Lizard Squad plans Christmas Day encore with Xbox, PlayStation attacks

Remember last year? The hacking group Lizard Squad, best known for online pranks and targeting gaming networks, took down PlayStation and Xbox on Christmas Day. Now, it's threatening to do the same this year, and the hackers have help.

Attendees walk past a Microsoft Xbox sign opposite a Sony PlayStation sign at the Electronic Entertainment Expo, or E3, in Los Angeles, California, United States, June 16, 2015. REUTERS/Lucy Nicholson

Lucy Nicholson/Reuters

December 24, 2015

The digital Grinch may be coming for gamers again this Christmas.

Just like last year, the infamous hacking group known as Lizard Squad has threatened to deploy a distributed denial of service, or DDoS, attack against Microsoft Xbox and Sony PlayStation servers on Christmas Day.

And it's not only Lizard Squad this year that's taking aim at gaming networks. A new group known as Phantom Squad is also warning it will unleash a torrent of Web traffic intended to shut down Xbox and PlayStation networks.

This is Lizard Squad, the nebulous hacker group that torments gamers

Probably best known for their previous attacks on video games, and as briefly suspected in the Sony Pictures hack last year, Lizard Squad's greatest coup was probably disrupting the Xbox and PlayStation networks just as tens of thousands of families were plugging in new game systems on Christmas Day.

Given the outfit's success targeting game networks, and the difficulty of defending against DDoS attacks, gamers everywhere may once again be out of luck if they're hoping to use connected features on Xbox or Playstation on one of the biggest gaming days of the year.

Why do they do it? Mostly for the "lulz," or laughs, or simply because they can.

When asked what Microsoft was doing to prepare for tomorrow's promised attack, a spokesperson wrote that "security of Xbox Live is an ongoing concern" and "a top priority" but was unwilling to share more details. Sony could not be reached for comment.

Lizard Squad hasn't made much noise lately. Some hackers associated with the outfit were arrested earlier this year, leading to much speculation that the group may dissolve. But the hackers weren't convicted, and their antics resumed in the spring, and continued throughout the summer and fall.

Why many in Ukraine oppose a ‘land for peace’ formula to end the war

Lizard Squad knocked down "Call of Duty" servers over Thanksgiving, for example. It also resumed regular attacks on Twitch, a social media and live streaming gaming platform.

While the group has become well known for DDoS, one Lizard Squad member nicknamed "komopopo" told Passcode they aren't behind most of the attacks for which they are blamed. Still, they appear all too happy to take credit even when it's not due.

In general, DDoS attacks have become routine – and an almost daily problem – in the video game community. Gaming personalities on YouTube, for instance, have long complained that DDoSers targets competitive matches and even cost players championship money and titles. In April 2013, hackers attacked a Chinese Dota 2 competition with DDoS, allegedly to win a $20,000 bet the hacker had placed on the game.

DDoS is a particularly deadly form of attack because hackers can marshall hundreds of thousands of computers in a botnet that all attempt to connect to a server at the same time. 

These types of "attacks can be complex," explained Justin Bauer, a security analyst at DDoS protection company DOSArrest. What's more, he said, filtering traffic and protecting a service from interruption is harder for gaming companies because "many of these games are transmitting in a proprietary manner exclusive to the game and company that created the game."

Efforts to remedy the DDoS problem in the past have included video game company Riot Games threatening legal action against DDoSers in 2012. In 2014, the massively multiplayer online role-playing game Wurm offered 10,000 euros for tips that led to the identity of whoever was DDoSing their servers.  

The Lizard Squad member Komopopo says one countermeasure Sony has used is DDoS protection from Prolexic Technologies. But that appeared to have an adverse effect on some customers who, unbeknownst to them, owned computers that were used in the botnet attack on PlayStation. 

"A lot of people who were actually indirectly participating in attacks got blacklisted," said Komopopo. Most people don't realize they are part of this botnet, and in this case, were participating in a DDoS attack against Sony.

Another Lizard Squad member who resides overseas and goes by "Ryan" (real name Julius Kivimäki) claimed to have spoken with a Prolexic employee after one of their biggest attacks this summer, and "they said there was basically nothing they could do."

Prolexic Technologies, which is owned by the content delivery giant Akamai, said it was their policy to not comment on other companies.

Because of attacks on the gaming community, individual gamers are doing more to guard against hackers. Reese Leysen, a YouTube gaming personality operating out of Belgium, says groups such as Lizard Squad and Phantom Squad were "bound to happen since most sites and services are vulnerable."

Mr. Leysen says many gamers have "become much more knowledgeable over the past years in terms of how to avoid" DDoS attacks. Those countermeasures include using virtual private networks and setting up proxy servers, all of which can be "quite costly and complicated," he said.

Gamers who use services such as Twitch are also vulnerable. The company is "developing an education portal to address best practices in this area," said a Twitch spokesperson.

"DDoS attacks rely on gaining access to a broadcaster's IP address which they can't access via Twitch," wrote the representative. "Therefore, it's important to be savvy when it comes to protecting your information on other services."