Sony Pictures is alleged to have conducted a retaliatory DDoS attack against websites currently holding its leaked information for public download, according to a media report.
The unconfirmed strike-back follows the two weeks of relentless attacks on Sony networks, punctuated by extortion demands, as well as the theft and release of personal information, emails and other business documents, all supposedly by hacker collective the "Guardians of Peace".
Sources claimed Sony Pictures responded to this by using DDoS attacks to keep its leaked files from spreading, according news and reviews site Re/code.
Sony Pictures has declined to comment. One of the report's sources claimed Sony had been using Amazon Web Services cloud computing resources to carry out the counter-attack. Amazon has distanced itself from any malfeasance, claiming the "activity being reported is not currently happening on AWS".
It told the news site: "AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services."
Independent experts have been left sceptical about the strike-back reports which they point out could easily backfire by further tarnishing the image of Sony.
“If Sony is planning retaliatory attacks against websites that are keeping its leaked information, this probably won't stop hackers from attacking it. In fact, it may only spur them to greater action," said Marc Gaffan, chief exec and co-founder of DDoS mitigation firm Incapsula.
Moreover, if the giant corporation were fighting fire with fire, it would possibly be on shaky ground legally, as "launching DDoS attacks is illegal, regardless if it is in response to an attack or in self defence," said Gaffan.
"While these types of attacks are effective in shutting down websites, it will also impact innocent parties that are caught in the line of fire. If Sony is fighting back, we hope that it is better prepared to thwart these attacks than it was two weeks ago," said Gaffan.
According to Re/code, Sony is using "hundreds of computers in Asia to execute denial of service attack on sites where its pilfered data is available". The story is based on two unnamed sources "with direct knowledge of the matter".
Jack Daniel, a security strategist at Tenable Network Security, commented: "If Recode is right about Sony doing DoS/DDoS, (which I doubt) it's accusing Sony of criminal behaviour. Good PR move, eh?"
The Register has contacted Sony for comment and has had no response. We'll let you know if we hear more. ®