Still reeling from a cyberintrusion that exposed massive amounts of personnel data from its entertainment division on the Internet, Sony was attacked again over the weekend. This time, hackers disrupted the company’s PlayStation Network.
However, unlike the foray against Sony Pictures Entertainment, which is still under investigation, the company quickly recovered from the PSN attack and had the network up and running by Monday morning.
A group calling itself the “Lizard Squad” has claimed responsibility for what appears to be a distributed denial-of-service attack. Hackers often use DDoS attacks to impair performance or totally shut down the websites they target.
The Lizard Squad hasn’t given a reason for its action. When PSN users landed on the site, they were greeted by the message, “Page Not Found. It’s the Internet’s fault.”
During the week prior to the PlayStation attack, the Lizard Squad launched two similar offensives against Microsoft’s Xbox network.
Anonymous Warns Lizards
Sony did not respond to our request to comment for this story.
Microsoft declined to comment on the Xbox network service disruption. However, the Xbox support team boasted on Twitter, “We upgraded our network to be fully protected against #LizardSquad attacks!”
To celebrate the lizard-proofing of its network, the team also wrote, it was going to give away 50 Xbox consoles and 100 US$50 Xbox cards.
Meanwhile, the hacker collective Anonymous has been pressuring the Lizard Squad to stop its attacks on the PlayStation Network.
“If you continue to attempt to attack the gaming communities, we will take action against you,” Anonymous declares in a YouTube video.
“What you are doing is wrong. You are taking away the fun and enjoyment of children as well as adults. You have no real reason for taking down their servers. Your only goal is to see how far you get without getting caught,” it continues.
“We will stop at nothing to ensure that you never attack the gaming communities again,” adds Anonymous. “You have been warned.”
Claiming Street Cred
Back in 2011, Anonymous wasn’t so protective of gamers on the PlayStation Network. It brought the network to its knees in a DDoS attack that lasted several days.
Anonymous ended the action, launched in protest against the arrest of a young hacker who devised a way to jailbreak a PlayStation 3 unit and posted it to the Net, after receiving negative feedback from gamers around the world.
Although the Lizard Group’s motives for attacking the PSN are opaque, it is getting something many hackers crave.
“They’re getting their desired results, which is publicity and denial of service,” Michele Borovac, vice president of HyTrust, told TechNewsWorld.
“Attention itself can be an objective,” added Steve Pao, general manager for security business for Barracuda Networks.
“They can use it as marketing and to claim their street cred,” he told TechNewsWorld.
Changing Face of DDoS
While DDoS remains a tool in the hacker’s bag of mischief, it has changed over the years. Initially, DDoS was used for extortion: We’ll keep disrupting your website until you pay us to go away.
“That doesn’t pay off anymore,” Mike Davis, CTO of CounterTack, anendpoint threat protection provider, told TechNewsWorld.
“What they do now is use it as a mechanism to cover their tracks while they steal,” he said.
The methods behind DDoS attacks also have changed. There are fewer traditional attacks where traffic from millions of zombie computers is directed at a site to take it down.
“We’re seeing increases this year in reflective attacks,” Davis noted.
In a reflective attack, hackers fool a server they have no control over to send traffic to a target.
“Instead of getting control of 200,000 systems to launch a denial-of-service attack, I can get control of 1,000 high-powered servers, send them data — and instead of responding to me, they will respond to Sony and take it down,” Davis explained.
“The reflective attack has really grown this year,” he observed. “I think the main reason for that is that anti-DDoS technologies have gotten better and the attackers have had to modify their techniques to get around those technologies.”