'Phantom' menace threatens to down Xbox Live, PSN at Xmas
Hackers reveal plans to make children cry
Last Christmas LizardSquad played Grinch with the holiday fun of gamers by knocking out XBox Live and smacking the PlayStation Network offline with a distributed denial-of-service (DDoS) attack.
The traffic flooding exercise turned out to be a promo for a DDoS-for-hire cybercrime service. Arrests against both the hackers and their customers followed and LizardSquad has since dropped off the radar. Now, almost 12 months later, it looks like something similar may be about to happen.
The self-styled "Phantom Squad" crew is threatening to disrupt the PlayStation and XBox Live networks through co-ordinated denial-of-service attacks over the festive season.
The hacker group has already claimed responsibility for recent outages to XBox Live earlier and social news site Reddit. The group’s stated aim is to show up the continuing lack of security defences on gaming networks rather than pure mischief or immediate profit. “PSN and Xbox Live... Companies that have millions of dollars... and don't bother on working on security,” it said through its @PhantomSqaud Twitter account.
Running DDoS attacks can be done without any particular skill. Phantom Squad are at pains to deny the obvious accusation that they are attention-seeking s’kiddies. “We are Grey Hat Hackers. Not skids not fakes not wannabes,” Phantom Squad said.
Whether Phantom Squad will make good on the threats remains unclear. It’s also unknown if Xbox Live and PSN are much better prepared to defend their borders compared to last year. Either way, gamers and security watchers are taking the threat seriously.
Dave Larson, chief operating officer at DDoS mitigation firm Corero Network Security, commented: “These latest threats against the Xbox Live and PSN networks indicate something that we’ve known for a while; the online gaming industry – given its high-volume, highly transactional environment – relies on 24/7 accessibility and is significantly impacted when this can be intentionally compromised. Any downtime or interruption causes real financial and reputational impact. Last year, the largest online gaming platforms were brought to their knees during probably the most critical time of year, and it sounds like they are up against round two this holiday season.”
He added: “If these online gaming giants have, in fact, figured out how to effectively mitigate the attacks of 2014, they must remain vigilant, as DDoS is an evolving, multi-vector cyber-attack technique that cannot be stopped without automatic and real-time defences." ®
Sponsored: Becoming a Pragmatic Security Leader