Establishing Digital Trust: Don't Sacrifice Security for Convenience
At 4:29pm on December 7, Lizard Squad tweeted, "PSN Login #offline #LizardSquad."
Soon after, Sony tweeted, "PSN update: we are aware of the issues some users are experiencing, and are working to address them. We'll keep you updated."
Variety reports that Sony Computer Entertainment issued the following statement on Monday morning: "The PlayStation Network and Sony Entertainment Network are back online and people can now enjoy the services on their PlayStation devices."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"The ability to access our network services was temporarily impacted due to a distributed denial-of-service attack," the company added. "We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information."
Lizard Squad launched a similar attack on the PlayStation network on August 24, 2014, when they also tweeted a bomb threat to American Airlines claiming that a flight carrying Sony Online Entertainment president John Smedley "has explosives on-board."
Dave Larson, CTO of Corero Network Security, told eSecurity Planet by email that organizations like Sony PlayStation that conduct their business online need to be more proactive about mitigating these types of threats. "There are two very practical initiatives that every business should consider to improve their defensive posture to Internet borne threats," he said. "First – invest in proactive technical defenses against DDoS attacks and cyber threats to prevent them from achieving their goal of disrupting or compromising the business. Second – ensure that reactive response plans are developed and put in place to minimize the disruption caused by an attack that penetrates your defenses – or is suspected of compromising your systems."
Lizard Squad's DDoS attack doesn't appear to have any connection to the cyber attack that hit Sony Pictures Entertainment two weeks ago, which exposed several terabytes of data, including unreleased feature films and employees' personal information.
The Register reports that the hacker group involved in that attack, Guardians of Peace, recently sent threatening emails to Sony employees that stated, "Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan. ... Many things beyond imagination will happen at many places of the world. Our agents find themselves act in necessary places. Please sign your name to object the false of the company at the email address below if you don’t want to suffer damage. If you don’t, not only you but your family will be in danger."
And while the possibility was raised that North Korea may have launched that attack in response to Sony's planned release of the comic film The Interview (the malware involved was created on computers using Korean language packs), the spokesman for the Policy Department of North Korea's National Defense Commission recently issued the following statement: "We do not know where in America the Sony Pictures is situated and for what wrongdoings it became the target of the attack nor we feel the need to know about it. But what we clearly know is that the Sony Pictures is the very one which was going to produce a film abetting a terrorist act while hurting the dignity of the supreme leadership of the DPRK by taking advantage of the hostile policy of the U.S. administration towards the DPRK."