Conflicting reports are arising in the cloud world this week related to how Sony responded to a leak of its data.
Re/code, citing two anonymous sources, reported that Sony used Amazon Web Service cloud servers to launch counter-denial of service attacks against websites that were hosting content leaked from the company’s massive breach last week. More from Re/code:
“[Sony] is using hundreds of computers in Asia to execute what’s known as a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter.
Sony is using Amazon Web Services, the Internet retailer’s cloud computing unit, which operates data centers in Tokyo and Singapore, to carry out the counterattack, one of the sources said. The tactic was once commonly employed by media companies to combat Internet movie and music piracy.”
AWS spokespeople are saying that the “activity being reported is not currently happening on AWS.”
That statement begs the question: Did it happen at all? We asked AWS but they would not directly answer the question. Instead we got this statement:
“AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services. In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse. Our terms are clear about this.”
The issue points to a larger question about how companies should respond to data breaches. Is Sony justified in going after these websites illegally distributing its leaked content? ZDNet points out that AWS’s user agreement prohibits customers from using the company’s cloud servers to host DoS attacks, no matter if they’re counter-offensive or not.
Would AWS publicly reprimand a big-name customer for using its cloud servers for a DoS attack? Most likely not. But if Sony did use AWS servers to launch a counter-attack, then AWS can’t be happy with Sony right now.