Those trying to download files and films from the recent Sony Pictures Entertainment leak are being widely frustrated thanks to a large number of Torrent filesharing nodes that advertise fake “seeds." These files are offered via the Bittorrent file sharing protocol, and they match the signature of the stolen data while containing no usable content. Instead the bad seeds, which now may outnumber the computers actively sharing the actual files stolen from Sony, provide a download of corrupted or fake versions of the archive files for the vast majority of individuals attempting to access them.
According to a source at Sony that spoke with Re/Code, the company was using Amazon Web Services to run hundreds of virtual machines and distribute fake file versions to disrupt the Guardians of Peace (GoP) file dumps. That is supported by analysis from security firm Adallom, which tracks the signature of files on torrent streams and other sources in order to watch for data breaches from client companies.
Tal Klein, vice president of strategy at Adallom, told Ars that starting yesterday, “all of a sudden we saw files matching the SHA1 signatures of the Sony torrents starting to be populated across all the torrent sites.” He said that the files were intelligently designed to have the same signature as the GoP file torrents—unlike earlier opportunistic attempts by malware distributors who packaged malware using the same filenames used by the GoP file dumps.