Network Security, Network Security, Vulnerability Management

Hacking group CyberTeam claiming responsibility for Skype outage, threatens Steam

A hacking group called CyberTeam has taken responsibility for an attack against Skype that has impacted that service for the last two days and said the gaming site Steam is next on their target list, but whether this assertion is true remains in doubt.

As of June 21 CyberTeam's claim has not been substantiated by Microsoft or any other third party, but the communications service has been enduring hours of connectivity issues, primarily in Europe. The group has issued several tweets taking responsibility, along with a screen shot of the group's Skype account that it claims is evidence of the group did in fact attack Skype. The hackers did not mention the attack vector used, but it describes itself on its Twitter account as specialists in distributed denial of service attacks.

At this point the circumstantial evidence available neither proves or disproves CyberTeam's claim.

Patrick Tiquet, Keeper Security's director of security and architecture, told SC Media, that CyberTeam's tweets and publicly stepping up as the aggressor is not definitive proof it is respnsible, but noted hacking groups usually do not take credit for attacks committed by others.

"While the Skype outage occurred around 19:00 UTC, the post occurred about an hour afterwards, and the screenshot shows times of 20:04-20:06 - It is hard to call this conclusive proof because screenshots can be photo-shopped, and the Twitter post occurred after the attack had begun,” he said.

Tiquet pointed out that lying about having carried out the attack would be a detrimental act by any hacking group attempting to build a name for itself.

“Many of them are interested in gaining a level of fame and creditability with their peers by perpetrating these attacks and having their names mentioned in the media. A group's credibility would be quickly tarnished if they claimed responsibility for an attack that another group perpetrated,” Tiquet said.

Stephanie Weagle, vice president of Corero Network Security, said the industry reporting she has seen does indicated that the outage was the result of a DDoS attack.

Matthew Pascucci, founder of Frontline Sentical, noted that nobody should jump to a conclusion when it comes to identifying what type of attack has taken place. 

"During issues like these, we should always wait for the affected company to release a statement before jumping to conclusions and motives," he said.

On the flip side several industry insiders dismissed the idea the problems are DDoS related and pointed it probably being a technical issue.

“When we reviewed the outage, it appeared as though it was concentrated in Europe and given that, we believe that this is a technical issue. If this was a DDoS against Skype we'd expect to see a wider outage affecting multiple regions, not just those in Europe,” Justin Monti, CTO of MKACyber, told SC Media, adding he has seen groups take credit for another group's attack in order to gain fame.

Whether or not CyberTeam is playing a role, the Skype outage is real having started on Wednesday and continuing through Thursday. Microsoft reported it has made some headway solving the reported connectivity issues, but is still working to eliminate the issue.

“We have made some configuration corrections and mitigated the impact. We are continuing to monitor and we will post an update when the issue is fully resolved,” the company reported on June 20.

According to DownDetector.com, Europeans have been most affected by Skype's issues with smaller outbreaks taking place in the United States and Japan persisting into June 21. This despite Skype Support tweeting out that it had fixed the problem.

CyberTeam's other tweets say it will soon launch a similar attack on Steam and described itself as being “more aggressive” than LizardSquad.

“Steam, the day is coming,” it tweeted on June 19.

LizardSquad has claimed responsibility for several attacks on PlayStation Network and Xbox Live.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.