The cybervandals known as Lizard Squad last week claimed responsibility for taking down Xbox Live -- again. It’s the same group that knocked out Microsoft’s gaming network, as well as Sony’s PlayStation Network, this past Christmas. So, how is the group so easily able to infiltrate gaming networks operated by two of the world's most sophisticated tech giants?
A distributed denial-of-service (DDoS) attack occurs when a person or group uses a computer network to overload a target server with a high number of connection requests. Lizard Squad “aimed to impact availability of the gaming platform,” Dave Larson, chief technology officer at Corero Network Security, says.
Lizard Squad first gained attention in August last year, when it claimed to have taken down Sony PlayStation and Xbox Live for the first time. The group didn’t stop there. The same week, it tweeted a bomb threat to an American Airlines flight that had Sony Online Entertainment President John Smedley on board. The plane was grounded.
Yes. My plane was diverted. Not going to discuss more than that. Justice will find these guys.
— John Smedley (@j_smedley) August 24, 2014
So, what motivates a group like Lizard Squad? “It’s not about ethics; it’s about, ‘Can I do this using my intelligence?’ They don’t care if it is immoral; it’s a puzzle to take you down or steal your data. And they love these puzzles,” Gary Miliefsky, CEO of cybersecurity firm SnoopWall, says. “One could characterize this behavior to be similar to sociopaths who are not wired to care about doing wrong.”
Miliefsky says groups such as Lizard Squad continue to bring networks such as Xbox Live and PSN to their knees because, well, they can. “It’s easy to perform a remote DDoS on a commercially subscribed remote service like a game network, harming both the service provider and the consumers, causing financial damage. And just because they don’t steal information doesn’t mean their activities are not criminal.”
DDoS attacks are simple enough -- if you have the know-how and proper equipment. There are different types of DDoS attacks, but most consist of interrupting services of an online host by sending multiple requests to servers using two or more people or bots. Botnets, a network of computers controlled by hackers, can be purchased on the Deep Web relatively cheaply -- $25 for 1,000 hosts.
Companies such as Sony, Microsoft and Twitch are deploying new defenses in hopes of protecting themselves. “Organizations that rely on the Internet to conduct their business are now architecting their layered security strategy to protect against DDoS,” Larson says, adding that many online gaming companies are adding real-time, dedicated methods of security to their infrastructures to prevent these types of attacks.
While any online company can be at risk, Lizard Squad seems to be especially enamored of humiliating video game-related networks such as Xbox Live or Twitch. “Game networks have a lot more people who will rage and give us attention,” the group said in a Reddit Ask Me Anything in August.
“Whatever the motivation -- cyberterrorism, retaliation, monetary gain -- it is clear that modern conflicts are being fought in the cyberworld, and organizations must be prepared to fight back,” Larson says. Until then, these cyberbullies will continue to wreak havoc until caught.