Monthly archives of “January 2015

comments 2

What happened in the MAS hack. All questions answered, one question asked.

Real-Life DDOS attack

Late in January the Malaysian Airlines website was ‘supposedly’ hacked by Lizard Squad. You  might remember Lizard Squad as the guys who ‘hacked’ the XBox and Play Station network over the Christmas holidays, and I’m using a lot of ‘quotes’ here because Lizard Squad didn’t really ‘hack’ XBox One or Playstation, they merely DDOS-ed the services.

What is DDOS-ed I hear you say?

A DDOS attack is one where you flood a server with so much web traffic, that the server is no longer able to serve content to legitimate customers. Imagine if you got 100 friends, and decided to create some havoc at the McDonalds near your home. You and your friends would line-up at the counter, and you’d place an order for 100 Big Macs, 25 Cokes and 1 Apple Pie… only to cancel your order after the cashier typed in it. The next friend in the que would do the same thing–over and over again. Even though there would be legitimate customers at this McDonalds trying to buy some food, chances are they’d either have to wait a very long time to get their food, or they’d give up entirely.

Essentially you’ve denied McDonalds their chance to serve their customers–or you’ve just launched a Denial of Service (DOS) attack–the extra D in DDOS, just stands for distributed.

Real-Life DDOS happen all the time–what do you think the Thai Protestors were doing to Airports in 2008?

But why is this important?

It isn’t. DOS attacks are pretty common–but Lizard Squad attacked the Play Station Network,and XBOX with ulterior motives. Even though they claimed to do it in the name of ‘security awareness’, they only stopped their DDOS attack because Kim Dotcom offered them USD300k worth of services on his Mega website. Kim Dotcom is another controversial character, but to cover him in this article would be too large a digression–so if you want to know more about him, just Google it.

The REAL motive of the Lizard Squad DOS attack became apparent some days later when they started to offer their DDOS attack as a service to paying customers. Essentially you could go online and buy their services to attack a target–maybe a competitor company, a personal blog of someone you don’t like, or just about anything. Lizard Squad were hawking their services to anyone with cash.

Some suspected that Lizard Squad were running this large DDOS attack using nothing more than home routers–similar to the ones that UniFi provides and that I demonstrated could be hacked trivially over an internet connection.