Lizard Squad: Xbox Live, PSN Attacks Were a 'Marketing Scheme' For DDoS Service

← Back to Stories (view on slashdot.org)

Lizard Squad: Xbox Live, PSN Attacks Were a 'Marketing Scheme' For DDoS Service

Posted by timothy on Tuesday December 30, 2014 @03:58AM from the now-how-much-would-you-pay? dept.

blottsie writes The devastating Christmas Day attacks against the gaming networks of Sony and Microsoft were a marketing scheme for a commercial cyberattack service, according to the hackers claiming responsibility for the attacks. Known as Lizard Squad, the hacker collective says it shut down the PlayStation Network (PSN) and Xbox Live network on Dec. 25 using a distributed denial-of-service (DDoS) attack, a common technique that overloads servers with data requests. The powerful attacks rendered the networks unusable for days, infuriating gamers around the world and causing yet-untold losses of revenue. Now, members of Lizard Squad say the group is selling the DDoS service they used against Sony and Microsoft to anyone willing to pay.

139 comments

Min score:

Reason:

Sort:

how is it different than any day 0 game? by alen · 2014-12-30 04:02 · Score: 2, Insightful

not like you can play any game on the first day anyway
everything is virtualized to the point where they support average players months after release and not the day of release and idiots not only pre-order the games, they change the store country to play it the second it goes live somewhere in the world.
Public Stoning is too good... by bigdady92 · 2014-12-30 04:03 · Score: 1

a justice reward to these lil Asshats. I am quite pleased that Anonymous has already done their homework and spread all the information about these douchecanoes throughout the internet so their lives are wrecked for the foreseaable future. I'd hate to think that some mouthbreather CoD player go word that him and his mates are kicked off line by that kid down the street and enact vengeance for all of us.

--
Wheel of Time: Book by Book and Sumview (summary review) Bigdady92 style: http://bigdady92.blogspot.com/
1. Re:Public Stoning is too good... by alen · 2014-12-30 04:05 · Score: 1
  
  MS and Sony should just code their services the right way and have 10000000000000 hyperbytes of bandwidth
2. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 04:11 · Score: 0
  
  a justice reward to these lil Asshats.
  Yes, stoning for shutting down a gaming network. Someone's priorities are a bit off....
3. Re:Public Stoning is too good... by damn_registrars · 2014-12-30 04:11 · Score: 0, Flamebait
  
  Holy shit, put on your big boy underwear and take your inhaler. Some hackers disrupted a couple of gaming services. This was not even remotely close to that level of offense. Did you happen to notice that the sun still went up that morning and went down that evening, or were you just to furious to look at the window? So you were prevented from sending more money to your favorite console maker for around 24 hours; did it occur to you to maybe spend that time with real live people or do actually DO something with your life (even if only for one day)?
  
  If you wonder why "gamers" get such a bad rap in the real world, look in the mirror and think about how worked up you just got over this.
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
4. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 04:16 · Score: 1
  
  ... what is this "sun" thing you speak of?
5. Re:Public Stoning is too good... by meta-monkey · 2014-12-30 04:18 · Score: 2
  
  Does Anonymous have teeth anymore? Since their big players were de-Anonymized and rounded up by the FBI I haven't seen them do...much...
  
  --
  We don't have a state-run media we have a media-run state.
6. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 04:25 · Score: 1
  
  I think the point here is they are wanting to SELL this "service" to any asshole with cash and a target, like maybe something important enough to have a greater real world impact or cause actual injury or death.
7. Re:Public Stoning is too good... by NotDrWho · 2014-12-30 04:29 · Score: 3, Funny
  
  Son, this is the United States of America. Messing with a big corporation here is like slapping momma, spitting on the flag, and fucking an apple pie--in that order.
  
  --
  SJW's don't eliminate discrimination. They just expropriate it for themselves.
8. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 04:41 · Score: 5, Insightful
  
  Oh get off your high horse. You've got kids opening consoles on Xmas day and unable to play, you've got adults with a rare few days off work unable to play, this has basically ruined Xmas for a shit ton of people. You think whatever you do on Xmas day is more "important" or more "worthwhile"? You're arguing with kids on Slashdot, clearly your life isn't all that.
  Meanwhile you seem to think that someone saying "they should stone them" on the internet carries similar weight to an actual stoning, so maybe you also need to "do something with your life".
9. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 04:42 · Score: -1
  
  You're more worked up than you're accusing the GP of being.
10. Re:Public Stoning is too good... by cyberchondriac · 2014-12-30 04:44 · Score: 2
  
  Did it ever occur to you guys that his title was just hyperbole? I doubt he seriously, literally meant they should be stoned to death, for real. Unless maybe he hails from Saudi Arabia or similar, in which case.. hmmm, you may have a point.
  In any case, the much larger threat from these douches is their willingness to sell these services; someone could do some real damage. I hope they see some serious fines or jail time.
  
  --
  
  Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
11. Re:Public Stoning is too good... by cyberchondriac · 2014-12-30 04:46 · Score: 2
  
  A legendary fiery orb that slowly moves across the sky in a roughly 8 to 14 hour period (depending on your latitude and season).. though for the past 7 weeks, being in the mid-Atlantic states, I haven't seen hide nor hair of the damn thing!
  
  --
  
  Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
12. Re:Public Stoning is too good... by CaptainDork · 2014-12-30 04:47 · Score: 1
  
  Anonymous did what?
  
  --
  It little behooves the best of us to comment on the rest of us.
13. Re:Public Stoning is too good... by gbjbaanb · 2014-12-30 04:59 · Score: 2
  
  Its not the service coding that is the issue - there's only so much network pipe to go round, and unless we build our entire networks to handle gigabits of traffic for ever server that will almost never be used (at great expense) we'll have to find other ways to stop such attacks.
  Of course, egress filtering would be a good first step. If only every big ISP did this, we'd make most DDoS attacks useless instantly. Then we only have to deal with compromised computers sending data, but if they cannot fake their IP source, we'll at least know who they are to clean them.
14. Re:Public Stoning is too good... by barbariccow · 2014-12-30 05:01 · Score: 1
  
  Holy shit, put on your big boy underwear and take your inhaler. Some hackers disrupted a couple of gaming services. This was not even remotely close to that level of offense. Did you happen to notice that the sun still went up that morning and went down that evening, or were you just to furious to look at the window? So you were prevented from sending more money to your favorite console maker for around 24 hours; did it occur to you to maybe spend that time with real live people or do actually DO something with your life (even if only for one day)? If you wonder why "gamers" get such a bad rap in the real world, look in the mirror and think about how worked up you just got over this.
  Funny, I heard the same thing from the kid in the Lizard Squad interview.
15. Re:Public Stoning is too good... by jones_supa · 2014-12-30 05:09 · Score: 1
  
  Here in Finland cosmologists are predicting that we can see the next quick glimpse of Sun somewhere around 2025. We always gather together with some good photography equipment to capture a couple of shots of this rare event.
16. Re:Public Stoning is too good... by pnutjam · 2014-12-30 05:17 · Score: 1
  
  Still got nothing on sports fans.
  
  --
  Cheap storage VM.
17. Re: Public Stoning is too good... by Anonymous Coward · 2014-12-30 05:23 · Score: 0
  
  You realize this cost Sony and Microsoft millions in lost revenue. Many people, including myself, will be going back to physical copies of games instead of digital copies purchased from the sony store. Digital copies can't be used without verifying the purchase and with PSN down I couldn't use any off the software I had purchased from the previous year. What's the penalty for stealing millions? Lizard squad should get an equal punishment.
18. Re:Public Stoning is too good... by 0100010001010011 · 2014-12-30 05:41 · Score: -1, Troll
  
  If your Xmas was ruined by not being able to play computer games maybe you should find more hobbies.
  Xbox down? Go out side.
19. Re:Public Stoning is too good... by mallyn · 2014-12-30 05:44 · Score: 0
  
  Not only did the sun rise on Christmas morning, my gifts, which were hand-made jackets that I made for my family, were still wearable and enjoyable despite whatever hacking went on.
  Also, a friend's hand made chess board (inlaid wood) that was also a gift this Christmas still worked.
  The doors of a hand-made maple and cherry toy box that I made for my sister for Christmas of 1999 (15 years ago) still work fine. No hacker was able to disable that gift.
  
  --
  Most Respectfully Yours Mark Allyn Bellingham, Washington
20. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 05:45 · Score: 0
  
  > Hurr durr I'm better than you gamer shitlords because my hobby is X instead of Y, you should go kill yourselves.
21. Re:Public Stoning is too good... by mallyn · 2014-12-30 05:47 · Score: 0
  
  All of this 'ruining Christmas' suggests to me that Christmas itself is too fragile for our society.
  Perhaps should we as a society (American, World, whatever) should put Christmas as a concept away in the attic for a few centuries?
  
  --
  Most Respectfully Yours Mark Allyn Bellingham, Washington
22. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 05:52 · Score: 0
  
  Oh? You mean pay the ISP for special priority?
23. Re:Public Stoning is too good... by bluefoxlucid · 2014-12-30 06:02 · Score: 1, Troll
  
  What business do you work in? I bet it isn't important. Hospice, I bet. Some hackers disrupted your hospice, and the old people's heating went out, and they all froze to death. Well, who fucking cares? They're just old people; the sun went up that morning AND went down that evening, and only a bunch of old people who were in hospice to die anyway died.
  It's business. There are businesses. They make money, and they loose money. YOU are unimportant; yet the police would arrest me for raping and beating and robbing you, even if you didn't die or get HIV. Why? Why should anyone care? The sun went up that morning AND went down that evening, right? You're less important than some gaming services, which millions of people notice when they go offline.
  
  --
  Support my political activism on Patreon.
24. Re:Public Stoning is too good... by bigdady92 · 2014-12-30 06:02 · Score: 0
  
  You think that was me getting worked up? Aren't you a Sensitive Susan.
  
  You think it's OK that some set of mouth breathers is able to sell a service to the highest bidder to take down several major corporations? What happens when they attempt to attack someone outside of the gaming sphere? What then? That OK too or should I hand wring and not get 'upset'.
  
  The article is about a mercenary group of thug scriptards who are soon going to be shown what a PITA prison is like. You don't go around taking down big corps like this for the LULZ forever and not expect to get caught.
  
  --
  Wheel of Time: Book by Book and Sumview (summary review) Bigdady92 style: http://bigdady92.blogspot.com/
25. Re:Public Stoning is too good... by bluefoxlucid · 2014-12-30 06:04 · Score: 0
  
  Ah, Chess. The game for less-intelligent people who want to display their supposed intellect.
  
  --
  Support my political activism on Patreon.
26. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 06:16 · Score: 0
  
  This was not even remotely close to that level of offense.
  Correct.
  These people are of no use or value to society, and should be drawn and quartered.
27. Re: Public Stoning is too good... by major_handicap · 2014-12-30 06:26 · Score: -1
  
  Or maybe they just shown a light on a massive flaw in the system, like the reliance on other systems to be able to use something you legally bought and paid for? I don't know if they should be stoned or not. But they got folks attention.
28. Re:Public Stoning is too good... by cyberchondriac · 2014-12-30 06:28 · Score: 0
  
  lol. At least you get to see the Aurora Borealis,..? We get nothing but light pollution.
  
  --
  
  Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
29. Re: Public Stoning is too good... by mythosaz · 2014-12-30 06:46 · Score: 1
  
  Well, the game I wanted to play relied on massive online interaction anyway, so depending on other systems is sort of in the cards...
30. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 06:52 · Score: 0
  
  The problem with TCP/IP and UDP is that the sender is in control. The receiver does not have control of the network load that is put on him == no power == no longer under your control.
  There should be something like a distributed firewall. Or a public/private key signing that the traffic is ok. Just dreaming some...
31. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 06:54 · Score: 0
  
  "That's not the sun. IT'S A DRAGON!"
32. Re:Public Stoning is too good... by mythosaz · 2014-12-30 07:02 · Score: 1
  
  (a) Not everyone celebrates Christmas, and even those people who do might stage their celebrations on other days to accommodate complex family schedules; and
  (b) Don't be a dick because we don't all enjoy the things you enjoy.
  In my house, to accommodate a blended family schedule, we celebrated on Christmas eve. On Christmas day, with all the children safely shipped off to another set of parents, I made plans to go to a friend's house, where we'd online game together, in old-school LAN-style solidarity while the women gathered in the kitchen to gossip. Needless to say, our plans were ruined by asshats on the internet.
33. Re: Public Stoning is too good... by Anonymous Coward · 2014-12-30 07:08 · Score: 0
  
  Coding Wont do jack shit all try are doing is throwing traffic at them
34. Re:Public Stoning is too good... by damn_registrars · 2014-12-30 07:15 · Score: 1
  
  Did it ever occur to you guys that his title was just hyperbole? I doubt he seriously, literally meant they should be stoned to death, for real.
  
  Are you new here? Your geek card is threatened with revocation if you don't support public execution of spammers. It could be he was employing hyperbole but in this crowd it is more likely he was actually speaking what he really thinks.
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
35. Re: Public Stoning is too good... by Aereus · 2014-12-30 07:19 · Score: 1
  
  You're pretty judgmental of what random people on the Internet do with their time. Who died and made you King? They cost companies a lot of revenue, and ruined Xmas for thousands of children who don't care about epeen wars. They just know they can't play games with their family or friends on a holiday bc some script kiddies wanted to advertise to make a few thousand dollars selling ddos. Which BTW takes far less effort to implement than defend against due to inherent flaws in Internet protocols.
36. Re:Public Stoning is too good... by GrumpySteen · 2014-12-30 07:30 · Score: 1
  
  I'm not sure how to work in slapping momma and spitting on the flag, but fucking an apple pie can rake in over $100 million.
37. Re:Public Stoning is too good... by KruiserX · 2014-12-30 07:38 · Score: 1
  
  You're missing the wood for the trees. This was a great marketing tool for them. They have educated asshats that were unaware of such paid DDoS services. You'll have a lot of people using their services or start looking for similar services. Now for a $100 they'll take out a competitors website/email server/etc.. and causing a lot of harm on the networks in general. DDoSing should not go mainstream or appear to be easily accessible, it'll ruin the internet. What if some disgruntled person uses these DDoS services to attack essential services like hospitals. People can die just because records couldn't be pulled. I say, let the gamers rage, the more the public outrage become, the easier it will get people/governments to hunt these pricks down. As soon as you ask money for something, it's not a cause anymore.
38. Re:Public Stoning is too good... by Bengie · 2014-12-30 08:29 · Score: 2
  
  The was anti-DDOS services work is quite simple. Instead of having a single network connection, say a 100gb link in the USA, you instead have many many 100gb+ links at the many Internet Exchanges around the world. At each IX, you have a bunch of proxy/firewall servers that filter the data, then send the "clean" data back to your 100gb link back in the USA.
  
  You scrub the data first where bandwidth is crazy cheap. You can purchase 100gb/100gb for $6k/month at many IXs.
  
  The second part to this is you need to stop broadcasting your main links BGP on the open Internet, and only over pre-determined routes. This way no one can send data directly to your datacenter.
  
  Nutshell: Spread your Proxies/Firewalls around the world and use AnyCast, scrub the traffic, forward clean data to datacenter, make sure datacenter is not publicly routable.
39. Re:Public Stoning is too good... by Bengie · 2014-12-30 08:31 · Score: 1
  
  I couldn't go outside because someone set off a nuclear bomb and it's a wasteland. Maybe I should have had more hobbies.
40. Re:Public Stoning is too good... by Oligonicella · 2014-12-30 08:52 · Score: 1
  
  Piss the hell off. I like Christmas. Don't be so pompous.
41. Re:Public Stoning is too good... by Oligonicella · 2014-12-30 08:56 · Score: 1
  
  What an amazing display of pseudo self importance. I make things too. This is no way elevates me as you seem to think it does you, nor does it demote the importance of things that can be hacked. They're simply different types of things.
42. Re: Public Stoning is too good... by Anonymous Coward · 2014-12-30 09:26 · Score: 0
  
  Still not news. People have been selling "network stress test" for decades that are mostly used in unauthorized attacks.
43. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 09:26 · Score: 0
  
  a justice reward to these lil Asshats.
  Yes, stoning for shutting down a gaming network. Someone's priorities are a bit off....
  Indeed, stoning is grossly inadequate in this particular case. The right punishment would be hanging, drawing and quartering... or maybe death by thousand cuts. The b4stards have ruined my holidays.
44. Re: Public Stoning is too good... by Anonymous Coward · 2014-12-30 10:16 · Score: 0
  
  Introducing an inferior system isn't cool to begin with, and their track record is getting really bad. Their systems aren't prepared for the world. If you buy service from someone who is known to have trouble delivering it's OK to take some personal blame.
45. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 10:17 · Score: 0
  
  Messing with a big corporation here is like slapping momma, spitting on the flag, and fucking an apple pie--in that order.
  I think I saw that porno once.
46. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 12:18 · Score: 0
  
  if you build it - they will come!*
  Mainly due to porn*
47. Re:Public Stoning is too good... by gbjbaanb · 2014-12-30 13:05 · Score: 1
  
  but what data is "good" data?
  is an NTP request good or bad? You can't always tell the difference as they're all good, only not if you're getting 10,000 of them per second.
  I'm sure every little website can afford to have a filtering proxy at all the exchanges around the world - after all, rack space in one of those is crazy cheap, and they let anyone put servers in there. Microsoft may be able to, but that doesn't help anyone else who will be subject to extortion from these scumbags. We need to improve our overall response to reduce the ability of these cunts to operate, not pay a fortune to mitigate their attacks when they decide (with almost impunity) to inflict them.
48. Re:Public Stoning is too good... by Bengie · 2014-12-30 13:25 · Score: 1
  
  We're not talking about "every little" web site, we're talking about the 2 biggest gaming networks in the world.
  
  Your NTP is a bad example because the issues being discussed focuses on stateful connections that require authentication and authorization, both of which can be done at the edge. Once a connection is authenticated and authorized, then its traffic may make its way back to the datacenter. Even UDP connections could be considered "stateful" in the sense that the proxy/firewall may not allow your traffic to pass until you've authenticated, then the firewall could allow your IP to create a new state/connection.
49. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-30 17:57 · Score: 1
  
  "is an NTP request good or bad? You can't always tell the difference as they're all good, only not if you're getting 10,000 of them per second."
  As someone who works in this field... Is an NTP request good or bad? In order of processing overhead:
  1.) Is the packet 76 bytes (or 96 with symmetric signing)? Normal packet sizes for a request or response. Stops amplification.
  2.) Did you ask for it? (Most NTP doesn't expect to serve NTP requests from the Internet). Stateful filtering is hardly new.
  3.) Is it a mode 7 request? Highly unusual for this to come from offbox. Relatively simply IDP signature.
50. Re:Public Stoning is too good... by gbjbaanb · 2014-12-31 02:14 · Score: 1
  
  You seriously want an edge router to track every user that passes through them, the same routers you say handle gigabits of traffic per second? How would you handle such authentication? Do you have to have a user account with every ISP between you and your destination?
  You don't need to authenticate users - they're already authenticated on every source ISP network, or you wouldn't be allowed to send packets at all. The problem is the ISPs are sloppy with everything after that, they assume you're legit, when you may be sending out all kinds of crap packets - mostly if you've been hacked and are sending out spoofed packets for the purpose of helping in a DDoS attack. Egress filtering fixes that one.
  We are talking about DDoS attacks, not Microsoft who is frankly a very big boy and can look after himself (assuming all but a skeleton crew weren't on holiday at the time)
51. Re:Public Stoning is too good... by Anonymous Coward · 2014-12-31 06:10 · Score: 0
  
  herp-derp-a-bytes?
And cue the story about how they were infiltrated. by teambpsi · 2014-12-30 04:06 · Score: 5, Insightful

"anyone willing to pay" -- you mean like an FBI agent with a credit card?

--

Old age and treachery almost always overcome youth and skill.
Great! by Gliscameria · 2014-12-30 04:06 · Score: 5, Insightful

Sounds like an awesome way to get caught and shutdown. Keep at it boys.

--
X
1. Re:Great! by Anonymous Coward · 2014-12-30 05:19 · Score: 0
  
  There have been botnets for rent for years. This is nothing new.
Holy Hyperbole, Batman! by damn_registrars · 2014-12-30 04:06 · Score: 5, Insightful

devastating
No, there are lots of things that have happened in the past week that qualify as devastating, but these were not on that list. A major annoyance? Sure. Devastating? Not so much. Just because some people who paid too much for a gaming system weren't able to use it the first day after they got it; and the companies who sold it to them had to wait a little longer to get credit card numbers to charge monthly fees for these people, doesn't make it devastating.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:Holy Hyperbole, Batman! by Anonymous Coward · 2014-12-30 04:35 · Score: 2
  
  What do you have to support the statement that people paid too much for their gaming system? It seems like a pretty bizarre claim, maybe from someone who's projecting their poverty on to more successful people.
2. Re:Holy Hyperbole, Batman! by Anonymous Coward · 2014-12-30 05:41 · Score: 0
  
  Not devastating? I guess you don't have kids...
3. Re:Holy Hyperbole, Batman! by Dragonslicer · 2014-12-30 06:40 · Score: 1
  
  It must have been devastating to Sony's and Microsoft's profits, right? Surely these repeated demonstrations of how fragile their games and networks are would result in fewer people purchasing systems and games.
4. Re:Holy Hyperbole, Batman! by damn_registrars · 2014-12-30 08:33 · Score: 1
  
  It must have been devastating to Sony's and Microsoft's profits, right?
  It is quite hard to demonstrate that notion, one way or the other. How many people who would have registered that day would have purchased something through it that same day? Would they not have purchased it 1 or 2 days later once things worked?
  
  Were any consoles returned 1 day later because they couldn't connect that day? $400 is not a trivial amount of money to spend on a gaming system; I wouldn't expect many people would give up on it after only one day - especially considering how well known the attack was.
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
5. Re:Holy Hyperbole, Batman! by Anonymous Coward · 2014-12-30 19:16 · Score: 0
  
  I was in best buy 2 days after Christmas and there were no less than 10 xbox/playstations in line waiting to get returned because "they don't work". Employees were trying to explain the attack to people but most normal people don't understand this stuff. Best buy actually had a special game console customer service line going on. It was crazy.
Researchers!!! by sycodon · 2014-12-30 04:13 · Score: 1

Dammit, get it right!
They were just exploring for unsecured systems in order to benevolently improve the Internet.

--
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
But what laws are they breaking? by Anonymous Coward · 2014-12-30 04:15 · Score: -1

Apart from being supremely annoying, does the legal system even have laws related to this? (I actually suspect that our fine congress critters don't have the first idea what a DDOS is, let alone understand the issues and why it should be illegal.)
It actually sounds like a problem in need of a solution. E.g. what is IETF doing to TCP/IP to make it easier to defend against DDoSs? Or easier to track the culprits? Because merely making it illegal in one, ten, or one hundred jurisdictions isn't going to make it go away.
1. Re:But what laws are they breaking? by Anonymous Coward · 2014-12-30 04:20 · Score: 5, Informative
  
  1) Yes, DDoSing someone is illegal
  2) In order to carry out the DDoS they very likely have millions of PCs in a botnet. Every single one of those is a count of unauthorised use of a computer system.
2. Re:But what laws are they breaking? by Computershack · 2014-12-30 04:29 · Score: 1
  
  They certainly do have laws against this. Here in the UK there is the Computer Misuse Act which is the most obvious. As regards to a solution, you can't really defend against a DDoS. There is no way to distinguish a legitimate request to www.google.com from one from a machine that is part of a Botnet until its done a certain number of retries which makes it obvious.
  
  --
  I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
3. Re:But what laws are they breaking? by nedlohs · 2014-12-30 04:30 · Score: 4, Informative
  
  It comes under the CFAA.- http://www.law.cornell.edu/usc...
  "knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;"
  a DoS is transmitting information at some point.
  Damage is broadly defined: "the term “damage” means any impairment to the integrity or availability of data, a program, a system, or information"
  Protected computer is broadly defined to include: "which is used in or affecting interstate or foreign commerce or communication"
  "without authorization" might be an issue, but I can't see courts not deciding that the DoS wasn't authorized even if one a "public" channel is being used (say slamming the authentication servers).
4. Re:But what laws are they breaking? by s.petry · 2014-12-30 04:46 · Score: 2
  
  As regards to a solution, you can't really defend against a DDoS.
  Incorrect, we defend ourselves all the time. It takes manpower to do this, but it's absolutely possible. Sure, not many companies want to invest in the manpower and expertise required, but that is not the same thing as what you said. If you are lazy or the attack is too big, there are companies that will block the DDoS for you.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
5. Re:But what laws are they breaking? by aBaldrich · 2014-12-30 05:18 · Score: 1
  
  US law applies only in the US. If these people live in West Banana Island then nobody can arrest them.
  
  --
  In soviet russia the government regulates the companies.
6. Re:But what laws are they breaking? by Ambassador+Kosh · 2014-12-30 05:42 · Score: 1
  
  If they live in any first world country what they are doing is illegal. If they live in a country where it is not illegal that is what drones are for.
  I am not saying we should use drones. It is definitely not ethical but it is a inevitable outcome. If you do a great deal of damage to powerful people and then try to avoid any punishment they will use other methods to get back at you.
  I also doubt that any country is going to keep these people from the USA. The other first world countries won't and the third world countries cant.
  
  --
  Computer modeling for biotech drug manufacturing is HARD! :)
7. Re:But what laws are they breaking? by nedlohs · 2014-12-30 05:42 · Score: 1
  
  Sure, which is irrelevant given "fine congress critters" is something I've only ever seen in reference to the US.
8. Re:But what laws are they breaking? by Anonymous Coward · 2014-12-30 05:43 · Score: 0
  
  >US law applies only in the US.
  Mod Funny
9. Re:But what laws are they breaking? by Skiron · 2014-12-30 06:05 · Score: 1
  
  "Here in the UK there is the Computer Misuse Act" So why did Gordon Brown recommend and Tony Bliar give Bill Gates an honorary knighthood? Where's the law there?
10. Re:But what laws are they breaking? by bluefoxlucid · 2014-12-30 06:06 · Score: 2
  
  You can't block a DDOS at your doorstep; it has to be blocked on the Internet backbone itself.
  
  --
  Support my political activism on Patreon.
11. Re:But what laws are they breaking? by Anonymous Coward · 2014-12-30 06:21 · Score: 0
  
  > Every single one of those is a count of unauthorised use of a computer system.
  You're implying that these people aren't voluntarily allowing their computers to be utilized.
  LOIC, anyone?
12. Re:But what laws are they breaking? by s.petry · 2014-12-30 06:25 · Score: 1
  
  As written your point is complete nonsense. My point was not defending your Comcast@home account from a DDoS, it was about protecting a business from DDoS. I work at an ISP and we defend ourselves just about every day from various DDoS attacks. We have had to bring in additional bandwidth at times to cope with massive attacks, but the majority we handle in house with a strong staff and good setup (multiple access points, and layering for entry points).
  If your point was correct as written, companies like Verisign that can alleviate a DDoS attack for you would not exist. Low and behold, they do!
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
13. Re:But what laws are they breaking? by Dragonslicer · 2014-12-30 06:48 · Score: 1
  
  You can't block a DDOS at your doorstep; it has to be blocked on the Internet backbone itself.
  If the bottleneck is your border router, sure. For many services, I would imagine that the bottleneck hit by a DDoS attack is in the processing, which should be easily mitigated by blocking requests at the border router.
14. Re: But what laws are they breaking? by Anonymous Coward · 2014-12-30 06:54 · Score: 1
  
  If you work for an ISP, you should be fired because you're an idiot. When bits haven been delivered to you, it doesn't matter what you do with them, because they still took some of your available bandwidth when they were delivered. If several hundred gigabits per second of bits are delivered to you, you are fucked...unless you are a tier 1 or 2 ISP or you are a DDoS mitigation service provider. Sure, you can block or filter the traffic, but it still took bandwidth. Sure, you can advertise blocks with pre-negotiated comm/ext comm values to upstream providers to auto-null the traffic before it's handed off...but do that for millions of IPs across dozens of providers and you've effectivitely taken yourself down. There is not an effective way to block a DDoS when an attacker is using a giant botnet composed of otherwise legitimate user machines. There's never enough bandwidth and even if a residential ISP has implemented uRPF on all customer handwidths, the IPs aren't spoofed because the attacker doesn't need them to be.
15. Re:But what laws are they breaking? by mythosaz · 2014-12-30 07:05 · Score: 1
  
  As long as you define "getting more bandwidth" as "defending against DDOS," I suppose your statement is true.
16. Re:But what laws are they breaking? by bluefoxlucid · 2014-12-30 07:06 · Score: 2
  
  I work at a broadcast company. I have worked for the Government. I have worked for a Government contractor.
  In all of these cases, Verizon or Comcast or Qwest run a cable to your site. You plug in your router, your firewall, demarc equipment. A packet sent to your network comes to that before you can do anything; you can't get on the backbone of the Internet and block it.
  For businesses who do not control the Internet backbone, 1000Mbit/s coming down their 1Gbit/s pipe means they can no longer receive client requests. If they block traffic coming from DDoS sources (static or dynamic detection, but assume correctly blocking only DDoS packets--impossible best case), they will still have traffic coming to their firewall, being evaluated, and being dropped. There won't be room for traffic to come from other sources: a site receiving 5000 connections per second at 20k/s per connection requires 100Mbit/s, but has more than that in DDoS packets trying to force it's way down the pipe, and so will receive few legitimate packets. The packets it does receive will be delayed (this is why you receive few legitimate packets: they start queueing, infinitely, and then get dropped off the end).
  To stop this, you must have some upstream router (controlled by your ISP) block those packets before they propagate down your link. For DDoS from infected computers, this means your ISP must be able to reliably detect DDoS packets and differentiate them from normal traffic. If you have an on-going short list (50, 100 nodes), you may be able to provide a temporary NULL route. More than likely, you will have one particular server under attack, with a specific public IP, and so will have to have your ISP NULL route YOUR server (take it down entirely) so that your OTHER services stay up.
  Our DDoS attacks on our CDN are allieviated automatically by NULL-routing our servers: the server's IP address is sent to the upstream ISP, which drops all packets going to that server. That server has its cable cut from the Internet for a few hours, and becomes non-functional; attacking another server would result in the same, until there is nothing left of our network. Blocking by firewall on the network not only fails to allieviate the problem, but also causes the DDOS traffic to affect all other servers connected to the Internet from that link.
  
  --
  Support my political activism on Patreon.
17. Re:But what laws are they breaking? by bluefoxlucid · 2014-12-30 07:08 · Score: 1
  
  The bottleneck is the 1Gbit link that's carrying 1Gbit of DDoS traffic to your border router, which is evaluating it and dropping it all. Dropping that traffic doesn't free up additional bandwidth to carry legitimate traffic; you'd have to block the traffic further upstream.
  
  --
  Support my political activism on Patreon.
18. Re:But what laws are they breaking? by Anonymous Coward · 2014-12-30 07:08 · Score: 0
  
  Cough Ahem sorry about that, seem to have had a tickle in my throat....
19. Re:But what laws are they breaking? by s.petry · 2014-12-30 08:07 · Score: 1
  
  I also worked at numerous companies, and I can tell you that at exactly 0 companies have we had a _single_ access point to the Internet. At the DOD we ran no less than 3 vendors at every site with access, and in commercial work I have seen not less than 2. At an ISP we obviously have more than the average commercial company.
  If a Level3 line is getting hit with a DDoS you reroute traffic to the AT&T line, etc.. etc... and obviously you start blocking protocols, networks, etc.. when transitioning routes. If all lines in the same data center get hit you start moving traffic to different data centers.
  This is not an uncommon thing to do even when a DDoS is not an issue. I can't tell you how many times we have had fiber cuts from one vendor impact traffic, so we have to reroute traffic to a different carrier.. In some ways, dealing with a DDoS is the same thing as practicing high availability.
  As to the renting additional bandwidth, we have used the Verisign service for cleaning some traffic because the DDoS far exceeded anything we could do on our own (and we have a shit ton of bandwidth). This was done once in the last 2 years, and we only needed the service for a day even though the DDoS ran for about a week.
  The way you portray it, a company can only have 1 vendor and 1 access point to the internet. Your assertion is false, as is your assertion that you can't defend against a DDoS. Not paying for it is not the same as it being impossible, it does take planning and investment. Nope, nothing is perfect as my Verisign example above should clearly demonstrate.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
20. Re: But what laws are they breaking? by Bengie · 2014-12-30 08:39 · Score: 1
  
  I think the largest DDOS was around 600gb/s, which is about $36k/month of bandwidth from your local IX.
  
  1) Buy up terabits of bandwidth around the world at prices as low as $0.06/mbit at an IX
  2) Filter data at the edge
  3) Forward filtered data back to your non-general-Internet-routable datacenter.
  
  You just need to move your edge to where bandwidth is plentiful and cheap and do all of your filtering there.
21. Re:But what laws are they breaking? by bluefoxlucid · 2014-12-30 08:58 · Score: 2
  
  If a Level3 line is getting hit with a DDoS you reroute traffic to the AT&T line
  72.133.15.2, which is on your assigned 72.133.15.0/24 block, is being hit by gigabits of traffic per second. That means everything else on the 72.133.15.0/24 block is affected.
  To reroute, you have to call your ISP and failover your incoming route. It comes off the Level 3 line, and onto your AT&T line.
  Now your AT&T line is being hit by gigabits of traffic per second, as the traffic is still going to 72.133.15.2, which is routed to the 72.133.15.0/24 subnet.
  I'm not talking about fiber traffic; I'm talking about ROUTING A TON OF TRAFFIC TO AN IP ADDRESS. When you move the line that the IP address is on, ALL THE TRAFFIC GOES TO THE NEW LINE. IP addresses are routed to by subnets, which means THE WHOLE SUBNET FOLLOWS THE ROUTE CHANGE, and so the traffic and all affected addresses follow the route change. Your Web, E-mail, FTP, and VPN servers are all affected by this DDOS? Well, when you swap over to your AT&T line, your Web, E-mail, FTP, and VPN servers all go there, and so does the DDOS traffic!
  You can change lines when somebody physically digs up and cuts a fiber line. That works. It works when Verizon fucks up and Qwest is working. When bombs are being brought down Green street to your house, blocking off Green street and making the bombers carry them down Violet street to THE SAME HOUSE doesn't stop your house from getting blown up.
  
  --
  Support my political activism on Patreon.
22. Re:But what laws are they breaking? by Oligonicella · 2014-12-30 09:05 · Score: 1
  
  It's a very good implication. Yours is the strained implication.
23. Re:But what laws are they breaking? by s.petry · 2014-12-30 09:45 · Score: 1
  
  Writing in all caps does not make you correct, so try normal dialogue. Following the normal Socratic method lets simplify this down to a question.
  If you have a mail server on the Internet and your line is from Level3 what do you do if your line gets cut? Say fuck it, it'll be back in a few days time or do you have a second line that you can move some DNS entries and reroute all the traffic. (Routing is obviously not just the 'route' command).
  In nearly all cases you need a second access point. Sure, you have to do some work to get access back, but you are not incapable of working around a cut line. Most importantly, you don't want to wait until after the fact to have this ready.
  A DDoS attack is similar, except that you need to figure out what the target is so that you can start rerouting everything else and filter unwanted content (or non-critical content). Not hosting your own DNS is a cost issue, not an impossible task. Not having multiple access points is similarly a cost issue and not an impossible task. If our Level3 access route gets DDoS'd, we start routing everything over to AT&T or Qwest, or Sprint, or what ever carrier we need to use. We have numerous networks and DNS in numerous networks for just this reason. DDoS our 72.100.1.1 DNS server and our 33.122.1.1 server will still answer. DDoS a host and we change the route to that host with a lot of filtering in between (the latter being a route command issue). Clients generally don't use the IP address, they use the host name for access.
  Again, you are trying to claim that you must hedge all of your bets on a single access point which is absolutely false. If your company has everything on a single network that is a financial decision. We have numerous class Cs so that we don't have a dependency on a single network. You are choosing (or your company has chosen) not to pay for things.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
24. Re:But what laws are they breaking? by bouldin · 2014-12-30 14:10 · Score: 1
  
  You are correct, if the DDoS relies on raw bandwidth.
  Some DDoS attacks work closer to layer 7. E.g. ask the webserver to do something complicated and slow, maybe something that requires a bunch of database queries.
  That kind of DDoS relies on asymmetry. .. The response is much more expensive than the request.
  AFAIK nobody has said how the Christmas DDoS attacks worked.
25. Re:But what laws are they breaking? by bluefoxlucid · 2014-12-31 03:07 · Score: 1
  
  Writing in all caps does not make you correct,
  
  The bold and emphasis tags haven't worked for me in 4 years.
  
  If you have a mail server on the Internet and your line is from Level3 what do you do if your line gets cut?
  A line getting cut is not a DDOS. A DDOS is when you open a web browser, go to the page, and hit REFRESH 40 times a second. On 80,000 computers. At the same time. For 2 hours.
  
  A DDoS attack is similar, except that you need to figure out what the target is so that you can start rerouting everything else and filter unwanted content (or non-critical content)
  Wrong. DDOS you black hole the server: you shut it off by having the backbone of the Internet route your shit elsewhere. That means your upstream ISP has to insert a static route into their routers--their equipment, not yours.
  
  Not hosting your own DNS is a cost issue, not an impossible task.
  You don't fix DDOS by DNS. www.Slashdot.org here is 216.34.181.48, and the plain slashdot.org is .45; if I fire a DDOS at either of those IP addresses, they both go down (it's the same subnet, thus routed to the same link). If you change the slashdot.org DNS, the packets keep coming down that link anyway.
  
  If our Level3 access route gets DDoS'd, we start routing everything over to AT&T or Qwest, or Sprint, or what ever carrier we need to use.
  If you fail over the link from Verizon to Comcast, the packets start coming down Comcast immediately. Think about it: when you fail over the link, you are rerouting packets going to those addresses. Well, DDoS packets are going to those addresses. They're not addressed to a link (they can't be), but to an IP address. They flood your active line, always; you can't prevent that.
  
  Clients generally don't use the IP address, they use the host name for access.
  Clients generally cache the IP address for a little bit; but that's irrelevant. A DDoS attack, in particular, is ineffective if you run a DNS look-up between each packet: there would be a wide delay between packets (it takes anywhere from 20 to 500mS to run a DNS look-up; meanwhile, you're trying to send over 2000 packets per second from one node, i.e. one per 1/2 mS). Instead, you pull the IP at the beginning of the attack, and then you start shoving packets at that IP. 800 trillion packets to 216.34.181.45, one DNS look-up.
  
  Again, you are trying to claim that you must hedge all of your bets on a single access point which is absolutely false.
  
  I'm claiming that packets going to a route will affect all routes on that link; and that failing over that link to a different link will route all packets going to that route to the new link. If you are attacking a node on that route, failing over the link will move the attack to the new link. You can't block the attack downstream; it has to be blocked upstream, because the attack is flooding the link, and your firewall or router receives packets *after* they've traversed the link you're trying to defend. Only your upstream ISP can respond to a DDoS in any effective way.
  The only "financial decision" you can make regarding this is the decision to buy a different physical line to your building for each individual public service you run. Possibly multiple physical lines for a service, e.g. two lines for a HA web cluster. That means you would pay $500/mo for Verizon 250Mbit/s to your Web server, $500/mo for another Verizon 250Mbit/s line run over a separate cable to your second Web server, $500/mo more for another 250Mbit/s fiber line run to your e-mail server, etc.
  You clearly have no idea what you're talking about. This became clear the moment you started treating packet attacks like infrastructure attacks. "Oh, if they cut the link, I'll just use another link." Yeah, no. This isn't that somebody bombed the road to the bunker, so you take a different road; people are dropping bombs on YOU, and whatever road you drive down will have bombs dropped all over it trying to hit your Jeep.
  
  --
  Support my political activism on Patreon.
26. Re:But what laws are they breaking? by s.petry · 2014-12-31 05:34 · Score: 1
  
  A line getting cut is not a DDOS. A DDOS is when you open a web browser, go to the page, and hit REFRESH 40 times a second. On 80,000 computers. At the same time. For 2 hours.
  
  No, it's not the same but the reaction a company should have is similar because the result of the attack is almost exactly the same. Notice that you completely ignore the question and go off on a tangent back to your same "I only have 1 IP for access" bullshit answer. Sorry, but at this point there is no other explanation for your position. You ignore logic and reason and continue with faulty logic based on an invalid premise.
  
  If you fail over the link from Verizon to Comcast, the packets start coming down Comcast immediately.
  The only way this would be true is if I had the same IP space on the two carriers, and we don't. In fact the amount of work to move IPs between carriers means that nobody does. You have obviously never tried to do something like this, or you are forgetting all of the requirements to do so.
  
  Clients generally cache the IP address for a little bit; but that's irrelevant. A DDoS attack, in particular, is ineffective if you run a DNS look-up between each packet: there would be a wide delay between packets (it takes anywhere from 20 to 500mS to run a DNS look-up; meanwhile, you're trying to send over 2000 packets per second from one node, i.e. one per 1/2 mS)
  Straw man argument, I never said that there was an instant fix to a DDoS. I said there is a defense which takes planning, work, and expertise. This should obviously imply that it also takes time and is not instant.
  Given that you can not consider a world without your invalid premise that everything must live on a single static IP address there is no point in continuing the discussion. I will tell you that every company I have worked for including the DOD has had similar mechanisms for defending against DDoS attacks. No service should ever be bound to a single interface and be called Highly Available. Ever! This means that even if an IP gets blasted for a week the server can remain functional and clients remain functional. Service degradation depends on where you can dump off traffic, and hopefully you are losing it at least a layer before the server (preferably 2 or more). And no, there is no restriction to having just 2 networks either. You can have as many as you want to justify.
  If you continue to argue with your invalid premise regarding a single static IP address I can only assume you are a troll. Otherwise, if you can answer the question I proposed regarding a line failure and come to a single carrier solution which is HA I will concede to your amazing wisdom. You can't, so I'm not going to hold my breath.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
27. Re:But what laws are they breaking? by sabbede · 2014-12-31 06:38 · Score: 1
  
  It depends where they are based. There are plenty of nations where even if it is technically illegal, law enforcement either doesn't care, has been bought off, or are actually responsible - such as North Korea, China, Russia, Syria, etc.
28. Re:But what laws are they breaking? by bluefoxlucid · 2014-12-31 07:45 · Score: 1
  
  No, it's not the same but the reaction a company should have is similar because the result of the attack is almost exactly the same.
  Choking on a hotdog is almost exactly the same as an angry biker wrapping a half-inch steel chain around your neck and choking you to death. The reaction should be similar.
  
  The only way this would be true is if I had the same IP space on the two carriers, and we don't. In fact the amount of work to move IPs between carriers means that nobody does.
  Uh. When our /23 fails on Verizon, Comcast takes up the link. We even have multi-path, so we can send out stuff from the same IP on Comcast OR Verizon at any time; return packets always route down whichever link is active. We have exactly one /23 address space.
  Last month, Comcast managed to lose a fiber line. That line was rerouted through our Comcast link. Packets routed to the same IP addresses came down it.
  
  Notice that you completely ignore the question and go off on a tangent back to your same "I only have 1 IP for access" bullshit answer.
  We have 510 IP addresses for access. They're on a /23 routed subnet. DDoS any one of those and the rest go down. Do you know why that happens? It has to do with how routing works: a routed subnet, at its last leg, goes across one link (one cable or multiple cables bound together as one link). When you send anything to that subnet, it eventually hits that link. If you flood that link, the whole subnet is blocked off.
  
  Straw man argument, I never said that there was an instant fix to a DDoS.
  You started talking about DNS, remember?
  
  Clients generally don't use the IP address, they use the host name for access.
  This is saying, "Oh, you just go change the DNS entry for the host under attack, and the packets go nowhere." Yeah, no. DDoS attacks generally don't use the host name; they use the IP address for access.
  
  Given that you can not consider a world without your invalid premise that everything must live on a single static IP address
  My premise is that routing works the way it does in the real world, and that attacking a single IP address in a subnet takes down the whole subnet. That's how it works. My premise is also that changing the link used to route your subnet (e.g. from Verizon to Comcast) will bring all traffic--including attack traffic. You function in this imaginary world where you just switch over all your services and somehow evade shitloads of legitimate-like traffic behaving exactly like legitimate traffic, without taking out your legitimate traffic as well; that doesn't work.
  I handle these things in the real world. I've handled 14 DDoS attacks this year. I know how our links are built, I know how our links fail over, I know how routing works from routing protocols right down to the way frames are forwarded across the wire. I know, physically, how DDoS attacks work--what links are lighting up, how the packets are formed, and how the routers decide where to forward them. I know how they comingle with legitimate traffic, and how they crowd it out.
  I know god damn everything.
  You're floundering around with inspecific and blatantly wrong comments. You don't even understand what DNS does, what it's for, or how IP and hostnames work--otherwise you wouldn't yammer on about how clients access by hostname and not IP. You don't seem to understand how useless DDoS against a DNS server is, either (since every client uses their ISP's local DNS server, which has your server's data cached anyway).
  Seriously, what kinds of systems do you architect? Because they're obviously not network systems. Do you mean "System Engineer" as in "guy who builds Web servers"?
  
  Otherwise, if you can answer the question I proposed regarding a
  
  --
  Support my political activism on Patreon.
29. Re:But what laws are they breaking? by s.petry · 2014-12-31 09:21 · Score: 1
  
  Choking on a hotdog is almost exactly the same as an angry biker wrapping a half-inch steel chain around your neck and choking you to death. The reaction should be similar.
  Yawn, reductio ad absurdum is extremely unimpressive.
  
  We have 510 IP addresses for access. They're on a /23 routed subnet.
  Really now? How can that be possible when nobody else can function without a broadcast address at a minimum. Or is this just an appeal to emotion trying to demonstrate that you are intelligent? I vote for the latter, and reject it as irrational just like your single point of failure argument.
  
  This is saying, "Oh, you just go change the DNS entry for the host under attack, and the packets go nowhere." Yeah, no. DDoS attacks generally don't use the host name; they use the IP address for access".
  You attempted to first claim that a client would have a delay in connecting so HA was impossible. I rejected that as a straw man, so your defense is to then falsely claim I don't know what DNS is for (while you ignore one of many features). In your world it seems impossible for 2 or more addresses to exist on a single host, and for a CNAME point to one of these addresses. The only option is a single interface on a single host, and everything is hard coded all the time. Further, you can not have multiple networks, you must only live on a single network. If I didn't think you believed it I would laugh out loud.
  
  My premise is that routing works the way it does in the real world, and that attacking a single IP address in a subnet takes down the whole subnet
  Then you are a flipping dolt that should really learn the benefits of having multiple networks and interfaces. If any of the hosts on one network gets attacked I shift my primary connections to their second interfaces on a completely different network. These are not insurmountable challenges, at all. Stop attempting to claim that your only option is a single network. If _you_ have a single /23 then shame on you, try purchasing multiple smaller networks with different carriers.
  This is the icing on the cake..
  
  I handle these things in the real world. I've handled 14 DDoS attacks this year. I know how our links are built, I know how our links fail over,
  You said that handling attacks was impossible, so by your own terms you can not be telling the truth. You are either lying here, or lying on your original premise. Your imaginary scenario of having a single access point is still wrong, You still can't answer the question regarding a single point of failure because in your world everything is a single point of failure. You are simply a troll, and not a very good one.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
30. Re:But what laws are they breaking? by bluefoxlucid · 2015-01-02 04:12 · Score: 1
  
  Yawn, reductio ad absurdum is extremely unimpressive.
  It was a blunt analogy; considering a DDOS similar to a fiber line cut is patently absurd. One of them is an infrastructure problem, such as the dry rotting of a support timber; the other is an adversarial problem, such as a mob stationed outside your house with siege engines (you know, catapults, ballistas, gunpowder barrels).
  
  Really now? How can that be possible when nobody else can function without a broadcast address at a minimum.
  The broadcast address is the highest address in a subnet. For 200.100.100.0/24, the broadcast address would be 200.100.100.255. Maybe you should learn about networking.
  
  You attempted to first claim that a client would have a delay in connecting so HA was impossible.
  Yes, I covered all considerations, rather than just one.
  
  In your world it seems impossible for 2 or more addresses to exist on a single host, and for a CNAME point to one of these addresses.
  First off, it doesn't help. Second, your claims included that I can't migrate a subnet between providers. Third, I've repeatedly pointed out that having an attack come to any address on the subnet clogs that entire subnet.
  I haven't claimed that you can't have 2 or more addresses on a single host, or point a CNAME to either. I claimed that it doesn't help. I have covered that: 1) when I fail over the subnet to a different line, the DDoS will follow it; 2) DNS takes time to propagate, and so changing DNS isn't a solution in any case; 3) if I change the IP address to a different subnet, the C&C can detect the change and instruct the botnet to retarget to the new IP address. I've done this many times.
  
  You said that handling attacks was impossible
  You assert that a host can magically filter DDoS and keep legit traffic by some mechanism. I assert that the way to handle the DDoS is to have the target IP NULL routed, which takes the host entirely off the network. You cannot defend against DDoS: you can only withdraw the target and concede.
  
  Your imaginary scenario of having a single access point is still wrong
  I'm working, again, in a multiple access point scenario. You claim that scenario is impossible: you claim I can't fail-over subnets to alternate providers--a task that takes about 1 minute. Fail-over works by our primary provider ceasing to hold ownership of the subnet, while the secondary provider advertises the route. This causes a propagation of routing table updates over the Internet backbone, which makes packets addressed to our subnet follow the path to our new link. It's not even a phone call; we have online UIs at each provider to make them assume ownership of the route.
  You did make the claim that this simple routing update is so ungodly complex that nobody does it, anywhere, ever.
  
  --
  Support my political activism on Patreon.
Re:And cue the story about how they were infiltrat by TheCarp · 2014-12-30 04:16 · Score: 2

I wonder how much target validation they do.
If I were sony I might pay someone to be their first customer. Target of course would be important backend infrastructure for a major retailer..... then hand them a list of DoD IPs to hit.
Oh you want me to pay you to poke sticks at sleeping animals? Here is $10 go poke that bear.

--
"I opened my eyes, and everything went dark again"
Why pay for something that can be found by Stan92057 · 2014-12-30 04:23 · Score: 1

Why pay for something that can be found searching duckduckgo"they have to change that name lol" for free? And its not like theses scum are what i would call a trustworthy business or humans.

--
Jack of all trades,master of none
"We'll pay," says the FBI by NotDrWho · 2014-12-30 04:26 · Score: 4, Funny

"Just send us your address, so we can mail you the check."

--
SJW's don't eliminate discrimination. They just expropriate it for themselves.
1. Re:"We'll pay," says the FBI by Anonymous Coward · 2014-12-30 08:18 · Score: 0
  
  "Our address is 13ZYJcejSVQvcv6MJejAtBQKzsHns51Gpv. Looking forward to do business with you guys again!"
GP knows - he was already stoned by raymorris · 2014-12-30 04:35 · Score: 1

GP knows what he's talking about - he was already stoned when he wrote that.
Anybody else get the feeling... by Anonymous Coward · 2014-12-30 04:39 · Score: 0

Either humanity has gotten way stupider, or this is a PsyOp to help get public backing for new and restrictive legislation?
The past, the future by puddingebola · 2014-12-30 04:39 · Score: 1

If I'd said 10 years ago there would be hacker collectives bringing down corporate information services then selling the hacks and software for money I'd have said there's no way.... wait, I'd of probably said that sound reasonable. Things will get much worse. Does anyone have a suggestion about how organizations can prevent these attacks? Bruce Schneier, where are you?
1. Re:The past, the future by HBI · 2014-12-30 04:48 · Score: 2
  
  Essentially, the solution will be a form of whitelisting. The mechanics are mutable. The free and open Internet is already dead, but the corpse hasn't been interred yet.
  
  --
  HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
2. Re:The past, the future by Anonymous Coward · 2014-12-30 07:03 · Score: 0
  
  An opt-in for data transfers (signed by the receiving end).
  Central whitelisting (or a distributed firewall at AS boundaries) seems too 'simple' and not completely elegant. It doesn't work in the anti-spam email world (and it won't work here). Firewalls are for blocking services (not anti-abuse in services).
3. Re:The past, the future by HBI · 2014-12-30 08:21 · Score: 1
  
  I'm talking about not routing the traffic, not firewalls per se. Border security is pointless - the traffic has to be stopped before that.
  
  --
  HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
bullshit by Anonymous Coward · 2014-12-30 04:42 · Score: 0

where was this claim LAST YEAR when the same little shits did the same thing to several online games?
Lizard Squad ... by CaptainDork · 2014-12-30 04:50 · Score: 1

... it's a code name for FBI sting op.

--
It little behooves the best of us to comment on the rest of us.
1. Re:Lizard Squad ... by Anonymous Coward · 2014-12-30 05:22 · Score: 0
  
  Lizard Squad now has a great reputation that will get them hacking jobs for Hydra and SPECTRE
2. Re:Lizard Squad ... by Skiron · 2014-12-30 06:02 · Score: 1
  
  Don't forget U.N.C.L.E.
The silver lining by trawg · 2014-12-30 05:07 · Score: 2

The positive side is that hopefully it provides further incentives for companies like Microsoft to work harder to try to mitigate DDoS problems at the source.
Microsoft are in a unique position as their operating system is - it seems - in many cases the base platform for launching these attacks. It'd be great to see a concerted effort along with a company like Google to start actively trying to massively reduce the number of systems that are regularly involved in DDoS attacks.
1. Re:The silver lining by bluefoxlucid · 2014-12-30 06:10 · Score: 2
  
  Yeah, there you go. "Microsoft should make a secure operating system." You don't understand the problem.
  To mitigate DDoS as you say, at the OS level, we would need to make the OS only run software that the Great Benevolent Dictator allows. Microsoft could publish a list of software Microsoft has decided you can install, and you can install only those softwares. Mind you, if the softwares have any security holes, it's still possible to hack in and use the node as a DDOS source.
  Think about it. No installing Cygwin. No downloading open source games. No Indie games, unless the Indie developers pay Microsoft to let their games run on their platform. Steam? Uh, no, no software that runs arbitrary code. Java? Java is dead. No scripting languages.
  
  --
  Support my political activism on Patreon.
2. Re:The silver lining by JustNiz · 2014-12-30 07:08 · Score: 1
  
  True but I'm not holding my breath. Microsoft have had multiple decades to secure Windows, and still haven't done anything credible. They just keep coming up with clueless crap like UAE.
  It looks to me like this problem will only go away when people finally get a clue and stop buying/using Windows.
3. Re:The silver lining by JustNiz · 2014-12-30 07:23 · Score: 1
  
  No, the problem is that the Microsoft philosophy is still to keep layering tweaks on hacks on mods of a design that was originally intended to be an application running on a single-user PC not on a network.
  Consequently installing or even just running apps can still extend/modify/override the operating system itself i.e. write files into c:/windows and/or modify the registry (even having a registry in the first place is a completely stupid idea for exactly this and many other reasons).
  If Microsoft had ever decided to fully decouple/lock away the entire OS from apps, just like Unix/Linux and pretty much every other professional multiuser OS does, this problem wouldn't even be here today.
4. Re:The silver lining by Anonymous Coward · 2014-12-30 07:59 · Score: 0
  
  The DDoS problem cannot be solved at end user level. The solution will eventually come at network access layer, but because it requires ISPs around the world to invest in smarter and faster hardware, the change only happens when there's sufficient incentive, such as higher traffic priority classes in the internet core for compliant operators. So yeah, good job lizards nerds, you're only accelerating the demise of net neutrality.
5. Re:The silver lining by bluefoxlucid · 2014-12-30 08:46 · Score: 1
  
  If I got you to install a Chromium extension that started when you log into your desktop (KDE, Unity, Gnome, whatnot), I could have you install an extension which runs in the background (like Google Hangouts) and simply pings the shit out of things I tell it to.
  In other words: if I can get you to download and run a program on Linux, as a regular user, with no root privileges and no write access outside $HOME, I can turn your machine into a DDOS node in a botnet.
  The problem we have on Windows is users downloading stupid shit from the Internet, such as Slashdot's ads constantly sending me to install some kind of codec to watch a video or to a fake Firefox update site. I even got caught by BlueStacks, as I had no idea wtf I was doing and typed "BlueStacks" into Google, and the first result falsely claimed to be the BlueStacks home page (it was a sponsored result!) and packaged 5 pieces of software--TWO of which were malware (one hijacked Firefox by installing some RocketTab extension, which sent everything I did through a proxy)--with BlueStacks.
  Any software can install a start-up option in HKCU\Software\Microsoft\Windows\CurrentVersion\Run. Any string entry there is run on start-up for that user. The hive for this is stored in the user's directory (usually C:\Users\$USER\). This is where e.g. Yahoo Messenger puts itself when you install it (if you install it as Administrator, it puts itself in HKLM under the same key, so it starts on log-in for ANY user). Such software can make a connection to a Web site (just like a Web browser), obtain instructions, and then do whatever (e.g. make thousands of connections per second to some IP address, just like a Web browser or FTP client or AOL Instant Messenger).
  Writing to C:\Windows isn't required any more than writing to /usr/bin is required. You can hijack someone's computer without administrative rights.
  
  --
  Support my political activism on Patreon.
6. Re: The silver lining by Anonymous Coward · 2014-12-30 11:08 · Score: 0
  
  Here's an idea, identify the botnets and tell the infected owners.
7. Re:The silver lining by JustNiz · 2015-01-01 07:41 · Score: 1
  
  So what you're saying is that with Linux I have to do something deliberately stupid ( install an UNTRUSTED Chromium extension that started when you log into your desktop).
  Windows is FAR easier to hack than linux. I mean if nothing else just look at all the open ports on a windows box compared to a linux box.
8. Re:The silver lining by bluefoxlucid · 2015-01-02 04:18 · Score: 1
  
  So what you're saying is that with Linux I have to do something deliberately stupid
  Well, on Windows, you have to run an external program, install an extension, or use a Web browser or e-mail client with a security hole. For example, Firefox and Chrome have had dozens of bugs over the past 6 months which allowed for the automatic background downloading and executing of programs without informing the user, or which would execute some data (images, java script variables) as code (which could then download a program and run it).
  On Linux, the same has been true. If you haven't run apt-get update/upgrade for a while, you may have picked up a shell script sitting in your $HOME and injected into your ~/.bashrc, or possibly a Gnome start-up application, or a Firefox or Chrome extension in your profile directory. This could happen without your knowledge.
  Often, these bugs are exploited in the wild by hacked ad networks or odd attachments on forum posts. It may be impossible to defend against them, sometimes. Apple has this problem with people exploiting Safari well before Apple knows it's exploitable, which has been used for the famous Carpet Bomb attack (which was capable of putting an icon on the desktop that claimed to be Safari, but ran a malicious program that installed a trojan and then ran Safari so as to do what the user expected).
  It's not the open ports; we're all behind NAT, and don't have public IPs to hack. I can open all kinds of shit on my machine safely. I don't need to run a firewall on Windows, and can turn on all services, with no authentication: nobody can actually connect to my machine from the Internet. It's the client software that's the problem. It's the buggy Web browsers, e-mail clients, instant messenger software, and so on.
  
  --
  Support my political activism on Patreon.
I know what their botnet is by Anonymous Coward · 2014-12-30 05:10 · Score: 0

It's Mechanical Turk. They ask people to logon to Xbox over and over for $.00001 a attempt. It's the Mechanical Turk, so they never pay, but that doesn't stop the dupes from signing up.
1. Re:I know what their botnet is by faedle · 2014-12-30 05:30 · Score: 1
  
  Change the $ to BTC and you may have what some of the "faucets" are, in fact, doing.
I saw this in an episode of BBC's "Sherlock" by Anonymous Coward · 2014-12-30 05:27 · Score: 0

Moriarty: How hard do you find it? Having to say, "I don't know."?
Sherlock: I don't know.
Moriarty: Oh that's clever. That's very clever. Awfully clever. Speaking of clever, have you told your little friends yet?
Sherlock: Told them what?
Moriarty: Why I broke into all those places and never took anything.
Sherlock: No.
Moriarty: But you understand.
Sherlock: Obviously.
Moriarty: Off you go then.
Sherlock: You want me to tell you what you already know.
Moriarty: No, I want you to prove that you know it.
Sherlock: You didn't take anything because you don't need to.
Moriarty: Good.
Sherlock: You'll never need to take anything ever again.
Moriarty: Very good. Because...
Sherlock: Because nothing—nothing in the Bank of England, the Tower of London or Pentonville Prison could possibly match the value of the key that could get you in to all three.
Moriarty: I can open any door anywhere with a few tiny lines of computer code. No such thing as a private bank account now, they're all mine. No such thing as secrecy. I own secrecy. Nuclear codes. I could blow up NATO in alphabetical order. In a world of locked rooms, the man with the key is king, and honey, you should see me in a crown.
Sherlock: You were advertising all the way through the trial. You were showing the world what you can do.
Moriarty: And you were helping. Big client list. Rogue governments. Intelligence communities. Terror cells. They all want me. Suddenly, I'm Mr. Sex.
Sherlock: You could break any bank. What do you care about the highest bidder?
Moriarty: I don't. I just like to watch them all competing. "Daddy loves me the best!". Aren't ordinary people adorable? Well you know. You've got John. I should get myself a live-in one.
Re:And cue the story about how they were infiltrat by reanjr · 2014-12-30 05:50 · Score: 1

Correction: an FBI agent with some Bitcoins.
Unfortunately ... by Skiron · 2014-12-30 06:00 · Score: 1

... all the compromised boxes to set up this DDoS network run MS software, and that is licensed, so you CANNOT sell what you don't own when you own it, even if you didn't own it when you owned it.
Didn't they get enough money from Kim? by Anonymous Coward · 2014-12-30 06:01 · Score: 0

Or from Kim?
Gaming is for fools. by Anonymous Coward · 2014-12-30 06:07 · Score: 0

Agreed that "gamers" waste their lives on pursuits that gain them zero + take their money ontop of it.
1. Re:Gaming is for fools. by Oligonicella · 2014-12-30 09:00 · Score: 1
  
  Gain them zero? And you don't do things that 'gain you zero'? Bet you masturbate.
broken fingers by noshellswill · 2014-12-30 06:23 · Score: -1

Never suggest it myself, but sounds like some NET-vigilantes might bust one/two/three of the DDOSers and break their fingers and knee-caps. Kinda tuff to be a byte-perp when ya can't bend-a-knee or type! Ever. The message would get thru fast ... eh hoser?
I really doubt these fellows are behind it by ZeroSerenity · 2014-12-30 06:27 · Score: 1

I've noticed that in the leadup to these attacks somebody going by Lizardpatrol1 had just been running around vandalizing Wikipedia. I think they're just cashing in on the instability of simultaneous new consoles being attached to sell the vapor product.

--
For those who seek perfection there can be no rest on this side of the grave.
Next-generation load testing software by nadass · 2014-12-30 06:53 · Score: 1

If their BBC interview is any indication, provide these guys/gals with your credentials and they'll gladly pass it along to the next set of bandits (GoP)... except, since this is a new service, they'll also take your money AND they'll gladly take down your organization.

It's merely a sucker's bet.
What if it were Netflix? by RobSwider · 2014-12-30 07:08 · Score: 1

It's too bad they used XBOX LIVE and PSN as the target. So people who spent their own money on something that required internet access were told "It's only a game, relax, go outside". If they really wanted to impact "real people", they'd have attacked Netflix. There's a lot of blaming the victim in this thing. You paid too much for your toy! That's what you get for trying to play games!! It's your fault for buying something that requires internet access! Bottom line is people paid for something. The company was otherwise able to provide the service. A third party stepped in and blocked that.
Re:And cue the story about how they were infiltrat by Anonymous Coward · 2014-12-30 07:35 · Score: 0

The hackers would cash in, order their bots to do the job they were hired to do and go on with their lives. DDoSes are not done from the attacker's computer; he controls many machines, usually without the owner's knowledge. If caught, Sony would be in a heap of trouble explaining why they hired hackers to attack military targets.
Re:And cue the story about how they were infiltrat by TheCarp · 2014-12-30 07:47 · Score: 1

> The hackers would cash in, order their bots to do the job they were hired to do and go on with their lives.
and then they would likely find their botnet being rapidly dismantled, and identified as a threat since they obviously can't keep their activities in the civilian world. Not too many really want state security apparatus, who have little sense of humor and no qualms about working overtime, actually looking to identify them.
> If caught, Sony would be in a heap of trouble explaining why they hired hackers to attack military targets.
If caught they would also likely re-attract the ire of the service owners too. However, thats why I said pay someone else to hire them, their part in the fiasco could be quite small I would assume they should be in a good position to keep their own part hidden.
Shit, pay someone in China to do it and I doubt anyone will look past the persons country of origin since "chineese hacker" is good enough for all they care a press release.

--
"I opened my eyes, and everything went dark again"
DDOS = lame by JustNiz · 2014-12-30 07:53 · Score: 1

I can appreciate the skill behind a clever, intelligent hack, but DDOS is just lame squared.
For ruining Christmas for so many kids, I hope those skript kiddie fuckers get caught and have their whole lives ruined.
1. Re:DDOS = lame by sabbede · 2014-12-31 06:28 · Score: 1
  
  Agreed.
  It could be that I've read too much cyberpunk, but I'd like to see MS and Sony do the catching and ruining. Assuming that these pricks aren't located entirely in a nation willing and capable of handling them legally of course.
  But how satisfying would it be if photos of their corpses with Surface Pros through their heads started appearing? Or the outlines of PlayStation controllers protruding from their necks?
I love by Anonymous Coward · 2014-12-30 07:54 · Score: 0

... the free market!
Hail Eris
Critter Christmas by Anonymous Coward · 2014-12-30 09:27 · Score: 0

Way up in the mountains in a small little town,
The Main Street was being decorated all up and down.
People stood in long lines, sometimes waiting hours or more,
Because Christmas needs to be bought in a store.
But out in the forest, not too far away...
not if they dont have a botnet by bouldin · 2014-12-30 13:34 · Score: 1

1. The IPs they used for the DDoS are almost certainly known now.
2. There are several groups (Sony, FBI, probably Microsoft, some infosec companies) who want to see the botnet dismantled.
3. As each host is remediated or blocked (ISP walled garden), said botnet shrinks.
Unless these guys have some zero-days and malware kits up their sleeves, their DDoS capabilities will not be around for long.
Marketing is the key to success! by Anonymous Coward · 2014-12-30 22:06 · Score: 0

It's like a weapon manufacturer makes bombs and they demonstrate their products by bombing a small country.
NICE!
Next in marketing plan: hire a SEO company to optimize web page.
Corporate security needs to get aggressive. by sabbede · 2014-12-31 06:19 · Score: 1

If Microsoft wants to hire some mercenaries to deal with these dicks in a permanent fashion, I won't complain. The fact that Sony doesn't have actual ninjas on staff is a constant source of disappointment, but easily fixed.
Remove Xbox live/PSN (single point of failure) by Anonymous Coward · 2014-12-31 09:35 · Score: 0

Simple... Get rid of psn/Xbox live sign in. Or, at least allow users to play the games if said services are unavailable.
No need for expensive anti-ddos or whatever.
Sony/MS take your money and want control but can't maintain control in these situations.
Without these single points of failure, this issue would not have happened