Sony's PlayStation Network had a rough ride this weekend, collapsing under the brunt of a cyber attack by forces as yet unknown. While the PSN is now back, here's a breakdown of what happened, with answers to questions.
What brought the PlayStation Network down?
Something called a Distributed Denial of Service, or DDoS attack (confirmed by Sony here). A DDoS attack occurs when someone attempts to make a server's resources unavailable by inundating the server with traffic. In short, Sony's servers couldn't keep up with the incoming traffic, culminating in a logjam for all incoming requests, legitimate or otherwise.
When did the PSN go down?
Sunday, August 24, in the early morning.
What's this I'm hearing about Sony and a bomb scare?
Sony Online Entertainment president John Smedley, traveling on August 24 by commercial plane from Dallas-Fort Worth to San Diego, had taken to Twitter to let people know Sony was battling the DDoS avalanche Sunday morning.
But someone, though at this point no one knows who precisely, claimed the American Airlines Boeing 757 Smedley was on contained explosives, prompting its diversion to Phoenix.
The plane landed uneventfully in Phoenix on Sunday and as far as anyone knows, no explosives were found on the plane.
Was Sony the only company affected by the DDoS attack?
No. While the lion's share of media attention has been on Sony, probably due to the simultaneous bomb scare, several other gaming-related services, including Microsoft's Xbox Live and Blizzard's Battle.net, were reportedly disrupted over the weekend.
Microsoft, for instance, reports that access to its "Social and Gaming" services are "limited" (and were still as this list went live, though the reasons why are unclear; according to Reuters, Xbox spokesperson David Dennis said, "We don't comment on the root cause of a specific issue, but as you can see on Xbox.com/status, the core Xbox LIVE services are up and running").
Blizzard posted the following note: "Battle.net game services have recently been subject to DDoS attacks. We worked diligently along with our ISPs to improve the situation and currently are seeing more stability. We appreciate your patience."
Gamasutra notes that both Riot’s League of Legends and Grinding Gear’s Path of Exile were also targeted, resulting in those services going down.
Who did it?
No one knows, but an anonymous group calling itself @LizardSquad on Twitter posted the following early Sunday morning:
And the same group tweeted this at American Airlines, as SOE's John Smedley was manning Sony's Twitter cannon Sunday morning:
The LizardSquad account also made several references to ISIS, one of various names ascribed to the jihadist group currently attempting to establish an Islamic state in Iraq and Syria:
But as the BBC notes, a person associated with the hacktivist group Anonymous has said the DDoS attacks were in fact initiated by Anonymous to demonstrate weaknesses in Sony's system. The BBC says this hacker has denounced LizardSquad's attempts to take credit for the attack, and has posted screenshots designed to prop up Anonymous' claims to responsibility.
In other words, we're still not sure at this point who was actually responsible, or what their goals were beyond the mundanely obvious: service disruption.
Did whoever brought the PSN down manage to steal anything?
A DDoS attack isn't a hack in the strictest sense of the word: It's a brute assault on a server's ability to service requests. Sony social media manager Sid Shuman says, "We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information."
In other words, as far as we know (and Sony says), no sensitive information was accessed or compromised.
Is the PSN still down?
As of this morning, it appears to be back, and Sony indicated it was functional already late yesterday (though at the time Sony's note went live, the PSN was still nonfunctional for me and hadn't come back by the time I went to bed).
The PSN was supposed to go down (in part or whole) for planned maintenance Monday for much of the day, so certain features weren't supposed to be working on Monday by design. But Sony now says that scheduled maintenance update is no longer happening today, writing, "In light of today’s issue, the networks will not undergo the regularly scheduled maintenance, which was planned for Monday, August 25. We will provide an update shortly for when the maintenance will be rescheduled."
Didn't this happen to Sony once before?
Not exactly. Sony's PlayStation Network was hacked back in 2011, at which point the perpetrators absconded with some 77 million user accounts, prompting Sony to shutter the service for over three weeks.
As noted above, yesterday's DDoS attack was a brute force attempt to take Sony's servers offline, not an intrusion hack, and according to Sony, no sensitive information was taken.
On the DDoS front, the companies involved are doubtless bolstering their defenses, but bulwarking for brute force denial of service attacks is an ongoing process, and there's no panacea.