Threat Intelligence Blog

Posted August 26, 2014

Over the weekend, the gaming world was hit by a series of Distributed Denial of Service (DDoS) attacks which disrupted several networks, including League of Legends’ servers, World of Warcraft’s, Grinding Gear Games’ Path of Exile, and Xbox LIVE. Most notably, however, was a massive DDoS attack on Sony’s PlayStation Network, which has been targeted by hackers before. The networks were down for quite some time, with Sony stating that it was “an attempt to overwhelm our network with artificially high traffic.” However, the DDoS attack was not the full extent of the threat; an explosives threat from the attributed hacker group was also sent via social media to an American Airlines flight carrying a Sony executive.

The hacking group Lizard Squad claimed responsibility for the gaming network attacks. A member posted that they had “decrypted a memory dump and found the server.” Sony’s PlayStation Network was down the bulk of the day on August 24, sustaining the worst of the attacks. Although it is highly likely that Lizard Squad actually was the group responsible for them, this was disputed by Twitter user “Famed God”, who also attempted to take responsibility for the Sony attack.

In addition to the DDoS attacks, Lizard Squad also tweeted a threatening post to an en route American Airlines flight, stating “@AmericanAir We have been receiving reports that @j_smedley‘s plane #362 from DFW to SAN has explosives on-board, please look into this.” John Smedley is the President of Sony Online Entertainment, and the fact that the hacker collective knew his whereabouts and exact plane information was at first glance, very concerning. However, a further look at Smedley’s Twitter account reveals that he himself posted the bulk of his travel information via social media, which would have been specific enough to deduct his flight schedule. As a result of the Lizard Squad Twitter posting, the American Airlines plane was diverted and checked for explosives, but nothing surfaced.

To further fan the flames, the posts from Lizard Squad included threats that the DDoS attacks would not stop until the United States had ended its campaign against the Islamic State. Since then, Lizard Group members have stepped forward to say that the political comments were merely a ruse to get media attention, while Smedley denounced them as trolls via his Twitter account. It is interesting to note that in addition to its attacks on gaming networks, Lizard Squad also claimed on Twitter to have successfully taken down the Vatican’s website over the weekend.

At this time, Sony says that no data was compromised in the attack, and law enforcement is still investigating the incident. Regardless of which groups are behind the attacks, it’s important for the video gaming industry – and any organization with a large online presence or fan base – to learn from the banking sector, which has been dealing with threats such as this for years. By having a plan to mitigate DDoS attacks, as well as taking measures to better prevent them by analyzing threat intelligence and potential threat actors on an ongoing basis, organizations can reduce the likelihood of downtime and unhappy customers.


Additional Posts

Conficker May Not be a Risk…But its Host is!

My recent blog post on infections on the CHS network generated a lot of questions and criticism.

Where there are Breaches, there are Infections

Community Health Systems (CHS) recently announced their network of 206 Hospitals was hacked ...