Rival Hackers Take Credit for PlayStation Network Attack
It started with Sony's PlayStation Network, Sony Online Entertainment and Sony Entertainment Network services in North America on Sunday. Soon, other companies' online gaming services also had connection trouble, including Blizzard Entertainment's Battle.net and Microsoft's Xbox Live service.
In an echo of similar attacks on Sony's online services three years ago, two different hackers or hacker groups claimed credit for knocking Sony's North American gaming servers offline this weekend with a distributed denial-of-service (DDoS) attack.
PlayStation Network (PSN), which connects PlayStation 3, PlayStation 4 and PlayStation Vita consoles to let users download games and play each other, went offline some time yesterday (Aug. 24). So did Sony Online Entertainment (SOE), which hosts massively multiplayer games such as EverQuest, and Sony Entertainment Network, which streams video and music to Sony devices.
Sony had planned to take PSN offline today (Aug. 25) for scheduled maintenance, and some users first thought Sony might have pushed its schedule up by a day.
Instead, as Sony has confirmed, the outages were due to a DDoS attack, designed to knock servers offline by flooding them with more traffic than they can handle. Regular users are "denied service" to affected websites or networks. A "distributed" DoS attack indicates the malicious traffic originates from multiple sources.
Users' personal information did not appear to be affected, Sony said in a PlayStation Network blog post. All service was restored late Sunday night; today's scheduled PSN maintenance has been indefinitely postponed.
We hit Sony! No, I did
Who was behind the DDoS attack? During the outage on Sunday, a hacker or hackers called Lizard Squad claimed credit.
Lizard Squad also sent a bomb threat via Twitter to American Airlines — specifically against a flight to San Diego on which Sony Online Entertainment president John Smedley was aboard. American Airlines diverted the plane to Phoenix to search it for explosives; the aircraft later continued to its destination.
LizardSquad claimed on Twitter that it was protesting Sony's "greed," and said Sony should have put more money into the PlayStation Network. Several other Lizard Squad tweets expressed support for the Islamic militant group ISIS.
The FBI is investigating the bomb threat, a Sony representative told videogame-news site Shack News.
Also on Sunday, a number of other online multiplayer games, including Hearthstone, Diablo III and World of Warcraft, went offline for several hours. All are published by Irvine, California-based Blizzard Entertainment and run on Blizzard's Battle.net service.
On Sunday night, some Xbox 360 and Xbox One users reported difficulty accessing Xbox Live (an Microsoft service similar to Sony's PSN). The issue appears to have mainly affected people trying to play Diablo III, a video game made by Blizzard.
Lizard Squad claimed credit for Blizzard's issues as well. Blizzard has not confirmed this or discussed the nature of its issues.
Another hacker has also claimed credit for the PSN hack, claiming he used jailbroken PlayStation consoles to initiate it. Called FamedGod, the hacker claims he conducted the DDoS attack, possibly using vulnerabilities in the Internet's own Network Time Protocol, to show Sony that its online services vulnerable.
FamedGod's Twitter feed did state at one point "Xbox is next," but did not include specific claims for attacks on gaming services besides Sony's -- other than to observe that "at least Xbox and Microsoft are smart and don't operate on one data center."
The BBC's Web servers, including its online news and iPlayer service. also went offline on Sunday, prompting some to speculate whether the issues were related to the PlayStation attack. The BBC has not confirmed that.
This isn't the first time
In April 2011, outrage over Sony's lawsuit against George Hotz, a young hacker who'd posted instructions for jailbreaking the PlayStation 3, led to the Anonymous hacktivist movement launching a DDoS attack against the PlayStation Network for a few days. (Hotz now works for Google's Project Zero initiative.) That attack collapsed in a flurry of negative feedback for Anonymous as gamers complained they couldn't get online.
Later that same month, a separate attack on the PlayStation Network, Sony Online Entertainment and Sony's Qriocity media-streaming service (later absorbed into the Sony Entertainment Network) led to the theft of private data pertaining to more than 100 million user accounts, including credit-card numbers. All three services were offline for more than three weeks.
The perpetrators of the second attack have never been identified. Spokesmen for Anonymous denied the movement was involved.
In the wake of the 2011 Sony attacks, an Anonymous splinter group calling itself LulzSec went on a merry rampage across the Internet for two months, attacking websites belonging to the CIA and News Corporation, embarrassing companies and governments for lousy security and taunting the authorities via Twitter.
Lizard Squad and FamedGod's stated motives for attack Sony in 2014 are similar to LulzSec's in 2011.
"Sony, yet another large company, but they aren't spending the waves of cash they obtain on their customers' PSN service," tweeted Lizard Squad.
"Hiding behind Amazon servers doesn't help you, Sony," tweeted FamedGod. "Learn and hire people for security, you cheap-ass company."
LulzSec abruptly quit in June 2011, stating its members were "bored," but its de facto leader, Hector "Sabu" Monsegur of New York, had already been arrested and was helping the FBI build a case against his fellow hackers.
- 20 Best Free Android Games
- Xbox at Gamescom 2014: All the New Games
- PlayStation at Gamescom 2014: All the New Games
Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.