HackDig : Dig high-quality web security articles for hacker

Cowards Attack Sony PlayStation, Microsoft xBox Networks

2014-12-27 00:30

A gaggle of young misfits that has long tried to silence this Web site now is taking credit for preventing millions of users from playing Sony Playstation and Microsoft Xbox Live games this holiday season.

The group, which calls itself LizardSquad, started attacking the gaming networks on or around Christmas Day. Various statements posted by self-described LizardSquad members on their open online chat forum — chat.lizardpatrol.com — suggest that these misguided individuals launched the attack for no other reason than because they thought it would be amusing to annoy and disappoint people who received new Xbox and Playstation consoles as holiday gifts.

Such assaults, known as distributed denial-of-service (DDoS) attacks — harness the Internet connectivity of many hacked or misconfigured systems so that those systems are forced to simultaneously flood a target network with junk internet traffic. The goal, of course, is to prevent legitimate visitors from being able to load the site or or use the service under attack.

It’s unfortunate that some companies which specialize in DDoS protection services have chosen to promote their products by categorizing these latest attacks as “herculean” and “sophisticated;” these adjectives describe neither the attackers nor their attacks. The sad truth is that these attacks take advantage of compromised and misconfigured systems online, and there are tens of millions of these systems that can be freely leveraged to launch such attacks. What’s more, the tools and instructions for launching such assaults are widely available.

The LizardSquad leadership is closely tied to a cybercrime forum called Darkode[dot]com, a network of ne’er-do-wells that I have written about extensively. So much so, in fact, that the LizardSquad has made attacking KrebsOnSecurity.com and keeping it offline for at least 30 minutes a prerequisite “proof of skills” for any new members who wish to join their ranks (see the screen shot below).

LizardSquad wannabes trying to prove their "skills" by knocking my site offline.

LizardSquad wannabes trying to prove their “skills” by knocking my site offline.

Over the past month, KrebsOnSecurity.com has been the target of multiple such attacks each day. Prolexic — a DDoS protection firm now owned by Akamai — has been extremely helpful in poring over huge troves of data about systems seen attacking this site.

The majority of compromised systems being used to attack my site this month are located within three countries — Taiwan, India, and Vietnam. The bulk of attacks have been so-called “Layer 7” assaults — in that they try to mimic legitimate Web browsing activity in a bid to avoid detection.

But what’s most interesting about these compromised and/or misconfigured systems is how many of them are located at legitimate companies that have been compromised by miscreants. According to Akamai, most of the malicious sources were Windows-based servers powered by Microsoft’s IIS Web server technology.  The top five industries where those compromised systems reside are in entertainment, banking, hosting providers, software-as-a-service providers, and consulting services.

Even more fascinating (at least to me) are the outliers, the handful of attacking systems that appear to hail from major Fortune 500 companies. According to a close reading of the data from the sites attacking KrebsOnSecurity.com over the past month, some of the more interesting Internet addresses seen launching attacks against this blog have come from Internet space owned by Adobe, Cisco, Costco, Expedia, Experian, Honeywell, IBM, KPMG,Lockheed Martin, Opera Software, Sony, Symantec Corp., and the U.S. Federal Home Loan Bank of Dallas.

Many of those associated with LizardSquad are wannabe hackers with zero skill and a desire to be connected to something interesting and fun. Unfortunately, many of the LizardSquad individuals involved in these attacks also are embroiled in far more serious online crimes — including identity theft, malware distribution, spam and credit card fraud. While most of the group’s acolytes are known to U.S. enforcement investigators, many are minors, and the sad truth is that federal prosecutors don’t really know what to do with underage felons except to turn them into informants. Meanwhile, the cycle of abuse continues.


Source: /skrowten-xobx-tfosorcim-noitatsyalp-ynos-kcatta-sdrawoc/21/4102/moc.ytirucesnosberk

Read:2132 | Comments:0 | Tags:Other Akamai darkode[dot]com DDoS LizardSquad Microsoft Xbox

“Cowards Attack Sony PlayStation, Microsoft xBox Networks”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud