Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security PlayStation (Games) Sony

Sony Hacks Continue: PlayStation Hit By Lizard Squad Attack 170

An anonymous reader writes Hacker group Lizard Squad has claimed responsibility for shutting down the PlayStation Network, the second large scale cyber-attack on the Sony system in recent weeks. Although apparently unrelated, the outage comes just weeks after the much larger cyber-attack to the tech giant's film studios, Sony Pictures, which leaked confidential corporate information and unreleased movies.The group claiming to have taken down PSN today, Lizard Squad, first appeared earlier this year with another high-profile distributed denial of service attack on Xbox Live and World of Warcraft in August. The hacker collective claimed that this attack was just a 'small dose' of what was to come over the Christmas period.
This discussion has been archived. No new comments can be posted.

Sony Hacks Continue: PlayStation Hit By Lizard Squad Attack

Comments Filter:
  • by danbuter ( 2019760 ) on Monday December 08, 2014 @10:20AM (#48547229)
    Seriously, how can a billion dollar company that does tons of computer stuff not have a near-impregnable website?
    • by gstoddart ( 321705 ) on Monday December 08, 2014 @10:24AM (#48547251) Homepage

      Are you kidding?

      Laziness and greed, and an indifference to security.

      This seems like a recurring thing ... I'm pretty sure Sony has been hacked several times over the last few years.

      If security doesn't make you money, and you have no penalty for being incompetent at it ... why spend money on it?

      When companies start having penalties for getting hacked and leaking people's information, they might do something. In the mean time, if all they have to say is "oops, sorry" don't expect anything to change.

      • Sony doesn't care about their security. Their "Action Cam" comes with a disclaimer saying that the device isn't secure and if you connect it to a wireless network anyone has access to all of its functionality.

        • That's actually not that bad. Most companies do this, but most don't include a disclaimer. The alternative is to enable the protection from the factory, which probably results in a lot of return from customers who are not able to figure out why their camera doesn't work.
        • SO does my Fire TV when i turn on ABD mode.....just saying if someone is on your local network, LOTS of things become very vulnerable. The security for the device is supposed to be YOUR FIREWALL.
        • by Tukz ( 664339 ) on Monday December 08, 2014 @11:57AM (#48548073) Journal

          Most electronics that connect to your wireless network has this vulnerability.
          Are you really bashing Sony for warning the users about this fact?

          I thought it'd be a good thing to warn the user, so they might secure it themselves.

          • Most electronics that connect to your wireless network has this vulnerability.
            Are you really bashing Sony for warning the users about this fact?

            Nope, they're bashing Sony for not securing it. That "most electronics" has the same flaw doesn't excuse them.

            I thought it'd be a good thing to warn the user, so they might secure it themselves.

            It's a Sony product, so they won't be able to do that. They best they can do is firewall it off.

      • When companies start having penalties for getting hacked and leaking people's information, they might do something.

        It's also too easy for the attackers to hide in Internet.

        What good is it for companies to just build increasingly stronger and more complex security fortresses and still be at the complete mercy of sudden anonymous attacks from unknown directions. That's just crappy design of Internet.

        • There's some middle-ground to find. Sure, there is no 100% foolproof way to secure your network, but if a company get hacked and preliminary investigations shows that this company used debug configurations with outdated software, coupled with bad habits of storing sensitive information in a plaintext, unprotected database, then this company is guilty of something.
      • by Creepy ( 93888 )

        They didn't specify the attack, but a DDoS attack (part of this group's MO) is notoriously difficult to counter because it relies on the lack of security of the user community rather than the company itself. They use, say, a half million computer bot network to flood the target servers with requests. While you can theoretically block request flooding, sheer numbers can still overwhelm systems.

      • Comment removed based on user account deletion
        • by Dunbal ( 464142 ) *
          People ARE voting with their wallets. Sony is losing money hand over fist, year after year.
      • by gtall ( 79522 )

        You mean when company officers start having penalties for getting hacked and leaking people's information, they might do something. Otherwise, the officers are likely to pass the buck to anyone but themselves. Boards' of directors are also complicit in the low value companies put on their customers' information. Suing the company won't really do it, customers should be able to sue the officers and boards. This fiction that companies are individuals should be taken seriously. They are collective individuals

      • 1) remember that computers (especially networked ones) are in effect infinite state machines. There are thousands maybe millions of ways of hacking these, and it looks more and more like an inside job. Remember that one of the tradeoffs of protecting against an inside job makes it a P.I.T.A. to get anything done inside.

        2) Also remember that current atmosphere for public companies is, hell even if you're lucky, not past the next quarterly report and a good chance no farther than the daily stock price. Sec

        • The first major hack to SONY came two weeks after they laid off their security people. what a coincidence. And this malware was targeted... It doesn't take much to see that it's been a long running inside job from people who were once SONY security people.

      • by Xest ( 935314 )

        To be fair this latest attack was just a DDOS, only so much you can do about that.

        Lizard Squad aren't real hackers like whoever carried out the first attack. Lizard Squad are just a bunch of DDOS kiddies without any real actual skills.

        You're right all the same of course, but there's only so much Sony can do about the DDOS attacks- they've just been timed to conflate it with Sony's genuine security breaches, Lizard Squad are basically trying to look cool by leeching off the success of whoever did the real ha

    • Someone set us up the bomb!

    • These companies get hacked all the time. For everyone time you do hear about it they probably get hacked a half dozen times more that you don't hear about it. They have no incentive to publicize their mistakes and unless a regulatory agency is sitting next to each admin and developer there's no way to find out unless they admit it themselves, the perpetrators claim responsibility and show proof, or a third party uncovers it. No data you give to a third party is safe, whatever you give out it's to plan wh
    • If it's a DDoS you can't stop it from the server side. It's not a software issue. Sony alone cannot resolve the issue. I'm no DDoS avoidance guru but I understand enough about it to know it can't be solved at their server level.

    • Seriously, how can a billion dollar company that does tons of computer stuff not have a near-impregnable website?

      Big corporations employ people who understand security and they certainly do do some things securely.

      However, they do not like the consequences of ensuring security in customer facing things like web sites. Getting in depth security review of each change gets right in the way of making rapid updates. This is understood. It is not just incompetents haphazardly creating security holes with no one paying attention. It is a case that it was decided to favour speed over security.

      Sony seems to have failed in prot

    • by gweihir ( 88907 )

      Because they are both stupid and greedy. Sony is not the only well-known company where any halfway competent attacker can just walk in. Most companies do not get attacked, because nobody with the required skills cares enough to do it.

      • They weren't hacked. They were ddos'ed. This was not a hack. Bad title, bad summary.

        • by gweihir ( 88907 )

          They were hacked a few days ago. I was referring to that. But DDoS resilience is part of any sane IT security strategy.

    • by Guppy06 ( 410832 )
      Well, someone played a Sony music CD on the web server, and...
  • Lizard Squad? (Score:2, Insightful)

    by Viol8 ( 599362 )

    MIght as well just call it "We're 16, still live with our parents, have no life away from the computer and play too much WoW Group"

    • MIght as well just call it "We're 16, still live with our parents

      Well, not everyone was running their own company at 17 like you.

    • wait, you weren't living at home with your parents when you were 16?

  • by Kythe ( 4779 ) on Monday December 08, 2014 @10:30AM (#48547289)
    Isn't this the same group/person that called in a fake bomb threat on an airplane not too long ago? I'm surprised they're still walking free.
    • Isn't this the same group/person that called in a fake bomb threat on an airplane not too long ago? I'm surprised they're still walking free.

      Yes. I think it's reasonable to conclude that they are located outside of the USA or any country friendly to it and thus can't be brought to justice. However, based on what I've seen on some published court reports, the wheels of justice turn really slowly on criminal activities over computers even when the perps live in the USA, so there is also a chance that the US government actually knows who they are and can get to them but is just taking its time to do so.

  • Hara Kiri (Score:2, Interesting)

    by Anonymous Coward

    What I don't understand is that Sony is headquartered in Japan. JAPAN. Their work ethic and honor against disgrace is known the world over even today.

    You'd think they would be able to put security over profit. And you'd think someone would have to commit seppuku over this already. I expect to open the news and at least a dozen pinkies got clipped or something. Christ.

    • Maybe the Japanese are more like Romulans or Ferengi than Klingons after all.

      • Lol. Klingons were more or less modeled on old japanese society. Ferengi obviously american. And our society has infected their society to completeness..so..yeah. Pretty sure Romulans were supposed to be a Russia analog. (And cardassians an obvious US NSA/CIA extremism analog)
      • I kind of pictured them like this: Klingons, a mix of Mongolian, Viking, and ancient Japanese: Romulans are clearly based on ancient Roman civilization, they even use the same terminology. Ferengi... they're basically an ethnic slur on jews. It's interesting how Jar Jar Binks offended everyone but no batted an eye with the Ferengi. Cardassians, maybe USSR..? not sure who they remind me of.
    • by gtall ( 79522 )

      Honor my ass. Their notion of honor is to not look bad, not being bad has nothing to do with it.

  • Since when... (Score:5, Informative)

    by Anonymous Coward on Monday December 08, 2014 @10:40AM (#48547379)

    Since when is a DDOS a hack?

    • Since shut up we need clickbait headlines, that's when.

    • Calling it a hack is like listing the body count on a mass shooting, it makes great headlines and guarantees repeat business.

    • While it's possible that the attackers might have purchased hundreds or thousands of VPSes, or convinced as many internet users to willingly participate in the attack... most likely the attack made using a botnet which does require a bit of hacking to set up. Maybe the botnet was bought or leased from the actual hackers by the people who did the Playstation attack. So you could make the case that the "attackers" aren't "hackers", but they still needed to work with hackers to launch this successfully.
    • by Xest ( 935314 )

      It's not but that's what Lizard Squad are counting on. Lizard Squad are just a bunch of DDOS script kiddies and nothing more. They're trying to look cooler than they are by piggy backing off the success of the actual hack on Sony the other day by pretending they're somehow continuing Sony's "security woes". They're not. They're just doing what anyone with enough dollars to hire a botnet for a few hours could do.

      It's still the hack from the other day that should be in the news as that was a big deal carried

  • by Tmann72 ( 2473512 ) on Monday December 08, 2014 @10:48AM (#48547469)
    The sick sad part of this is that they think they are fighting the corporate power or something, but in reality all they will be doing is ruining Christmas vacation for many gamers everywhere.
    • by GTRacer ( 234395 )
      Tell me about it... Patch 2.4.5 is supposed to drop late tonight for Final Fantasy 14, and I'm going to be very disappointed if I can't connect and download it. *Zorg* disappointed...
    • by Jahoda ( 2715225 )
      Heavens to betsy! A Christmas with no video games? Those poor suffering children!
      • Get over yourself. People get off for the holidays and they want to enjoy them. This is a prime way people enjoy there break when they might be completely snowed in or it's too shitty outside. The fact that you look down on video games doesn't change the fact that this attack does nothing but punish innocent users who simply want to relax and play their systems.
    • The sick sad part of this is that they think they are fighting the corporate power or something, but in reality all they will be doing is ruining Christmas vacation for many gamers everywhere.

      Stop giving your money to Sony. It has been conclusively proven that they will not protect the interests that you've demonstrated by giving them money. Then you won't have your Christmas vacation "ruined" because you couldn't avoid your loved ones with a video game.

      • I don't have a ps4. So thanks for the assumptions. I was simply pointing out that others will have their vacations inadvertently affected due to these actions due to no actions of their own. So thanks for making your tone into some attack against me when this situation won't even affect me. GG. I'm allowed to have concern for others without having a personal stake in the matter.
  • by stealth_finger ( 1809752 ) on Monday December 08, 2014 @10:58AM (#48547553)
    Seriously, target the companies and not the users. As I understand it (I don't) all you really need for a ddos is a massive botnet to flood connection requests. Do something proper, hack the system to make psn/xbla free for everyone and make all downloadable games free, auto change everyones backgrounds to goatse, or hack the Gibson or something that's not going to annoy a big bunch of people who aren't your target.
    • by ledow ( 319597 )

      The problem is that that stuff is actually hard.

      Aiming a botnet (paid-for or otherwise) at a company can be a single-click affair if you go to the right places on the Internet.

      Stealing code from a virus that's managed - accidentally - to get into Sony is not hard either.

      However, making a targeted attack, into the secure areas, not getting caught? That's difficult even in the most lax of scenarios, precisely because more attention is paid to it.

    • That would require talent.
    • Seriously, target the companies and not the users.

      You can't destroy Sony without stopping people from giving them money. If your goal is to destroy Sony, your only option is to attack their cash flow. Making the system unavailable during high demand periods is a way to decrease customer confidence and the likelihood that they will give their disposable income to Sony.

      Yes, they're assholes, but what they are doing does male sense, and suggesting otherwise is ignorant.

      • Seriously, target the companies and not the users.

        You can't destroy Sony without stopping people from giving them money. If your goal is to destroy Sony, your only option is to attack their cash flow. Making the system unavailable during high demand periods is a way to decrease customer confidence and the likelihood that they will give their disposable income to Sony.

        Yes, they're assholes, but what they are doing does male sense, and suggesting otherwise is ignorant.

        Yeah, it makes sense in a way, but running a ddos is the most basic, least imaginative thing you can do and annoys the customers much more than the company, and turns potential supporters of your cause against you. At this point sony have lost nothing other than a tiny consumer confidence (of which they had fuck all to begin with anyway). They will probably sell the exact same amount of playstations and the people who were unable to buy games off psn will just do it when it's back up. These lizard kids real

  • by netsavior ( 627338 ) on Monday December 08, 2014 @12:01PM (#48548117)
    In an "interconnected" world there is no such thing as "secure" only "more secure" or "less secure"

    How long can a private company be on "everyone's radar" before they can no longer do business? This may not be successful, but eventually there will be cases of large corporations basically unable to do business because a relative few can wield a lot of "digital power" over a company with a large presence.

    I am not going to overstate the power of "hacktivists"/DDOS/Botnet but suppose these actions continue, how much will it cost Sony to combat this kind of thing? $1,000,000 for every dollar spent hacking them? It seems like there is a limit.

    If enough people want a corporation wiped from the internet, there doesn't really seem like a practical way to survive. Not fearmongering, or cheering against Sony specifically... just wondering.
  • by iONiUM ( 530420 ) on Monday December 08, 2014 @12:48PM (#48548539) Journal

    Here is their twitter: Lizard Patrol [twitter.com].

    They have been attacking XBOX Live randomly for the last 3 weeks which takes down everyone's (including mine) Netflix, games, etc. It's pretty annoying. They even re-tweeted the ankle bracelet on one of their members who is under house arrest after being released from jail. I don't know how they can get away with the blatant DDoS attacks.

  • Look, I understand Sony is paying the price for its own incompetence and failing to learn from what happened in 2011 to the Playstation Network. That being said, Lizard Squad does not have the right to exploit the network at the expense of the user.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...