UPDATED 18:46 EDT / NOVEMBER 23 2014

DerpTrolling’s latest PlayStation Network, Windows Live hack claims don’t pass muster

derptrolling-thumbnailInternet mayhem crew DerpTrolling claims to have stolen username and password data from several different gaming outfits including the PlayStation Network, Windows Live, and 2K Games Studios. The group has posted its claimed ill-gotten booty on Pastebin and the dump holds about 2,131 account logins for PSN.

Earlier this month DerpTrolling also claimed responsibility for the Distributed Denial of Service (DDoS) attack that hit World of Warcraft during the release of the Warlords of Draenor expansion. DDoS is much more in line with DerpTrolling’s capabilities as it is also how the group gained fame near New Year’s Day 2014 by attacking Twitch streamers.

The Pastebin leak has since been removed and the Twitter account that leaked it, @GabenTheLord, suspended.

Leaking leaks previously leaked?

The dumped logins were quickly scrutinized by security groups across the Internet and many have called shenanigans on DerpTrolling.

“Looking through the list, there’s certainly an awful lot of crossover with data from previous breaches, in particular the Adobe one,” Rik Ferguson, vice president of security research at Trend Micro, told The Guardian.

Ferguson also said that a cursory cross-reference with earlier dumps of compromised accounts showed a majority similarity, meaning DerpTrolling is trolling with plagiarized data.

Writer ckeigher at Canary News ran the leaked accounts through a similar comparison to historical password dumps and came to the conclusion.

“This sort of thing has happened before where dumps from various databases were either re-branded as something else or were co-opted by another group in an attempt to boost reputation,” writes ckeigher.

Gunning for attention and reputation

Groups such as LulzSec, DerpTrolling, The Lizard Squad and others do shift between different types of attention-grabbing activities in order to maintain reputation. All of the above involved themselves in DDoS attacks against high-visibility targets from government websites to gaming networks.

Gaming networks in particular are a primary target for Internet mayhem groups of these sort of pretender-hackers because they’re more vulnerable and very visible to consumers who play the games. Hitting World of Warcraft, for example, can potentially affect ten million people worldwide.

As a result, DDoS is a favorite go-to for attention grabbing.

Secondary to that is showing up online services as not being very secure. Numerous hacker groups have exfiltrated account data from gaming services or released leaked data en masse as a sort of “look how insecure you are!” This way LulzSec’s claim to fame before the FBI dismantled the group.

DerpTrolling and Lizard Squad, however, have proven only capable of being annoyances on the grand scheme of things and use DDoS to disrupt lives and garner attention.

Stolen accounts still a problem in the wild

Although many experts believe it’s safe to say that this dump of data allegedly from PlayStation Network, Windows Live, and 2K Game Studios is most likely a hoax many have been careful to caveat that stolen accounts are still a problem. PSN did have a massive problem in 2011 with stolen accounts, other gaming outfits do see their databases swiped, and there is an ongoing threat to online security.

It is possible that some of the data in this database could have been garnered using a gentler mechanism for identifying comprisable accounts such as guesswork. Many online gamers use easily-guessed or outright terrible passwords (“password” or “123456” for example) to secure their accounts and all a hacker needs to do in order to identify such an account is to attempt to log in.

Most users can remain relatively safe by engaging in good password hygiene and taking action if the service they use warns of a potential exploit occurring.

 


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU