Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Xbox Live Hit by Massive DDoS Outage

Cloud-based gaming is in the security spotlight once more with news that Microsoft’s Xbox Live service was taken offline by a distributed denial of service (DDoS) attack from the hacker collective known as Lizard Squad.

Further, the group, which appears to support ISIS, warned the public via its Twitter feed to expect more DDoS attacks around Christmas. It’s a statement that could be posturing, but Lizard Squad has struck before, targeting Sony’s Playstation Network back in August. At the time, it said that Xbox Live “would be next.”

Apparently, the threat has been made good. In Xbox’s case, the outage was reportedly intermittent in the evening hours of Dec. 1, with Xbox 360 and Xbox One owners reporting that they were unable to connect to Xbox Live. Consoles were responding with the 80151909 error code, which warns that an Xbox Live profile has failed to download.

The cloud service is back online now (and no statement has been yet forthcoming from Microsoft), but the incident, anecdotally at least, does mirror the Sony gaming network attack in terms of impact and outage characteristics.

"We see more and more gaming sites being hit by DDoS attacks, and the reasons run the gamut,” said Igal Zeifman, researcher and product evangelist for Incapsula, in an email to Infosecurity. “Angry gamers looking for revenge on the mods who kicked them out of a community. Rivals in the gaming ecosystem — how-to sites or virtual good exchanges — are looking to take down a competitor for a larger share of the affiliate fees market. Outright extortionists who know the cost of downtime.”

This trend is likely to continue, he added, thanks to how easy it is to mount a DDoS attack these days.  

“First, anyone can access ‘DDoS-as-service’ solutions today and generate mid-sized attacks for less than $50,” he said. “Second, the coverage of attacks is instant and widespread. When all you need is a PayPal account, instant Internet notoriety has never been easier.”

Incapsula recently chronicled an attack on a gaming affiliate that lasted 38 days. 

What’s Hot on Infosecurity Magazine?