PSN Down As Sony, Blizzard, Riot And Others Are Under Siege By Hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.forbes.com/sites/insertcoin/2014/08/24/psn-down-as-sony-blizzard-riot-and-others-are-under-siege-by-hackers/

If you’re trying to play a game on PSN today, you may be running into some
issues. Despite routine maintenance set for tomorrow, over the weekend
Sony's PSN service has been hit by a series of crippling attacks from a
hacker/vandal collective known as “Lizard Squad.”

The group also claims to have been working to sabotage Blizzard’s servers,
along with interrupting Riot Games’ League of Legends and Grinding Gear
Games’ Path of Exile. But as of late, PSN appears to be their main target,
at least judging by their quickly-growing Twitter feed.

“Sony, yet another large company, but they aren’t spending the waves of
cash they obtain on their customers’ PSN service. End the greed,” they said
a few hours ago on their page.

Sony’s response on their own Twitter TWTR +0.5% support channel is a
seemingly never-ending string of auto-messages responding to individual
users’ complaints. The long and short of it is that they’re working on the
issue, yet have no timetable as to when the service will be restored. The
hack was first reported by Shacknews, who reiterates that this has nothing
to do with the planned maintenance for tomorrow.

Out of the supposed hits on League, PoE and Blizzard games, only Sony still
seems to be having issues at the moment. The group seems focused on them in
particular, at one point saying they’ve planted an “ISIS” flag on Sony’s
servers, referencing the terrorist group that has massacred hundreds of
civilians in Iraq.

PSN is no stranger to this sort of attack, as the network suffered a large
security breach in 2011. That time, it was the internet’s famed “Anonymous”
taking responsibility, and the end result was the exposure of thousands of
names and passwords. In the end after a class-action lawsuit, Sony agreed
to a $15M settlement.

It appears the “point” being made with this new hack is that Sony still has
not done enough to secure their online services, even after a colossal
breach like the one in 2011. This is still an ongoing situation, but so far
there is no information about the possible exposure of customer
information, only that the service itself is offline.

Stay tuned here for any updates on the situation as they come in.

Update 1 (1:34 PM EST) A lot of hay is being made about the idea that these
aren’t “hackers” and this isn’t a “hack,” because it may be “only” a very
persistent distributed denial of service (DDoS) attack that is taking down
these services, Sony’s included, and not a true data breach. I’m not sure
why such hay is being made. A DDoS attack is a hack, and Anonymous used a
DDoS attack in the 2011 PSN data breach.

Update 2 (4:15 PM EST): Whoa. Things have gotten rather insane as the
Lizard Squad Twitter account publicly tweeted a bomb scare to an American
Airlines flight that Sony Online Entertainment President John Smedley was
on, after he mentioned earlier today he was traveling from Dallas to San
Diego. Smedly was addressing the hack on Twitter when the threat was
issued, and it’s now been confirmed that the FBI has gotten involved. A
widespread hack or a DDoS attack is one thing, but publicly tweeting a bomb
threat to an airline is something that goes well past the usual trolling
and “lulz.” Still, the account is laughing about the whole situation,
posting videos of 9/11, continuing to equate themselves to ISIS, and
inviting the government to essentially “bring it.”  I’m sure the FBI will
be happy to oblige.

Update 3 (8:48 PM EST): Yes, PSN is continuing to have issues, and now the
Sony support Twitter is just directing people to a short blog post on
PlayStation that acknowledges the DDoS attack, and promises engineering is
hard at work to restore the service. No word from the FBI about the bomb
scare, as it’s obvious now an internal matter. Still, the group responsible
is tweeting as recently as a minute ago.

Update 4 (9:35 PM EST): Seemingly oblivious to the fact that they just
committed a felony that attracted the attention of the FBI a few hours ago,
the group is now turning their attention back toward Blizzard and
Battle.net, harassing random streamers and interfering with the service’s
connectivity. Meanwhile, PSN seems to be recovering somewhat, but Sony is
still warning against possible issues.

Update 5 (10:55 PM EST): I created a separate post going into detail about
the airline threat: “Sony Online Entertainment President’s Flight Diverted
By PSN Hacker’s Bomb Threat”

Update 6 (8:34 AM EST): PSN is back online and Sony is delaying their
planned maintenance for today due to the service interruption.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!