The PlayStation Network is back online … for now.
The global gaming service used by 110m people was brought down on Christmas Eve, seemingly by a hacking group calling itself Lizard Squad. On Sunday however, Sony assured customers via its PlayStation blog that the system was now functioning.
The company also admitted for the first time that the disruption was caused by hackers who used a distributed denial of service (DDoS) attack to flood the PlayStation servers with traffic, bringing access to a halt.
“As you probably know, PlayStation Network and some other gaming services were attacked over the holidays with artificially high levels of traffic designed to disrupt connectivity and online gameplay,” read the post. “This may have prevented your access to the network and its services over the last few days.”
Microsoft’s Xbox Live infrastructure was also attacked, reportedly by the same group, which revelled in its achievement via a series of tweets throughout Christmas day. However, the Xbox online infrastructure was functioning again by Boxing Day.
Formed in mid-2013, Lizard Squad has been stepping up its media profile in the wake of the Christmas attacks. In a series of interviews, two self-declared founding members have claimed that their motivations are amusement, and to highlight the security weaknesses of the systems.
“If I was working [at Microsoft or Sony] and had a big enough budget, I could totally stop these attacks,” “Ryan Cleary” (a pseudonym borrowed from an infamous LulzSec hacker) claimed to tech news site Daily Dot. “I’d buy more bandwidth, some specific equipment, and configure it correctly. It’s just about programming skill. With an attack of this scale, it could go up to the millions. But that’s really no problem for Sony and Microsoft.”
Speaking to Sky News, “Cleary” added, “These companies make tens of millions every month from subscriber fees and that doesn’t even include purchases made by their customers.
“They should have more than enough funding to be able to protect against these attacks.”
Lizard Squad has claimed that its actions against Sony and Microsoft were more sophisticated than standard DDoS attacks, which don’t usually require hackers to gain access to the target’s online infrastructure.
“There’s plenty of people saying we’re not hackers and DDoS isn’t hacking. For attacks of this scale, you can’t really do them without either having access to insane amounts of funding or being able to gain access to the computers via hacking,” “Cleary” said to Daily Dot. “You can’t just do DDoS attacks from your home computer. It doesn’t work.”
The group has even suggested that it has access to undersea cables that facilitate internet connections between the US and Europe.
But its appetite for fame may prove to be Lizard Squad’s undoing, after security journalist Brian Krebs claims to have uncovered the possible true identities of at least two members, both of whom have conducted TV interviews in the wake of the attacks.
Millions of people could not use their games consoles for a second day as disruption on the Xbox Live and Sony Playstation networks continued after an apparent cyber-attack.
A group calling itself Lizard Squad claimed responsibility for bringing down both networks on Christmas Eve, which could have affected nearly 160 million gamers.
Even an intervention by eccentric internet entrepreneur Kim Dotcom, who offered the hackers free lifetime use of his file storage service, does not appear to have ended the attack. Known as a distributed denial of service, or DDOS, the attack is overloading the systems of both services by generating fake access requests.
Such an attack can prevent people from playing games even when they have a physical copy as newer consoles often require online authentication as an anti-piracy measure.
With cyber attacks on the rise, the Guardian meets the team behind one of the most famous incidents. This is the night DerpTrolling took down gaming superstar, Phantomlord
Friday 27 December 2013. The answer phone message was simple: “Get PhantomL0rd”. No one knew who it came from.
The message was left on a phone operated by “DerpTrolling”, a clandestine hacker group, active since 2011. Like many similar groups, Derp, as its tens of thousands of Twitter followers know it, is a loose collective of coders and computer experts, who have a taste and a talent for internet chaos. They identify a target – usually a large corporation, often a video game company – and attempt to break its online infrastructure.
But Derp has a unique approach. The group advertises a phone number on its Twitter page with the simple instruction: “call or text a request.” Dial the number and you can leave a message with the name of a website you would like to be taken offline. If they decide to act, the hackers then stage a distributed denial of service (DDoS) attack against the target.
A DDoS attack is not hacking, it does not require the perpetrator to gain illicit access to the system – instead it involves directing a colossal flood of network traffic at the site until its servers buckle under the load. During the past five years, many of the world’s largest and most powerful websites, including PayPal, Mastercard and even the US National Security Agency have been shut down by DDoS attacks instigated by amateur hacker groups like Derp.
This time, however, the target was not a website but a person.
Jason Varga is a popular internet TV presenter who earns his living playing and commentating on online video games. Varga, known to his channel’s subscribers as PhantomL0rd, is one of the most popular “casters” in the business: he earns an estimated $184,000 a year from YouTube advertising, which supplements his already sizeable income generated from subscribers who pay to watch to his channel on the popular Twitch service, recently bought by Amazon for $970m.
The person who called Derp was perhaps a rival presenter or a bored viewer who wanted to cause some trouble during the school holidays. But their simple request was accepted.
DDoS attacks have vastly increased in frequency during the past few years. While some of the attacks are financially motivated (groups have demanded a ransom to be paid before they call off the attack), many are motivated by anti-corporate sentiment. When Mastercard and PayPal blocked donations to Wikileaks in 2011, the best-known “hacktivist” group, Anonymous, launched a DDoS attack against both sites in a programme of chaos it called “Operation Payback”.
Other hacker groups aren’t doing it for money or activistism, they’re doing it for fun, and to boast about their success on social media. It is the electronic equivalent of graffiti with a vaguely anti-establishment theme. This is where Derp operates.
Three days after the answerphone message was left, perhaps drawn to the idea of one of their DDoS attacks being streamed live on air, Derp chose to act against Varga.
At 4:07pm GMT on 30 December, the group tweeted: “Something special planned for League of Legends”, a reference to the hugely popular online PC game that Varga was playing while streaming footage to his hundreds of thousands of viewers. During the next few hours the group staged multiple DDoS attacks on the League of Legends servers. They successfully took the game, its accompanying website and forum offline around the world.
Rather than report the incident, Varga entered into a dialogue with the hackers. Realising the spectator value of what was happening, he made a deal with them, concerning the next game he was planning to play on air – the popular arena battle title, Dota 2.
“If my team wins, we’ll keep going,” he said, live on air. “[But] if my team starts to lose, Derp Bros, take this shit down.” The hackers agreed.
When Varga’s team lost the match the hackers made good on their promise: at 21:12pm, DOTA2 disappeared from the internet.
Throughout the evening the hackers continued to follow Varga online. They convinced him to play a game on the Disney-owned Club Penguin before they took the entire site down. They were enjoying the attention. They got more ambitious.
During the next few hours they successfully brought down various game-related websites, including Origin, the online web store of giant video game publisher, Electronic Arts. Varga asked the group why they were doing this. “For the lulz,” they replied, before adding, perhaps to lend a sub-note of gravitas to their campaign, that they also wanted to target greedy game companies.