Phantom Squad Hacking Group Claims Credit For Three-Hour Xbox Live Outage

← Back to Stories (view on slashdot.org)

Phantom Squad Hacking Group Claims Credit For Three-Hour Xbox Live Outage

Posted by timothy on Friday December 18, 2015 @02:55PM from the xbox-dead dept.

An anonymous reader writes: The Phantom Squad hacking group appears to have anticipated its own Christmas schedule for attacks on the Xbox and PlayStation networks by taking credit for a three-hour outage on Xbox Live services in the last 24 hours. Apparently the group, which has disassociated itself from the Christmas 2014 attacks on the PS4 network, claims like them to be engaging in PenSec testing for gaming networks, and before itsTwitter account was suspended tweeted: 'If cyber security really has existed. Then what we do should not be possible.'

49 comments

Min score:

Reason:

Sort:

Ahhh yes by liqu1d · 2015-12-18 14:58 · Score: 1

DDOS the true test of every insecure system. I vote we unplug every server that will prevent this scourge!
1. Re:Ahhh yes by ArmoredDragon · 2015-12-18 15:03 · Score: 2
  
  I think what they mean is that the internet as a whole just basically lacks cybersecurity. There really is more we can do to stop it, such as mandatory throttling and/or disconnecting of users that are known to be running compromised systems. Do it on a global scale with i.e. a treaty organization whose sole purpose is to protect the internet infrastructure itself (i.e. no intellectual property trolling, anti-terrorism, anti-fraud, etc, just nothing but an organization that sets rules and standards for making sure that even if Dr. Evil wants to take over the world using the internet and make mankind become slaves to Kodos, that's fine, just so long as the internet itself remains functioning and nobody is subject to having their internet services subject to ransom by DDoS kiddies.)
2. Re: Ahhh yes by liqu1d · 2015-12-18 15:09 · Score: 1
  
  I like it. However I imagine it will just drive botnet creators to be smarter with their operation. Showing lack of security by exploiting a fundamental weakness that doesn't do anything more than irritate customers is rather pointless. If you want to show customers how little organisations care for their 1s and 0s then the talk talk breach is a nice example (shame about the extortion).
3. Re:Ahhh yes by Anonymous Coward · 2015-12-18 15:13 · Score: 0
  
  This is a known weakness, there's no need to "test" it, anyone could do it. They're just being retarded.
4. Re: Ahhh yes by ArmoredDragon · 2015-12-18 15:21 · Score: 1
  
  However I imagine it will just drive botnet creators to be smarter with their operation. Showing lack of security by exploiting a fundamental weakness that doesn't do anything more than irritate customers is rather pointless. If you want to show customers how little organisations care for their 1s and 0s then the talk talk breach is a nice example (shame about the extortion).
  I'm totally fine with that though, because there are countermeasures that you as either an individual or an organization can utilize; you just have to get smarter with your own cybersecurity. However the current status quo is the internet equivalent of terrorism before the Bush Doctrine. That is, people openly DDoS you, you know what systems they are doing it from, and hence you know exactly what systems to block, but there's nothing you can do to forcibly disarm those systems as their owners effectively grant safe harbor to the botnet operators, some don't know it, and some know but pretend to not know (a la LOIC.)
5. Re:Ahhh yes by Jester998 · 2015-12-18 16:05 · Score: 1
  
  One really big, huge thing we could do right now -- today -- if everyone got on board, is ingress filtering at the ISP level (see: BCP 38).
  Basically puts an end to DDoS attacks that rely on spoofing source addresses, as is common in thinks like DNS amplification attacks.
6. Re:Ahhh yes by JustNiz · 2015-12-18 16:27 · Score: 1
  
  I have no idea why all routers dont routinely refuse to pass packets when they can determine they have faked originating addresses.
7. Re: Ahhh yes by Anonymous Coward · 2015-12-18 16:42 · Score: 0
  
  They are just selfish mean bully bastards.
  The law should change so that they are caught and they then get sentenced to jail time for 1 year consecutively for each computer that is effected, So you take the Xbox live network down and effect 1000000's of users you then get sentenced to a miniumum of 1000000 years of hard penal laubour.
  You soon all then see these selfish mean bully bastards abiding by the law.
  They could avoid jail time by paying a fine of approx £1000 per effected computer, however they do get jail time until the fine is paid in full and then they would be released.
8. Re:Ahhh yes by ArmoredDragon · 2015-12-18 17:01 · Score: 1
  
  As far as I'm aware, this is already done in most ISPs in the US. It's called Reverse Path Forwarding:
  https://en.wikipedia.org/wiki/...
  It's also useful in that it helps prevent multicast routing loops, so even if you're not trying to prevent spoofing, it's still good to use if you're an ISP, hence most of them do it. Basically every campus and/or service provider grade router supports it, even in hardware/asic so that you don't use high CPU in high traffic conditions. It's pretty much just the most nobody/backwoods ISP's of the world that don't, and fortunately there aren't that many.
  That said, most botnet operators don't rely on spoofing anymore. Instead they just straight up syn flood the shit out of them.
9. Re:Ahhh yes by Z00L00K · 2015-12-18 19:54 · Score: 1
  
  It's a combination of lazy admins and performance load issues on the routers. Having that check would increase the ping time causing more lag in the net. And that may upset some gamers.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
10. Re:Ahhh yes by KGIII · 2015-12-19 00:16 · Score: 1
  
  Someone will just write a tutorial on how to disable it in their router and, sure enough, it'll keep going. It's gotta be done at the ISP level, I think?
  Anyhow, I heard windows are vulnerable to bricks. It sure would be insightful and making a statement to penetration test those windows.
  
  --
  "So long and thanks for all the fish."
11. Re:Ahhh yes by Lumpy · 2015-12-19 02:01 · Score: 1
  
  You are expecting ISP's to actually spend money on security and infrastructure?
  What bizzaro world do you live in?
  
  --
  Do not look at laser with remaining good eye.
12. Re: Ahhh yes by Anonymous Coward · 2015-12-19 02:11 · Score: 0
  
  It's not a weakness, it's the way the Internet was designed. You throw a ton of traffic at multiple hosts from around the world using compromised routers, hosts will stop responding.
13. Re:Ahhh yes by JustNiz · 2015-12-19 03:50 · Score: 1
  
  I saw some metric that said all DDOS's and spam emailing going on at any one time accounts for over 60% of the entire traffic on the internet.
  Admittedly I'm guessing but I would bet money on getting rid of most of that will have a far more significant positive effect on your gaming ping than a small negative one from your router needing to confirm the originating address of packets.
And nobody noticed by Anonymous Coward · 2015-12-18 15:04 · Score: 2, Funny

Because they were watching star wars.
1. Re: And nobody noticed by Anonymous Coward · 2015-12-18 16:13 · Score: 0
  
  Also because everyone is still playing Fallout 4, which does not require an internet connection.
2. Re:And nobody noticed by Z00L00K · 2015-12-18 19:55 · Score: 3, Insightful
  
  And nobody really cares if services like Xbox Live goes down. It's only affecting a few users.
  But if it was an impact on Wall Street then it would be headlines all over.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
3. Re: And nobody noticed by Anonymous Coward · 2015-12-19 02:15 · Score: 0
  
  A few users? Even if it is only a few (and its most definitely not) if you had a business and someone was affecting your ability to run it, and please your customers by providing a service, you can be sure that you'd be crying bloody murder to get it sorted out. Just because that business is Microsoft or Sony is no different.
4. Re: And nobody noticed by Anonymous Coward · 2015-12-19 07:41 · Score: 0
  
  Sure it is. Microsoft are scummy spyware makers and nobody gives a shit if bad stuff happens to them.
DDoS can be thwarted and companies this big can by Anonymous Coward · 2015-12-18 15:13 · Score: 1

It's really on the end-user to protect themselves online. Acting as if it is the governments job is absurd.
meanwhile... by Anonymous Coward · 2015-12-18 15:34 · Score: 1

Meanwhile, all the games I bought on GOG were still working fine.
It's boring. by tgibson · 2015-12-18 15:47 · Score: 5, Insightful

It is adolescent. There is so much to discover in the world from molecular biology to astrophysics and all these folks can muster as their contribution to humanity is to hold their dicks in their hands and giggle as they frustrate people for a few hours who are trying to play computer games. Pathetic.
1. Re:It's boring. by houstonbofh · 2015-12-18 16:09 · Score: 1
  
  Every time I see a "hack" (rollseyes) like this, I translate it to 'Ohh, Look At Me! I am pissing on the couch!"
2. Re:It's boring. by JustAnotherOldGuy · 2015-12-18 16:46 · Score: 4, Insightful
  
  It is adolescent. There is so much to discover in the world from molecular biology to astrophysics and all these folks can muster as their contribution to humanity is to hold their dicks in their hands and giggle as they frustrate people for a few hours who are trying to play computer games. Pathetic.
  Bingo, and well said.
  These little wankers haven't done anything except show that it's easier to break stuff than to make stuff.
  It's like throwing a rock through a window and then bragging about it, as if it had taken the slightest bit of skill or intelligence or insight, or anything.
  Honestly, if someone hunted these pukebags down and beat the living shit out of them, I'd have a hard time feeling but joy about it. I know it would be wrong, but I'd be hard pressed to condemn it.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
3. Re:It's boring. by Anonymous Coward · 2015-12-19 05:48 · Score: 0
  
  You guys basically just described Slashdot.
4. Re:It's boring. by penguinoid · 2015-12-19 06:38 · Score: 0
  
  Think of it as a public service announcement warning against buying expensive things that require the internet to function properly.
  
  --
  Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
5. Re:It's boring. by JustAnotherOldGuy · 2015-12-19 12:17 · Score: 1
  
  You guys basically just described Slashdot.
  No, there are a lot of decent people here, but every community attracts its share of assholes and losers.
  It doesn't matter what the topic is or what the site is about, sooner or later the jerkoffs arrive and begin pissing in the corners, posting crap (APK, anyone?) and generally just shitting things up for no other reason than that's who they are.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
Tweet of tweets by Anonymous Coward · 2015-12-18 15:50 · Score: 0

'If I really has paid attention in English class. Then I wouldn't write sentences like this.'
Sad little wankers! by Anonymous Coward · 2015-12-18 16:09 · Score: 0

I can only imagine that these fat virgins sitting in their bedrooms squeaking "Look at me! Look at me! I'm so important!!!" as they stop kids having fun.
Just wish they'd fuck off and get real lives!
1. Re:Sad little wankers! by Anonymous Coward · 2015-12-19 00:22 · Score: 0
  
  As soon as they're caught, somebody else is going to have fun. Have you seen a nerd under pressure? Me neither: they cave in at the first perceived threat - it's enough to raise a hand to see them shit their pants.
Security? watev dude by JustNiz · 2015-12-18 16:32 · Score: 3

I laugh at the way they act like theyr'e some kind of 'l33t hax0rs' and they talk all about security of Microsoft/Sonys networks, but all they're doing is some lame skript kiddy DDOS that doesnt actually penetrate any security at all.
1. Re:Security? watev dude by phantomfive · 2015-12-18 16:36 · Score: 1
  
  They are right though, when they say:
  
  'If cyber security really has existed. Then what we do should not be possible.'
  It's the lack of basic security principles that makes this stuff possible.
  
  --
  "First they came for the slanderers and i said nothing."
2. Re:Security? watev dude by Anonymous Coward · 2015-12-18 16:45 · Score: 0
  
  You could also say, if we had executed these scumbags the first time, others would not follow.
3. Re:Security? watev dude by JustNiz · 2015-12-18 16:47 · Score: 1
  
  Well the internet bascially started out on the priciples of an academic community, which presumed some level of basic intelligence and cooperation between its users. They probably couldn't even conceive of users that would actively try to act like they had microscopic penisses.
4. Re:Security? watev dude by JustNiz · 2015-12-18 16:49 · Score: 1
  
  you could equally argue that its just the lack of traffic shaping that makes DDOS attacks possible.
5. Re:Security? watev dude by phantomfive · 2015-12-18 16:51 · Score: 1
  
  Execution doesn't seem to deter a whole lot.......
  
  --
  "First they came for the slanderers and i said nothing."
6. Re:Security? watev dude by fred911 · 2015-12-18 17:01 · Score: 2
  
  Actually ....the internet grew from ARPANET who's goal was to exploit new computer technologies to meet the needs of military command and control against nuclear threats, achieve survivable control of US nuclear forces, and improve military tactical and management decision making.
  
  --
  09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
7. Re:Security? watev dude by Z00L00K · 2015-12-18 19:56 · Score: 1
  
  Well, it at least solves the problem of repeated offenses.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
8. Re:Security? watev dude by Anonymous Coward · 2015-12-19 08:33 · Score: 0
  
  Cyber security is comprised of three parts. Hardware and software infrastructure, system administration, and user behavior. You cannot protect someone from themselves and even the best hardware and software protections can be undone by sloppy system administrators. Social engineering attacks and poor system administration have been the #1 cause of all computer security breaches in the last few years.
9. Re: Security? watev dude by Anonymous Coward · 2015-12-19 08:36 · Score: 0
  
  It absolutely does, unless you're suggesting offenders are repeating from the grave?
  You stupid motherfucker.
Those guys are so clever by Anonymous Coward · 2015-12-18 16:50 · Score: 0

They did what those other guys did, only with newer scripts they didn't write nor understand, and only for three hours and not on Christmas.
And THEN they boasted how awesome they are.
Well for GOD'S SAKE hand them a medal. Stupid this good deserves a medal.
They aren't clever by Anonymous Coward · 2015-12-18 17:20 · Score: 0

they're just not original
Global Mother Fucking Spyware? by Anonymous Coward · 2015-12-18 17:24 · Score: 0

Microsoft attacking their own network to justify "how dangerous the Internet is"?
Tit for tat by rossz · 2015-12-18 18:05 · Score: 1

Find these fuckers homes and use a sledge hammer to break down the doors and take their stuff. "If you had proper home security, this wouldn't be possible."

--
-- Will program for bandwidth
In related news by cas2000 · 2015-12-18 18:09 · Score: 1

The Wanker-Squad Arsonist Group said they're not arsonists, they're just fire-testing some buildings. If the buildings were properly fire-proof, what they did wouldn't be possible.
And nobody noticed.... by Lumpy · 2015-12-19 01:58 · Score: 1

Because Xbox Live servers have been flakey for the past year.
Why dont they also claim responsibility for Comcast uptime sucking?

--
Do not look at laser with remaining good eye.
When you've actually done something by Anonymous Coward · 2015-12-31 19:34 · Score: 0

See subject: Yourself, that's as good as this that I coded http://start64.com/index.php?o... then you can talk SCMUCK!
APK
P.S.=> Adblock fan & webmaster that you are (that CLAIMS to have worked for microsoft (you mean a contractor for them really)) - you're losing view on your websites since hosts aren't paid off, so fuck off loser - you're a fucking wannabe do nothing "ne'er-do-well" in the art & science of computing you menial stooge... apk