PhantomSquad/Twitter

Christmas 2014 was a bad one for gamers, after both PlayStation Network and Xbox Live were forced offline following a massive distributed denial of service (DDoS) attack for which the hacking group Lizard Squad claimed responsibility.

Legal repercussions for that attack are still playing out in the courts, but it seems as though history may be repeating itself. This week a similar, though currently obscure group called Phantom Squad has claimed that it will attempt to cause the same havoc this Christmas -- and a member of Lizard Squad thinks it's "more than likely" that the "wannabe" group will honour its word. "Right now they're just empty threats, but it's very possible [that the attack will happen]," a member of Lizard Squad who was arrested in the days after last year's attacks tells WIRED. "One of the guys [from Phantom Squad] is a friend of ours [Lizard Squad's] and he probably does have the resources."


The warning from inside the hacking world comes after Phantom Squad claimed responsibility on Twitter for Xbox Live outages this week.

Phantom Squad has said the attacks are a warning to Microsoft and Sony to improve their cybersecurity. "Xbox Live and PSN have millions upon millions of dollars... but do they use that money for better security?" @PhantomSquad tweeted before its account was disabled. "PSN and Xbox Live don't use that money to improve their security... So until they open their eyes Xbox Live and PSN will remain vulnerable."

Read next A data fail left banks and councils exposed by a quick Google search A data fail left banks and councils exposed by a quick Google search

The Phantom Squad account has now been suspended.

Lizard Squad


Asked if he thinks Phantom Squad will act on the threats, the Lizard Squad member told WIRED: "It's probably 50/50, because right now they want to carry on a legacy. It happened last year, which is quite a while ago now. And they want to do it again."

Phantom Squad wouldn't have to do anything new to be succesful, he added. "It's a wannabe group really," he said. "It's just a repeat of last year. It's pretty much a copycat if you look at Lizard Squad and Phantom Squad, it's the same thing."

The Phantom Squad Twitter account claimed responsibility for intermittent outages on Xbox One, Xbox 360 and Xbox on Windows 10 on 17 December. Players reported problems connecting to multiplayer games including Call of Duty: Black Ops 3 and Destiny. The identity of the people or person behind the account is unknown. "Xbox Live #Offline," tweeted Phantom Squad. Three hours later it followed with "Xbox Live is back online we stopped the attacks."

Read next Cash machine hackers are getting better at stealing your money Cash machine hackers are getting better at stealing your money

Around the time of the first tweet Xbox Live's support site posted a message asking Xbox members if they were having trouble purchasing and signing in. "We are aware of these issues and are working to get it fixed ASAP! Thank you for being patient while we work. We'll post another update when more information becomes available," the site said.

Earlier this week Phantom Squad also said it was behind Reddit being briefly offline.

The Lizard Squad member told WIRED he is unsure if Sony or Microsoft have improved their security since the Lizard Squad attacks last year. "I haven't managed to look at the Microsoft or Sony servers, but if Phantom Squad could manage to take it down then obviously not much has changed. They haven't protected their servers well enough," he said.

Microsoft and Sony both declined to comment.


In order to see this embed, you must give consent to Social Media cookies. Open my cookie preferences. If PSN or Xbox live goes down, Microsoft and Sony are the blame. You would expect these corporations to have sufficient DDoS protection. — Anonymous🍏 (@YourAnonNews) December 16, 2015

Anonymous expressed the same view in a tweet that blamed Microsoft and Sony for not having sufficient cyber defences.

One member of Lizard Squad, Finnish teen Julius Kivimaki has already been convicted for participating in the Christmas cyberattacks, among thousands of other offences. He was 17 at the time, and is serving a two year suspended sentence. Other legal action is ongoing.