A POS Still Doesn’t Deserve DDoS

PSNXboxLiveDDOS

 

Over the holidays, I had a pretty decent time with gaming. I plowed through The Witcher 2 (Xbox 360), and thanks to my acquisition of the Retron 5, I’ve also been able to get my fill of nostalgic retro goodness. That said, not everyone had such an enjoyable experience in the last week of December. No, both Xbox Live and PSN suffered from a bit of downtime, but one service took a much greater hit than the other.

Care to guess which?

I checked Twitter on Christmas Eve, only to be greeted by a massive text-wall of confusion. People were tweaking because they couldn’t log in to PSN, and it wasn’t long before Xbox Live subscribers echoed similar complaints. Of course, any time there’s so much as a hint of service interruption nowadays, the collective knee-jerk reaction is to assume it’s been caused by DDoS attacks.

While 2014 was undoubtedly the year such attacks have attained widespread awareness, I’ve been careful not to make assumptions based on internet rumblings. Don’t get me wrong: I know we’ve been directly affected by these attacks on multiple occasions, and there were probably numerous others we weren’t affected by… but I can’t help but question the pattern I’ve noticed on social media.

These attackers almost never make preemptive threats. No, instead, we see a network go down, and when a bunch of people on Twitter begin to question why, THAT’S when someone steps up and says, “Oh yeah, dawgz, that was us!!!11!!!!1!1!” At this point, a number of so-called hackers will attempt to take credit for the same attacks… you know, to prove who has the biggest wiener. So, you’ll have to excuse me for not believing every 12 year old on the net who claims to be the cause of a service outage.

And by the way, I said ‘so-called hackers’ because regardless of how much power they want us to THINK they have, it’s little more than a ruse. You see, nothing is actually hacked in a DDoS. In fact, the words behind the acronym tell us as much: Distributed Denial of Service. It’s an attack that’s designed to create a bottleneck which keeps legitimate traffic from getting through. It’s a major friggin’ annoyance, yes, but certainly not a hack.

Anyway, the ‘attack now, take credit later’ pattern I noted was actually broken in early December. Yes, weeks before the jolly fat man in red suede was set to violate our chimneys, a group – who I refuse to name, lest I give them the attention they crave – threatened to take Xbox Live down on Christmas… FOREVER. With this in mind, I remained vigilant in my skepticism. I mean, you don’t have to be Nostradamus to predict both Xbox Live and PSN would suffer outages on Christmas, do you?

Tons of new consoles would connect to their respective service for the first time. The millions who already own these machines would log in to play their new games. The end result was practically written on the wall.

So, when I noticed both PSN and Xbox Live were straight noping-out on Christmas Eve, I thought, “It’s a tad early for this to happen… but maybe not. A lot of people celebrate with one side of their family on the 24th.” Of course, it wasn’t long before ‘they who shall not be named’ hopped on Twitter to take credit for the down time. Still, I wanted to see how things played out before reaching any conclusions.

Well, Xbox Live came back in just under half a day, albeit with some restrictions… but PSN? Down for DAYS. After a good long while, Sony finally stated their network was suffering from a service disruption attack. With confirmation of DDoS attacks straight from the source, I could finally begin to assess the situation.

First and foremost, why disrupt these services in the first place?

One motive was to deter people from ignoring their families on Christmas… but, uh, that doesn’t really explain the various other attacks throughout the entirety of 2014.

No, their primary motivation was to expose the lack of security put forth by Microsoft and Sony. After all, these companies are charging $50+ a year for access to multiplayer. ‘They’ didn’t believe these companies were utilizing our money to enhance security. So, they’ve chosen to ‘enlighten’ consumers by crippling Xbox Live and PSN, the message being, “It was easy for us to take these services down, and that should concern you. You’re not getting what you think you’re paying for. Stop giving in to these greedy corporations!”

This line of reasoning sounds fine on paper, but is flat out STUPID in reality. The only surefire ‘cure’ against a DDoS is to have unlimited bandwidth, and needless to say, that’s just not possible. Money can be spent on better mitigation, yes, but that’s about it. The only real problem here are the idiots doing this from their basements for little more than shits and giggles…

…Or is it?

This fiasco DID expose one company as being far less prepared to mitigate attacks than the other: Sony.

It was difficult to bitch about down time on the PS3. After all the service was free, so you weren’t actually losing anything. But with the PS4, Sony decided to throw multiplayer behind the PS+ pay wall, with the promise they’d use that money to better the network.

In an interview with computerandvideogames.com:

Yoshida explained the move was necessary to maintain a high quality service and facilitate improvements and expansions.

“That’s (was) a big decision,” he said. “what we internally discussed and decided is that we will continue the free access to online play on PS3 and Vita, so that’s clear. But because on PS4 the online connectivity features such as second screen, auto downloads and share features – these are one big pillar of the PS4 experience and we will continue to invest in this area to expand and improve these online features and services.

“If we keep giving away online access for free, the natural pressure is that we have to cut down on the cost to provide this free service. But that’s conflicting with our goal of being able to provide very robust and great online services going forward. So we decided that on PS4, because we want to continue to invest and improve our new services, we’ve asked the most engaged consumers in the online activities to share the burden with us so that we can continue to invest.”

Well, they’re not living up to their end of the bargain.

So how are Sony planning to make amends with their customers? What would their peace offering be? A five day extension for PS+ members, and a ‘10% off anything on PSN’ coupon.

I’m sorry, but that’s just not good enough. PSN was down quite a bit last year. I know, I know. It seems like ancient history, right? But honestly, PSN’s lack of stability has been in question throughout most of 2014, especially after the significant DDoS attack in August. You’d think Sony would have said, “Woah, we need to figure this shit out, and pronto!” But, no. To be fair, both networks are still having issues, but the stark contrast between Xbox Live’s and PSN’s recovery time should be telling.

I won’t apologize if this sounds like hyperbole, but Sony clearly doesn’t care. They’ve suckered millions – including myself – into getting PS+… and then nothing. Just a bunch of blanket PR statements like, “Gee guys, sorry. We’re looking into it. Thank you for your patience and continued support.”

Clearly, all they care about is making money, because while PSN suffers, Sony have decided to invest in a new revenue generating service… and guess who’s footing the bill? Yes, ladies and gentlemen, the company that’s allegedly ‘for the players’ would rather spend our cash on a glorified rental service – a pricey one, at that – instead of improving the one we, the loyal players, have spent our money to support. Oh, and if that wasn’t a big enough kick in the teeth for our ‘loyalty’, guess what else? PS Now will also be available on NON-Sony devices in 2015.

For the players, indeed.

With each passing month, Sony manages to rank higher on my anti-consumer shit list. But let me be clear: While I believe they’re a terrible company, that in no way means I believe they ‘got what was coming to them’. It’s nice to FINALLY see a bit of awareness in regards to Sony’s terrible service, but the end doesn’t justify the means. Not one bit.

So what’s the answer? I just said it: Awareness. Hacker wannabes can pretend they’re doing right by us all day long, but their ultimate failure is taking away the most powerful tool that we, as consumers, have at our disposal: Choice. It’s as the old saying goes: You can lead a horse to water, but you can’t make him drink. Similarly, gamers need to be armed with knowledge that will allow them to make informed decisions… NOT shuffled around like pawns on a Chess board.

In the end, that’s what these DDoS attacks are all about; change via force, and that’s a major copout. Sony obviously have some MAJOR security issues to iron out – again, better DDoS mitigation is required, and it’s scary to think they’re STILL experiencing major security breaches (think of the month they had to shut PSN down a few years ago, as well as alleged retaliation from North Korea over ‘The Interview’) – but retaliation is NEVER the answer. Who does it help, really? Did it help the people who spent $50, or more, for their PS+ or Xbox Live memberships? Did it help the families who spent hundreds of dollars on a new console for their children? Did it help the families of Sony and Microsoft employees who were undoubtedly called back in to work? Of course not.

The attackers weren’t wise enough to know that forcing ideologies on people rarely works, and when it does, history is doomed to repeat itself. The only way to institute change is through knowledge, meaning we have to keep our eyes, ears, mouths, and minds OPEN. Read articles. Talk with friends. Participate in message board discussions. Every little bit helps, you know? It’s obviously easier to default to the ‘one person can’t make a change’ mentality, but if I believed that were true, Byte-Size Impressions wouldn’t exist. I challenge gamers to keep fighting the good fight. It’s an uphill battle, yes, but not impossible.

Advertisements

4 responses to “A POS Still Doesn’t Deserve DDoS

  1. its increasingly frustrating being primarily a Sony gamer. I love/respect them for many things (original IP/games, seemingly respecting the consumer) but its frustrating that they seem to not be able to invest enough in infrastructure and the like. On one hand they’re a multi-billion dollar company and you would expect them to act accordingly in regards to security and usability. On the other they consistently fail in key areas of general infrastructure, security, and usability. Its likely several factors including money and attracting top flight “talent” or experts in that field. May also be because they are a Japanese company and still slow to react on a lot of fronts and have gotten themselves stuck in an archaic account system/backend. I say that after reading a good article today interviewing the guy who used to head Nintendo’s indie initiative the last couple years. He spoke about Nintendo’s group-think culture and inability to take risks or even let risky initiatives bubble to the higher level. That is, according to him, a symptom of being an old Japanese company and being based in Kyoto. Sony is light years ahead of Nintendo and has taken great strides the last few years of PS3 and now with PS4. A massive corporation, yet still feel like an underdog in many respects compared to Microsoft. It may well be just a matter of resources.

    • We’re pretty much in the same think tank on this one. You summed up the entire Sony situation quite well. I think the most frustrating aspect, at least for me, is that they gained such a considerable lead – in terms of gaining good will amongst the gaming community – prior to the PS4’s launch… but after that, nothing. I would think priority one post launch, would have been to kick the competitor while they were down by keeping that good will alive, and in fact, even FEEDING it. Instead, they’re merely content riding the coattails of that early gain. It’s too bad. They’re capable of so much more, yet with how well their console seems to be doing, it doesn’t look like they’re concerned with reaching that potential.

  2. Its tough. I think they’re clearly aware of these shortcomings. And we talk about the company as though its one person running it. I think, especially for a large multi-national corporation, its difficult to affect substantial change within a short time. Who knows the hurdles execs like Shu, Andrew House, Adam Boyes, etc. have to jump to institute policies/changes. They are largely expendable. When you’re that big, reinventing or even streamlining the company is likely rather difficult. The Nintendo article I mentioned noted that innovative, and in some respects common sense, ideas get suffocated at the higher levels because they are averse to risk and/or change in part because they fear failure/the unknown. Its gotta be difficult, especially in video games which seems to have a much more knowledgeable, internet “savy” (I hate that word), and high maintenance (for lack of a better term) core audience.

    • I’m sure the pressure is far more intensive than we could ever understand, as Sony is failing in many areas of their business as a whole. The computer entertainment division is clearly seen as a spring board for success though, so it only makes sense that there would/could be a lot of internal debate and other stressors which slow the engine of progress.

      That said, the struggle of working in a business – that is, feeling like you have to wrangle in a multi-headed dragon before ideas can infiltrate and seep – still isn’t much of an excuse for promising improved netwok capability, and then not delivering on that promise. It just seems like a slap in the face that theyd instead focus their attention on introducing newer tiers of service, as opposed to strengthening what they just recently asked people to begin paying for.

      But a distinction definitely should be recognized amongst gamers more often, that these companies are businesses first and foremost. As long as we can understand that much, a loooot of answers make themselves apparent through common sense. Too many people like to say these companies are ‘evil’… And I dont really believe that. Some just care less about public perception than others when it comes to HOW they decide to make that money.

      My ultimate hope for the industry one day, is that they finally learn to leverage a solid relationship with consumers as their way of bringing in the cash. Underhanded tactics aren’t necessary. Earn respect, and gain support.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s