Many websites of the Dutch government were hammered by a distributed denial-of-service (DDoS) attack, the government said on Wednesday. In a statement, the government said the attack targeted the hosting service Prolocation, also knocking out other websites such as that of the satirical publication GeenStijl. It began 10am local time on Tuesday and apparently lasted into the evening. The Dutch National Center for Cyber Security is now coordinating with the government to investigate the attack. Ironically, as GeenStijl pointed out in its own statement, the DDoS took place on Safer Internet Day.
Police in the U.K. have arrested another man in connection with the disruption of Microsoft’s Xbox Live and Sony’s PlayStation Network over the Christmas period.
The 18-year-old was arrested near Liverpool on suspicion of hacking and also of “swatting” – the practice of calling armed police tactical units to a target’s house to address a made-up threat. It sounds as though the swatting target was in the U.S., as a spokesman for the South East Regional Organised Crime Unit (Serocu) described “law enforcement forces in the United States receiving hoax calls via Skype for a major incident in which SWAT teams were dispatched.”
The arrested teenager is suspected of unauthorized access to computer material, unauthorized access “with intent to commit further offenses,” and threats to kill. Serocu seized “a number of electronic and digital devices” for examination. The unit worked with the FBI and the North West Regional Organised Crime Unit (Titan Rocu) on the operation.
The “Lizard Squad” attacks on the gaming networks deliberately caused major disruption just as people were receiving consoles and games for Christmas, and were only called off when Mega entrepreneur Kim Dotcom offered the miscreants file hosting vouchers. According to security expert Brian Krebs, the attackers used a botnet based on compromised home routers to knock out Xbox Live and the PlayStation Network.
This is the second arrest in connection with the attacks — a 22-year-old man called Vinnie Omari was arrested in London at the end of December. A Finnish 17-year-old by the name of Julius Kivimäki has also reportedly been interrogated over the attacks.
Two German government websites were knocked offline by a distributed denial of service (DDoS) attack around 10am local time on Wednesday. Chancellor Angela Merkel’s site is still down five and a half hours later, but that of the Bundestag came back minutes ago. The pro-Russian CyberBerkut hacker group has claimed responsibility, claiming the attack was carried out as an appeal to Germany to “stop financial and political support of criminal regime in Kiev, which unleashed a bloody civil war” in Ukraine. Although the attribution of today’s attack remains unconfirmed, the group has been highly active since the ouster of Ukrainian president Viktor Yanukovych in February 2014.
Frustrated users were still taking to Twitter to complain and Sony’s Playstation Network support page still showed intermittent connectivity Monday night in the wake of a serious wave on attacks that took both Sony’s gaming service and Microsoft’s Xbox services offline on Christmas Day.
The denial of service attacks hit the companies where it hurt, affecting millions of customers as they were unwrapping new consoles and games, some of which needed to be connected to their respective networks to work. Microsoft’s Xbox site reports that the Xbox service is running as of Monday night, but the IGN and Maxim apps are experiencing problems, but the Sony network seems to have some deeper problems. A colleague of mine reports that he couldn’t connect his PS3.
We have reached out to Sony for comment, and will update the story if we hear back. The “Lizard Squad,” a group of hackers taking credit for the DDoS attacks, had said it was moving on to target Tor, the anonymous routing software, so it’s unclear if Sony is experiencing new attacks or continued trouble from the previous ones.
For those trying to get their Playstations back online, Sony is tweeting out a link so users can attempt to reconnect:
On Thursday, Sweden’s biggest internet service provider, Telia, said that its network had suffered an attack earlier this week from hackers who were apparently trying to target a gaming company. Reports suggest the target was Electronic Arts (EA), which runs some Battlefield services out of the country.
According to Telia, the distributed denial of service (DDoS) attack occurred on Tuesday night and through much of Wednesday, forcing the ISP to toughen up its systems. While it was ongoing, the DDoS made it difficult for thousands of [company]Telia[/company]’s customers to surf the web, watch digital TV and make VoIP calls.
Telia spokesman Marcus Haglund told me Thursday that the attack first hit around 10pm on Tuesday evening, running for around 45 minutes. “Then it calmed down overnight,” he said. “It continued from 10am and was running all through the day and escalated in the night. It ended at 8pm.”
“We have an internal investigation that will run to the bottom of what has happened and what we can do to prevent it in the future,” Haglund continued. “There was a configuration that was a bit lax yesterday that we have corrected. If the same attack was aimed at us or any of our customers, we can say we are not vulnerable in the way we were yesterday.”
Haglund said thousands of customers had been affected. In such attacks, the target’s systems are flooded with data, causing them to stop working. Recent years have seen such attacks grow in severity, with the culprits amplifying them by bouncing the traffic off open servers, notably domain name system (DNS) servers.
The ISP hasn’t named the gaming company that was the target, but the Swedish newspaper Dagens Nyheter reported that it was Electronic Arts (EA), which has offices in Stockholm that develop and run the Battlefield Heroes and Battlefield Play4Free services. The paper quoted F5 Networks security expert Joakim Sundberg as saying the attack used DNS servers for amplification, and that it was perpetrated by the “Lizard Squad” hacker group.
Lizard Squad claimed on Twitter that it had taken down EA’s servers, and has previously claimed responsibility for repeatedly knocking over Sony’s PlayStation Network, Microsoft’s XBox Live and other online gaming services.
TeliaSonera chief Johan Dennelind told ZDNet that the ISP had not “seen an attack on that type of scale before”.
This article was updated at 7.40am PT to change “a few thousand customers” to “thousands of customers” — a correction made at Telia’s request, which may indicate that there were more than a few thousand victims.
The firm is rolling out what it said it would roll out a couple months back, in a move that should provide better protection even for websites using CloudFlare’s free services.
The attack took down the PSN on Sunday. It may have been the work of the same person who claimed there was a bomb on a flight carrying a Sony executive, causing the flight to be diverted.
Feedly is suffering yet another distributed denial of service (DDoS) attack, the third since the news aggregation service was first targeted on Wednesday. The company, whose service was going up and down like a yoyo at the time of writing, tweeted on Friday that it was “working on it” — presumably with CloudFlare, as the CDN and security firm’s name appears on Feedly’s error page. When the first wave hit, Feedly said the attacks were part of an extortion attempt that apparently also targeted other unspecified firms.
Evernote’s denial of service attack seems to have been going on for at least 10 hours, causing data synchronization problems for users. Feedly’s seems to be connected with an extortion attempt.
The Elance denial-of-service attack has been going on for over a day now, though it is now only sporadic. Elance says it has bought in new defences to try cope. Meanwhile oDesk says it got hit by a briefer, separate attack.