LBPCentral Archive

Home

General Stuff

General Gaming

Arrests made in connection with the April DDoS attacks on the PSN

Archive: 31 posts

PARIS

The Spanish police said Friday that they had arrested three suspected computer hackers in connection with recent cyberattacks on Sony’s PlayStation Network as well as corporate and government Web sites around the world.

The arrests have dismantled the local leadership of the shadowy international network of computer hackers known as Anonymous, which has claimed responsibility for a wide variety of attacks, the National Police said in a statement.

According to the statement, Anonymous is made up of people from various countries organized into cells that share common goals. The activists operate anonymously, but in a coordinated fashion.

One of the hacktivist detainees, a 31-year-old man, was arrested in the southern city of Almer?a sometime after May 18, the police said. He had a computer server in his apartment in the northern port city of Gij?n, from which the group attacked the Web sites of the Sony PlayStation online gaming store.

The same computer was also employed in coordinated cyber-attacks against two Spanish banks, BBVA and Bankia, the Italian energy company Enel, as well as government sites in Spain, Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand, the police said.

The police opened their investigation last October, after hackers overwhelmed the Spanish Ministry of Culture’s Web site to protest Spanish legislation increasing punishments for illegal downloads.

The two other suspects were arrested in Barcelona and Valencia. The statement did not make clear the timing of those arrests.

It was not immediately clear if the group had been the sole, or even the main, perpetrator of the recent attacks on Sony. About a dozen Sony Web sites and services around the world have been hacked, with the biggest breaches forcing the Tokyo-based company to shut down its popular PlayStation Network for a month beginning in April.

The Japanese company has acknowledged that hackers compromised personal data for tens of millions of user accounts. Earlier this month, a separate hacker collective called Lulz Security said it had breached a Sony Pictures site and released vital source codes.

Sony has estimated that the hacker attacks will cost it at least 14 billion yen, or $173 million, in damages, including information technology spending, legal costs, lower sales and free offers to lure back customers.

Mami Imada, a Sony spokeswoman in Tokyo, said she had no information on the arrests and declined to comment.

The police said that they had analyzed more than 2 million lines of chat logs since October, as well as Web pages used by the group to identify the leadership in Spain with the capacity to make decisions and direct attacks.

Anonymous members made use of a computer program called LOIC to crash Web sites by flooding them with denial of service attacks, the police said.

Among recent attacks, the hackers also brought down the site of the Spanish National Electoral Commission last month before regional and municipal elections. It was that attack, on May 18, that led to the arrest in Almer?a.

The movement against the anti-piracy law has been closely linked to the broader youth-led political movement that have occupied Puerta del Sol in Madrid and other city squares since May 15.

These protests have called for a complete overhaul of Spain’s political system and the laws targeting illegal downloading. [Source (http://www.nytimes.com/2011/06/11/technology/11hack.html?_r=2)]
MADRID — Spanish police have arrested three suspected computer hackers who allegedly belonged to a loose-knit international activist group that attacked corporate and government websites around the world, authorities said Friday.

National Police identified the three as leaders of the Spanish section of a group that calls itself "Anonymous." All three are Spaniards aged 30 to 32, said Manuel Vazquez, chief of the police's high-tech crime unit.

A computer server in one of their homes was used to take part in cyber attacks on targets including two major Spanish banks, the Italian energy company Enel and the governments of Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand, Vazquez said. According to Reuters (http://www.reuters.com/article/2011/06/10/us-spain-anonymous-idUSTRE7593GV20110610), the three individuals have also been charged with "cyber-attacks against targets including Sony's PlayStation network, governments, businesses and banks."

Reuters adds, "Spanish police alleged the three arrested 'hacktivists' had been involved in the recent attack on Sony's PlayStation online gaming store which crippled the service for over a month, as well as cyber-attacks on Spanish banks BBVA and Bankia and the Italian energy group Enel."

Vazquez's comments backtracked somewhat from an earlier police statement that said this server was used to actually execute the attacks. The three detainees have been released without bail but face a charge that is new in the Spanish penal code – disrupting a computer system, Vazquez said. He gave no details on what effect these attacks had.

In Spain, acting on their own, the three detainees staged cyber attacks on the website of Spain's central electoral commission a few days before local and regional elections on May 22, that of the regional police force in the northeast Catalonia region and a major Spanish labor union.

The night before the election, the three men tried to shut down the web pages of Spain's two main political parties and that of the Spanish parliament but were thwarted by police, Vazquez said.
"Anonymous is a network with a common idea, but it has loads of cells around the world. Using chats they agree to stage denial-of-service attacks on any page of any company or organization anywhere in the world," Vazquez said, referring to a cyber-bombardment-like technique used to shut down an Internet page.

Vazquez said police were still analyzing computer files and other material but have no record of the three Spaniards having obtained sensitive data.

Vazquez said members of Anonymous use a lot of methods for hiding their identity.

The statement said the only other countries to act against "Anonymous" so far are the United States and Britain. It attributed this what it called complex security measures that members use to protect their identity.

The suspects in Spain were arrested in Barcelona, the Valencia region and the southern city of Almeria.
Since October 2010, Spanish police specializing in cyber crime have analyzed more than two million lines of online chat and Internet pages until they finally zeroed in on the three suspects. Their names were not given.

In January, British police arrested five young males on suspicion of involvement in cyber attacks by Anonymous, which has backed WikiLeaks.

"Anonymous" has claimed responsibility for attacking the websites of companies such as Visa, Mastercard and Paypal, all of whom severed their links with WikiLeaks after it began publishing its massive trove of secret U.S. diplomatic memos.

"Anonymous" accused the companies of trying to stifle WikiLeaks and rallied an army of online supporters to flood their servers with traffic, periodically blocking access to their sites for hours at a time.
And in February, an Internet forum run by "Anonymous" directed participants to attack the websites of the Egyptian Ministry of Information and the ruling National Democratic Party.

In a Twitter post, the group claimed credit for taking down the ministry's website and said the group was motivated by a desire to support Egyptian pro-democracy protesters. [Source (http://www.huffingtonpost.com/2011/06/10/spain-anonymous-hackers-arrest_n_874677.html)]

Discuss.

Personally, I'm happy something has come out the investigations so far.

Edit: I misread the article and have updated the topic thread to reflect as much. Pardon my unintended misinformation campaign.

2011-06-10 15:21:00

Author:
schm0

Posts: 1239

Hopefully they'll have the right people and let it be a warning to the rest of the group, that it isn't normal to go around and doing this sort of damage to hugh companies and to the general public!!

2011-06-10 15:38:00

Author:
dbibby88

Posts: 378

Kaz Hirai only said a few days ago that the hackers may never be caught.

Nobody expected the Spanish Inquisition hackers!

2011-06-10 16:04:00

Author:
Rhys125

Posts: 841

Hopefully these are actually the guys, and if so, yay, they actually managed to get the "Anonymous" hackers XD

2011-06-10 16:22:00

Author:
RockSauron

Posts: 10882

I hope they get prison abuse.

Just saying.

2011-06-10 17:00:00

Author:
talbot-trembler

Posts: 1114

These guys are going to get their own breaching soon. One of the guys they arrested was hosting an IRC server at his home & tons of info was taken from it. These guys took part in a lot more than just ps stuff.

2011-06-10 23:44:00

Author:
IAmChavez

Posts: 142

They should have to work as telephone customer service while they are in the clink.

Tech support: What kind of computer do you have?

Customer: A white one...

That way they deal with stuff like this for several years.
And make them do lots of boring computer related things until they have keyboards in their nightmares.

2011-06-11 13:59:00

Author:
Morgalaga

Posts: 164

Yay, I hope they are put in prison for a long time.

2011-06-11 14:01:00

Author:
craigmond

Posts: 2426

alright people get your torches, were going into a lynch mob!

2011-06-11 20:39:00

Author:
wait wtf

Posts: 853

Umm....

http://www.reuters.com/article/2011/06/10/us-spain-anonymous-idUSTRE7593GV20110610
http://kotaku.com/5810700/three-arrested-in-psn-hack-attacks

[...]They were not linked to two massive cyber attacks against Sony's Playstation Network that resulted in the theft of information from more than 100 million customers.[...]

[...]All three were freed without bail pending formal charges.[...]

Yeah... good going guys.

2011-06-11 23:56:00

Author:
CyberSora

Posts: 5551

Hmmm maybe it's just me being an old stick-in-the-mud.

But perhaps... just perhaps... we should allow the trial to reach a conclusion before calling for these 3 men to be raped in prison?

It was not immediately clear if the group had been the sole, or even the main, perpetrator of the recent attacks on Sony

2011-06-13 13:25:00

Author:
Macnme

Posts: 1970

32 More suspects have been arrested in Turkey now.

2011-06-13 16:58:00

Author:
IAmChavez

Posts: 142

Heh, justice is being served. Pay the conquences for stealing our fun, you trolls...

(I feel so evil

)

2011-06-13 17:37:00

Author:
Fang

Posts: 578

32 More suspects have been arrested in Turkey now.

I didn't see any mention of these arrests being related to the PSN hack, though. The ones in Madrid were revealed to have taken part in the infiltration in some shape or form.

2011-06-14 19:12:00

Author:
schm0

Posts: 1239

I didn't see any mention of these arrests being related to the PSN hack, though. The ones in Madrid were revealed to have taken part in the infiltration in some shape or form.

The arrests in Spain had nothing to do with the play station network either. It was a sony website, not anything to do with the ps3.

2011-06-14 20:30:00

Author:
IAmChavez

Posts: 142

2011-06-15 09:15:00

Author:
Macnme

Posts: 1970

We should be thanking the hackers for exposing the vulnerablilty.

And if someone breaks your nose, do you thank them for demonstrating to you the fragility of your facial features? Or when someone breaks into your house and steals your TV, do you thank them for demonstrating to you how much force is required to break your windows? Of course that is the sensible thing to do....

You don't thank people for carrying out a malicious act that victimises you. If we were looking at a white-hat situation, then absolutely yes, those guys are cool. But that kind of scenario goes along the lines of:
Find vulnerability in system
Document vulnerability and methodologies for finding and exploiting it.
If necessary, lift small amount of non-sensitive information
Contact the people responsible for the server, providing them with the aforementioned documentation and evidence
Give them time to fix the vulnerability
Publish the details of the exploit so that other companies might learn from it

That's the kind of hacking you can really thank on the basis of "exposing vulnerabilities". Now, notice the not-so-very slight differences between the above scenario and the PSN scenario (hint for you: the key things are motivation, the intent of the actions and the resultant effect on the innocent third party - the consumers).

Furthermore, we don't actually know entirely what exploits were used, or how "inadequete" the security of PSN was, so your paper bag under a rock analogy is a little bit naive. Last I heard, there was no evidence that the PSN hack itself was specifically based around issues with "security by obscurity". As far as we know, the "bank" did have a pretty decent vault and the people who broke into it and stole your "money" just happened to find a way to smash down the walls. Of course, we could say that it's the bank's fault because they didn't make a more secure vault, maybe made out of adamantium and diamonds. Actually, maybe they could make it out of that super-alloy, diamantium. That's not an unreasonable request, right?

Basically, any system can be broken. That a particular system was broken into does not prove it was inadequate. Even if the system was inadequate, that does not vindicate the actions of a malicious few who would take advantage of those inadequacies and certainly does not make their actions excusable, let alone laudable.

For a final real-world example that assumes that there was inadequate security, suppose your [wife|partner|housemate|child|sibling|parent|co-habitor] accidentally left your door unlocked one night. If some dirty scally came in a robbed all your stuff, would you actually thank them? Or would that, in fact, be a mindbogglingly stupid thing to do?

2011-06-15 11:01:00

Author:
rtm223

Posts: 6497

Or to put it another way; If you have house insurance against theft... but leave your windows open and your doors unlocked, your insurance will not pay out, because they will blame you for not taking adequate security measures.

If you lock your doors and close your windows, your house can still be broken into.

You're assuming that because PSN was hacked, there was no/minimal security. You could lock your doors, close your windows, buy an alarm system, hire some security guards, put razor wire fence around your house and install automatic bad-guy-seeking machine gun turrets - yet someone could still break in with enough skill, dedication and motivation.

Putting blame on anyone but the hackers is ridiculous. Another scenario - you're walking down the street and then someone jumps out and murders you. Going by your logic, I would assume that would be your fault too? Clearly you shouldn't be walking down the street without armed bodyguards at the very least. And we can't put the blame on the murderer, because after all they were just "exposing the vulnerability".

2011-06-15 11:29:00

Author:
Nuclearfish

Posts: 927

But who is 'actually' to blame for the PS3 hack?

The hackers, or the guys that designed Sony's security system?

If your bank decided to keep your money in a paper bag hidden under a rock, instead of locked in a vault - and just prayed that no-one would find the rock or would have the strength to open the paper bag - no matter who ended up stealing the money - the bank would be to blame for not having adequate security.

Sony is at fault for their "Security by Obscurity (http://en.wikipedia.org/wiki/Security_through_obscurity)" approach. We should be thanking the hackers for exposing the vulnerablilty.

Or to put it another way; If you have house insurance against theft... but leave your windows open and your doors unlocked, your insurance will not pay out, because they will blame you for not taking adequate security measures.

And what if you put that money into the vault, which was as safe as every other existing vault, and some clever robbers still managed to steal all your life savings. Would you still thank them? That's the situation which has happened here.

This is the third reply pointing out the flaws in your argument. Seriously, thanking them is the last thing we should do. rtm makes some great points.

2011-06-15 12:30:00

Author:
ryryryan

Posts: 3767

Sony were caught napping... admit it.
Why would they offer such a grovelling apology if they weren't the ones to blame?

PSN wasn't the only system of theirs to get hacked either.

And there is also no evidence that the hackers "blew the vault doors off"... they seem to have used a back door route (security by obscurity) using Geohots Dev mod.

They didn't have adequate security measures in place, and have only implemented upgraded security measures after the fact. That is money that should have been spent ages ago on upgrading their security that they decided not to spend and it has cost them much more because of it.
So the net result of the hack, regardless of the hackers motivation, is that we now have improved security. & while even the improved security may not be invulnerable, it's better than it was.

And while I may not thank a burglar for stealing my television... I would certainly blame my [wife|partner|housemate|child|sibling|parent|co-habitor] for leaving the door open. And so would the insurance company.
And once I'd replaced the TV, I would have give them a right good talking to on not leaving doors unlocked.
(If I'd locked all my doors and windows and still had my TV stolen, I'd be looking into double glazing and reinforced doors)

Net Result = Improved Security.

2011-06-15 12:44:00

Author:
Macnme

Posts: 1970

Sony were caught napping... admit it.
Why would they offer such a grovelling apology if they weren't the ones to blame?

Because their customers were affected. Whether they were to blame or not doesn't matter.

And there is also no evidence that the hackers "blew the vault doors off"... they seem to have used a back door route (security by obscurity) using Geohots Dev mod.

They didn't have adequate security measures in place, and have only implemented upgraded security measures after the fact.

Considering it took over 4 years until PS3/PSN was successfully hacked, I'd say they had adequate security measures in place.

Even if they did use a back door route using Geohots Dev mod... well, that's like saying person A blew the vault doors off, then person B walked in and picked the lock to the safe, and then arguing that there weren't enough security measures preventing person B from breaking in. There were, but person A already took care of them.

So the net result of the hack, regardless of the hackers motivation, is that we now have improved security. & while even the improved security may not be invulnerable, it's better than it was.

Maybe so. But we wouldn't need improved security if the hackers didn't hack us in the first place.

And while I may not thank a burglar for stealing my television... I would certainly blame my [wife|partner|housemate|child|sibling|parent|co-habitor] for leaving the door open. And so would the insurance company.
And once I'd replaced the TV, I would have give them a right good talking to on not leaving doors unlocked.

So.. you'd blame your [wife|partner|housemate|child|sibling|parent|co-habitor] and NOT the burglar?

2011-06-15 13:04:00

Author:
Nuclearfish

Posts: 927

Forget wether or not I would blame who-ever.. I'd probably blame them both.

But the insurance company wouldn't blame the burglar... because then they'd have to pay out on the insurance. They would blame the fact that your doors were unlocked as the 'cause' of the burglary.

And wouldn't it be nice to live in a world where hackers don't hack, thieves don't steal, and murderers don't kill? Unfortunately, we're stuck living in the real world.

2011-06-15 13:18:00

Author:
Macnme

Posts: 1970

An insurance company wouldn't pay out if doors were unlocked, yes.

But we're not talking about the difference between locked and unlocked doors (i.e. security vs no security). PSN was the equlivalent of an armed fortress. And it still got hacked.

What an insurance company would do isn't at all relevant because it doesn't apply to this situation.

2011-06-15 13:29:00

Author:
Nuclearfish

Posts: 927

The arrests in Spain had nothing to do with the play station network either. It was a sony website, not anything to do with the ps3.

Did you read the part where it said they were (allegedly) involved in the PSN hack?

One of the hacktivist detainees, a 31-year-old man, was arrested in the southern city of Almer?a sometime after May 18, the police said. He had a computer server in his apartment in the northern port city of Gij?n, from which the group attacked the Web sites of the Sony PlayStation online gaming store.
According to Reuters (http://www.reuters.com/article/2011/06/10/us-spain-anonymous-idUSTRE7593GV20110610), the three individuals have also been charged with "cyber-attacks against targets including Sony's PlayStation network, governments, businesses and banks."

Reuters adds, "Spanish police alleged the three arrested 'hacktivists' had been involved in the recent attack on Sony's PlayStation online gaming store which crippled the service for over a month...
Sony were caught napping... admit it.
Why would they offer such a grovelling apology if they weren't the ones to blame?

77 million customers' data was exposed and the investigation, outage and subsequent rebuilding of the network were the reasons for the apology. So because they were 'grovelling' they are somehow more guilty than if they'd just said 'My bad, everyone... move along, nothing to see here.'?

PSN wasn't the only system of theirs to get hacked either.

And there is also no evidence that the hackers "blew the vault doors off"... they seem to have used a back door route (security by obscurity) using Geohots Dev mod.

They didn't have adequate security measures in place, and have only implemented upgraded security measures after the fact.Adequate by whose standards? The only reason the details of Sony's network have been exposed is because of this fiasco in the first place. Even government networks across the world have been exposed to the likes of Anonymous and LulzSec. The fact is, nobody's system is 100% secure and a determined group of hackers can get through even the most robust defenses given enough time and resources. The PSN had several industry-standard security measures in place. It just wasn't enough to stop a bunch of disgruntled self-proclaimed 'hacktivists' from ****ing around with their system because they could no longer install Ubuntu on their PS3.

It's easy to play Monday-morning quarterback and say "Well, they should have done this and should have done that" when you're sitting at home in your underwear on your computer. They shouldn't be thanked, they should be put in jail. If they've got all this inside knowledge about how to hack systems, why aren't they putting it to good use by working for security companies and making networks around the world more robust? The answer: because they're internet hooligans with no regard for these companies and governments, and they believe that any mayhem they cause shouldn't be a crime, let alone immoral.

Spend some time on 4chan (one of the main sites that have given rise to such groups) and you'll see the type of people that you're dealing with.

That is money that should have been spent ages ago on upgrading their security that they decided not to spend and it has cost them much more because of it.
So the net result of the hack, regardless of the hackers motivation, is that we now have improved security. & while even the improved security may not be invulnerable, it's better than it was.Yes, but at what cost? Why not inform Sony that their network had vulnerabilities in the first place? The answer is because they don't care what it would eventually cost them (or their paying customers) in the long run. They did it out of angst and for the LULZ.

And while I may not thank a burglar for stealing my television... I would certainly blame my [wife|partner|housemate|child|sibling|parent|co-habitor] for leaving the door open. And so would the insurance company.Fact is, the door wasn't open. It was locked shut with a deadbolt, the windows had alarms installed, and a security system was in place. To further your analogy, what the 'burglars' had to do in this case had to dig a tunnel under the house to get inside. They didn't go through the front door (otherwise anyone would be able to get in, including you and me.)

Net Result = Improved Security.Again, at what cost?

2011-06-15 13:49:00

Author:
schm0

Posts: 1239

I will keep my thoughts short and sweet (and state what should be obvious): ANYTHING CAN BE HACKED. The CIA and FBI has been hacked, the Pentagon has been hacked and since this whole thing began it seems like companies are being attacked on a daily basis (Lockheed Martin, Codemasters, Nintendo, PBS etc). Funny how some people have been laying all the blame on Sony, that's just pure ignorance. Analogies like "if I left my front door open and burglars stole my stuff I would blame myself" are silly. Yes you should blame yourself if the front door is wide open but what if it's locked AND you have an alarm? Do you blame the lock manufacturer? Do you blame alarm company? Do you blame the neighborhood watch? Do you STILL blame yourself/thank the thieves? I thought not

2011-06-15 13:57:00

Author:
OCK

Posts: 1536

And wouldn't it be nice to live in a world where hackers don't hack, thieves don't steal, and murderers don't kill? Unfortunately, we're stuck living in the real world.

And it would be nice to live in a world where the unhackable system and the bank vault made from 100% impenetrable diamantium exist. But we don't live in that world, we live in the real world... And in the real world, your argument is invalid.

You sir, just managed to prove yourself wrong

2011-06-15 14:00:00

Author:
rtm223

Posts: 6497

And it would be nice to live in a world where the unhackable system and the bank vault made from 100% impenetrable diamantium exist. But we don't live in that world, we live in the real world... And in the real world, your argument is invalid.

You sir, just managed to prove yourself wrong

I think the discussion ended right there

2011-06-15 14:05:00

Author:
OCK

Posts: 1536

Yes Schm0 I read that & it has been proven false sine then.

2011-06-15 16:35:00

Author:
IAmChavez

Posts: 142

Yes Schm0 I read that & it has been proven false sine then.

Care to cite your source?

2011-06-15 18:29:00

Author:
schm0

Posts: 1239

The ones CyberSora posted on the 1st page. & also http://arstechnica.com/tech-policy/news/2011/06/spain-arrests-3-anons-for-sony-bank-hacks-anonops-vows-revenge.ars

2011-06-15 22:33:00

Author:
IAmChavez

Posts: 142

Hmmm... Re-reading those quotes it's very easy to come to the conclusion I did. The articles (outside the Ars Technica one you posted) don't seem to clarify that the PSN Hack and the DDoS attack that preceded it were two separate events.

For instance, "Reuters adds, 'Spanish police alleged the three arrested 'hacktivists' had been involved in the recent attack on Sony's PlayStation online gaming store which crippled the service for over a month'..."

The PSN was not down for a month, if I recall correctly, it was only down a month following the PSN Hack. During the DDoS outage I was able to log back in after a couple days.

I'm a little perturbed that the statements are so easily misconstrued and they did not make clear which event they were referring. Either way, I stand corrected.

Regardless, I hope the hackers that are caught are punished for their crimes, and when they get out I hope they all get jobs with security companies and put their talents to good use rather than being giant *****bags.

The OP has been updated and I'm gonna shut this one down for now.

2011-06-16 01:11:00

Author:
schm0

Posts: 1239

LBPCentral Archive Statistics

Posts: 1077139 Threads: 69970 Members: 9661 Archive-Date: 2019-01-19

Datenschutz

Aus dem Archiv wurden alle persönlichen Daten wie Name, Anschrift, Email etc. - aber auch sämtliche Inhalte wie z.B. persönliche Nachrichten - entfernt.
Die Nutzung dieser Webseite erfolgt ohne Speicherung personenbezogener Daten. Es werden keinerlei Cookies, Logs, 3rd-Party-Plugins etc. verwendet.