Game Network DDoS Vandals Hit Sony Exec With Airline Bomb Threat

Three major game networks suffered disruptions allegedly at the hands of vandals who then followed up by tweeting a bomb threat against an American Airlines flight.

Playstation Attacks

The Playstation Network, Blizzard's and Microsoft's Xbox Live all suffered disruptions in the last 48 hours caused by a group—or perhaps a single individual—directing denial-of-service attacks at the game networks.

The vandals, who donned the monicker of "LizardSquad" on Twitter, went from juvenile to Jihad on Monday when they began posting terrorist-related images and video to their Twitter account and then mentioned that a bomb could be on the plane carrying Sony Online Entertainment's CEO, John Smedley.

"@AmericanAir We have been receiving reports that @j_smedley's plane #362 from DFW to SAN has explosives on-board, please look into this," the group tweeted.

The American Airline's flight was diverted to Phoenix, according to Smedley, who tweeted his own frustration. "My plane was diverted," Smedley said. "Not going to discuss more than that. Justice will find these guys."

The threat against the airline capped a rough 48 hours for the game networks. Sony, Microsoft and Blizzard all reported issues with their services. On Sunday, Sony reported that its network was back following the attack. Microsoft continued to have some issues with Xbox Live, and Blizzard reported continuing issues as well.

"We've recently been experiencing DDoS attacks and have been working to improve stability across services," Blizzard stated in its support forums on Sunday night. "We'll keep an eye on things and take further action as needed. Thanks for your patience."

The three major entertainment companies were not alone. On Aug. 21, the vandals claimed to have taken down the online game services at CCP, which owns Eve Online, and NCSoft, which owns both the Lineage and Guild Wars franchises.

"Why do we do it?" the group tweeted. "Multi-million dollar companies aren't spending your money to ensure your game has good service. DDoS is so old it's funny."

Modern denial-of-service attacks tend to mix a deluge of network packets, known as a volumetric attack and a more subtle target-dependent attack that attempts to tie up server resources, known as an application-layer attack.

In another attack against a gaming company that lasted more than a month, Web-security and delivery firm Incapsula saw attackers use massive network bandwidth and then attack the Web and database servers directly. The company declined to name their client, however. Once attackers mix in application layer techniques, DDoS attacks become much more complex, Marc Gaffan, co-founder and chief business officer of Incapsula, told eWEEK.

"It is also very difficult to seek out the good traffic and bad traffic, once it becomes an application layer attack," he said. "The challenge is to identify what is legitimate and what is not."

In the latest attack, the group of vandals began to pepper their Twitter feed with pictures of 911 and imagery of the current violence in Iraq. Despite the content, Sony's Smedley cautioned the media to not lump the miscreants attacking Sony's network with terrorists.

"I wish the national media would stop letting these DDOS trolls occasional use of the ISIS crap be taken seriously," he tweeted. "Seeing news accounts that make it sound like that's serious."

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...