DDoS attacks: Normally I don't blame the victim, but in this case the blame is deserved

Linda Musthaler
By | January 07, 2015

Posted in: Network Security Trends , Gaming DDoS Protection

April 2011 – Sony Playstation Network, Sony Online Entertainment (SOE), and the Sony Qriocity music service (now known as Music Unlimited) were all knocked offline by a large-scale DDoS attack. The group Anonymous claimed responsibility for this attack. Sony was so busy trying to get its services back online that it failed to notice that a massive data breach was also taking place. It turned out that 101 million customer accounts were stolen in the breach.

August 2014 – Sony's Playstation Network and Sony Online Entertainment were brought down by a DDoS attack perpetrated by the rogue group known as Lizard Squad.

December 2014 – Sony's Playstation Network and Microsoft's xBox Live network were both hit by DDoS attacks, taking them offline right at Christmastime when gamers were most likely to be heavily engaged with the online games. Once again, Lizard Squad claimed to be responsible.

Fool me once, shame on you. Fool me twice, shame on me.

Now, I'm not usually a "blame the victim" kind of person, but it seems to me that Sony's various online divisions have been hit with enough DDoS attacks in recent years that the company should have figured out by now how to defend against them. Even Brian Krebs has said that neither the latest attack nor the people who initiated it could be considered "sophisticated."

The application security company Radware reports that Sony spent more than $170M on cleanup related to the 2011 DDoS attack and loss of data. Considering the extent of the data breach and the cost of cleaning up after that, it's more likely that the total cost of the outage and breach was far higher than a mere $170 million. And who knows how much the subsequent two DDoS attacks and resulting outages have cost Sony.

Sony Online Entertainment has about 20 million subscribers. And in the year ended March 31, 2014, Sony Corp's Game division contributed $9.5 billion in revenue to the company. Those are some significant figures that are worth protecting.

Given that both Playstation Network and SOE have now experienced multiple attacks that resulted loss of revenue, you'd think that Sony leaders would insist on having protections in place to try to prevent this from happening again. Or, to put it another way, it's absolutely inexcusable that this company has not spent the money to sustain its business when DDoS attacks occur. There are numerous types of anti-DDoS solutions on the market and none of them can possibly cost as much as the loss of revenue and respect that Sony's online businesses have already experienced.

You May Also Be Interested In: