Slashdot Mirror
Lizard Squad: Xbox Live, PSN Attacks Were a 'Marketing Scheme' For DDoS Service
blottsie writes The devastating Christmas Day attacks against the gaming networks of Sony and Microsoft were a marketing scheme for a commercial cyberattack service, according to the hackers claiming responsibility for the attacks. Known as Lizard Squad, the hacker collective says it shut down the PlayStation Network (PSN) and Xbox Live network on Dec. 25 using a distributed denial-of-service (DDoS) attack, a common technique that overloads servers with data requests. The powerful attacks rendered the networks unusable for days, infuriating gamers around the world and causing yet-untold losses of revenue. Now, members of Lizard Squad say the group is selling the DDoS service they used against Sony and Microsoft to anyone willing to pay.
not like you can play any game on the first day anyway
everything is virtualized to the point where they support average players months after release and not the day of release and idiots not only pre-order the games, they change the store country to play it the second it goes live somewhere in the world.
"anyone willing to pay" -- you mean like an FBI agent with a credit card?
Old age and treachery almost always overcome youth and skill.
Sounds like an awesome way to get caught and shutdown. Keep at it boys.
X
devastating
No, there are lots of things that have happened in the past week that qualify as devastating, but these were not on that list. A major annoyance? Sure. Devastating? Not so much. Just because some people who paid too much for a gaming system weren't able to use it the first day after they got it; and the companies who sold it to them had to wait a little longer to get credit card numbers to charge monthly fees for these people, doesn't make it devastating.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I wonder how much target validation they do.
If I were sony I might pay someone to be their first customer. Target of course would be important backend infrastructure for a major retailer..... then hand them a list of DoD IPs to hit.
Oh you want me to pay you to poke sticks at sleeping animals? Here is $10 go poke that bear.
"I opened my eyes, and everything went dark again"
Does Anonymous have teeth anymore? Since their big players were de-Anonymized and rounded up by the FBI I haven't seen them do...much...
We don't have a state-run media we have a media-run state.
1) Yes, DDoSing someone is illegal
2) In order to carry out the DDoS they very likely have millions of PCs in a botnet. Every single one of those is a count of unauthorised use of a computer system.
"Just send us your address, so we can mail you the check."
SJW's don't eliminate discrimination. They just expropriate it for themselves.
Son, this is the United States of America. Messing with a big corporation here is like slapping momma, spitting on the flag, and fucking an apple pie--in that order.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
It comes under the CFAA.- http://www.law.cornell.edu/usc...
"knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;"
a DoS is transmitting information at some point.
Damage is broadly defined: "the term “damage” means any impairment to the integrity or availability of data, a program, a system, or information"
Protected computer is broadly defined to include: "which is used in or affecting interstate or foreign commerce or communication"
"without authorization" might be an issue, but I can't see courts not deciding that the DoS wasn't authorized even if one a "public" channel is being used (say slamming the authentication servers).
Oh get off your high horse. You've got kids opening consoles on Xmas day and unable to play, you've got adults with a rare few days off work unable to play, this has basically ruined Xmas for a shit ton of people. You think whatever you do on Xmas day is more "important" or more "worthwhile"? You're arguing with kids on Slashdot, clearly your life isn't all that.
Meanwhile you seem to think that someone saying "they should stone them" on the internet carries similar weight to an actual stoning, so maybe you also need to "do something with your life".
Did it ever occur to you guys that his title was just hyperbole? I doubt he seriously, literally meant they should be stoned to death, for real. Unless maybe he hails from Saudi Arabia or similar, in which case.. hmmm, you may have a point.
In any case, the much larger threat from these douches is their willingness to sell these services; someone could do some real damage. I hope they see some serious fines or jail time.
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
As regards to a solution, you can't really defend against a DDoS.
Incorrect, we defend ourselves all the time. It takes manpower to do this, but it's absolutely possible. Sure, not many companies want to invest in the manpower and expertise required, but that is not the same thing as what you said. If you are lazy or the attack is too big, there are companies that will block the DDoS for you.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
A legendary fiery orb that slowly moves across the sky in a roughly 8 to 14 hour period (depending on your latitude and season).. though for the past 7 weeks, being in the mid-Atlantic states, I haven't seen hide nor hair of the damn thing!
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
Essentially, the solution will be a form of whitelisting. The mechanics are mutable. The free and open Internet is already dead, but the corpse hasn't been interred yet.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Its not the service coding that is the issue - there's only so much network pipe to go round, and unless we build our entire networks to handle gigabits of traffic for ever server that will almost never be used (at great expense) we'll have to find other ways to stop such attacks.
Of course, egress filtering would be a good first step. If only every big ISP did this, we'd make most DDoS attacks useless instantly. Then we only have to deal with compromised computers sending data, but if they cannot fake their IP source, we'll at least know who they are to clean them.
The positive side is that hopefully it provides further incentives for companies like Microsoft to work harder to try to mitigate DDoS problems at the source.
Microsoft are in a unique position as their operating system is - it seems - in many cases the base platform for launching these attacks. It'd be great to see a concerted effort along with a company like Google to start actively trying to massively reduce the number of systems that are regularly involved in DDoS attacks.
You can't block a DDOS at your doorstep; it has to be blocked on the Internet backbone itself.
Support my political activism on Patreon.
I work at a broadcast company. I have worked for the Government. I have worked for a Government contractor.
In all of these cases, Verizon or Comcast or Qwest run a cable to your site. You plug in your router, your firewall, demarc equipment. A packet sent to your network comes to that before you can do anything; you can't get on the backbone of the Internet and block it.
For businesses who do not control the Internet backbone, 1000Mbit/s coming down their 1Gbit/s pipe means they can no longer receive client requests. If they block traffic coming from DDoS sources (static or dynamic detection, but assume correctly blocking only DDoS packets--impossible best case), they will still have traffic coming to their firewall, being evaluated, and being dropped. There won't be room for traffic to come from other sources: a site receiving 5000 connections per second at 20k/s per connection requires 100Mbit/s, but has more than that in DDoS packets trying to force it's way down the pipe, and so will receive few legitimate packets. The packets it does receive will be delayed (this is why you receive few legitimate packets: they start queueing, infinitely, and then get dropped off the end).
To stop this, you must have some upstream router (controlled by your ISP) block those packets before they propagate down your link. For DDoS from infected computers, this means your ISP must be able to reliably detect DDoS packets and differentiate them from normal traffic. If you have an on-going short list (50, 100 nodes), you may be able to provide a temporary NULL route. More than likely, you will have one particular server under attack, with a specific public IP, and so will have to have your ISP NULL route YOUR server (take it down entirely) so that your OTHER services stay up.
Our DDoS attacks on our CDN are allieviated automatically by NULL-routing our servers: the server's IP address is sent to the upstream ISP, which drops all packets going to that server. That server has its cable cut from the Internet for a few hours, and becomes non-functional; attacking another server would result in the same, until there is nothing left of our network. Blocking by firewall on the network not only fails to allieviate the problem, but also causes the DDOS traffic to affect all other servers connected to the Internet from that link.
Support my political activism on Patreon.
The was anti-DDOS services work is quite simple. Instead of having a single network connection, say a 100gb link in the USA, you instead have many many 100gb+ links at the many Internet Exchanges around the world. At each IX, you have a bunch of proxy/firewall servers that filter the data, then send the "clean" data back to your 100gb link back in the USA.
You scrub the data first where bandwidth is crazy cheap. You can purchase 100gb/100gb for $6k/month at many IXs.
The second part to this is you need to stop broadcasting your main links BGP on the open Internet, and only over pre-determined routes. This way no one can send data directly to your datacenter.
Nutshell: Spread your Proxies/Firewalls around the world and use AnyCast, scrub the traffic, forward clean data to datacenter, make sure datacenter is not publicly routable.
If a Level3 line is getting hit with a DDoS you reroute traffic to the AT&T line
72.133.15.2, which is on your assigned 72.133.15.0/24 block, is being hit by gigabits of traffic per second. That means everything else on the 72.133.15.0/24 block is affected.
To reroute, you have to call your ISP and failover your incoming route. It comes off the Level 3 line, and onto your AT&T line.
Now your AT&T line is being hit by gigabits of traffic per second, as the traffic is still going to 72.133.15.2, which is routed to the 72.133.15.0/24 subnet.
I'm not talking about fiber traffic; I'm talking about ROUTING A TON OF TRAFFIC TO AN IP ADDRESS. When you move the line that the IP address is on, ALL THE TRAFFIC GOES TO THE NEW LINE. IP addresses are routed to by subnets, which means THE WHOLE SUBNET FOLLOWS THE ROUTE CHANGE, and so the traffic and all affected addresses follow the route change. Your Web, E-mail, FTP, and VPN servers are all affected by this DDOS? Well, when you swap over to your AT&T line, your Web, E-mail, FTP, and VPN servers all go there, and so does the DDOS traffic!
You can change lines when somebody physically digs up and cuts a fiber line. That works. It works when Verizon fucks up and Qwest is working. When bombs are being brought down Green street to your house, blocking off Green street and making the bombers carry them down Violet street to THE SAME HOUSE doesn't stop your house from getting blown up.
Support my political activism on Patreon.