Check the website for the latest in Cyber Defence and Information Protection

January 2015

Lizard Squad ruins Christmas with DDoS attack

Not an emergency service for reptiles but a team of hackers intent on hitting high profile targets. The Lizard Squad ruined Christmas for gamers by bombarding Microsoft and Sony networks with pointless traffic.

Millions of gamers were unable to play online over the Christmas period, thanks to a distributed denial of service attack (DDoS) on the gaming networks of both PlayStation and Xbox, instigated by hacking group Lizard Squad.

Anyone who received an Xbox One or PS4 for Christmas was unable to get online on Christmas Day, after huge amounts of fake traffic were sent to Microsoft’s and PlayStation’s networks, causing them to crash. This meant gamers couldn’t play certain games, access the services’ online stores or download anything to their consoles.

Microsoft managed to resurrect its service fairly quickly, and Xbox Live was back up and running within a few days, but PlayStation’s network, which has more than double the number of subscribers, was still suffering during the first weekend after Christmas.

What is a Distributed Denial of Service (DDoS) attack?

A distributed denial of service attack is a strategy used by hackers to render targets inaccessible by flooding them with huge volumes of online traffic. In non-cyber terms, it would be like somebody repeatedly dialling your telephone in order to keep your line busy and prevent you from making a call.

To continue with this analogy, the ‘distributed’ aspect would be achieved if your telephone number was then passed on to hundreds of other people who also attempted to ring you.
 

Why did they do it?

This is not the first time PlayStation has been attacked by this particular hacking group. Lizard Squad claims to have taken down the network several times – it even tweeted a terrorism threat to an airline when PlayStation’s president of online entertainment was onboard one of its planes.

A hacker who claimed to be a member of Lizard Squad said the attacks were orchestrated partly for amusement, but also because it wished to demonstrate weaknesses in the company’s systems.


Sony Pictures, another branch of Sony, was also hacked in late 2014. However, the two attacks are unrelated; the Sony Pictures attack was much more sophisticated, as the perpetrators stole confidential information. DDoS attacks alone do not tend to end in data being stolen; instead the service or website is simply taken down for a period of time.

After ceasing its Christmas attack on Xbox and PlayStation, Lizard Squad went on to target Tor, a secure network which allows people to communicate anonymously.

Lizard Squad are also in the frame for reported DDoS attacks on social media sites such a Facebook and Instagram along with an attack on Malaysian Airlines web site this month. It would seem DDoS attacks are the tool of choice for hackers trying to make a name for themselves. What are your thoughts on DDoS attacks? Are they a real threat to your business, would you be able to detect and defend against them? We are always keen to hear from the ‘coal face’ so to speak, please email me at nigel.lewis@cstl.com with your views?

CST  |  1st Floor, 8-9 Lovat Lane, London, EC3R 8DW

Tel: +44 (0)20 7621 7836  |  Fax: +44 (0)20 7099 6878  |  Email: info@cstl.com  |  Web: www.cstl.com