
Xbox and PlayStation hit by 'hack' - schrofer
http://www.bbc.com/news/uk-30602609
======
joshstrange
> She said they had been downloading a game since 09:00 GMT - and by 23:40 it
> was still not ready.

> "He has spent most of the day in tears," she said.

> "He says it's been his worst Christmas ever.

> "I think Xbox should compensate us all."

... Grow up and teach you kid not to act like a baby, this is how you raise a
spoiled brat. I got an XBone for Christmas and it still hasn't finished
downloading the game that came in the bundle. Am I mad? Yeah, and a little
annoyed but tomorrow or the next day everything will be back to normal so I
got over it and just hung out with my family (God forbid you do that instead
of play video games all day).

Also can we stop calling DDOS's "hacks", there is no "hacking" going on, no
unauthorized internal network access, no leaking of private data. Sony WAS
hacked by GOP, but Sony and MS are being DDOS'd not hacked. Let's call this
what it is and not put it on the same level as what GOP did to Sony (or what
hackers did to Sony that took down PSN a few years back). This is temporary
and will cause no long-term damage. This will be practically forgotten within
a week (Just like the WoW DDOS's that happened around the WoD launch).

I think we can all agree that games that don't need online should be playable
but that's a seperate issue. We can gather our pitchforks on that issue if we
want but the DDOS isn't PSN/XBLive's fault...

~~~
geetee
You're really going to trash a kid for being sad on Christmas when his toy
didn't work? Cold.

~~~
joshstrange
No, I'm going to trash his parents for raising a spoiled brat. Let me
reiterate, this is temporary, this will pass, it will be back to normal before
this kids Christmas Break is over.

Does it suck? Yes, but the parents should not tolerate this behavior. They
just spent a considerable amount of money on this kid's Christmas and he cries
because he has to wait 1-2 days??? Sounds like he isn't old enough to own an
Xbox One to me....

~~~
scrapcode
Consumers shouldn't have to tolerate paying that kind of money for something
that is largely crippled during service outages on the biggest holiday in the
world due to something as easily achievable as a DDoS attack. It's a big
problem that could translate to almost any "connected" service.

~~~
joshstrange
In an ideal world they shouldn't but this world is far from ideal. There is no
silver bullet to DDOS attacks, if there were you can bet companies would be
using it.

------
dyscrete
Here's a better article.

[http://www.smh.com.au/digital-life/games/xbox-playstation-
ne...](http://www.smh.com.au/digital-life/games/xbox-playstation-networks-
down-hacking-group-lizard-squad-claims-credit-20141225-12dtk6.html)

Lizard Squad is posting about their DDOS attack on twitter via @LizardMafia.
They are forcing Sony and Microsoft to read their statements for them to stop
the attack.

EDIT: It seems @KimDotCom is working with @SavagexCOD (Lizard Squad Member) to
get the network back online in exchange for lifetime mega.co premium
membership vouchers.

Kim Dot Com: Hi @LizardMafia, I want to play #Destiny on XBOX Live. I'll give
your entire crew Mega lifetime premium vouchers if you let us play. Cool?

Lizard Squad: Attacks have stopped momentarily, awaiting @KimDotCom's
response.

~~~
MBCook
What a terrible thing to do. "Hey guys, you annoyed me. Let me give you a
ransom!"

This won't discourage further attacks, it will only make things worse.

~~~
ixwt
Really? If @LizardMafia begins attacking someone, Kim can revoke the licenses.

Also, it could very easily be a honeypot. I give you a voucher, and you
activate it from your IP, I give it to the authorities. If one time you don't
login to your account from behind a proxy/vpn/tor, I can give your IP to
authorities. This isn't advisable to Kim, but it is a possibility.

~~~
res0nat0r
This really only shows that Kim is in it for himself, just like with his
previous ventures. The post gives Mega exposure (good for him), plus it frees
up the XBOX network (also good for him), which I'm sure he is playing today
since apparently at one time he was one of the highest ranked players in the
world.

Don't think of it as anything other than self interest.

------
scrapcode
At around 1:00PM I attempted to sign into XBox Live so that my girlfriend
could play a game on the XBox that she paid over $500USD for just a month ago.
Microsoft said they'd update the status in 30 minutes and I just got a text at
8:45PM(CST) saying the problem has been fixed.

She was not devastated, but just didn't understand and very frustrated,
understandably. She just wanted to play single player. After doing some
searching I found the fix _for some games_ is to go into "offline mode."
Luckily it worked and she got to play.

This brings to light a very big issue with the "always connected" idea that
was Microsoft's original plan. It shouldn't take "figuring out" to make a
fairly expensive gaming system play a single player game due to a core online
service being down. That's a huge UX flaw.

I can only imagine the emotions caused to the young ones around the world this
Christmas.

~~~
dogma1138
It's not only MSFT it's the game developers as well, XboxOne supports offline
mode for game that support it same goes for the PS4 and the PC. All platforms
have games which are "online only"(yes even on Steam). So while i don't know
what took so much "figuring out" mainly because it's a feature of the console
you should blame the publishers that put all the "online" features in the game
in the first place. But then they only followed their consumers who want to
share every achievement and headshot they make on everything from facebook and
instagram to the gas station bathroom stall at the 300 mile marker on i49....

~~~
scrapcode
XBox 360's flow is kind of like this: Put game in, start game, sign into
profile, offline? okay. You're signed in but can't play on live., so here’s an
option for single player.

XBox One's flow is kind of like this: Put game in, wait 15 minutes for the
game to install enough to begin to be playable, start game, "you must be
signed into a profile" (this _is_ at the XBox level), "We can't connect to
XBox Live Core Servers -- Check status at www... and try again later," exits
to dashboard. That's it, I'm not exaggerating.

> So while i don't know what took so much "figuring out" mainly because it's a
> feature of the console you should blame the publishers that put all the
> "online" features in the game in the first place.

First, I had a few things to figure out. We've had this thing a month. It's a
very sophisticated piece of gaming equipment, or supposed to be. No way it
just completely bricks itself into a blu-ray player just because it’s online
Core Services are down? So I start troubleshooting: Have I gotten a new credit
card due to Target/Home Depot/?? Hack and not updated my billing information?
Status page says they are experiencing _some_ problems with _some_ people not
being able to login. Now that I know my billing info is good, and it really is
solely a problem with Xbox Live Services, is there a way to bypass it? I am
not the only one that has had this problem because there is a lot of forum
posts online, which is the first place I found out that you have to go to
settings to toggle an option to go into an “Offline Mode.” _But_ , in my mind
I'm wondering why would I go offline in the first place? My internet is
working... I put the XBox in offline mode, the game starts, let's us login to
our profile, then the game tried to contact it's servers. Once it sees that it
can't contact it's servers it, without issue, gives us the option to play
single player.

Having to first discover “Offline mode,” then decide when you need to be in
“Offline” mode on the console to play a game that has the ability to play both
offline and online is not a feature of the console. It’s confusing, and it
ruined my experience as a user. I am attempting to constructively point out a
flaw that I have personally experienced.

------
eridius
There's effectively zero information in this article, aside from the already
well-known claim that Lizard Squad is behind this, and half of the article is
a pointless anecdote about someone who was unable to download a game for their
Xbox One and therefore and the "worst Christmas ever" and thinks "Xbox should
compensate us all".

------
cyrusaf
Is it possible that the xbox/playstation servers are overloaded from all the
new consoles? Or is it confirmed that both servers are getting ddosed?

~~~
MBCook
That's quite possible, but this group had previously announced they'd be doing
this so it's a reasonable possibility.

Also, note Nintendo (Mario Kart and Smash) never went down during those games
launch and is still up. The player count isn't as high, but they could play.

Interesting Nintendo wasn't targeted.

~~~
cwyers
Well, either that, or the group announced that they'd attack those services
today because they figured there was a good probability that everyone trying
to log on with their new Christmas goodies would cause service problems they
could take credit for.

------
nemasu
Ugh, I was under the impression that 'these days' hacking was harder because
people/companies are more informed then they used to be compared to back when
the internet was newer ... apparently I was wrong. Lately it seems worse then
ever, are companies just cutting corners to save costs? Or are (cr/h)ackers
just 'smarter' then the average 'professional IT' crowd?

~~~
scrollaway
> Or are (cr/h)ackers just 'smarter' then the average 'professional IT' crowd?

The difference between your average professional cracker and your average
sysadmin is that when a cracker doesn't know his stuff, he can't get
anywhere... while a sysadmin would be able to slack off all day as long as he
keep appearances up. (No offense meant to good sysadmins - they are the most
awesome people in the sector)

And a lot of people do that. I've seen it first hand so many times I lost
count. Heck, it sometimes happens even to Google. I'm willing to bet a lot of
Sony's/Microsoft's teams are filled with incompetents who barely know more
than how to reboot the server they handle, let alone know about security and
such.

I think the more competent you are, the less you are able to notice
incompetence around you (without specifically looking for it). There's an
interesting parallel to be drawn with the excellent article on the Fermi
paradox currently on the front page: Nobody stops for the anthill.

One of the companies I worked for (no names here) has an absolutely worthless
sysadmin. The guy manages fifty linux machines and he doesn't know how to set
up SSH. He's been on the team for several years and he's getting carried by
the fact that the people who can fire him don't know how to set up SSH any
better than he does -- and other people end up cleaning up his messes.

Does that story sound familiar to you? If you have worked in enterprise and
haven't encountered it, you've either been very lucky or very blind.

~~~
ZenoArrow
Aside from occassional incompetence, it's good to recognise that with
sysadmins vs. crackers the odds are stacked in the favour of crackers.
Sysadmins need to guard against all attacks to do their job, whereas crackers
only need to find one attack that has been overlooked. Also, despite the image
of crackers as super tech geniuses, as a group they still know that the path
of least resistance is often the best, which relies heavily on social
engineering, which is far easier to do.

------
gasull
The hacktivist group, Lizard Squad, has an official song:

[https://archive.today/OcOdU](https://archive.today/OcOdU)

[https://soundcloud.com/hacker/lizardsquad](https://soundcloud.com/hacker/lizardsquad)

And the song is actually hilarious ("North Korea is the best Korea") and kind
of cool. We live in such a bizarre world.

------
verystealthy
And that's why you don't make games that need to be online 100% of the time to
function (and charge $60 for it). Also, it should be noted that paying $400
for a console only to be told that you can't use it because some teenagers are
bored is a bad investment. Sony and Microsoft should know better. They are
both big and juicy targets, but there are bigger and juicier targets out there
that are able to weather those lame attacks. It's Christmas day and a lot of
people who got Sony and MS products are unable to fully utilize those
products. Those guys are ripping Sony a new one every other day since 2011.
Sony learns nothing and remains awful in incident response and recovery.

~~~
onewaystreet
You understatement the amount of bandwidth that was being sent. It was huge.
No one but Google and Facebook can weather what Lizard Squad (and the botnet
operators they buy from) have access to.

------
chatmasta
This entire thread in the media is playing out exactly as I would predict. CNN
is putting this story as its lead headline, but in any other context a DDOS
attack on gaming networks would be a forgettable article buried a couple
headlines below some others. This story is so exciting for news networks
because "hacking" is on people's minds, especially after The Interview -- and
xbox and sony, two companies distributing it, are hacked? CNN loves that.
Pageviews!

(Hey, wasn't there another story today? About the NSA? Employees arbitrarily
querying data of their neighbors? Hmmm...)

It's frustrating to watch the story develop and feel powerless, despite
knowing this is going to end in legislation restricting freedom on Internet
usage. I find comfort in the fact that the fundamentals of network theory will
resist such an attack. In the words of John Gilmore [0], "the Net interprets
censorship as damage and routes around it." Any to pass anti-Internet
legislation will be an exercise in futility.

[0] [http://www.toad.com/](http://www.toad.com/)

------
vmp
I think news articles shouldn't mention the person or group who claims
responsibility for a DDoS, it's just free publicity for the perpetrators and
encourages copycat crimes. "I hacked X and got on the news!"

------
mikestew
Tried to log on about 1500 PST and couldn't. Rebooting the Xbone fixed it. Sad
thing is, my experience with the Xbone in general has been so poor that I
didn't think a thing of it, like in "there must be something wrong". No, I
just figured the flakey Xbox Live servers were having another bad day (which,
as it turns out, they were).

As for the l'il tyke who was so devastated that he considers it the
"worst...Christmas...evar", I've got news for ya, kid: you bought an Xbone,
get used to stuff not working like you'd expect (or in the case of the latest
Halo, not working at all).

