UK Arrest Over Xbox Live and Playstation Network Outages

An anonymous reader writes Neowin.net is reporting the arrest of one Vincent Omari, a UK citizen [see also this Daily Mail story from a few days ago mentioning Omari], in the Christmas Day DDoS attacks on Sony's PSN and Microsoft's XBL systems: "In documents sent to Neowin, Vinnie Omari has been accused of 'hacking of the Playstation Network and Xbox Live systems over the Christmas Period'... While this is the first arrest related to the recent service disruptions, it may not be the last... In further conversations with those who are familiar with the investigation and the arrest, Omari believes that the police will not find anything of substance on his computers. His alleged crime is that he helped coordinate the DDOS attack on the service."

Re:Shouldn't this be a civil case?

[JWSmythe]

When you blocked McDonalds by flooding all the highways with a 12" deep layer of molasses, it would probably be considered equally damaging.

There is a discernible monetary loss. How much was lost in revenue where customers could not pay for services? How much was lost from cancellation of services because of the outage? How much was spent for network and systems administrators to work on it, beyond their normal workload?

And then ... How much was lost by other companies impacted by degraded network capacity due to the network traffic?

I'm sure those numbers were easily in the millions. Those won't be the all inclusive questions either. I'm afraid to even ponder how big the final figure will become. It could involve seemingly unrelated companies, who lost sales because their VoIP traffic was on one of the over-utilized circuits.

My Ideas to help stop this kinda attack.

[Stan92057]

My Ideas to help stop this kinda attack.

Identify as many infected computers as they can and block each and every one of the PCs,cellphone,servers whatever at the ISP level. We all cry we want an open internet but that is impossible if people are allowed to run infected PCs for theses scum criminals to use at will. No more blame game no more OS wars. PC owners have to be more responsible, no PC should be connected to the internet without a firewall and antivirus/malware software period end of story. I sure as hell would want to know if my PC is being used without my knowledge and im betting a few billion of my internet friends think the same as i do. Funny they don't bat an eye to spy on us, to collect all the data they can dig up to make mint for advertising. they know damn well whose PCs are infected and being used as bots.

Re:Shouldn't this be a civil case?

[Ash+Vince]

No, missuse of a computer system is a criminal offence

Generally, misusing your own computer system is not a criminal offense unless you really go to extremes. If I set my router to ping flood Sony or Microsoft all day long that generally is not a criminal offense. Previously it was said that this "Lizard Squad" attack was done by a group of people, until we have an idea of how many people were in said "squad" it will be really hard to say whether or not any one person had a meaningful role individually.

Here in the UK it probably doesn't really matter what you were actually doing, if your INTENT was to stop or prevent people engaging in a lawful activity then that is most likely a criminal offence. This is generally how our laws are written then we just let juries sort it out.

In this case we passed a law in 2006 called the Police And Justice Act. Here is an old register article about it: http://www.theregister.co.uk/2...

Our legal system generally has intent woven into its fabric at a far deeper level than in the US so that if the CPS (Crown Prosecution Service) feel there is a reasonable likelihood of them being able to convince a jury that an individuals intent was malicious then they can drag you through the courts. In this case whether this retard is charged will probably depend on how clean his PC's were when they raided him.

You might note that I have zero sympathy for him, being susceptible to getting DDOS'd is not really a security issue worth exposing. If you throw enough traffic from a bot-net at an awful lot of sites they will go down. The simple truth is that when companies provision any sort of on-line infrastructure or offering you look and how much load it is expected to be under during normal operation then plan from there by adding a certain safety margin. In this case it sounds like this service was only going to be called each time a game was started so creating far more load then this by lots of bots pretending to start games over and over again thousands of times a minute was miles away from the intended traffic volumes.

I know some people say this vulnerability never should have existed as this phoning home is a form of DRM and this should not happen but the probably is that without it there are an awful lot of people out there who just freeload and play stuff without paying. Of course companies are going to try an make this difficult in order to stay in business, that is what capitalism dictates they must do in order to maximise shareholder returns.

I hope this guy also realises that he has utterly screwed over any chance he had in life of actually becoming a real paid security researcher with this stupid stunt. With a prior arrest on public record like this he is just not worth the risk, especially as he has not really showed any special technical skills. He will be lucky to get any sort of computer work for the next 10 years.