Sony woes continue: Lizard Squad launches DDoS attack on PlayStation network

Lizard Squad claims to have hacked Sony's PlayStation Network, with the firm still reeling from one of the biggest data breaches in recent history.

Sony woes continue: Lizard Squad launches DDoS attack on PlayStation network
Sony woes continue: Lizard Squad launches DDoS attack on PlayStation network

The PlayStation Network was down for two hours early Monday morning, according to Sony, which says that there are currently no signs of data loss.

Gamers trying to access the store at around 2 am GMT on Monday morning saw the message: “Page Not Found! It's not you. It's the internet's fault”

Sony said on Twitter that it was “aware of the issues some users are experiencing, and are working to address them” but did not go into more detail on the issue.

Two hours later and Lizard Squad – which has also been linked to numerous high-profile DDoS attacks on gaming platforms including Microsoft's Xbox Live and Call of Duty of late – as well as a hoax bomb threat against a Sony executive back in August, tweeted: “PSN Login #offline #LizardSquad.” A follow-up update from the group included a link to a YouTube video mentioning the hack.

Access was restored later in the early hours of the morning. PlayStation tweeted: “If you had difficulties signing into PlayStation Network, give it a try now.”

Stewart Room, director of the Cyber Security Challenge and privacy lawyer at PwC, toldSCMagazineUK.com that this latest attack comes in a 'record breaking' year for cyber-security.

"The news about the Sony PlayStation hack reminds us once again that the threats to cyber-security are as varied as they are real.  2014 has been a record breaker for cyber-security breaches and we have seen that the threats have come from many different areas, such as criminal threats, state-sponsored threats, rogue insiders and now the Lizard Squad, whose  motives and motivations might be more about hacking kudos than anything else. 

"A big problem for business is that the continuing torrent of bad news stories is spurring on tougher regulatory responses. Next year organisations should be braced for more regulatory action for breaches of cyber-security, particularly where personal data are affected." 

Tony Reeves, IT security expert at PA Consulting Group, told SCMagazineUK.com that the attack – which mainly affected North American users - was a way of generating publicity for the hackers, but praised Sony's response.

“Most organisations have actions in place to respond against DDoS, and it seems that Sony implemented its response quickly once it had been reported.

“Whilst annoying for users, and certainly unlikely to win any support for the group causing the disruption, these attacks are a quick way of generating publicity. In this case, no loss of data has been reported nor has any information been stolen. However, DDoS attacks have been used previously to mask more serious hacking attempts.”

Reeves added that Lizard Squad were mainly doing these attacks for ‘fits and giggles' and pointed to the group's social media accounts, where it actively asked followers who it should attack.

“This was just disruption because they can, and for the publicity, which unfortunately they got,” he said, adding that the attack came during an event celebrating Sony's games 20th anniversary.

Reeves continued that it was unlikely to have any connection with last week's Sony Pictures hack, something he said ‘looks even more organised' than the breach in 2011. On the latter, he said that Sony has improved its incident response.

“Their response in 2011 took a couple of weeks, but now they're responding in 24 hours and getting lawyers and the FBI involved.”

A group calling itself the ‘Guardians of Peace' is taking responsibility for the Sony Pictures hack, which has seen the leak of five complete films - including the unreleased Annie - as well as the personal records of thousands of employees. This information is said to include names, dates of birth and social security numbers, while a document with plaintext passwords was also discovered. The stolen data is said to be have topped 100 terabytes.

The attack has been blamed on North Korea as the film studio has been backing 'The Interview', a comedy film which is based on two CIA agents recruited to assassinate Kim Jon-UN. 

The government has denied responsibility for the attack, which is being investigated by the FBI, although an official statement from North Korea's National Defence Commission later said that it was a “righteous deed.”