Sony DDoS Attack May Have Been Smokescreen
Sony has reassured its customers that Sunday's DDoS attack did not compromise any user data. However, modern malware can be extremely difficult to detect. DDoS attacks often are used as a smokescreen to perpetrate data theft, said Corero Network Security CTO Dave Larson. Without further details, "it is impossible to state whether this was a hybrid attack with some intrusion components."
Aug 25, 2014 2:35 PM PT
Sony's PlayStation and Sony Entertainment networks were taken down over the weekend by a distributed denial of service, or DDoS, attack.
The hackers, who call themselves the "Lizard Squad," also forced authorities to divert a plane Sony Entertainment president was on by tweeting that there might be explosives on board.
A hacker with the handle "FamedGod," purportedly a member of the Anonymous hacking group, later claimed responsibility for the DDoS attack and retaliated against the Lizard Squad for stealing his thunder.
Sony has brought its networks back up and has apologized to customers. It reportedly is working with the FBI to track the attackers.
The company claims there is no evidence of any intrusion into its network, although it did not state which of the two it was referring to. It also said there was no evidence of users' personal information having been accessed.
However, its networks may not yet be restored fully. Attempts by TechNewsWorld to contact the company through its online email form elicited the message that there was "some technical problem" and the suggestion to try again later.
DDoS attackers "have the ability to be very disruptive to online businesses or businesses that rely on electronic systems to provide services," Marc Gaffan, cofounder and chief business officer at Incapsula, told TechNewsWorld.
Incapsula's recently launched Behemoth DDoS appliance stopped a massive 38-day DDoS attack against a gaming site, the firm claimed.
Peace Is Just a Myth
Still, Sony's networks may have been invaded or a data breach could have occurred. The latest versions of malware are adept at covering their tracks, and the attack could well have injected a sleeper into Sony's systems.
For example, the Backoff point-of-sale malware has been stealing customer data undetected from point-of-sale systems for about a year, leading US-CERT to issue a warning to retailers.
DDoS attacks often are used as a smokescreen to perpetrate data theft, Dave Larson, CTO and vice president for product at Corero Network Security, told TechNewsWorld.
They are being used increasingly as a form of hacktivism, Larson said, but, without further details, "it is impossible to state whether this was a hybrid attack with some intrusion components."
Death to the Gecko!
Smedley's Sunday American Airlines flight, which was en route from Dallas to San Diego, was diverted to Phoenix and searched.
The Lizard Squad's action elicited anger from netizens.
"Forget the lulz, ur crossing the lines," tweeted "wolf@kingwolfpr."
"When you do big boy time in a Federal pen you're going to be looking really stupid kid," tweeted "Justin@iRoc_1985.
"You're going to be serving a long, long time in jail," tweeted StayOnline@Stay_Online. "Nobody is superior, you'll get caught soon."
FamedGod responded to Lizard Squad by tweeting a list of IP addresses purporting to be of the members of that group.
"Lizard Squad. Rest in Peace. Everyone RT. Every Members IP!" he tweeted.
That drew mixed responses.
"There is like one person in the entire team," tweeted Laim McKenzie. "I just f*cking lol'd at how stupid you are."
"Get em lmao" tweeted "Charm."
"Who ever the f*ck it is needs to get a life and put some sun screen on and go outside," tweeted Dylan Yeingst in response to tweeted arguments as to who was really behind the DDoS attack.
Keeping Us Safe
Tracking down hackers might be easier if Twitter and other social media sites were to insist members sign on with their real identities, but online anonymity often protects political dissidents in countries with repressive regimes.
Target companies can remain safe by making sure their infrastructure is secured against CPU and resource-starving attacks and their networks have adequate resources to defend against bandwidth-consuming attacks, Ron Gula, CEO of Tenable Network Security, told TechNewsWorld.
Twitter did not respond to our request to comment for this story.