British Man Arrested in Connection with Xbox Live, PSN Attacks
Editor’s Note: This is the first news story to be published on Petri.com by Paul Thurrott, who recently joined the Petri IT Knowledgebase editorial team as News Director and launched his new tech news site at Thurrott.com. Please join us in welcoming Paul to the Petri team. – Jeff James, Editorial Director
– – –
A UK man was arrested on Friday in connection with of the Christmas Day 2014 distributed denial-of-service (DDoS) attacks on Microsoft’s Xbox Live and Sony’s PlayStation Network. The arrest was the result of a joint investigation between the Federal Bureau of Investigation (FBI) and three UK-based cyber-crime units.
“This investigation is a good example of joint law enforcement cooperation in relation to a type of criminality that is not restricted by any geographical boundaries,” said Craig Jones, the head of the UK-based Cyber Crime Unit of the South East Regional Organized Crime Unit (SEROCU). “We are still at the early stages of the investigation and there is still much work to be done. We will continue to work closely with the FBI to identify those to who commit offences and hold them to account.”
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
The 18-year-old man was arrested in Southport, near Liverpool in Northwest England. He is accused of “unauthorized access to computer material, unauthorized access with intent to commit further offences and threats to kill” related to the Xbox Live and PSN denial-of-service attacks, and of an offense called “swatting.”
Swatting, a SEROCU statement notes, is “a term used to describe criminal activity by an individual or group who knowingly provides false information to law enforcement agencies in the USA, suggesting that a threat exists at a particular location so that police respond with tactical units. Making false threats drains law enforcement resources and can cause significant distress or physical injury to first responders or victims.”
The Christmas Day outages have been attributed to a hacker group called Lizard Squad, which bragged about its exploits on Twitter. It’s not clear yet, however, whether the man who was arrested is a member of this group. But outrage over the group’s actions has triggered some interesting responses online, including an alleged hack of Lizard Squad’s own “takedown for hire” service, Stresser.
Before the arrest last week, US president Barrack Obama issued a statement calling on Congress to work with the White House to enhance cyber-security.
“If we don’t put in place the kind of architecture that can prevent these attacks from taking place, this is going to be affecting our entire economy in ways that are extraordinarily significant,” president Obama said.
He has put forward a Cybersecurity legislative proposal that would enable better cybersecurity information sharing between the private sector and government, modernize law enforcement to help combat this kind of crime, and provide a system for national data breach reporting. And the White House will host a Cybersecurity and Consumer Protection summit in February to further discuss the matter.
For its part, Lizard Squad remains defiant.
“You can’t arrest a lizard,” a recent tweet from the group taunts.