On Sunday, the network, which allows PlayStation owners to access the internet and play against each other in multiplayer games, was hit with a distributed denial-of-service (DDoS) attack, in which a company’s web servers are bombarded with a huge amount of fake traffic in order to overload capacity. DDoS attacks are not strictly “hacks” as they do not require the instigator to access and sabotage the target system, but they can cripple a company’s network.
PlayStation owners were unable to get online for several hours. Originally, an onscreen message claimed that the service was down for maintenance, and Sony tweeted that it was dealing with the issue.
However, the company, later admitted the DDoS attack on its official blog, and made a statement:
Like other major networks around the world, the PlayStation Network and Sony Entertainment Network have been impacted by an attempt to overwhelm our network with artificially high traffic.
Although this has impacted your ability to access our network and enjoy our services, no personal information has been accessed.
Several hours later, the blog post was updated with an announcement that the service was back online:
The PlayStation Network and Sony Entertainment Network are back online and people can now enjoy the services on their PlayStation devices. The networks were taken offline due to a distributed denial of service attack. We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information.
PlayStation owners are confirming on Twitter that the service is working.
Responsibility for the attack has been claimed by an apparent hacker group named Lizard Squad. The group has also been implicated in a bomb threat received by American Airlines on Sunday which led to a passenger flight from Dallas to San Diego being diverted to Phoenix. On board the plane was Sony Entertainment Online president John Smedley.
Shortly after the aircraft took off from Fort Worth International airport, Lizard Squad tweeted:
The group then continued to retweet messages from the plane’s angry passengers, reacting to the diversion. Later, the the Lizard Squad twitter profile sent a message directly to Smedley.
Later on Sunday, another hacker named “Fame” also claimed responsibility for the PlayStation Network attack, criticising Lizard Squad on the @FameGod Twitter feed for taking credit. Fame later posted a YouTube video claiming to have carried out the DDoS attack to draw attention to alleged security failings in Sony’s system.
This is not the first time the PlayStation Network has been subject to an attack from a hacker group. In 2011, the service was brought down for several days in one of the biggest corporate hacks so far recorded; the personal details of over 70 million users were thought to have been exposed. PSN was offline for several days and Sony was criticised for its handling of the attack. Last January, the company was fined £250,000 by the Information Commissioner’s Office.
For its part, the Lizard Group Twitter account is now suggesting that Microsoft’s Xbox Live service may be the next target. A tweet dated Monday, 3.50am, states, “’Sup XBL Login, just performing tests.”
Fame has posted a similar warning:
It’s also being reported that Lizard Squad group was behind DDoS attacks on the servers of Blizzard, the creator of the multiplayer online game World of Warcraft. The company has tweeted that the issues have now been resolved.
Little is known about Lizard Squad beyond its recent attacks. The group’s Twitter posts contain references to the Jihadist group Isis – a tweet posted just after the DDoS attack on PlayStation Network declared “Today we planted the ISIS flag on @sony’s servers #ISIS #Jihad”. However, it’s possible that the claims are satirical.
Such attacks are now a common part of the games business, with most titles now providing online multiplayer features. Major publishers Electronic Arts and Ubisoft have also had their systems attacked by hacking groups, often claiming to be showing up alleged failures in data protection.
guardian.co.uk © Guardian News and Media Limited 2010