UK Arrest Over Xbox Live and Playstation Network Outages 86
An anonymous reader writes Neowin.net is reporting the arrest of one Vincent Omari, a UK citizen [see also this Daily Mail story from a few days ago mentioning Omari], in the Christmas Day DDoS attacks on Sony's PSN and Microsoft's XBL systems: "In documents sent to Neowin, Vinnie Omari has been accused of 'hacking of the Playstation Network and Xbox Live systems over the Christmas Period'... While this is the first arrest related to the recent service disruptions, it may not be the last... In further conversations with those who are familiar with the investigation and the arrest, Omari believes that the police will not find anything of substance on his computers. His alleged crime is that he helped coordinate the DDOS attack on the service."
Re: (Score:2, Interesting)
To be fair, I'd label a DDOS attack as vandalism + opportunity cost loss, and only criminal if someone's safety is / was at risk.
Owning or controlling a botnet should be more serious than spamming game servers. Trespassing and theft.
Re: (Score:2)
Do you not consider vandalism to be criminal?
Re:Shouldn't this be a civil case? (Score:5, Informative)
No, missuse of a computer system is a criminal offence. And yes, there was effectively destruction of property, and you heard of it.
Re: (Score:2, Troll)
No, missuse of a computer system is a criminal offence
Generally, misusing your own computer system is not a criminal offense unless you really go to extremes. If I set my router to ping flood Sony or Microsoft all day long that generally is not a criminal offense. Previously it was said that this "Lizard Squad" attack was done by a group of people, until we have an idea of how many people were in said "squad" it will be really hard to say whether or not any one person had a meaningful role individually.
And yes, there was effectively destruction of property, and you heard of it.
Either we have heard of different outcomes of the DDoS
Re:Shouldn't this be a civil case? (Score:5, Interesting)
Generally, misusing your own computer system is not a criminal offense unless you really go to extremes.
Yes, but they weren't, were they - they were misusing millions of 3rd party's computers to create a DDoS
They were misusing the network (yes, that's a computer system)
They were misusing Sony's computer (by feeding it bogus data until it became unresponsive).
Re:Shouldn't this be a civil case? (Score:5, Insightful)
No, missuse of a computer system is a criminal offence
Generally, misusing your own computer system is not a criminal offense unless you really go to extremes. If I set my router to ping flood Sony or Microsoft all day long that generally is not a criminal offense. Previously it was said that this "Lizard Squad" attack was done by a group of people, until we have an idea of how many people were in said "squad" it will be really hard to say whether or not any one person had a meaningful role individually.
Here in the UK it probably doesn't really matter what you were actually doing, if your INTENT was to stop or prevent people engaging in a lawful activity then that is most likely a criminal offence. This is generally how our laws are written then we just let juries sort it out.
In this case we passed a law in 2006 called the Police And Justice Act. Here is an old register article about it: http://www.theregister.co.uk/2... [theregister.co.uk]
Our legal system generally has intent woven into its fabric at a far deeper level than in the US so that if the CPS (Crown Prosecution Service) feel there is a reasonable likelihood of them being able to convince a jury that an individuals intent was malicious then they can drag you through the courts. In this case whether this retard is charged will probably depend on how clean his PC's were when they raided him.
You might note that I have zero sympathy for him, being susceptible to getting DDOS'd is not really a security issue worth exposing. If you throw enough traffic from a bot-net at an awful lot of sites they will go down. The simple truth is that when companies provision any sort of on-line infrastructure or offering you look and how much load it is expected to be under during normal operation then plan from there by adding a certain safety margin. In this case it sounds like this service was only going to be called each time a game was started so creating far more load then this by lots of bots pretending to start games over and over again thousands of times a minute was miles away from the intended traffic volumes.
I know some people say this vulnerability never should have existed as this phoning home is a form of DRM and this should not happen but the probably is that without it there are an awful lot of people out there who just freeload and play stuff without paying. Of course companies are going to try an make this difficult in order to stay in business, that is what capitalism dictates they must do in order to maximise shareholder returns.
I hope this guy also realises that he has utterly screwed over any chance he had in life of actually becoming a real paid security researcher with this stupid stunt. With a prior arrest on public record like this he is just not worth the risk, especially as he has not really showed any special technical skills. He will be lucky to get any sort of computer work for the next 10 years.
Re: (Score:2)
There is no reason for Sony to require every game phone home.
They don't. What people were complaining about was not being able to play games online components. For example Destiny (an MMO-shooter), or GTA's online mode.
Sony on the other hand designed a system that ties it to the account and requires a check every time even If its the home ps4.
No it doesn't. not on the PS4 you have set as your "primary" PS4. Unless you have multiple PS4's, or try to play one of your games one someone elses PS4. In that case, it does check.
Re: (Score:2)
Then a free market capitalist consumer would be behooved to make it increasingly difficult for such unwanted additional DRM systems to exist in their market by any peaceful means neccesary, such as using that system as frequently as possible to make its operating cost higher, right?
Quite right, I would actually consider that a perfectly legitimate form of protest providing the requests were coming from actual consumers who had paid for said product. You have to actually buy something in order to be a legitimate consumer.
I bet this is not what this retard was doing though, he was most likely triggering off thousands of illegitimate calls from PC's emulating the DRM system not from consoles owned by people who had bought a game.
Also, it is worth bearing in mind that some consumers out t
Re: (Score:2)
Your earlier post was right, up to the seventh word. From there it's gone downhill rather rapidly.
Re: Shouldn't this be a civil case? (Score:5, Informative)
Re: (Score:1)
as far as I know hacking is not a crime (Score:1)
Re: (Score:1)
Not an expert but I believe he has committed a computer crime (hacking). I'm sure it could also potentially be a civil case but that is a separate issue. I think a good example is the O.J. Simpson trial and then the Civil trial http://en.wikipedia.org/wiki/P... [wikipedia.org]
Sigh! when will people learn that Hacking is not a crime. If you are breaking into a computer system or network then you are a "Cracker" and this type of activity is considered a crime.
Yes it is possible to use Hacking skills to produce software that can be used to break into computer systems, however that in itself is not a crime but using that software to break into computing systems is called Cracking and that is a criminal offence. In fact if the law is stupid enough to criminalise Hacking then you woul
Re:Shouldn't this be a civil case? (Score:5, Informative)
Well there's your problem.
Britain - and many other countries - have laws that say you can't DDoS.
The U.S. has similar laws;
http://en.wikipedia.org/wiki/C... [wikipedia.org]
As for the hypothetical McDonald's case - they can most certainly call the cops on you and have the cops escort you away from the premises if you're actually stopping them from entering the store, and not just trying to persuade them not to. This also applies in the U.S. You can picket - but you can't block the entry. UK law is a bit more strict and you can probably easily slip into the "disturbing the peace" clause. It is the UK after all.
Whether or not you feel that you'd be made a spectacle out of is probably dependent on whether or not this would make the headlines around the world; because the arrest of this guy wasn't exactly with a pre-planned media circus to get a bunch of paparazzi try and take pictures while they shot gas grenades through the windows, busted down the doors with semi-automatics and then triumphantly led him outside with a bag over his head proclaiming "ladies and gentlemen, we got him".
Instead, they got a warrant for his arrest, they arrested him, reported on that arrest as they would any other, and oh hey look at that - he's already released on bail. Yawn.
Disturbing the Peace (Score:2)
As for the hypothetical McDonald's case - they can most certainly call the cops on you and have the cops escort you away from the premises if you're actually stopping them from entering the store, and not just trying to persuade them not to. This also applies in the U.S. You can picket - but you can't block the entry. UK law is a bit more strict and you can probably easily slip into the "disturbing the peace" clause. It is the UK after all.
Actually, you can't picket unless the state lets you, even in the United States. Governments including state governments are allowed to impose "content-neutral time, place, or manner restrictions" on free speech provided that there are sufficient "alternative channels of communication" and the regulation served a substantial government interest that would be achieved less effectively absent the regulation. Hence the state can restrict speech severely with relatively little pretext, even in the abortion co
Re: (Score:2)
Actually, you can't picket unless the state lets you, even in the United States. Governments including state governments are allowed to impose "content-neutral time, place, or manner restrictions" on free speech provided that there are sufficient "alternative channels of communication" and the regulation served a substantial government interest that would be achieved less effectively absent the regulation.
You are confusing what can be done with what has been done. *I* can still picket without government permission. That you claim *nobody* can proves you are ignorant (or lying). That you think *you* can't indicates you should move. Yes, the government could stop me from picketing, with a law change.
They could also make guns illegal.
Re: (Score:1)
and doing a DDOS on one of the highest traffic days of the year??
In the real world if you DDOS the wrong store on Black Friday you might get SHOT (and the LEOs might let them do it!).
If i was this guy i would be very very careful as to what im doing before and during the trial.
Re:Shouldn't this be a civil case? (Score:5, Insightful)
When you blocked McDonalds by flooding all the highways with a 12" deep layer of molasses, it would probably be considered equally damaging.
There is a discernible monetary loss. How much was lost in revenue where customers could not pay for services? How much was lost from cancellation of services because of the outage? How much was spent for network and systems administrators to work on it, beyond their normal workload?
And then ... How much was lost by other companies impacted by degraded network capacity due to the network traffic?
I'm sure those numbers were easily in the millions. Those won't be the all inclusive questions either. I'm afraid to even ponder how big the final figure will become. It could involve seemingly unrelated companies, who lost sales because their VoIP traffic was on one of the over-utilized circuits.
Re: (Score:2)
How much was lost from cancellation of services because of the outage?
Microsoft and Sony explicitly exempts refunds for their services. Someone *could* return their hardware purchases of course to their retailers. Xbox Live and Playstation Plus Subscriptions or games that were opened may very well not be accepted for return though.
How much was spent for network and systems administrators to work on it, beyond their normal workload?
Somewhere between $0 and $0. The benefit of having salaried employees in technical fields who are thereby exempt from overtime.
Your other points certainly have discernible monetary impacts though that could be inferred from previous and later dat
Re: (Score:2)
Ya, I doubt it would really cause too many cancellations, but it's still within the realm of possibilities. I've seen people cancel service over a couple hours of downtime, for things that cost pennies a day. Like one hour down, on a $25/yr subscription to a porn site.
On the network/systems part, I really meant to say it as the department, not as the individual. It's not unheard of to call in contractors, especially where it was an ongoing thing. Not all network and systems people are salary either.
Re: (Score:2)
Many of these companies have a mix of salaried and CONTRACT employees, or they also pay overtime rates so $0 is likely far from the truth. Also their online component isn't just about letting you play games, they also sell a lot of content through the online capabilities, how much was lost in sales due to that? don't know myself but it would likely be in the millions. Many countries also have laws that state you CAN'T exempt refunds for services in the case where the service was not supplied.
Re: (Score:2)
Re: (Score:2)
I thought that was in the in-game trolls. :)
Re:Shouldn't this be a civil case? (Score:4, Interesting)
Get your head out of your arse and try acting like a grownup if that's at all possible.
Re: (Score:2)
Re: (Score:1)
Many DDOS rely on using "infected" computers of the masses, it appears to me that the targets as big corporates are only one aspect of this case. Misuse of many individuals equipment (and who knows what else these infections do), use of excessive bandwidth which could be costing someone somewhere (for the potential zombies being used , individuals on non-unlimited plans could be paying for excess bandwidth personally).
So to paint this as helping Sony/MS rather than the general social ill it is, is disingenu
Re: (Score:2)
Re: (Score:2)
If not, Sony and the US government committed a conspiracy to start a war. The tinfoil hat crowd didn't go far enough.
Re: (Score:2)
Nah they'll try him and he'll serve time in the UK.....THEN they'll send him over here where he will serve more time in the classic "Pound You In The Ass" Federal prison.
British (Score:1)
doesn't look british
Funny (Score:1, Troll)
Re: (Score:3)
Do you really think the prosecutors, law enforcement agencies and lawyers are going to have a squabble about semantics?
Re: (Score:2)
Do you really think the prosecutors, law enforcement agencies and lawyers are going to have a squabble about semantics?
Semantics are generally the only thing that prosecutors, law enforcement and lawyers squabble about.
Re: (Score:2)
So if I breathe hot choking cigar fumes in your face, from my fat, dirty cigarillo, that's not assault? After all, all I'm doing is sending massive amounts of particulates (traffic) to make you choke...
Re: (Score:2)
Since it's defined in many national laws as "intentionally causing damages to a computer system". And it's going to be hard to argue it wasn't intentional after they bragged about it so much on Twitter already...
My Ideas to help stop this kinda attack. (Score:3, Insightful)
Identify as many infected computers as they can and block each and every one of the PCs,cellphone,servers whatever at the ISP level. We all cry we want an open internet but that is impossible if people are allowed to run infected PCs for theses scum criminals to use at will. No more blame game no more OS wars. PC owners have to be more responsible, no PC should be connected to the internet without a firewall and antivirus/malware software period end of story. I sure as hell would want to know if my PC is being used without my knowledge and im betting a few billion of my internet friends think the same as i do. Funny they don't bat an eye to spy on us, to collect all the data they can dig up to make mint for advertising. they know damn well whose PCs are infected and being used as bots.
Re: (Score:1)
ISP's will never do it because it puts the cost burden of support on them
Re: (Score:2)
Re: (Score:2)
Ah yes the old "lets throw responsibility on the ISP's story". while I agree ISP's need to do more and should be playing an Active role in shutting down some of the more obvious crap (some are), it really is unreasonable to expect them to bear the cost of becoming the internet police unless perhaps you are proposing every internet user should pay a compulsory extra 10% for their ISP to cover this cost?
Re: (Score:2)
Re: (Score:2)
Most of the big internet companies do something this (try doing some Google searches over Tor for an example). Things get more complicated when you use a CDN because whilst you can block the IP yourself, the CDN keeps sending their traffic to you. You need to either get the CDN to block as well, or inspect the request that came via the CDN to see if it was actually from a blocked IP (which is more expensive to you than an ordinary block).
The tricky thing about ddos attacks is they they are usually very dist
think of the children (Score:1)
The attack - said to be carried out by a group called Lizard Squad, among others - left 160 million users unable to use their consoles,********* including children who had just received them as Christmas presents.********
hahaha, they had to wang the children angle into this like anyone gives a fuck. if anything, he probably did the fucking mongs a favour by keeping them off the TV for the only hour of their fucking boring ass lives
cunts
Cyberbogeyman named (Score:1)
Can he still be a proper cyberbogeyman?
Having odd service problems the last few days (Score:1)
Google is painfully slow over comcast landline but StartPage is fine. Google on my smartphone over the Tmobile network is okay.
Spigotmc is painfully slow but Slashdot is fine.
It's like about 10% of the sites are taking over 30 seconds to respond.
Haven't seen any news about an ongoing DDOS attack on Google or any backbones.
Re: (Score:2)
Google used to take 30+ seconds to load for me, switched to Century Link, and now it loads effectively instantly...
Comcast sucks.
what the hell? (Score:2)
Re: (Score:2)
seriously is it that hard to understand more than one attack happened over the last month. For fucks sake, just read the god damn article, this relates to the DDoS attack on PSN and XBL, not the sony hack (which probably wasn't actually NK anyway).
Tales of Tomorrow! (Score:1)
Test Flight (Tales of tomorrow).
Season 1, episode 10.
Original air date: 26 October 1951.
An ambitious, headstrong businessman uses his huge personal fortune to construct a spaceship that will take him to Mars.
Cast: Lee J. Cobb (Wayne Crowder), Vinton Hayworth (Davis), Cameron Prud`Homme (Marty Peters) and Harry Townes (Wilkins).
From IMDB.
Very good story well developed. Great interpretation of Lee J. Cobb.
Please Delete This (Score:1)
Commented on the wrong TAB in my browser. Was supposed to be for the Billionaires' Space Club story.
Sorry ...