DDOS Attacks Shake Up Xbox Live Stability, Prevents Users From Accessing Content

He tells it like it is!

DDoS attacks are frequent and difficult to protect against because by the time one is underway, there's not much you can do to stop until you can block the ips that are sending the garbage at you. It's not super secret hacker science these guys are employing, it's just a limitation of how the internet works and although there are devices you can install that can supposedly help, none are full proof.

All my games are digital, and I didn't have issues accessing any of them. The only issue I noticed was Rocket League multiplayer was down for a bit last night (I guess all of Live was) and it cost me a few achievements. I just played the "Season" mode for a bit, though, so no biggie.

That being said, DDOS attacks serve zero positive purpose, so every time these petty assclowns act like they're doing something noble, it's a load of complete horseshit. They're the definition of sociopaths.

@austin_walker Please fix the final sentence of your first paragraph, it just doesn't read correctly (sorry if I sound like a bit of a dick)

Cool article! DDOS attacks always suck.

New World "Hackers." Haha okay. They want XBL tp be more secure so DDoS attacks don't happen, so they DDoS attack it. Also, New World "Hackers." Haha

So yea to Hack the Planet or No?

You know, I'm totally cool with, and even into the idea of hacker groups, in that romanticized, dystopian cyberpunk future sort of way. It's a real buzzkill when the reality turns out to be that they're just a bunch of pathetic douche fucks with an over-inflated sense of importance and way too much time on their hands. You know that they just wish they were like those hacker groups in cyberpunk fiction, with painfully cringe-worthy names like "New World Hackers". It sounded a lot cooler in your heads, I'm sure. Also, great line of circular logic for your reasoning behind the attacks. Assholes.

DDoS vulnerability is a security flaw in and of itself. Just one that people seem very ready to forgive.

I've been up and running perfectly every time there are outages reported. So I clearly live in a lucky area. Well for Live anyways, my internet provider is a piece of crap.

Just thought I'd throw my expierences on this. For the last two days I have been unable to redownload anything I already "own" Also the store page only showed displayed "Gone Home" and searching for any other game, including fallout gave me the "we couldn't find anything" page. Very wierd. All of my friends list stuff seemed to work, and any game I already had downloaded I could play, but it was like no other games existed on Xbox Live.

"Microsoft's IT department is comprised of fictional characters". That's a pretty sick burn, Austin! :D

@lukeweizer: it has an offline mode??

@lukeweizer: it has an offline mode?? [/s]

You can actually protect against DDoS attacks, unlike some are saying here, and this does point out several major flaws with the XBox Live network. No, it's not as easy as manually blocking people by IP address these days, but major companies like Microsoft actually ADVERTISE that their networks are so big and modern that they actually are paid to help smaller networks prevent DDoS attacks. Apparently, though, Microsoft is too lazy or unwilling to put in the effort to protect XBox Live like they do with most of their other enterprise solutions or networks.

I wish they'd just be totally honest and say they are only advertising the power of their botnet. That's all this is and they basically admit to it. Cut out the protest malarky. It's a target with a high overlap of kids that would notice the attack and who would spend a few bucks to shut down their school website and the like for the lulz.

Fuck script kiddies

"We just want Microsoft to have better protection against DDOS."

You and your fellow script kiddies are the only reason that protection needs to exist, you morons!

Linux Mint images being replaced with flawed clones (a few days after I downloaded the desktop ISO), PSN outage, XBL outage, a hospital being hit with ransomware, Time Warner, fraudulent IRS filling PINs: Clearly the three-years-and-out-in-one-with-good-behavior sentence isn't a deterrent. Let's bring back hanging.

The DDOS was just the form of "protest," not the vulnerability. A better technique would be to list out the actual vulnerabilities. Regardless, hacktivists are fucking clown shoes.

This sucks. I did experience some serious weirdness with Halo 5 today, although to start with I wondered if it could also have been the recent 500MB patch that dropped in the Xbox One or just 343 being weird. I later worked out it made sense for it to be connected to the recent XBL downtime. I sympathise with the messages of DDoSers like these, but the ways they're trying to convey these messages often seem poorly thought out.

Sadly this is one of the major factors where I am not riding on the 'all-digital' future that many seem to welcome so readily. Having a single point of failure (the cloud) with no offline redundancies being the difference between accessing my content and not is just way too much of a gamble given the current infrastructure of many cloud services world wide.

"We could honestly knock Microsoft off the face of the earth", haha cute.

I guess I got lucky, all my stuff was working this whole time.

@darkbeatdk: Hahaha this is one of the many reasons why we have Austin, for his great images and tongue in cheek humor in his articles.

There are a lot of misconceptions about DDOS attacks and whats going on here.

I’m a “hacker” it's called security assurance on my business card for corporate PR reasons but it doesn't really matter. However I deal with DDOS attacks pretty much every month.

First off information security at the most basic level is about the CIA tiad or “The Preservation of confidentiality, integrity and availability of information” so DDOS attacks are very much a security concern.

Secondly a “script kiddie” is hacker slag for someone just picking up the hacking tools and not really understanding them. The main difference between a script kiddie and a hacker is if you can make your own scripts. I’ll give these guys some credit and say they are not script kiddies.

Thirdly if Microsoft is vulnerable to a script kiddie’s attacks that’s fucking atrocious and they should feel bad. To Microsoft credit that’s probably not the case. Microsoft decided not to fix this vulnerability to save a few bucks and thought it wouldn’t bite them. It’s also possible that they could leverage this attack to cause something awful like what happened to Sony a few years back. Now Microsoft really has to get there shit together and in the end consumer will hopefully be safer after this. I’m not condoning this attack mind you. There are better and safer ways of getting Microsoft attention. However even after getting their attention they may still ignore you.

Finally there are a lot of ways to prevent DDOS attacks saying the only way is to buy more bandwidth or more servers is just disingenuous. For what ever reason they just weren’t in place.

Congrats on ?

@austin_walker Yo bro! You're not wrong, but you're also portraying DDoSing as a lighter thing than it really is, as if it is "Super Normal" (re: "just the standard susceptibility to DDoSing"). That shouldn't be the case. I don't expect anyone at GB to be a network engineer, but I have to admit it's starting to become a little alarming how everyone in games media just brushes DDoS under the rug! (Get under there DDoS! Don't let mom see you!) It's not an easy problem to solve, but it's not exactly the nature of the beast either. You guys have a pretty insane pool of knowledge you can pull from; ask someone to write in on GBeast in the AM and elucidate for all of us how DDoS works at a huge scale and what can be reasonably done about it! This would be a great education opportunity of all of us! :D DDoSing has become common lexicon, but the truth is there's very low understanding of it, other than "too many cars trying to get on/off the highway at once?"

See, I burned your house down. Maybe you should make it fireproof next time. But sorry to the occupants....

Damn script kiddies and their rent-a-botnets.

I imagine that situations like this are unavoidable when the infrastructure of Xbox Live is based primarily on the systems of the Internet. It's unfortunate, however, that apparently avoidable feature outages mentioned by others like the lack of basic Blu-Ray support depended on network stability to begin with.

Full disclosure: I do not actually own an Xbox One so, naturally, I am both ignorant of the potential circumstances I'd find myself in from a usability standpoint and ignorant of the accuracy of said statements.

That said, to a certain extent I imagine as a non-expert that Microsoft can improve their network infrastructure, but beyond a certain point Xbox Live's Internet-based corpus is inherently vulnerable to remote attacks. That's just how the whole global network is from a circumstantial standpoint, with denial-of-service attacks impacting business, entertainment and governmental systems indiscriminately. Denial-of-service attacks will probably continue to occur in the future unabated until the Internet's fundamental design changes enough over a number of years to preclude opportunities for said attacks -- if that ever happens.

I don't know if I should give Microsoft the benefit of the doubt that this incident was motivated by random idiocy more than it was by cost-savings, but then again I don't work for them so it's probably more polite to. It just sucks for everyone who doesn't go out there with a DDOS program and a Twitter account and pretend as if they're Henry Dorsett Case. At least some people can earn a living off of trying to mitigate these kinds of network issues.

@jedikv: I agree with you wholeheartedly. I'm trying to hang onto my pre-online consoles for as long as possible as a result. The only consoles with proven, decades-long longevity for game accessibility have been ones with physical media. Of course, we haven't had digital-only distribution yet, and our industry's experimentation with digital distribution has only lasted a little over a decade, with the earliest home consoles with digital-only games only having launched in the second half of the 2000s (unless there's a console I've not heard of somewhere). Maybe it's too early to make a clear verdict, but it's a safe bet?

The only reason offline mode won't work for your digital titles is if your console is not set to home. Similar to a PS4 not being set as your primary.

Yeah! How about that online only digital future?! Looks great, right guys?!

Hackers suck, but Jesus fucking Christ. Eventually Valve, Sony, Microsoft, EVERYBODY has to be held responsible for their own shit security protocols instead of hackers. When stories like this are commonplace it's a bigger issue than hackers DDoS'ing.

Why do all of these hackers sound so cool, then? Hacking an online gaming service to prove your power? sick burn.

Try hacking the federal government or DMV and make the same announcement. I dare you.

I was all set for playing Rocket League on Monday for the first time when the DDoS was well underway. A real shame. I imagine that Microsoft does have countermeasures in place to limit the possible attack vectors as Xbox Live is an important service for them, worth enough of their time and budget to operate and therefore protect to some degree. Kind of makes me wonder how much money they spend on information security.

Less dee doss, moar #skate4

@arbayer2: Yeah I guess Steam sorta 'gets a pass' because there's an element of portability with it (you can burn the game data to disc), but so far cloud gaming feels way too delicate given our current infrastructure, with many parts of the world not having good bandwidth or speed. Not to mention pretty much every game launch with a heavy online component get's crippled for 3 days or so (look at SFV). Having a $400+ system that only works when the rest of it's network infrastructure works seems like a really risky bet, which was what even worse about the original vision of the Xbone.

Oh shit now I know these kids ain't messing around. Fuck, maybe they could spur some real change in the world with this act of DDOS.

Worse than lizard squad*

*(that's not actually possible)

Shoutout to all those people who wrote in to the Beastcast saying consoles "just work" and there's no bs to deal with.

...if you bought Halo 5 digitally, there's a chance that you wouldn't be able to launch it. It gets even worse: At least some users have been unable to play DVDs and Blu-rays on the system.

While setting the Xbox One to "offline mode" should remedy many of these errors, I've also seen reports from people that insist that the problems remain even after they do this.

This seems like something worth following up on.

These jackasses seriously expect to be fawned over for causing a problem, bragging about the problem they caused, and basically advertising that they'll gladly attempt to disrupt other services for the right price, all while pretending they're some righteous force for good who's somehow making the world more secure. It's insufferable. Also,they clearly don't care about the fallout from their actions. Maybe this spoiled some divorced dad's movie night with his kid, or prevented a guy from playing a game with his brother serving in the military overseas, or who knows what else. As long as it's "for the lulz", I guess they're absolved of being pathetic assholes who get their kicks off of screwing things up for other people. Oh, but this is all really about security.....as they boast about how much "power" they have. Please.

Terrific analogy. Now imagine a group planned ahead of time to all flood a restaurant so they could drop a bunch of canned negative reviews about how supposedly bad the service of the restaurant is when that isn't necessarily the case, then patted themselves on the back for staging this bullshit at the expense of a bunch of people who didn't do anything to deserve it, and then put it out there that they'll do it again for anyone willing to pony up some dough to make a restaurant look bad. This is the kind of pond scum we're talking about here. The only thing stopping these pricks from "denying service" to, say, a 911 call center is the severe real-world consequences that would follow. I hope these assclowns never make that leap, but perhaps it's time we considered making the punishment for this stuff WAY more severe before it escalates to that point. Right now, we've got sociopath empowerment happening, and it needs to be addressed in a hurry.

Got to love hacking groups that reference the new world order, keep looking for your chem trails and evidence of lizard people and leave gamers alone.

People need to understand, nothing "just works". It's all shit and it all breaks all the time. Life's great, everything's broken.

Wow hackers are seriously so cool thanks for bringing these issues to light by annoying the average person using a console.

Fuck off.

Well it does work, this problem fixes itself after a while for those people.

Still kind of crappy that there's a single point of failure outside of your control that seems relatively easy to break and can completely render your $400 device + content useless.

DDoSing the lowest hanging fruit that are console servers. Yawn.

Darn, when it rains it pours for the Xbox One.

1. The console is the second weakest behind the PS4

2. They're losing most of their exclusives.

3. Their console is being left behind in sales.

Now is not a good time to be an Xbox One owner.

They're losing their exclusives to PC. If you've got an Xbox One, you're still covered for most of this generation.

So why fuck with everyone else who don't give a shit about that stuff. When I turn mine on I want it to play, if it doesn't, then I get pissed, not the other way around. Why can't there be a hacker group that goes against this kind of stuff. It makes no sense at all. They will just keep attacking regardless of whether Microsoft does anything or not. How is that causing progress.

Remember 300,000 servers around the world and you'll never have to worry about Xbox Live up time and all the online stuff will be seamless when they announced that Xbox One was always online? Ya...that's working real well. Xbox Live has been so much worse since the One came out. Other than the Christmas 2007 debacle with Xbox 360, Live was rock solid during the 360 years.

Also, these DDoS kids suck too. Their "cause" is BS. DDoS has little to do with security. Maybe you can get a stack overflow out of it, but I imagine anything MS is running is modern IIS and .NET, and those technologies have memory management built in unlike native code.