Experienced Points

Experienced Points
How Lizard Squad Stole Christmas

Shamus Young | 30 Dec 2014 15:00
Experienced Points - RSS 2.0
PlayStation Network

Last week a "hacking group" called Lizard Squad took down the PlayStation and Xbox Live networks. On Christmas day. That was annoying, but even more annoying to me is the ignorant and misinformed technology reporting surrounding the story. I don't blame reporters who can't figure out who did what. All we have is the word of self-proclaimed "cyber terrorists" and ass-covering corporations to go by, and each side has motivation to exaggerate or downplay the significance and sophistication of the hack. But while it's tough to know what really happened, at least we should be able to get the technical details right.

First of all, this was not a "hack". Or at least, Sony and Microsoft were not the ones who got hacked. This was a distributed denial of service attack (DDOS). That's when a whole bunch of computers overwhelm a server with requests, so the server can't do anything but handle useless requests. It's like if your phone number was distributed to hundreds of thousands of people who just dialed your number over and over again. Your phone becomes useless. Your friends can't make it through because your phone is always busy. And you can't block the offending numbers because there are so many of them. There's no way to tell prank calls from legit ones, so there's nothing to do but shut your phone off and either get a new number or wait for the crowd to get bored and move on.

This is where the "hacking" part comes in. Lizard Squad didn't hack Microsoft and Sony. They hacked tens or hundreds of thousands of ordinary personal computers. How it works is this: They code some specific program, custom to their needs, and sneakily get it onto large numbers of common machines without their owners knowing. Sometimes hackers do this by disguising their virus as pirated software or pornography to trick people into downloading it. Sometimes they infect legitimate websites using various security vulnerabilities, and use that trusted site to get to people. (This happened on my site a little while ago.) Sometimes they hide it inside of programs pretending to be anti-virus. (I'm sure you've seen the "You computer is infected! Click here to clean it!" ads. Yeah. Don't click those.)

So your computer gets hacked. But unlike typical malware, this program doesn't do anything right away. No stolen credit card numbers. No porn popups. No hacked accounts. No spam messages to your friends over social media. Instead it sits there quietly, hiding in the deep parts of the operating system and not making any trouble. It connects to the hacker's server every once in a while, checking in and asking for orders. If there are no orders, the program goes back to sleep.

This is called a "botnet", and your hacked computer is one of the bots. When the hacker is ready, he adds the command to his server "Attack the PlayStation network!". The next time your computer checks in, it gets the order and begins hammering away at the PlayStation servers. You probably won't even know your computer is doing this. The only thing you might notice is that your internet might feel a little laggy, and likely as not you'll blame that on your internet provider.

All by itself, your little computer is no threat. But once the botnet is big enough, it becomes a dangerous force, able to take down major websites at will. The authorities can't very well track down each and every infected machine all over the world, so they have to attack the botnet command server. But the server is usually hosted someplace that's hard to reach, and it moves around a lot, and it's maintained through various blinds and proxies that make it extremely difficult to track down the owner of the botnet. It's possible to take these networks out, but it takes time and the cops usually don't know the botnet exists until the attackers use it. (By "cops" I mean "whatever government organizations are fighting cyber-crime".) Even if they take down the command server that gives the orders, those infected machines are still out there. The virus may have opened up other holes in their security, making it easier to make them part of a new botnet. Or maybe there's a fallback server that the cops won't find out about until the next attack. It's a constant game of cat-and-mouse.

Comments on