Both Sony and Microsoft have been reportedly hacked today, with numerous disruptions to both Xbox Live and Sony’s PlayStation Network. both services have been partially or totally offline all day, with Microsoft’s official Twitter campaign chiming in to note that the service had been disrupted and that the company was working to bring it back online — but didn’t have an ETA on when that would happen.
A group called Lizard Squad is currently claiming responsibility for the attack on Twitter, which likely involves spamming both networks with huge amounts of data to jam servers and make it impossible to process login requests. The attack was carefully timed to cause a maximum amount of disruption — service staff at Microsoft and Sony are going to be off campus and at home with their families, just like anyone else. Microsoft and Sony undoubtedly have protections in place to ward against these kinds of attacks, but Lizard Squad timed its attack well. Even if MS and Sony are willing to call in staff to deal with the problem, support personnel at the companies both manufacturers contract with for DDOS protection may or may not be reachable.
Put simply, this is the kind of problem that requires coordination between multiple companies, and that’s difficult to arrange when various engineers and staffers may well be scattered across the country or traveling for the holiday.
Microsoft’s support page for the Xbox Live system seems to indicate that it’s the login server that’s hosed, with virtually all other services listed as “up and running.” Of course, if you can’t log in, and those servers depend on login, that’s actually the problem — the handful of people who were already authenticated remain authenticated, but others can’t access the service.
Sony’s page doesn’t give a service-by-service breakdown, simply stating that the PSN Status is “Offline.” Whether this reflects a fundamental structural difference or the two companies simply hand out information differently, we can’t say. What does seem clear is that it’s the authentication servers under fire.
It’s not uncommon for hacker groups to do things “for the lulz,” but this kind of plan is a particularly low blow. Not only is it certain to make trouble for Microsoft and Sony staff, it’s going to wreck the holidays of the people at companies that work with MS and Sony on network security. More than that, it throws a wrench into the holiday plans of anyone who planned to game on Christmas. Consoles aren’t just owned by the wealthy, and playing a few rounds of Halo with cousins or siblings isn’t reserved for the upper class. There are a lot of people with relatively inflexible work schedules and limited time together who likely got punished by this — and that means plenty of people with incentive to hunt these jokers down after the holiday.