaints can sometimes go "viral," generating huge interest that can culminate in a DDoS or other acts of sabotage against a company. Savvy SMBs will know to monitor social media channels and forums to react quickly and address genuine grievances before they spiral out of control.


Architect Systems with Scalability in Mind


Defending a DDoS is a complex task. As reported by the International Business Times, Prolexic CTO Paul Sop explains that a DDoS is not necessarily a simple flood of data and is often a lot more sophisticated. Sop was quoted as saying:

The damage Anonymous does is real ... And they have a lot of smart people there.

Regardless, SMBs can design their infrastructure with best practices that makes it easier to defend in the face of such attacks.


Specifically, rather than bundling up all systems into a couple of servers, businesses can build with scalability in mind. Not only will this stand SMBs in good stead as their business grows, this might also allow them to successfully defend against a smaller DDoS. Moreover, spreading computing capabilities between different physical machines or hosts can also help limit damage against less experienced attackers.


In the meantime, I would love to hear your thoughts on the Sony DDoS attack. Feel free to drop me an email or add a comment below.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.