Congratulations if you tried to play an online game last night and fumed away from the keyboard or control pad because the servers were down. You were the lucky recipient of a DDoS attack!
Last night’s DDoS attacks hit servers owned by Blizzard, Sony Computer Entertainment of America, Sony Online Entertainment, Grinding Gear Games, and Riot Games. An attempt was also made to launch an attack on Microsoft’s Xbox Live service. That attack seems to have failed.
Put simply, a Distributed Denial of Service attack bombards a target server with requests from a horde of computers. The attacker pings a chosen server with so many requests that the server either slows down or collapses outright in the torrent of activity. Where hacking usually implies an attempt to seize or disseminate information, a DDoS attack is about inconvenience and/or paralyzation of a service.
Last night’s attacks were just another set of assaults in a legion of incidents that have pissed off online gamers for years. Some of the earliest writing about these attacks is from 2002, and concerns DDoS attacks on Half-Life, Quake 3, and Unreal Tournament servers. Prolexic, a tech firm that provides tools for guarding against DDoS attacks, shares detailed code for attacks on Quake 3 by way of demonstrating how the attacks function.
In February, 2014 in an interview with the BBC, Barry Shteiman, from the data security company Imperva, identified DDoS attacks in the gaming world as a bona fide trend, versus hackers aiming their attacks strictly at the seizure of data. In the infamous PlayStation Network hack of April 2011, which was of the data-focused variety, it was feared that up to 70 million accounts had been compromised.
Titanic Takeover Tuesday took place in June 2011. The hacker group Lulsec launched DDoS attacks against Minecraft, EVE Online, and League of Legends servers. And since then, the list of DDoS attacks and resultant online gaming outages has grown long and tiresome.
Here are some highlights in the history of DDoS attacks against the gaming world:
- In September 2012, Riot Games sought legal action in the face of DDoS attacks that were “killing” League of Legends online matches.
- In January 2013, the top Call of Duty: Black Ops 2 player on the Xbox 360, “Retrominano,” reset his stats in the face of incessant DDoS attacks, in order to cease being such an attractive target.
- In April 2013, the Chinese DotA 2 league G-1 faced DDoS attacks during qualifying games for a tournament. Admins had to declare winners based on the state of the match at the time it was interrupted, and had to postpone other matches entirely.
- In May 2013, early access for the massively multiplayer online game WildStar was disrupted by DDoS attacks. Developer Carbine was able to address the problem quickly such that players could get into the game.
- In June 2013, the developer of EVE Online, CCP had to take down the entire Tranquility server cluster in the face of a DDoS attack. The attack affected both EVE Online and its associated first person shooter game, DUST 514.
- In September 2013, over a million players on the Minecraft Survival Games network lost access owing to a DDoS attack.
- In November 2013, developer DICE had to deploy emergency servers in the face of DDoS attacks against Battlefield 4.
- In January 2014, a series of attacks as similarly-wide as last night’s activity was launched. Steam, Origin, Battle.net, and League of Legends servers were all targeted. The attacks were aimed at disrupting the online gaming activity of a single player.
- In February 2014, League of Legends was hammered with another series of DDoS attacks, this time as part of a wider front of attacks launched against multiple including non-gaming sites.
That is just a short list meant to demonstrate not only how consistent these attacks have been, but also that the attacks span all manner of different games and genres. No one seems safe, and no one seems to have a good idea as to how they can eliminate the threat of DDoS attacks.
Maybe that’s because DDoS attacks are just too easy to launch. We’ve chosen not to link out to these videos, but you can find DDoS attack guides flagrantly uploaded to YouTube. We’ve also chosen not to link out to any of the various tools and programs devised specifically to assist in carrying out DDoS attacks—but they’re out there.
It’s also possible that latency concerns are to blame for why gaming companies don’t have better DDoS protection. Scrubbing data is in part how some DDoS protection software works. That could introduce latency issues to online gaming, and when milliseconds count in competitive gaming, latency is a serious concern.
Game companies have at least learned how to recover from these attacks relatively quickly. Last night Battle.net suffered relatively minor interruptions, PlayStation Network was up and running by midnight EST, and Xbox Live seemed to have avoided any major interruptions of service.