CNET también está disponible en español.

Ir a español

Don't show this again


With PSN, Xbox Live back online, focus shifts to hackers taking credit

The identities and motives of Lizard Squad members, who claim to be behind gamers' holiday-break headache, take center stage now that the services have been restored.

While Microsoft managed to restore Xbox Live by Friday, Sony was struggling late into Saturday evening to bring its PlayStation Network back up while gamers waited. CNET

Players around the world are now breathing a sigh of relief as they settle into some long overdue gaming during the holiday break. Starting around December 24, two of the largest online gaming services, Sony's PlayStation Network and Microsoft's Xbox Live, were disrupted in a high-profile denial-of-service attack, which was resolved late Saturday evening.

The only culprit so far has also been the most vocal -- Lizard Squad, a loose collective reportedly composed of hackers based out of the United Kingdom and Eastern Europe who, in a rare move, have been willing to show their faces on national television. After being offered storage vouchers from online file-sharing mogul Kim Dotcom worth around $300,000, the hackers said they would end the attacks. Sony and Microsoft were able to restore service.

In interviews with a handful of news outlets, group members have claimed not to be activists, but to be interested in exhibiting how poor these companies' security systems are.

"Well, one of our biggest goals is to have fun, of course," said one member speaking with The Washington Post. "But we're also exposing massive security issues with these companies people are trusting their personal information with. The customers of these companies should be rather worried."

To do that, the group didn't steal sensitive user information, like credit cards or passwords. It chose instead to overload the companies' networks with traffic, causing them to crash.

There remain many unanswered questions, namely whether Lizard Squad, which has in fact surfaced in the past during PlayStation Network outages, was truly responsible for this most recent attack. Other questions concern who its members are and the response from US authorities. Security expert Brian Krebs says he has identified the members of the group willing to conduct live interviews with television networks, though he stresses that, like Lizard Squad itself, these people could simply be taking credit for others' actions.

"The Lizard Squad's monocle-wearing mascot shows them to be little more than a group of fame-seeking kids who desperately aspire to be like LulzSec, a similarly minded gang whose core members were busted and went to jail," Krebs wrote Monday. "With any luck, these kids will get their wish soon enough."

The FBI is said to be investigating the group, according to the Daily Dot, which spoke to a member of Lizard Squad going by the name Ryan. The member says he served prison time in Finland over an August bomb threat made against an American Airlines flight that was ferrying John Smedley, president of Sony Online Entertainment.

The authenticity of any shred of information from Lizard Squad's vocal Twitter account is also in question, and some of it appears to contradict itself at times.

The group turned its focus to the Tor encryption service, changing its Twitter bio to "I cry when Tor deserves to die," only to claim that it was merely exploring a supposed exploit. The Tor Project announced that it is addressing the situation and not concerned for Tor users' security.

Perhaps the most pressing question though is what, if any, role Lizard Squad played in the massive hacking of Sony's film division. Sony Pictures Entertainment suffered a devastating attack, far more serious than that of last week's PSN outage, in late November. The cyberattack resulted in leaked emails and sensitive employee information, and eventually led to an international debacle over releasing the comedy film " The Interview."

In the interview with the Post, a Lizard Squad member claims to have handed over Sony employee credentials to members of the Guardians of Peace, the hacker group claiming responsibility for the Sony Pictures attack.

If true, the link could prove to be the first breadcrumb in the public eye as to how Sony suffered one of the worst corporate cyberattacks in history.