I read one story about the hack and how they used the DDOS to test for passwords. At least, that was the claim. What I don't get is that if you are phishing for passwords, why do it using a DDOS and raise red flags. Something fishy about that version of the story.