DDoS Archive

Last month, attackers took down the PlayStation Network for several days, embarrassing Sony and leaving tons and tons of gamers unable to feed their Destiny addictions for almost a week. This is all thanks to what’s called a Distributed Denial of Service attack, where a person or a group of people send an inflated amount of traffic to a network in hopes of overloading and crippling the servers.

DDoS attacks are easy to pull off and extremely difficult to stop, which is why it’s kinda nice to see the White House coming out with an Official Stance against them. In fact, President Obama just released a statement saying he’s working on legislation to expand federal authority when it comes to fighting this sort of malicious internet behavior.

Check out the press release (emphasis mine):

Modernizing Law Enforcement Authorities to Combat Cyber Crime: Law enforcement must have appropriate tools to investigate, disrupt and prosecute cyber crime.  The Administration’s proposal contains provisions that would allow for the prosecution of the sale of botnets, would criminalize the overseas sale of stolen U.S. financial information like credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft, and would give courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity. 

It also reaffirms important components of 2011 proposals to update the Racketeering Influenced and Corrupt Organizations Act (RICO), a key piece of law used to prosecute organized crime, so that it applies to cybercrimes, clarifies the penalties for computer crimes, and makes sure these penalties are in line with other similar non-cyber crimes. Finally, the proposal modernizes the Computer Fraud and Abuse Act by ensuring that insignificant conduct does not fall within the scope of the statute, while making clear that it can be used to prosecute insiders who abuse their ability to access information to use it for their own purposes.

The feds going after botnets—groups of computers that can work together to perform an activity, like flooding a target with artificial or inflated traffic—would certainly make it tougher for people to get their hands on the tools needed to execute DDoS attacks. This seems like an excruciatingly difficult battle to fight, but it sure is worth fighting.

The Entertainment Software Association—the lobbying group for video game companies—sent out a statement expressing support for this new initiative, attributed to president Michael Gallagher:

Cyber attacks threaten our country’s security and prosperity. We commend President Obama’s leadership in providing law enforcement the tools necessary to detect and prosecute organized digital crime. Consumers need to be protected from illegal, malicious botnets and denial-of-service attacks. They deserve to enjoy an innovative and dynamic Internet free of this criminal activity. The Entertainment Software Association will work with the White House and Congressional leaders to fine tune these proposals and help enhance penalties for those who inflict consumer damage on a mass scale.

Will any of this actually lead to legislation? No idea. But in the wake of a very frustrating Christmas Day for gamers worldwide, it’s comforting to know that the government is at least talking about this stuff.

Source: http://kotaku.com/the-white-house-is-now-taking-steps-to-fight-ddos-attac-1679505712

The president of sony Computer Entertainment, Andrew House – the branch of Sony that brings us PlayStation- recently had an interview with popular Japanese newspaper Nikkei Shimbun, discussing multiple points of interest. He discussed the PlayStation 4’s staggering sales performance- which, at 18.5 million units sold worldwide within the first year, is completely unexpected, even for Sony.

House confirmed that as of right now, the PS4 is indeed tracking ahead of the PS2 (which sold 10.6 million units in its first year)- a very impressive feat, as the PS2 would later go on to become the highest selling games machine period, till date, with 156 million units sold. That said, House was careful to add that the market has changed, and that he is not committing to the PS4 outdoing the PS2’s lifetime performance just yet.

House did say that for gamers, on the other hand, the PS4 will truly come into its own this year, touting the strength of Sony’s own in house games slated for the console before this year ends, including Bloodborne, The Order 1886, and Uncharted 4.

He also confirmed that while sales and games are two areas where PlayStation has always traditionally been strong, in 2015, he wants PlayStation to address its point of greatest weakness- its services, which even now, after so many years, trail behind the competition’s offerings. Multiple steps will be taken to improve the state of PlayStation services, including investments against future DDoS attacks, as well as making these services exist independently of PlayStation hardware.

All of this sounds great to me, House. Let’s hope that you can indeed follow through on all of this, and have PlayStation deliver a record year.

Source: http://gamingbolt.com/playstation-president-on-ps4s-lineup-for-2015-comments-on-ddos-attacks

Finland’s National Bureau of Investigation has started its investigations after several distributed denial of service attack (DDoS) attacks hit the OP-Pohjola financial group.

According to local news service YLE, police are now investigating the IT disruption which started on New Year’s Eve and saw many users unable to access and use the company’s online services up until today.

Investigators say that the company, the NBI and the Finnish Communications Regulatory Authority Ficora are now working together on the matter, which they believe can be traced to sources based in Finland and others abroad.

A group calling itself ‘CoreSec’ has taken responsibility for the DDoS attacks, although Lizard Squad also highlighted the attack.

CoreSec posted to Pohjola’s Facebook page on 31 December demanding 100 bitcoins (just over £30,000) to call off the attack and has previous form in this area; 18 months ago it carried out a DDoS extortion attack against Finnish pay-per-view (PPV) website Katsomo.

Although the group’s motive hasn’t been clear in the past, it is believed that this attack is in retaliation for the reported arrest of “Ryan” – a 17-year-old Finn who was said to have had a role in the Xbox Live and PlayStation Network outages on Christmas Day. Finnish police however insist that while the teenager was reprimanded on suspicion of committing “data crimes” he was not charged or arrested.

The Helsinki-based Pohjola is the largest financial services group in Finland and has four million customers in a country that holds just 5.4 million people.

Source: http://www.scmagazineuk.com/finnish-bank-hit-by-ddos-attacks/article/391591/

SYDNEY: Sony has offered disgruntled gamers a “holiday thank you” to ring in the New Year, extending PlayStation Plus memberships after a cyber attack left gamers unable to access network features over Christmas.

The thank you includes five extra days added to a member’s subscription, Eric Lempel, vice president of Sony Network Entertainment, wrote in a blog post Thursday.

PlayStation Plus is a subscription service that gives users access to a library of games, and is required for playing PlayStation 4 games online. Users must have had an active subscription or trial on December 25 to be eligible for the extension.

Lempel also announced Sony will grant a one-time 10 per cent total cart purchase discount for the PlayStation Store for PlayStation Network members some time this month.

The hacker group Lizard Squad claimed responsibility for disrupting Sony’s PlayStation network and Microsoft’s Xbox Live network on Christmas Day with attacks that overwhelmed servers.

Users reported difficulty redeeming download codes and creating new accounts, while existing PlayStation Network members had trouble logging into their accounts.

Sony’s offer drew mixed reactions from those affected. The Los Angeles Times contacted several through Facebook.

For some, the extension and discount are more than enough to make up for a few days of network problems. Robert Taylor doesn’t think Sony is obligated to offer PlayStation users any discounts because the server errors weren’t the company’s fault.

“It’s not like the servers went down because they went down. A bunch of kids decided to overload the servers with DDoS just to (mess with) Christmas for a lot of people,” Taylor, 30, said.

“Since the last time Sony got hacked and my credit card was compromised, I’ve made a separate credit card account and email for all my Sony accounting,” he said, referring to a 2011 outage that left PlayStation’s network out for more than 20 days. “It’s 2015, maybe you need to hire some more kids born in ’94 who can deal with these problems.”

The extended membership fell short for Bryan Nguyen, who said the offer doesn’t make up for a lacklustre Christmas weekend.

“Considering the importance of Christmas as the day that so many kids and gamers finally get to play the games they’ve been waiting to open, five extended days and 10 per cent off of money that we have to spend is not reparations,” Nguyen, 25, said. “It’s giving us what we deserved outright from the beginning and forcing us to spend more in the faulty tech company in order to reap the 10 per cent benefit.”

Source: http://customstoday.com.pk/sony-extends-10-off-on-playstation-store-purchases-after-ddos-attacks-2/#

The new year started poorly for Finnish bank OP Pohjola Group and its customers: the latter have been prevented from executing their online banking transactions by a DDoS attack that targeted the bank’s online services starting on the last day of 2014.

“OP’s services experienced some problems on New Year’s Eve due to data communications disruptions. The disruptions were caused by a denial-of-services attack. The attack flooded OP’s data communications systems and prevented customers’ banking. During the disruption, online services were not available and cash withdrawals could not be made from ATMs. There were also some difficulties in card payments,” the bank shared on the second day of the attack.

“The disruption was detected at about 16.30 on New Year’s Eve. The services started to function again at times and were completely restored and available to customers after midnight. Nevertheless, further disruptions are possible as the corrective measures are still ongoing and the security level of data traffic has been raised for the time being. Customers abroad may still have difficulties in logging in to OP’s online services.”

The attack is still ongoing, and OP’s services were not the only target. The Finnish division of the Nordea bank and the Danish Danske Bank have also experienced online service slow-down or disruption. While the latter is yet to comment on the matter, Nordea has confirmed they have been targeted by unknown DDoS attackers and have called in the police to investigate. The cause of the attack is still unknown, they said.

Nordea’s customers were still able to use the online banking service, but the service was slowed down. OP Pohjola Group’s customers, on the other hand, were unable to use the service altogether for many hours during the last six days, as the bank managed to restore it occasionally.

They, along with its service company Tieto, are cooperating with the authorities and investigating the attack.

In the meantime, the bank has set up a telephone service number that can be used by customers who cannot access their online services and have urgent banking business. They have also pledged to compensate customers for any fees they many have incurred and losses they may have suffered as a result of their inability to access the bank’s online services during the attack.

Source: http://www.net-security.org/secworld.php?id=17785