Starting with the DDoS-ing of Sony’s Playstation Network (PSN) back in August, then more attacks on Sony, an attack on Xbox and a threat of more to come, it’s fair to say that Lizard Squad have been causing a ruckus.
Alongside their DDoS attacks Lizard Squad tweet such statements as “Xbox Live #offline” and “PSN Login #offline #LizardSquad”. They have also said that the recent attacks are just “a small dose” of what was to come over Christmas.Lizard Squad are a somewhat mysterious hacking group who are taking responsibility for a spate of hacks against big game networks over the past few weeks.
Why?
I asked Mark James, ESET Security Specialist, how Microsoft and Sony could go about defending themselves and why these attacks have been happening.
What do the hackers stand to gain from their attacks?
“At the moment it’s unclear what their true motives are, some info points to just causing disruption but attacks like this in the past have taken place in an attempt to breach the networks and gain access to credit card and personal data.”
What can the companies do to be better prepared for this kind of attack?
“There are a number of options for protecting against DDOS, I would imagine Sony/Microsoft would have multiple options available to them, companies can have in house protection to filter out the “bad” traffic and only deliver the “good” traffic or have it outsourced so that either their ISP or their own cloud data centre only sending through the clean traffic to the respective servers. Attacks on this scale are quite hard to protect against completely.”
Is there anything at all that the average consumer can do?
“Sadly not, this is purely between the attacker and the provider of the service.”
“Untold problems”
Is this kind of activity actually illegal? Does it get punished?
“Yes it is very much illegal, in the USA you can be charged with both criminal and civil complaints and falls under the “The Computer Fraud and Abuse Act” which basically states that no computer program, command or code can cause damage to a computer and can carry a jail sentence of up to 20 years.”
Lizard Squad have said that this is “just a small dose” of what’s to come, what do you think that could be?
“Stopping peoples access to the large gaming networks over Christmas will cause masses of problems both financially and from a PR scale and will not be taken lightly. It could well turn out that in the midst of this seemingly harmless protest that malware has been installed on the networks involved and only await a trigger to make it live and cause untold problems for them.”
How easy is a DDoS attack to perform? Does it take a high level of expertise?
“Relatively easy these days to be honest, it only takes a number of computers to flood a webserver with more requests than it can handle to cause it to stop issuing the services it was intended for. Attacks on this scale could be aided from compromised machines forming a botnet and with the massive amount of resources and information available on the internet will not be hard to find.”