Hacker News new | past | comments | ask | show | jobs | submit login
Xbox and PlayStation hit by 'hack' (bbc.com)
36 points by schrofer on Dec 25, 2014 | hide | past | favorite | 47 comments



> She said they had been downloading a game since 09:00 GMT - and by 23:40 it was still not ready.

> "He has spent most of the day in tears," she said.

> "He says it's been his worst Christmas ever.

> "I think Xbox should compensate us all."

... Grow up and teach you kid not to act like a baby, this is how you raise a spoiled brat. I got an XBone for Christmas and it still hasn't finished downloading the game that came in the bundle. Am I mad? Yeah, and a little annoyed but tomorrow or the next day everything will be back to normal so I got over it and just hung out with my family (God forbid you do that instead of play video games all day).

Also can we stop calling DDOS's "hacks", there is no "hacking" going on, no unauthorized internal network access, no leaking of private data. Sony WAS hacked by GOP, but Sony and MS are being DDOS'd not hacked. Let's call this what it is and not put it on the same level as what GOP did to Sony (or what hackers did to Sony that took down PSN a few years back). This is temporary and will cause no long-term damage. This will be practically forgotten within a week (Just like the WoW DDOS's that happened around the WoD launch).

I think we can all agree that games that don't need online should be playable but that's a seperate issue. We can gather our pitchforks on that issue if we want but the DDOS isn't PSN/XBLive's fault...


> so I got over it and just hung out with my family (God forbid you do that instead of play video games all day).

That's the running joke with a buddy of mine when $GAME_WE_WANT_TO_PLAY isn't working: "awww, shit, Halo matchmaking is broken. What are we going to do now, spend time with our families?" But it's only a joke. If someone is in tears over it, it's a great teachable moment for parents. "Worst Christmas ever"? "Okay, kids, today we're going to learn about 'perspective'. Grab your shit, because we're heading down to the homeless shelter to drop off clothes and spoon up some soup."


You're really going to trash a kid for being sad on Christmas when his toy didn't work? Cold.


No, I'm going to trash his parents for raising a spoiled brat. Let me reiterate, this is temporary, this will pass, it will be back to normal before this kids Christmas Break is over.

Does it suck? Yes, but the parents should not tolerate this behavior. They just spent a considerable amount of money on this kid's Christmas and he cries because he has to wait 1-2 days??? Sounds like he isn't old enough to own an Xbox One to me....


Consumers shouldn't have to tolerate paying that kind of money for something that is largely crippled during service outages on the biggest holiday in the world due to something as easily achievable as a DDoS attack. It's a big problem that could translate to almost any "connected" service.


In an ideal world they shouldn't but this world is far from ideal. There is no silver bullet to DDOS attacks, if there were you can bet companies would be using it.


Here's a better article.

http://www.smh.com.au/digital-life/games/xbox-playstation-ne...

Lizard Squad is posting about their DDOS attack on twitter via @LizardMafia. They are forcing Sony and Microsoft to read their statements for them to stop the attack.

EDIT: It seems @KimDotCom is working with @SavagexCOD (Lizard Squad Member) to get the network back online in exchange for lifetime mega.co premium membership vouchers.

Kim Dot Com: Hi @LizardMafia, I want to play #Destiny on XBOX Live. I'll give your entire crew Mega lifetime premium vouchers if you let us play. Cool?

Lizard Squad: Attacks have stopped momentarily, awaiting @KimDotCom's response.


What a terrible thing to do. "Hey guys, you annoyed me. Let me give you a ransom!"

This won't discourage further attacks, it will only make things worse.


Really? If @LizardMafia begins attacking someone, Kim can revoke the licenses.

Also, it could very easily be a honeypot. I give you a voucher, and you activate it from your IP, I give it to the authorities. If one time you don't login to your account from behind a proxy/vpn/tor, I can give your IP to authorities. This isn't advisable to Kim, but it is a possibility.


This really only shows that Kim is in it for himself, just like with his previous ventures. The post gives Mega exposure (good for him), plus it frees up the XBOX network (also good for him), which I'm sure he is playing today since apparently at one time he was one of the highest ranked players in the world.

Don't think of it as anything other than self interest.


I'm not surprised, Kim is known for his extravagance and will promote Mega every opportunity he can.


Agreed. They've posted a picture on their twitter of a note saying "Lizard Squad made me do this" beside an insanely cut wrist. Are these activists or terrorists?


They describe themselves as cyber terrorists.


At around 1:00PM I attempted to sign into XBox Live so that my girlfriend could play a game on the XBox that she paid over $500USD for just a month ago. Microsoft said they'd update the status in 30 minutes and I just got a text at 8:45PM(CST) saying the problem has been fixed.

She was not devastated, but just didn't understand and very frustrated, understandably. She just wanted to play single player. After doing some searching I found the fix for some games is to go into "offline mode." Luckily it worked and she got to play.

This brings to light a very big issue with the "always connected" idea that was Microsoft's original plan. It shouldn't take "figuring out" to make a fairly expensive gaming system play a single player game due to a core online service being down. That's a huge UX flaw.

I can only imagine the emotions caused to the young ones around the world this Christmas.


It's not only MSFT it's the game developers as well, XboxOne supports offline mode for game that support it same goes for the PS4 and the PC. All platforms have games which are "online only"(yes even on Steam). So while i don't know what took so much "figuring out" mainly because it's a feature of the console you should blame the publishers that put all the "online" features in the game in the first place. But then they only followed their consumers who want to share every achievement and headshot they make on everything from facebook and instagram to the gas station bathroom stall at the 300 mile marker on i49....


XBox 360's flow is kind of like this: Put game in, start game, sign into profile, offline? okay. You're signed in but can't play on live., so here’s an option for single player.

XBox One's flow is kind of like this: Put game in, wait 15 minutes for the game to install enough to begin to be playable, start game, "you must be signed into a profile" (this is at the XBox level), "We can't connect to XBox Live Core Servers -- Check status at www... and try again later," exits to dashboard. That's it, I'm not exaggerating.

> So while i don't know what took so much "figuring out" mainly because it's a feature of the console you should blame the publishers that put all the "online" features in the game in the first place.

First, I had a few things to figure out. We've had this thing a month. It's a very sophisticated piece of gaming equipment, or supposed to be. No way it just completely bricks itself into a blu-ray player just because it’s online Core Services are down? So I start troubleshooting: Have I gotten a new credit card due to Target/Home Depot/?? Hack and not updated my billing information? Status page says they are experiencing some problems with some people not being able to login. Now that I know my billing info is good, and it really is solely a problem with Xbox Live Services, is there a way to bypass it? I am not the only one that has had this problem because there is a lot of forum posts online, which is the first place I found out that you have to go to settings to toggle an option to go into an “Offline Mode.” But, in my mind I'm wondering why would I go offline in the first place? My internet is working... I put the XBox in offline mode, the game starts, let's us login to our profile, then the game tried to contact it's servers. Once it sees that it can't contact it's servers it, without issue, gives us the option to play single player.

Having to first discover “Offline mode,” then decide when you need to be in “Offline” mode on the console to play a game that has the ability to play both offline and online is not a feature of the console. It’s confusing, and it ruined my experience as a user. I am attempting to constructively point out a flaw that I have personally experienced.


+1 on this

I don't know if this has changed but in 2010 you even had to sign into xboxlive to use upnp on your own local network.


steam has a way to continue playing your games in offline mode. I can understand the frustration. You bought the game, you should be able to play it whenever you want.


There's effectively zero information in this article, aside from the already well-known claim that Lizard Squad is behind this, and half of the article is a pointless anecdote about someone who was unable to download a game for their Xbox One and therefore and the "worst Christmas ever" and thinks "Xbox should compensate us all".


[deleted]


This is essence of doing something for the "lulz".

I agree though, giving in all too often to bad behavior won't curb it, it only encourages more bad behavior.


Certainly some of the blame falls on MS and Sony for forcing such a model in the first place, then not handling these attacks?


You honestly think this is worse than death and rape threats that push people out of their homes?


No, I don't.


Given that I've watched people live-tweet their rape/death threats over the last few months for the crime of being in the games industry your post comes off as, at best, incredibly tone deaf.


Fine, have it your way.

Do you ever make constructive contributions to discussions, or do you just express outrage at your purposeful misinterpretations of other people's remarks?


Scale. A death/rape threat only targets a single person. This type of attack causes much less harm to any individual, but that harm is multiplied by many individuals. Our intuition about relative harm (and bassicly everything else) breaks down across such large scales.


So a rape or murder is better than giving 100,000 an inconvenience because it effects less people?

WOW.


Is it possible that the xbox/playstation servers are overloaded from all the new consoles? Or is it confirmed that both servers are getting ddosed?


That's quite possible, but this group had previously announced they'd be doing this so it's a reasonable possibility.

Also, note Nintendo (Mario Kart and Smash) never went down during those games launch and is still up. The player count isn't as high, but they could play.

Interesting Nintendo wasn't targeted.


Well, either that, or the group announced that they'd attack those services today because they figured there was a good probability that everyone trying to log on with their new Christmas goodies would cause service problems they could take credit for.


When the PS4 first came out, it was a royal mess to get online just to get connected and activate the console. Seems they were also targeting Bungie's servers, but their server / network system has been a complete mess since they released the Destiny console game.


Ugh, I was under the impression that 'these days' hacking was harder because people/companies are more informed then they used to be compared to back when the internet was newer ... apparently I was wrong. Lately it seems worse then ever, are companies just cutting corners to save costs? Or are (cr/h)ackers just 'smarter' then the average 'professional IT' crowd?


> Or are (cr/h)ackers just 'smarter' then the average 'professional IT' crowd?

The difference between your average professional cracker and your average sysadmin is that when a cracker doesn't know his stuff, he can't get anywhere... while a sysadmin would be able to slack off all day as long as he keep appearances up. (No offense meant to good sysadmins - they are the most awesome people in the sector)

And a lot of people do that. I've seen it first hand so many times I lost count. Heck, it sometimes happens even to Google. I'm willing to bet a lot of Sony's/Microsoft's teams are filled with incompetents who barely know more than how to reboot the server they handle, let alone know about security and such.

I think the more competent you are, the less you are able to notice incompetence around you (without specifically looking for it). There's an interesting parallel to be drawn with the excellent article on the Fermi paradox currently on the front page: Nobody stops for the anthill.

One of the companies I worked for (no names here) has an absolutely worthless sysadmin. The guy manages fifty linux machines and he doesn't know how to set up SSH. He's been on the team for several years and he's getting carried by the fact that the people who can fire him don't know how to set up SSH any better than he does -- and other people end up cleaning up his messes.

Does that story sound familiar to you? If you have worked in enterprise and haven't encountered it, you've either been very lucky or very blind.


Aside from occassional incompetence, it's good to recognise that with sysadmins vs. crackers the odds are stacked in the favour of crackers. Sysadmins need to guard against all attacks to do their job, whereas crackers only need to find one attack that has been overlooked. Also, despite the image of crackers as super tech geniuses, as a group they still know that the path of least resistance is often the best, which relies heavily on social engineering, which is far easier to do.


they aren't aren't hacking anything. It is a DDoS it doesn't take any "skill". Any person with money can hire them, and it isn't hard to build a bot net if you don't care about breaking the law.


Hmm, not sure why I was down voted but anyways, ah yeah the article didn't mention it was a DDoS, it's not even a 'hack' at this point in my opinion.


Probably doesn't even take much to knock down the servers on xmas day given the insane burst of xmas traffic from first power on of new devices.


I have no idea why ossreality is flagged dead. he is completely right and your suggestion is pretty silly.


I have no idea why he keeps commenting while hellbanned. Only some of us can see him and no one can respond to him directly. Just make a new name, man.


Ah, ya I missed that he was hellbanned. Thanks.


Perhaps legacy software is becoming the problem. In any system there's bound to be a dependency or any kind of use of a legacy piece of software with known bugs/exploits. Hackers identify these weakest links/weak spots and use these 0-days as entry points to breach the system further. As more systems are developed, it takes so much more time to track these weak spots, let alone maintain them.

So I think you're right. It's a miracle that the Internet even works. At all.


The hacktivist group, Lizard Squad, has an official song:

https://archive.today/OcOdU

https://soundcloud.com/hacker/lizardsquad

And the song is actually hilarious ("North Korea is the best Korea") and kind of cool. We live in such a bizarre world.


And that's why you don't make games that need to be online 100% of the time to function (and charge $60 for it). Also, it should be noted that paying $400 for a console only to be told that you can't use it because some teenagers are bored is a bad investment. Sony and Microsoft should know better. They are both big and juicy targets, but there are bigger and juicier targets out there that are able to weather those lame attacks. It's Christmas day and a lot of people who got Sony and MS products are unable to fully utilize those products. Those guys are ripping Sony a new one every other day since 2011. Sony learns nothing and remains awful in incident response and recovery.


You understatement the amount of bandwidth that was being sent. It was huge. No one but Google and Facebook can weather what Lizard Squad (and the botnet operators they buy from) have access to.


This entire thread in the media is playing out exactly as I would predict. CNN is putting this story as its lead headline, but in any other context a DDOS attack on gaming networks would be a forgettable article buried a couple headlines below some others. This story is so exciting for news networks because "hacking" is on people's minds, especially after The Interview -- and xbox and sony, two companies distributing it, are hacked? CNN loves that. Pageviews!

(Hey, wasn't there another story today? About the NSA? Employees arbitrarily querying data of their neighbors? Hmmm...)

It's frustrating to watch the story develop and feel powerless, despite knowing this is going to end in legislation restricting freedom on Internet usage. I find comfort in the fact that the fundamentals of network theory will resist such an attack. In the words of John Gilmore [0], "the Net interprets censorship as damage and routes around it." Any to pass anti-Internet legislation will be an exercise in futility.

[0] http://www.toad.com/


I think news articles shouldn't mention the person or group who claims responsibility for a DDoS, it's just free publicity for the perpetrators and encourages copycat crimes. "I hacked X and got on the news!"


Tried to log on about 1500 PST and couldn't. Rebooting the Xbone fixed it. Sad thing is, my experience with the Xbone in general has been so poor that I didn't think a thing of it, like in "there must be something wrong". No, I just figured the flakey Xbox Live servers were having another bad day (which, as it turns out, they were).

As for the l'il tyke who was so devastated that he considers it the "worst...Christmas...evar", I've got news for ya, kid: you bought an Xbone, get used to stuff not working like you'd expect (or in the case of the latest Halo, not working at all).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: