Millions of children and adults who expected to enjoy 25 December playing games on their Microsoft or Sony consoles were deprived of the chance by a Distributed Denial of Service attack (DDoS).
The attack, clearly timed to create the maximum amount of publicity and disruption, was directed at the PlayStation and Xbox servers the games consoles depend upon.
It prevented gamers from setting up their consoles, downloading games or joining others to play games online.
Although both networks are up and running again now Microsoft restored their service more than a whole day sooner than Sony – a final ignominy in a year to forget for them.
Hacking group Lizard Squad has claimed responsibility for the attack, having previously threatened both companies.
In an interview with Sky News a man speaking for the hackers claimed it was ‘basically’ the work of three people and they’d done it…
...to raise awareness, to amuse ourselves...
They [Microsoft and Sony] should have more than enough funding to be able to protect against these attacks.
In the event it was a different kind of funding that satisfied their ‘principles’.
Internet entrepreneur and console gamer Kim Dotcom engaged the vandals via Twitter on 26 December and offered them vouchers for his MegaPrivacy service worth $300,000 USD if they called off the attacks.
A tactic which worked, apparently.
A Christmas Miracle. How @MegaPrivacy saved @Xbox & @PlayStation from the @LizardMafia attack. Enjoy your games! 🙂
Speaking from Finland the Lizard Squad front man, calling himself Ryan but named by Brian Krebs as Julius Kivimäki, told Sky’s Joe Tidy that he didn’t feel any guilt about depriving people of their Christmas presents:
I'd be rather worried if those people didn't have anything better to do than play games on their consoles on Christmas Eve and Christmas Day.
I mean I can't really ... feel bad. I might have forced a couple of kids to spend their time with their families instead of playing games.
Ryan’s attempt to justify the attack as somehow doing some good, whilst shifting the blame to the victims and passing off the impact on gamers as inconsequential, is a stuck record we’ve heard many times before.
This is not what helping looks like, this is doing it ‘for the lulz’.
Ethical hackers, the kind who actually help improve security, use their skills to find bugs and report them quietly and responsibly so as to minimise collateral damage.
But a DDoS attack isn’t a skilful hack – it isn’t picking the lock, it’s blocking the door from the outside with as much rubbish as you can pile up.
You won’t see Lizard Squad earning bug bounties from Microsoft or appearing in Sony’s hall of thanks.
It isn’t for Lizard Squad, or anyone else, to decide how millions of people can or can’t spend their Christmas day.
And the gamers aren’t the only victims.
The attack itself was almost certainly launched from a large network of compromised computers that are owned and paid for by others. Computers that were broken into and used illegally and which have to remain compromised for groups like Lizard Squad to operate.
Lizard Squad aren’t interested in security, they’re in it for the lulz, and we know how that story ends.