Does this perhaps explain the difference with MS, that MS's security couldn't enable such fragmentation?
Yes and no?
In my opinion no, since handling fragmentation attacks is standard on any type of firewall setup, its more down to configuration.
But of course it could be a known bug in the devices that are employed, that they get false positives on legitimate fragments or the checking is to strict or that the handling is done poorly and it just overloads the firewall, ie buffer overruns etc.
Heck it could be a bug in the Core router when it fragments and have to fragment more than x packets per second.
Anything is possible, would love to see a writeup about it when they figure out what was going on.
Simplified setup
Internet - Big Core Router ----- Firewall ---- Datacenter
Traffic arrives from the "Internet" to the Core router, which allegedly is under the control of LizardSquad.
LS har reconfigured the Core Router, and lowered the MTU on the port connected to the Firewall (it can be on the other side of the country, but if all traffic destined for the Firewall leaves the same port or ports it will be affected)
Now, a lot of the traffic that arrives on the Firewall is fragmented, the firewall has to handle it somehow. Either by reassembly or dropping fragments etc.
And basically disrupting the network, but its a bit far fetched, then again life is wonderfully weird sometimes.
Now if this scenario is what was happening, then LS would need to get access to the Big Core Router and reconfigure it. And the owners of the router either must not have noticed or been locked out. If they are locked out, they probably should notice that
Also LS would need to know what type of firewall and software version running on it, unless its a widely known limitation of the firewall they are abusing.
As for router underseas, no I do not think that is normal, regeneration/amplification sure, but not routers. Those are usually on the shore where the ocean cables comes in.