On Christmas day, Microsoft’s XBox Live and Sony’s PSN were crippled in a series of massive Distributed Denial of Service (DDoS) attacks. The services were left scrambling to pick up the pieces in the aftermath, with intermittent outages and days of limited service for subscribers. With these attacks and the recent hacking of Sony Pictures, many hoped that the cyber attacks would be over for a while.
How wrong they were.
At about 4:00AM Eastern, anime streaming service Crunchyroll went down. The company’s Twitter feed announced that they were hit with a DDos attack of the same magnitude as those that hit PSN and XBox Live last week.
Hey guys, we’re under a DDoS of the same magnitude that Xbox and PSN experienced. We're working hard to fix this, thanks for your patience.
— Crunchyroll (@Crunchyroll) December 30, 2014
As of press time, Crunchyroll’s main site and streaming services are unreachable.
To see these attacks hit Crunchyroll is nothing short of staggering.
The service, which has over 400,000 paying subscribers, is arguably the largest source for legal streaming anime in the western hemisphere. Their name, among anime fans, is often mentioned in the same breath as Netflix or Hulu, and their subscriber count seems to double year after year. The company is well-liked among many fans, and their offerings tend to be looked upon fondly.
So, to see the service taken down in this manner was undoubtedly a shock for a good number of people.
Sadly, there’s no good explanation for what happened yet. How it began, or why it began are still completely in the dark. The reason for taking down a service of this nature could be anything, from a fan with an axe to grind, to some group of individuals doing it “for the lulz.” Likewise, exactly who orchestrated the attack has yet to be determined and, and will be incredibly difficult given the nature of the attack.
I’m going to be putting on my engineer cap for a minute, to bear with me. Before we begin, though, I’ll state this clearly: Crunchyroll was not hacked, that we know of.
A DDoS attack is not a form of hacking. It is the practice of intentionally sending a continuous flood of traffic, in an effort to take down a network’s servers. we’re talking requests in the tens of thousands, if not millions per second, coming from countless sources, that will occupy all connections to the server, thus ensuring legitimate users can’t get in.
This is often done through a botnet, a network of internet-connected apps that communicate with one another to coordinate attacks. Some of these are willing, but often they are built up by systems infected with viruses and malware.
At its least severe, a DDoS attack will take a site down for an unspecified period of time, from a few hours to a few days as techs try to recover from the fallout. At its worst, these attacks can lead to actual hardware issues, as the overload can cause overheating as the server attempts to handle so many requests, leading to hardware failure.
In short, if it’s big enough, a DDoS attack can, and will fry servers.
While there are measures in place to deal with these attacks nowadays, ranging from cloud providers (like Cloudflare or Akamai) to Self-Defending Networks, these attacks are getting more common, and far more difficult to defend against with each passing day.
For would-be vandals, it’s easier than ever to let loose the dogs of war. Numerous applications and services exist in the darker, less talked-about sections of the internet, that boil the act down to a few keystrokes, where a user specifies an attack vector, and sends the signal to attack.
I’m being facetious on how easy things are, for sure, but it’s certainly gotten much much more simple in recent years to carry out such operations.
David Larson, CTO of Corero Network Security (via Kotaku) sums the situation up rather nicely as he describes the Christmas PSN attacks:
“You can download freeware tools that are basically a database of known vulnerable DNS servers on the internet,” Larson said. “I can send a request, a very small packet request to a vulnerable DNS server. I can say, ‘Hello vulnerable DNS server, I am the PlayStation login server—please send me a record.’ And that record may be several kilobytes long. So with one smaller 64-byte packet, I can request several tens of thousands of bytes of information, and that server will respond as if I was the Sony site, and it will send that packet at Sony.”
Multiply that by the thousands, and it’s easy to see how a DDoS attack can overrun a network. Attacks are scalable, meaning there’s no size limit (barring machines on-hand), and they grow more sophisticated with each iteration. Preventative measures from even six months ago may not necessarily be enough to fend off the threat of a DDoS attack launched today.
For a visual interpretation, security firm Norse provides a live map of global cyber attacks, which shows sources as “missile lines” as they hit a target.
It’s a frightening prospect, for sure, and a reality that so many of us content creators have to be wary of as we enter the new year. The DDoS threat is a very real one that, as we’ve seen, has truly awesome consequences.
I do hope that Crunchyroll is able to bounce back from this quickly, and I urge customers and fans alike to have patience while they deal with the aftermath. This is a situation where everybody loses, and sadly, all we can do is hope that they’re able to pick up the pieces and harden their defenses against future attacks.
Update 12/31/2014: As of about 3:00AM Eastern, Crunchyroll’s service is back up and operational. Users in certain markets, particularly Canada, as well as users of a few of the apps are still reporting problems, though these are diminishing as time goes on.