A hacker group known as Lizard Squad made a lot of kids unhappy this Christmas by shutting down two popular video game networks, Microsoft’s Xbox Live and Sony’s Playstation Network. Starting on Christmas eve, core parts of Xbox Live were unavailable, and the troubles on the Playstation Network started soon after that. The hackers picked the best time to disturb these networks, as anyone who received an Xbox or PS for Christmas would have had to connect to these networks to set them up. Since the networks weren’t available, those brand new game systems had to sit unplayed, much to the frustration of children and their parents who had to listen to them.
Lizard Squad compromised the gaming networks using an attack called Distributed Denial of Service, or DDoS. A DDoS enlists thousands of compromised computers as “bots” that are forced to send data packets to particular servers. These bot armies don’t really want anything meaningful to be returned by these requests. Rather, they simply want to flood the server with traffic so that it is unable to respond to actual requests for service, such as registering a new machine or game. Because the server is unable to differentiate legitimate requests for service from the bogus requests that are flooding it, it starts to choke. Users who try to make legitimate requests end up receiving indications that the service they have requested is unavailable. Service can’t be restored until the administrators of the server are able to identify where the bogus packets are coming from and what they look like. Once they have a better picture of the source and structure of the bogus requests, they can put rules into the firewalls that try to protect the server to block such packets, so that the server no longer has to deal with them.
If you think this kind of attack is simple, you are right. The tricky part is assembling the army of bots to send out the noise. A person’s computer can be captured as a bot if they visit a site that has malicious code on it that gives the attacker a foothold. That foothold is a piece of software that is designed to receive messages from the attacker and target a particular server. Once the attacker gives the malware the go-ahead signal, it will begin flooding the targeted server with junk. That is how a DDoS starts.
We’ve conjectured for years about how hackers could get into our financial systems, health care systems, and critical utility infrastructures. What is interesting about the events of the last couple of weeks is that cyber security concerns are starting to seem more real to more people. They are compromising our entertainment channels, after all, even on Christmas Day, and, worst of all, they’re making kids cry. As any parent can attest, there is no more effective way for drawing attention to an issue than a kid’s whine. If that’s what it takes to make people, including their legislators, more aware of the imminent danger in cyberspace, then attacks like these may finally bring the kind of changes we desperately need, even if they temporarily strains the parent-child relationship.