Incident Response, TDR

PlayStation Network downed by DDoS attack, other gaming networks hit too

Millions of gamers were unable to access Sony's PlayStation Network for what seemed to be the entirety of Sunday after it was crippled by a distributed denial-of-service (DDoS) attack, according to a Sunday post, which adds there is no evidence of a breach of personal information.

Other gaming networks also experienced similar problems at various points throughout the weekend, including Microsoft's Xbox Live, which continued to have some issues on Monday, and Blizzard's Battle.net. Additionally, developers of League of Legends and EVE Online took to their respective forums to discuss being targeted by DDoS attacks.

DDoS activity has been on the rise throughout 2014, according to various reports.

As it turns out, the methods used to carry out DDoS attacks against websites are virtually identical to those used to hit gaming networks such as the PlayStation Network and Xbox Live, Matthew Prince, CEO of CloudFlare, told SCMagazine.com in a Monday email correspondence, explaining that DDoS attacks are ultimately about overwhelming a resource with a large number of requests.

“I don't know a lot about [PlayStation Network's] or Xbox Live's application design, but my hunch is it's just based on typical web protocols and therefore would be vulnerable to the same application attacks that a website is; and even if it's based on some custom application, since it is accessible over the internet, it wouldn't be difficult to craft application level requests (Layer 7) that would affect it,” Prince said.

However, speaking specifically on the PlayStation Network, Prince speculated that it was downed by a volume-based Layer 3 attack – DNS reflection is an example of a Layer 3 DDoS attack – because of a Sunday tweet from John Smedley, president of Sony Online Entertainment, in which he wrote, “The problem is upstream of our network we have no control. So they are flooding the routes to us too. That's how it works.”

Prince said, “These are very difficult problems to deal with, even for a large company like Sony. The challenge is that the biggest router that you can buy only has a 100Gbps port on it and Layer 3 attacks today can get much larger than that. The largest attacks we see now exceed 500Gbps.”

Also speaking on the PlayStation Network DDoS attack, Marc Gaffan, co-founder of Incapsula, told SCMagazine.com in a Monday email correspondence that a Layer 3 attack could have overwhelmed defensive measures that Sony had in place, or a Layer 7 attack could have gone on undetected.

Gaffan said identifying DDoS attacks is not necessarily an easy task, and added that “if the attack vector was undetectable by [a] DDoS mitigation solution that was already in place, it may have taken a long time to get an alternative solution up and running, or the attack may have just died down.”

Along the way on Sunday, the American Airlines flight carrying Smedley was diverted from San Diego to Phoenix for “security reasons,” Smedley posted on Twitter. Numerous follow-up photos and tweets posted by various Twitter users indicated passengers were being taken off the plane and luggage was being scanned.

The reason is likely due to a tweet directed at American Airlines by Lizard Squad, the group taking responsibility for the DDoS on the PlayStation Network, as well as some of the other aforementioned issues. The group tweeted, “We have been receiving reports that [Smedley's] plane #362 from DFW to SAN has explosives on-board, please look into this.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.