Those trying to download files and films from the recent Sony Pictures Entertainment leak are being widely frustrated thanks to a large number of Torrent filesharing nodes that advertise fake “seeds." These files are offered via the Bittorrent file sharing protocol, and they match the signature of the stolen data while containing no usable content. Instead the bad seeds, which now may outnumber the computers actively sharing the actual files stolen from Sony, provide a download of corrupted or fake versions of the archive files for the vast majority of individuals attempting to access them.

According to a source at Sony that spoke with Re/Code, the company was using Amazon Web Services to run hundreds of virtual machines and distribute fake file versions to disrupt the Guardians of Peace (GoP) file dumps. That is supported by analysis from security firm Adallom, which tracks the signature of files on torrent streams and other sources in order to watch for data breaches from client companies.

Tal Klein, vice president of strategy at Adallom, told Ars that starting yesterday, “all of a sudden we saw files matching the SHA1 signatures of the Sony torrents starting to be populated across all the torrent sites.” He said that the files were intelligently designed to have the same signature as the GoP file torrents—unlike earlier opportunistic attempts by malware distributors who packaged malware using the same filenames used by the GoP file dumps. [The SHA1 signature is in the metadata provided with the seed, not a result of a file that causes a SHA1 "collision" by matching the file's exact hash.]

The method is similar to a controversial approach taken by the now-defunct company MediaGuard, which contracted with entertainment companies to spread bogus copies of files across torrent sites and other filesharing streams to disrupt online piracy of songs and videos. “They’re seeding the underground market with false content to make it harder for people to get real movies and songs,” Klein said. “It’s not meant to punish anyone—just to make it hard enough to get the real files that it’s a high enough opportunity cost that people go out and pay to download a legitimate copy.”

MediaGuard ran into legal trouble when it planted fake torrent seed files on a server belonging to the media company Revision3, essentially causing a distributed denial of service attack on Revision3’s site. And that’s essentially the effect of what Sony Pictures is doing now on torrent sharing sites. “Sony is not issuing a massive DDOS using AWS on torrent sites—they’re just seeding fake torrents,” Klein said. It’s not hard to tell the digital “bricks” that are delivered apart from real files, “but it’s hard enough for people who are laymen, who are inadvertently reseeding the brick,” he explained. ”And because of the popularity of the torrents, inadvertently, all the torrent users trying to download these files are DDOSing the torrent sites.”

MediaGuard isn’t involved in the Sony operation—after the Revision3 case, it was rebranded as Peer Media Technologies. A media contact for Relativity Media LLC, the company that last owned Peer Media Technologies, said that the company no longer operates MediaGuard or any other version of the service. Evidently other companies have quietly stepped in to fill the void.

Meanwhile, the FBI and other federal law enforcement agencies continue to investigate the hack at Sony Pictures. A spokesperson for the FBI said that the agency could not yet comment on the investigation. But in testimony at a hearing of the US Senate's Committee on Banking, Housing, and Urban Affairs yesterday, FBI Cyber Division Assistant Director Joe Demarest told senators that the means used to attack Sony Pictures "would have slipped or gotten past 90 percent" of organizations' security measures.