Why Hackers Took Down Sony’s PlayStation Network

Playstation 4

Microsoft's Xbox Live service also compromised

Hackers “overwhelmed” Sony’s PlayStation Network on Sunday, making the service unavailable to its tens of millions of users.

The move brought back painful memories for Sony of a serious 2011 breach that exposed the names and passwords of millions of customers on the PlayStation Network.

While the latest attack wasn’t a significant security flaw in its service, Sunday’s event raises questions whether Sony’s system — which the company sees as a major distribution platform, and thus revenue stream, for video games, movies, TV shows, web series and music — is vulnerable to future hacks.

Sony wasn’t alone with Microsoft’s Xbox Live also hit by hackers. “Gaming and social” features were limited Monday with owners of the Xbox One and Xbox 360 consoles unable to play games online or communicate via chat. The company said its support team was working “to get these issues fixed ASAP.”

“Xbox members, are you having trouble connecting to Party Chat, or running into server unavailability issues within ‘Diablo III?'” Xbox wrote on its blog on Monday. “We are currently working with our partner to get these issues fixed as quickly as possible. Thanks for being patient during this process. We’ll provide an update to you when we have more information.”

A hacker group called Lizard Squad on Sunday claimed to take down the PSN via a similar distributed denial of service (DDoS) attack, which prevented users from streaming Netflix movies or playing multiplayer games online via their PlayStation Plus accounts due to heavy traffic. That was before turning its attention to the Xbox Live service.

SEE ALSO: Who Really Attacked Sony and Microsoft’s Networks?

On its Twitter feed, Sunday, Lizard Squad posted that it was “preaching” that Sony should be spending more money to protect its customers’ accounts from such hacks.

It tweeted: “Sony, yet another large company, but they aren’t spending the waves of cash they obtain on their customers’ PSN service. End the greed.”

It’s worth noting that DDoS attacks are designed to flood a system’s servers with artificially high traffic and not access encrypted information, but rather disrupt access and overwhelm a service to the point where it must shut down.

The PlayStation Network and Sony Entertainment Network were hit by “an attempt to overwhelm our network with artificially high traffic,” Sony said Sunday in a blog post.

The Lizard Squad also spent the weekend hitting other gaming servers like Blizzard Entertainment’s Battle.net, Riot Games’ “League of Legends,” and Grinding Gear Games’ “Path of Exile.”

In 2011, hacker group Lulzsec targeted the same PSN network, exposing the personal information, including passwords and credit card data, of 77 million accounts. It took Sony 24 days to fix the problem, and spent $15 million to settle a class action lawsuit.

Sony execs are sure to be double checking any security holes that need to be plugged in its system after Sunday’s event.

The PlayStation Network, which offers up streaming services and access to the PlayStation Store to buy and rent movies and other entertainment, is free. However, Sony charges $50 a year for gamers to play multiplayer games on the PlayStation 4. Doing so on the PlayStation 3 is free.

As of July, Sony had sold 10 million PlayStation 4 videogame consoles.

SEE ALSO: Sony Sells its 10 Millionth PlayStation 4 as Hardware Drives Video Game Sales in July

Lizard Squad certainly took the hack to extremes over the weekend, calling out terrorist organization ISIS with a tweet: “Today we planted the ISIS flag on @Sony’s servers #ISIS #jihad” and posting tweets to American Airlines about a bomb threat on an American Airlines flight that carried Sony Online Entertainment president John Smedley.

The plane landed in Phoenix, with Smedley responding via Twitter: “Yes. My plane was diverted. Not going to discuss more than that. Justice will find these guys.”

The PlayStation Network and Sony Entertainment Network are now back online. A scheduled maintenance of the networks, which were set to occur Monday, has been canceled, Sony said on its PlayStation blog.

“The networks were taken offline due to a distributed denial of service attack. We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information. We sincerely apologize for the inconvenience caused by this issue. Thanks for your patience and support.”

Filed Under:

Want to read more articles like this one? SUBSCRIBE TO VARIETY TODAY.
Post A Comment 109

Leave a Reply

109 Comments

Comments are moderated. They may be edited for clarity and reprinting in whole or in part in Variety publications.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  1. tbo says:

    Because they can.

    End of story.

  2. Chris says:

    Wrong…Sony does not charge its customers to play multiplayer games online with the PS4. They charge $50 a year so that players can get access to free games and a discount on new games. Playing multiplayer games online is a free service for the PS4.

  3. quimbius says:

    script kiddies hiding in your parents basements isn’t going to save you, you are now branded terrorists you should be afraid very afrais,

  4. Grim says:

    Sony got attacked, Microsoft got attacked, Blizzard got attacked, everyone got attacked..

  5. They attack a company that despite having the PS4 sell well, isn’t making a great profit overall. If these idiot hackers would do their research, they’d know that Sony has been taking losses in most of their sectors.

    Like one other guy stated on here, maybe they should focus on attacking the government. But nevermind, they are too scared to do that……..

  6. SgtBeetle says:

    If they want to target greed why not start with the GOVERNMENT they are the greediest of them all.

  7. JR says:

    If you want to target Greedy Corporations why bother with Sony hit these ISP. And for Joe Dragon don’t buy at $48.99 wait for a Black Friday/Cyber Monday sale I got my Year for $20.00

  8. Joe Dragon says:

    Sony: BTW, in light of the inconvenience our Users suffered, we would like to extend our Plus service to you at the highly discounted (hic) price of $48.99. The discount is our way of saying thank you for your patience in putting up with our crappy service…”

  9. Rex says:

    “We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information.” Then how, exactly, was Sony hacked if no one breached their system? Hacking refers to the gaining unauthorized access to otherwise private or confidential data. Bombarding servers with connections until the servers crash is completely different. The writer of this post is a dolt, as are quite a few of the commenters. Really, Jerome Russey? “Hackers are terrorists”? Do you understand what a terrorist is or what they do? Everything this group did was to stop Sony’s corporate greed. Yes, the “We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information.” Then how, exactly, was Sony hacked if no one breached their system? Hacking refers to the gaining unauthorized access to otherwise private or confidential data. Bombarding servers with connections until the servers crash is completely different. The writer of this post is a dolt, as are quite a few of the commenters. Really, Jerome Russey? “Hackers are terrorists”? Do you understand what a terrorist is or what they do? Everything this group did was to stop Sony’s corporate greed. Yes, the plane-bomb threat thing is a bit of a stretch… Regardless. -bomb threat thing is a bit of a stretch… Regardless. Unless there’s more to the story (lord knows that there is and that this post is just to get a reaction), it’s safe to say that this is more media garbage. Move on with your life.

  10. JTSmoke says:

    Maybe I missed a key point, but how does a DDoS attack help prove to a company that they need to protect users credentials more, when a DDoS attack just prevents everyone from using the service or site, has nothing to do with gaining access to information.

  11. jerome russey says:

    I think hackers are terrorists. they hack in the name of the people but these are the same people you hurt. i do agree that sony did get greedy with the ps4 and its makes me not want to pick up the next system they release. I particularly do not like the fact that anything you bought via playstation network will not carry over to the ps4.

  12. Zach says:

    I feel bad for these script kiddies, they pissed off a company who employs Black Hats, and those Black Hats are going to do a lot more then just limit their bandwidth. They can destroy hardware with a Layer 7 Dos attack, and also plant life destroying information onto your computer and put you behind bars for life. RIP Lizard Squad, your stupidity will not be remembered….

  13. Lizard Squad wasn’t responsible for the hack. It was FamedG0d and he did it after apprising Sony of the vulnerability multiple, multiple times. It also wasn’t JUST a DDoS attack, he had full access to the admin console to demonstrate that anyone could take credentials that wanted to.

    https://twitter.com/FamedGod

  14. Why? If you ask why some people attack PSN you don’t obviously know a thing.
    Sony does not care its customers, i am one of em and with me there are millions of others who never got their money back because of Sony when something happens or your digital download does not work or you never get it and so on,. PS3 hangs or PSN splits when you are using some once on a lifetime “boosts” which just costed you alot ,. this list just goes on ,. go on and try PS Home, you know what i am talking about. Hangs, feels like youre using Win98, actually back to 90’s again and no stores work,. and did i say it hangs your system,. oh i did… well it corrupts your data as well and you can say goodbye to your games and saves including trophies if not synced.
    Theres just too many Sony victims out there i’m not surprised at all.

    • justtoldya says:

      You sound like the Xbox fanboy that’s taking Xbox losing to ps4 personal. I have used home countless times, doesn’t hang like you say. Though it’s not a that entertaining, some cool things to look at it’s really nothing to brag about, yet it’s free so I don’t complain. The real victims of last generation are those that had to buy multiple Xbox 360 due to their failure rate. That failure rate also padded the sales number of the Xbox making it look like the Xbox 360 won the last generation. Yet even with the failure forcing xbox owners to buy multiple units of the same consol, playstation 3 still caught up to the Xbox 360 in total sales. Xbox 360 is said to have a failure rate of 50%, can you imagine any other company that releases a product with a 50% failure rate. The consumers of the 360 are the real victims.

    • You call yourself and others “victims” based off this petty stuff while real victims of injustices are all over the world. Pathetic. You should be ashamed of yourself.

  15. Biggylittles says:

    Stop calling em hackers, this is what they want to be called but DDOS is far from hacking, also best to let die, only thing this kid wants is his ego stroked, and the more stories published on it helps him get off each time.

    I do love how you have PS in the headline as if it was the only one truly affected. This kid been at it all week taking down guild Wars, battle.net and other gaming outlets.

    No one DDOS’s for awareness , it is only used to be a Dbag which why a lot of companies don’t worry about having prevention from it.

  16. Rawdiggs says:

    Playstation exec had to change his flight with threats of terrorism…lollololololololol…rich bastards deserve it

  17. nd says:

    Just goes to show how stupid DDOS’ers are. With all the security in the world you can’t protect against a DDOS attack. There is always someone that will find away around a security system.

  18. Monty Keegan says:

    I was still able to use Netflix. It didn’t effect every single person. Those hackers though need to rot in jail. They have no life to do stupid pointless things like this.

  19. gwhy says:

    hackers do that because hackers are trolls

  20. Sunny says:

    What Sony did to the hackers……

  21. bobby says:

    Oh come on this is either Microsoft or it bitch ass fans!! The xbox is failing hahaha

  22. Mike says:

    I know how to deal with this bias.. get ahold of ‘Anonymous’ course they would take it out on Sony as well.. geeezzz.. oh well. NEXT……..

  23. battlenet is going through a series of DDOS attacks itself, big names like this usually are targets nothing new. most likely some pissed off wannabe hackers who got banned and now want to make everyone gaming a nightmare.

  24. They aren’t hackers, they’re DDOSers. Big difference. Hacking takes skill and DDOSing is basically like trying to clog a server like a toilet.

  25. joysad24@hotmail.com says:

    Odd because it never went down for me…and i heard about this yesterday…still up right now too!

  26. Steven Hawking says:

    Because PSN was down, my two year old daughter didn’t get to watch her Barney. Thanks, hackers.

  27. Gooobler says:

    I fail to see how a DDoS attack is considered hacking.

  28. EmberRip says:

    It wasn’t a hack, you ignorant tards…DDos, Deliberate Denial of Service is when the server is spammed so many times it can’t take any more requests from anyone else, hence the Denial of Service part. It’s exploiting the fact that no server has infinite processing capabilities(currently :P).

  29. Dargo says:

    Why did they do it? because they suck and they’re losers.

  30. John says:

    Pretentious basement dwellers.

  31. Montana says:

    I dont know about anybody else but I had no problem getting on the network, I was playing online and streaming movies all day, I even signed out and signed back in multiple times…. I didnt have a single issue with the network when it was “hacked”, I continued to play and stream my games and videos without a single problem or even noticing one. I agree that it only affected certain people because I saw plenty of others playing online on Playstation as well and they definitely were playing completely fine even with mics.

  32. Orly says:

    It’s really nothing to do with hacking at all. Anyone with some smarts and a computer can DDoS a service. It’s annoying but not a security breach situation like what happened to Sony previously.

  33. CameronW says:

    So they are all up in arms to take down a hacker group….but they can’t jail the people responsible for the economic crash.

  34. Bill says:

    how about you come out with some games that are actually fun to play (ps4 user)

  35. David says:

    Yep, that is why I haven’t bought one yet. It take a year or so to work out all the bugs.

    • Jim says:

      This hack effects even the old ps3 and 360 on said networks. Having a new system or not would not have changed anything.

  36. Talon Wood says:

    I was OK with this, though scaring with what I pay for hurts me as well guys! The ISIS crap is disgusting! Posting an organization’s flag which is known to kill innocents and sell women as sex slaves is repulsive and has as nothing to do with your cause but shock value. Anonymous didn’t have to do this. These people have no real values!

  37. Bobby says:

    Denial of Service attacks can be thwarted through the use of Cloudflare.

  38. You says:

    How is DDOSing hacking? Their objective was to apparently expose how insecure this and that is. However, DDOSing a secure, encrypted server won’t allow you to steal anything stored on it, and it’ll go down anyway. There’s no way to really prevent DDOS attacks. You can’t steal anything even if you DDOS an unencrypted server. Lizard Group or whatever their stupid name is seems like douches.

  39. Paul says:

    Game consoles make it hard to put security on them. It is easier to put security on you phone. If you do not have security on your game system or phone you will be easily hacked. This is because WI-FI is way easier for hackers to get in to. It will be the same for Microsoft too. Their security sucks. You need to monitor your network and you will not get as many Malware issues if you do so. If your system gets hacked you will need to do a clean install and change you passwords on you modem and Router. If you want a secure connection just use you modem and run a CAT 5 or 6 wire between your system and modem. They will have to go threw your internet provider then. If you have Century link their is nothing I can tell you that is going to help you. Their network is slower than molasses. You will have to be close to their server and that can be far away. Their network gets hacked all the time too.

  40. criznittle says:

    they’re not even script kiddies

  41. I love how biased this article is against Sony. Its like all the other gaming companies that were attacked were just footnotes. They all were attacked the same way, they all were down for roughly the same amount of time. And yet media idiots decide to focus only on one company. WTF is that?

    Also, they spend more time going over Sony’s previous issue with hacking (which was completely and totally different and an ACTUAL security issue unlike this issue) than they do going over the other companies.

    Its so obvious this article is biased against Sony it’s not worth even reading.

  42. Mike Johnson says:

    Quit referring to these script kiddies as hackers. They are not hackers

  43. Matt Brown says:

    Famedgod, some other whiz beard, claimed responsibility and allegedly exposed lizard squad’s IP addresses via twitter.because according to famedgod, they took …”credit for my shit.”

  44. Mjkbk says:

    So, a senior editor at Variety doesn’t know what a DDoS is? Why do we LISTEN to these journos, when it comes to reporting on science and technology topics?

  45. Jjones says:

    Umm why no mention at all about Xbox Live also being attacked and taken down and only Sony?!? Or how about Battle net which was also hit and taken down?

    “Sunday’s event raises questions whether Sony’s system — which the company sees as a major distribution platform, and thus revenue stream, for video games, movies, TV shows, web series and music — is vulnerable to future hacks.”

    This part plus the lack of mentioning ANYONE else that was targeted makes this article sound like it was paid for by Microsoft.

    • Jack says:

      I never lost my connection to xbox live. Must only be effecting certain people. My PSN was down. I live in CT anyone else with same or different experiences?

      • NotU says:

        My experience was the other way around. I only had the slightest hick-up on the PS3, but both my and my oldest’s 360 have been stuck offline since yesterday. A few of my friends are saying that they can connect with the PS3, but the PS4 was still offline.

    • It did mention others. You must not have actually read the article.
      “The Lizard Squad also spent the weekend attacking other gaming servers like Blizzard Entertainment’s Battle.net, Riot Games’ “League of Legends,” and Grinding Gear Games’ “Path of Exile.””

      • NotU says:

        That line was not present when the article was first put up, nor were any of the lines that now talk about XBL being attacked. That’s why there are so many posts about it. It wasn’t there. It’s clearly being edited in response to people calling them out.

      • So a sentence is enough when it should be a bigger picture issue instead of just focusing on one company?

  46. Complex says:

    Lets clear some things up. DDoS is a real attack. It does not steal information like the LulzSec attack did. For anyone thinking you can run a DDoS tool like LOIC and take down Sony think again. It requires a botnet and hundreds or thousands of zombie computers to take down someone like Sony. Getting a botnet is not simple. I am not saying Lizard Squad deserves respect. I do not respect malicious actions. Just wanted to correct those false posts about it being simple.

  47. Nope says:

    Great to see your complete and well researched article considering Hacker group “Lizard Squad” launched a large scale DDOS attack on Blizzard, PlayStation, Xbox, League of Legends and more. They even tipped a false bomb threat to Sony Online Entertainment’s President John Smedley’s domestic US flight (which the FBI is now handling), causing it to be diverted for safety issues. Techs are rapidly trying to solve the issue – with both PS & Xbox currently confirming issues with their servers

  48. it was a ddos attack,thats not a hack.
    anyone with a pc can do it.
    also they took down xbox live log in for 5 hours.

  49. DDoS isnt hacking any one can do it. its a method of taking down servers/websites etc that only children use this Lizard Squad is a joke just like every other want to be hacker organization that has 0 hacking skills and relies on DDoS Programs created by actuall hackers or anyone with a little knowledge of C++

More Digital News from Variety

Loading