Cyber Incident Victim: PlayStation Network
Date:
Oct 2016
Location:
United States of America
Summary
A massive DDoS attack utilizing a Mirai botnet variant targeted the Sony PlayStation Network’s gaming platform, causing widespread internet disruptions. The attackers infected over 100,000 IoT devices, including cameras and recorders, to generate traffic that overwhelmed systems. The assault also critically impacted DNS provider Dyn, leading to cascading outages affecting major platforms such as Amazon, Netflix, PayPal, and Twitter across North America and Europe. The incident resulted in prolonged service inaccessibility and significant remediation costs for affected entities. One perpetrator, a minor during the attacks, later pleaded guilty to orchestrating the botnet-driven campaign aimed at disabling the gaming service.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 21, 2016, a massive distributed denial-of-service (DDoS) attack targeted Sony's PlayStation Network gaming platform, orchestrated by a group that included a juvenile defendant who later pleaded guilty. The attackers utilized a variant of the Mirai botnet, developed between approximately 2015 and November 2016, specifically designed to compromise Internet-of-Things (IoT) devices such as video cameras and digital recorders. These infected devices—estimated at over 100,000—formed a botnet army that flooded the PlayStation Network with traffic, intending to take the platform offline for a sustained period. The attack's scale inadvertently impacted Dyn, Inc., a New Hampshire-based domain name system (DNS) provider, causing cascading failures across Dyn's infrastructure. This secondary effect led to widespread internet disruptions affecting hundreds of thousands of sites reliant on Dyn's services, including high-profile platforms like Amazon, Netflix, PayPal, Twitter, Tumblr, and Visa. The attack persisted for several hours, rendering these services either completely inaccessible or intermittently available throughout the day and into the next. Dyn executives reported observing attack traffic mingled with legitimate requests originating from millions of IP addresses globally, initially overestimating the malicious endpoints due to retry storms amplifying the disruption. The incident caused significant operational challenges for Dyn, which worked to restore its DNS servers while managing the fallout for its clients.
The 2016 Dyn attack resulted in one of the largest internet outages in history, affecting users across North America and Europe. Sony's PlayStation Network, the primary target, experienced extended downtime alongside unrelated platforms caught in the collateral damage. The financial impact included substantial remediation costs for affected companies and lost advertising revenues during the outage. Forensic analysis confirmed the botnet's use of compromised IoT devices, highlighting vulnerabilities in poorly secured connected hardware. U.S. Department of Justice investigations led to the identification of the juvenile conspirator, whose identity remained confidential due to their age at the time of the offense. Court documents explicitly linked the defendant to the October 21 attack on Sony's platform and the subsequent Dyn disruption. The individual pleaded guilty to orchestrating the DDoS campaign, with sentencing scheduled for January 7, 2021. No technical mitigation steps taken by Sony or Dyn were detailed in available records, though Dyn's post-incident analysis refined initial endpoint estimates downward to approximately 100,000 malicious devices. The event underscored the fragility of critical internet infrastructure and the disproportionate impact of IoT-based botnets on global connectivity.