The Website Is Down
It was during watching the tv-news I heard that the gaming services were down in association with the online release of The Interview. At first I thought it was North Korea that were ddossing the services, but after some research it turned out it was Lizard Squad that were having some fun. I was rather surprised when I opened the Xbox Live status website to see a huge stack-trace which also reviled a central website which the Xbox website gathered data from. First of all, I would have expected Microsoft to know better than allowing stack traces to be shown on their website. Secondly, I would have thought that the ddos attack were affecting the entire Azure cloud, as Xbox Live is hosted inside the Azure Cloud and that cloud applications are normally well filtered from these types of attacks, but no.
In these cases, the attacks consumed bandwidth and made the services useless for anyone trying to access them. Poor technicians and engineers were called back at work during their holidays and lots of kids were mad they could not play on PSN or Xbox Live. It all ended with Kim Dotcom giving Lizard Squad vouchers to Mega worth about 350,000$. They claimed the attack was to show "poor security" and just "for the lulz".
Denial of service attacks does not impact the security of an application or a system. It consumes bandwidth or capacity from the target system, making it useless for others trying to use it. From a software point of view, an application can be as secure as possible and still vulnerable to denial of service attacks as each system has a given capacity.
It was around 2010 that cloud computing became a buzz-word in the IT-industry. Instead of having to have hundreds of servers in the basement ready for usage, these could be hired on-demand from providers on the internet. Not only did it make computing-power cheap, but also easier to get access to. Developers did not have to own a massive data center in order to make a small app scale to millions of users. Azure which is Microsoft's own cloud service is one of the worlds largest which also hosts several Microsoft services being Office 365, Skype and Xbox Live.
One of the main ideas in cloud computing development is that an application is supposed to be decentralized. Instead of having one server where everything runs, the application should be able to run on several servers allowing more users to access the application simultaneously. Not only did it help on the capacity issues, but also latency issues as well. Applications could be deployed to data centers close to where users tried to access the application.
I would have expected Microsoft to properly have taken advantage of their own Azure cloud, but I was even more surprised when I saw the stack-trace pop up on their website. Sure, Microsoft and Sony could have paid for more bandwidth for their services and for mitigation and filtering equipment, but how much bandwidth should they pay for which they would probably use a small percentage of anyways? It upsets me that the individuals who took the services down claim to know everything about the infrastructure behind PSN and Xbox Live. But this is not the worst part. The worst part is when journalists starts saying that Xbox Live and PSN were hacked or some hackers took it down. The so called "hackers" will enjoy this and take fame as much as possible. Media should learn to use the correct term for the individuals behind the attacks: Script kiddies. Instead of being pissed that Xbox Live were down, I watched an episode of the web series The Website Is Down.