As it stands, and as we enter the three-day mark, Sony’s PlayStation Network is still down – taken to its knees on Christmas of all days by a group proclaiming itself as ‘Lizard Squad.’ This marks another footnote in what’s become a disturbing trend that’s befallen both Sony and Microsoft in recent times, with no signs of ending soon. With a user base on the verge of rightful dissent, the ball’s now in Sony’s court as to what it can do to rectify the situation. But, is there actually a whole lot that the Japanese corporation can do in the face of such attacks?
Lizard Squad‘s primary weapon in this whole debacle has been a DDoS attack (Distributed Denial-of-Service), a relatively straightforward, albeit devastating, form of forced server congestion that’s infamously difficult to forecast and prevent. Sony has unwittingly become familiar with this form of attack given that it’s been on the receiving end of it more than once in the past year – incurring the wrath of the general public in the process. Unfortunately, if there was a clear-cut preventative measure available one would presume that the company would have enacted it previously, as it now stands to lose a great deal of potential revenue during the festive season, not to mention a sizable amount of credibility to boot.
Sure, Sony could attempt to mitigate future attacks by increasing its server capacity tenfold – in turn offsetting the impact made by artificial traffic – but then where is the line drawn? There will always be a limit on the extent to which Sony can upgrade, and once that limit is actualized, groups can subsequently strike in greater volume, rendering Sony’s costly safeguards completely null. Sony’s silence at this present time speaks volumes – there isn’t a ready-made solution that can be explored and that spells danger for companies and businesses the world over, not just those within the video game industry. And even though the Japanese company has employed the likes of DDoS mitigation service Prolexic to counteract the effects of these attacks, its service is still left reeling by the sheer enormity of the violation. What’s more, DDoS-type attacks are relatively simple to conduct: they’re not a form of hacking where one illicitly gains access through an exploit in a network. Instead, they’re effectively just overloading a server with fake requests until it buckles under the pressure. Think of it as someone taking all of the available parking spaces at a local shopping centre, leaving all the genuine consumers out in the cold without a space to utilize. It’s an unfortunate – and extremely unlucky – state of affairs that it’s been Sony that’s become the poster boy for these highly-publicized outages as of late when in actuality any company with online infrastructure could be affected.
The flood of data that’s bombarding Sony and Microsoft’s servers this time around isn’t solely from a collective of computers governed by like-minded individuals with a singular goal – it’s also by computers infected with ‘sleeper’-type viruses that await commands from remote sources and then begin to send useless packets of information to a server with the sole aim of overwhelming it. These viruses can be housed on unsuspecting computers all over the world and their owners would be none the wiser as to what their machines have become a proxy for. Frustratingly, it’s also incredibly time-consuming to manually confirm which request made to the server is a legitimate and not malicious one as they both look the same; your log-in attempt to PlayStation Network is effectively identical to that of a request made by a bot. This authentication process is automatic as it stands (hence the outage) and it simply isn’t feasible to make it manual; the resulting delays for a service that the consumer ultimately pays for would make for a consistently laborious experience. That said, we’re paying for a service that as it stands is offline completely, so take from that what you will.
Ironically, one of the only ways of counteracting an attack as damaging as this is to ultimately be at odds with the principles of a free internet – one of neutrality and openness. If internet Service Providers (ISPs) had the power to more closely monitor traffic then they could possibly detect and subsequently divert blocks of data that are of malicious intent. However, given that a lot of this artificial traffic is by computers whose owners are unaware of what’s transpiring on their own systems it could result in a person’s internet connectivity being suspended, despite them having done nothing wrong in the process. Principally, it also adversely affects the internet’s fundamental rapport with freedom of information and would give ISPs and their cohorts the ability to do far more bad than good, that’s for sure. And with the fracas and uproar over Net Neutrality this past year, it’s undoubted that this latest debacle may be used as a pawn in another drive towards reconstructing the way the internet functions.
@page
Aside from overhauling the internet by its foundations, the other main avenue to explore for both Sony and Microsoft is to track down the original perpetrators and make an example of them – sending out a message and a deterrent in the process. It’s an unenviable task, that’s for sure, as these groups have went to great lengths concealing their identities, despite having appeared on various news outlets. Back in August, the same group – or perhaps someone moonlighting as Lizard Squad – managed to divert a plane carrying Sony Online Entertainment President John Smedley in amidst of another damaging DDoS attack on Sony. The far-reaching consequences and lengths to which these groups will go to deliver their distorted message (whatever that may actually be) cannot be understated. It must also be mentioned that Lizard Squad asserts that there’s safeguards that Sony could put in place but have so far neglected to do so (another purported reason for attacking once again), although the group hasn’t delved into the specifics of the claim. Additionally, the potential for copycat attacks and others taking up arms as it were is very real, and it’s certainly something that both Sony and Microsoft are considering as they ponder what their next moves will be. A more proactive and transparent stance from Sony would undoubtedly be welcome, its ‘hush-hush’ mentality thus far is unnerving from a business perspective and most importantly to its customers, too.
What’s important to be mindful of, however, is that it’s not simply a case of Sony throwing wads of cash at the problem and hoping it solves itself; it’ll involve a far more painstaking and methodical approach. An approach that might not even bear fruit at all given that these attacks are so hard to prevent by anyone’s standards. It’s understandable, and completely just, that people are aggrieved with the current situation. It’s downright unacceptable, but laying the blame entirely on Sony’s laps for lax security protocol is neglecting to look at the bigger picture. Here lies a more widespread and potentially lethal issue than some are giving it credit for and as a result it’s going to take a lot for it to cease.
What’s your view of Sony’s position within this debacle? Do you lay much blame on them or is that solely reserved for the group attacking? As ever, this is a contentious debate so don’t forget to leave your thoughts in the comments section below.