Facebook: Downtime was caused by an internal boo-boo, not a hack

Facebook’s outage early on Tuesday, which also took out linked services such as Instagram and Tinder, was down to a technical issue caused by the company itself rather than external factors.

The outage affected users around the world. According to a technical note, the outage lasted an hour — individuals may have experienced it for up to 50 minutes, sources told me.

The Lizard Squad hacking group, which apparently successfully hijacked the website of Malaysia Airlines on the weekend, claimed responsibility for Facebook’s downtime in a tweet. However, according to the company itself, that’s nonsense.

It said in a statement:

Earlier this evening many people had trouble accessing Facebook and Instagram. This was not the result of a third party attack but instead occurred after we introduced a change that affected our configuration systems. We moved quickly to fix the problem, and both services are back to 100 percent for everyone.

No data was compromised, the sources added.

UK teen arrested over Xbox and Playstation attacks, swatting

Police in the U.K. have arrested another man in connection with the disruption of Microsoft’s Xbox Live and Sony’s PlayStation Network over the Christmas period.

The 18-year-old was arrested near Liverpool on suspicion of hacking and also of “swatting” – the practice of calling armed police tactical units to a target’s house to address a made-up threat. It sounds as though the swatting target was in the U.S., as a spokesman for the South East Regional Organised Crime Unit (Serocu) described “law enforcement forces in the United States receiving hoax calls via Skype for a major incident in which SWAT teams were dispatched.”

The arrested teenager is suspected of unauthorized access to computer material, unauthorized access “with intent to commit further offenses,” and threats to kill. Serocu seized “a number of electronic and digital devices” for examination. The unit worked with the FBI and the North West Regional Organised Crime Unit (Titan Rocu) on the operation.

The “Lizard Squad” attacks on the gaming networks deliberately caused major disruption just as people were receiving consoles and games for Christmas, and were only called off when Mega entrepreneur Kim Dotcom offered the miscreants file hosting vouchers. According to security expert Brian Krebs, the attackers used a botnet based on compromised home routers to knock out Xbox Live and the PlayStation Network.

This is the second arrest in connection with the attacks — a 22-year-old man called Vinnie Omari was arrested in London at the end of December. A Finnish 17-year-old by the name of Julius Kivimäki has also reportedly been interrogated over the attacks.

Cops arrest man tied to hacks on Xbox and Playstation networks

Police in the U.K. appear to have collared one of the grinches responsible for a massive DDoS attack on XBox Live and Sony PlayStation, which spoiled Christmas for many gamers by knocking the consoles’ networks off-line.

According to the Daily Dot, British law enforcement raided the home of 22-year-old Vinnie Omari, arrested him, and seized phones, computers and an Xbox One. Omari is a reported member of the so-called Lizard Squad, a group of trouble-making hackers who followed up the Christmas attacks by offering to sell their tools to others who wanted to knock sites offline.

UK police have yet to name Omari, but did on Wednesday issue a short statement announcing the arrest of a 22-year-old man for computer-related offenses. The statement does not cite the Christmas hacks, but does describe activities from earlier this year that also appear in a purported arrest warrant published by the Daily Dot that does describe the [company]Sony[/company] and [company]Xbox[/company] hacking.

News of Omari’s arrest also comes via respected security blogger Brian Krebs, and from another alleged member of the Lizard Squad from Australia who goes by @abdilo, and wrote “Vinne is vanned” (a slang term for being hauled off by law enforcement):

The full facts behind the Lizard Squad’s actions are still emerging, but a new blog post by Krebs provides a fascinating look at how they operate, and how they appear to have tripped up. Krebs also takes glee in taunting them, and belittling them as small time and incompetent hooligans — which appears to be a tit-for-tat response into their efforts to mock him.

Hackers say Xbox/Playstation attacks are over, target Tor

Christmas Day gamers ran into problems connecting their Xbox or Playstation to the internet thanks to a denial of service attack, and the hackers that have claimed credit are now naming a new target: online anonymity software Tor.

A group operating under the name “Lizard Squadposted a series of tweets today about a planned zero-day attack, which target unnoticed weaknesses. In this case, that appears to be taking over the majority of Tor’s nodes: a series of points through which data sent over the Tor network travels. Tor protects users’ identities with these nodes, which obscure the origin of any data. Lizard Squad’s thought is if it controls enough of the nodes, information will no longer be anonymized.

As of this afternoon, Lizard Squad had about 3,000 nodes — nearly half of the 8,000 in existance, according to Gizmodo. But Redditors are questioning if the 3,000 nodes have enough weight to have any effect, as new nodes are vetted before they receive encrypted data.

Why is a hacker group interested in taking down software that has benefited countless other hackers? Lizard Squad posted a tweet documenting a possible motive:

This story is still developing, as Lizard Squad is working to gain more nodes. What has ended is the attack on Xbox and Playstation consoles. Lizard Squad thanked Kim Dotcom, who gave the group vouchers for his secure file hosting service Mega in exchange for ceasing the attack.

Gaming service hack attack whacks thousands of Swedish bystanders

On Thursday, Sweden’s biggest internet service provider, Telia, said that its network had suffered an attack earlier this week from hackers who were apparently trying to target a gaming company. Reports suggest the target was Electronic Arts (EA), which runs some Battlefield services out of the country.

According to Telia, the distributed denial of service (DDoS) attack occurred on Tuesday night and through much of Wednesday, forcing the ISP to toughen up its systems. While it was ongoing, the DDoS made it difficult for thousands of [company]Telia[/company]’s customers to surf the web, watch digital TV and make VoIP calls.

Telia spokesman Marcus Haglund told me Thursday that the attack first hit around 10pm on Tuesday evening, running for around 45 minutes. “Then it calmed down overnight,” he said. “It continued from 10am and was running all through the day and escalated in the night. It ended at 8pm.”

“We have an internal investigation that will run to the bottom of what has happened and what we can do to prevent it in the future,” Haglund continued. “There was a configuration that was a bit lax yesterday that we have corrected. If the same attack was aimed at us or any of our customers, we can say we are not vulnerable in the way we were yesterday.”

Haglund said thousands of customers had been affected. In such attacks, the target’s systems are flooded with data, causing them to stop working. Recent years have seen such attacks grow in severity, with the culprits amplifying them by bouncing the traffic off open servers, notably domain name system (DNS) servers.

The ISP hasn’t named the gaming company that was the target, but the Swedish newspaper Dagens Nyheter reported that it was Electronic Arts (EA), which has offices in Stockholm that develop and run the Battlefield Heroes and Battlefield Play4Free services. The paper quoted F5 Networks security expert Joakim Sundberg as saying the attack used DNS servers for amplification, and that it was perpetrated by the “Lizard Squad” hacker group.

Lizard Squad claimed on Twitter that it had taken down EA’s servers, and has previously claimed responsibility for repeatedly knocking over Sony’s PlayStation Network, Microsoft’s XBox Live and other online gaming services.

TeliaSonera chief Johan Dennelind told ZDNet that the ISP had not “seen an attack on that type of scale before”.

This article was updated at 7.40am PT to change “a few thousand customers” to “thousands of customers” — a correction made at Telia’s request, which may indicate that there were more than a few thousand victims.