I was right after all - LizardSquad attacks explained

Long story short of it? LizardSquad has created a botnet (Kind of like Internet Zombies infected with their software and spewing the DDoS packets) out of people's routers that haven't configured the default administrative account credentials.

So for all this talk about Sony and MS needing better security that some of you have been complaining about, the real problem is Johnny and Susie Glue-eater that plugs in their Netgear router, configures their wifi network and continues to let the internet be their septic tank.

I hope some of you feel awfully silly right now but even moreso, I hope some of you reading this log into your routers and set proper credentials.

You'd be completely nuts to think LizardSquad is the only hacker group who uses this type of infection to slave your systems, FYI.

This is why my router password is admin because I believe in security.

I'm also thinking about upgrading to WEP level security as right now I'm free as the wind.

So they're creating a library of peoples usernames and passwords? Yeah they're great people.

At least Anonymous is attacking jihadist websites, lizardsquad are just assholes

Shewgenja was right?!

Console gamers can thank the uneducated masses for their beloved online services being down so often...so I guess they can thank themselves.

Cool, looks like I'm part of the solution and not the problem.

So consolites screwed themselves over?

mate 'admin' is just not long enough (that's what she said).

that's why i go with 'password'.

yeah...that's how a DDoS works. It's not new

Wasn't it known that this was a DDoS attack from the start?

Hacker Group ‘Lizard Squad’ Hits Xbox Live and PlayStation Network with DDoS Attacks

Yep... dunno who stated otherwise.

Yeah, a hacker group using a DDoS attack... what's your point?

The problem is that an average system warrior doesn't know the distinction between a hack and a DDoS attack. All they know or care about is that the incident is an opportunity to potentially down-play their rival console's online network, and perhaps up-play their own online network on the basis of 'security', without any understanding of it. But that's System Wars 101 right?

Trying to say that its been known as a DDoS for quite a while. Agreeing with your comment.

ur never right.

Nice. I'll be updating soon! :)

I heard that tooting your own horn can turn you into B4X, which is a most undesirable outcome.

That's not what was being debated and you know it. The point is this:

In the first few days of 2015, KrebsOnSecurity was taken offline by a series of large and sustained denial-of-service attacks apparently orchestrated by the Lizard Squad.

So, even a website fucking dedicated to cyber security was taken offline due to the DDoS. In other words, while System Wars factions were trying to One-Up each other over shit they don't know about and crying like a bunch of infants that had their little bottle taken away from them for a day or two whilst making threads DEMANDING more unecessary infrastructure, the truth of the matter is that untold numbers of networks were taking part of the attack and many more could be lying in wait to carry out something else.

If it connects to the internet, it can be taken down. Crying about a botnet taking down your consoles online is like bitching about it raining outside. Welcome to the year 2015, people.

my router is wpa2 but is using the default pass. Not the "admin" one though, it actually has letters and numbers. I might change it now then.

People always explain what a DDOS attack is but not how it is done. I always though hackers had severs in place or something but this is actually very clever. Taking advantage of people's lack of knowledge about technology. There must be millions of people out there using not only WEP but the default pass too.

Password? Man, mine's still blank. works like a charm.

I guess I shouldn't use password as a password

I always roll with "password123" and I've only been hacked 14 times. Only n00bs use "password" or "admin".

Replace all the letters S with dollar signs. You can thank me later when that hacker 4chan can't access your accounts.

@getyeryayasout: nice

very nice

lol

This is news?

Gee. I can't even remember my router username and password because they're so convoluted. But, I have them in a text file stored somewhere.

But the point is with all the money they take from you they could defend against DoS attacks, Lizard Squad are idiots and their timing was outright disgusting but they did prove a point.

I know set my router on "septic spew" and locked in Sonys coordinates.

I can understand that sentiment but, as you can also see, people are actually learning from this. The thread is less about me being right and more about what can be done to solve the issue.

My wifi password is 654321 for added security.

lol @ people not knowing how to sign into their own router and change the deats so the password isn't 'password'. Top kek.

They are still jerks*.

Well, from a support perspective, there has to be a default password. Just like every car has a key. It's just that most people don't have their keys hanging out in their front lawn quite the same way they have the default password still active on their routers.

These are just realities when it comes to anything IT related. People don't see the importance of information security so they are happy to have Password123 as their login for anything from their routerto even their credit card online statements. Typically, it's baby boomers.

They're a bunch of pimpled faced virgins who cannot walk up a single flight of stairs without wheezing.

My router password was ridiculously long, so I just changed it to 'password'. Much easier that way.

Well, that's just the thing. They really didn't. For a carefully orchestrated DDoS with a large botnet, there isn't really a way of "securing" your network. You HAVE to understand what a DDoS is to get it. I was hoping this thread would get through to the naysayers such as yourself but it's becoming a dead horse.

A DDoS will, in effect, require you to have some things in place which are a ludicrous expense.

You can have a redundant datacenter with a fallback collocation (doubling your hardware and maintenance expenses).

You can pay for up to 8 times your normal bandwidth (Some DDoS can get even bigger than that, though, so you might still have that dastardly day or two of downtime that seems to be a mortal sin to the ignorant).

You can offer to pay some sort of ransom fee to the people negating access to your network (but more often than not, you become a target for multiple groups that way.)

And if you thought that past suggestion was bad there's an even worse one if you are a serious company such as Sony or MS.. Find a webhosting provider with an impossibly large network you can put your infrastructure on in the hopes that they have enough astronomical bandwidth at their disposal to see and thwart a packet flood at their gateway (Which, as it turns out, is something I used to do for a living). This service comes at a premium, of course. Said network may also retain the right to refuse service to you if you are deemed a nuisance to their operations.

Those are your options and I guaran-fucking-damn-tee you that neither XBox Live or PSN's server farms are on the same Time Warner Cable box or DSL modem you are connected to. We're not talking about changing your service fee from teh $60 plan to teh Ultra Deluximafied $120 a month one. We are talking about connectivity that is costing thousands and thousands ... tens or hundreds of thousands of dollars a month to maintain as it is. To the point where you have to decide whether you want software engineers and network engineers working on super cool Skype features/ Vue/whatever in your firmware updates or if you want to sacrifice all that cool shit because a day or two of DDoS is a mortal sin.

I won't try to explain this any more. It's just getting redundant. I hope one day you have a child as terrified of an invisible monster as you are. Then you will understand the hopelessness of arguing against ignorance.

@Shewgenja:

MS managed to get XBL up and running -- intermittently at first granted -- a lot faster than Sony fixed PSN, I suppose this has nothing to do with a superior infrastructure and better response plan no?

I find it hilarious that people didn't know the difference between hacking and DDoS. Hilarious.

You sound mad.

Much larger network. Live is behind all of MSes infrastructure which is very robust. Sony hasn't had the same footprint in that sense (MSN, Bing, Azure, etc).

He's offended on the company he worships behalf for some bizarre reason.

Moogenja gonna moo.

It must really make you cross to know you posted this right after I praised MS for having a more robust infrastructure than Sony literally in the post directly above. Good work!

Not at all actually. toodles.

Sounds about right, DDOS is difficult to protect against. It's important that people practice better networking security, I'd first advise them to throw away their botnet routers and burn them to kill the bots inside, then buy a new router that doesn't use a password so hackers can't guess what the password is.

I thought we already knew this here.

I spray bug spray on my computer once a week, so I should be fine.