September 30, 2015

DDOS Gaming Attacks on Neverwinter Online & Star Trek Online

  • Three DDoS attacks down games in September, derailing Star Trek gamers
  • Why did these attacks happen?
  • Why are games generally attacked?
  • DDoS now a persistent threat for gaming
  • Getting defense against DDoS

Three attacks in two days derail Star Trek gamers

In September, gamers using Star Trek Online (STO) and Neverwinter Online were experiencing such poor performance that rubber-banding started to occur, which means that they were forced back to their original position every time they tried to move around the virtual environment.

The developers of the two games, Cryptic Studios, tweeted that they were experiencing a DDoS (distributed denial of service) attack and would update as the situation was stabilized. That attack occurred at 3 PM EST, but unfortunately the assailants weren’t finished, launching a second DDoS at 11 PM EST.

Typical perpetrators of attacks in the gaming community include LulzSec and Lizard Squad. Gaming networks are often hit with these attacks because thousands of users are on at the same time, all of them demanding premium reliability since the online worlds are so sophisticated and are in constant motion, integrated with the actions of other players.

In this case, a Twitter user named NeverGodz (@NeverWinterGod) said that they were attacking the service, sending out tweets prior to each event. It’s possible that NeverGodz actually did only go after Neverwinter Online and that “Star Trek Online’s servers mere collateral damage in the attack,” explains Kyt Dotson of SiliconAngle. “Due to the nature of DDoS, the damage rarely affects just one service, and can disrupt the entire data center or network node adjacent to the target.”

The games crashed both times the attacks occurred. Players were unable to log in or use the game to any reasonable degree.

That actually wasn’t the end of it. The following day, a new attack began at 4:45 PM EST. The DDoS was directed at Cryptic Studio’s datacenter in Boston, but it was short-lived compared to the others – just 20 minutes long.

Why did these attacks happen?

Players of the two games voiced their frustration and confusion on Twitter and Reddit. One prominent user whose Twitter is dedicated to STO, @LootCritter, tweeted that the attacker was bragging before each event but it wasn’t clear why he had done it (other than to generally get attention).

Generally speaking, the bulk of game DDoS attacks occur because the people carrying them out are enjoying themselves (obviously at the expense of the gamers). Lizard Squad is an exception. That group says its mission is to demonstrate how poor the security precautions are on the sites.

Dotson frames the attacks on the games as a somewhat pathetic, copycat way for Internet trolls to draw everyone’s ire. “Most of the Internet mayhem crews and DDoS attackers to hit online games have been young, male and out to make names for themselves by causing disruption,” he says. “The claims and trumpets of @NeverWinterGod looks no different.”

Why are games generally attacked?

In the past 20 years, gaming has gradually gone online. Even when people are playing independently, they expect to be wired (with or without the wires) into the Internet universe.

Connecting anything to the Internet immediately makes it more vulnerable. One obvious issue for gaming is the central platform, which represents a single-point-of-failure (SPOF). When you have a SPOF, it makes you an easy target.

“The existence of this SPOF is what keeps DDoSers gravitating toward gaming servers, where they can use narrowly targeted attacks to wreak havoc on a massive scale,” notes Izal Geifman in VentureBeat. Geifman agrees essentially with Dotson that the attacks are carried out “mostly in an attempt to achieve instant Internet notoriety.”

In that way, the attackers do actually get what they want. For instance, when Lizard Squad went after PlayStation and Xbox with a DDoS attack on Christmas Eve and Christmas Day 2014 (not to be mistaken for the slash-and-burn Sony Pictures hack), the group was mentioned 100,000+ times just on Twitter.

DDoS now a persistent threat for gaming

For instance, Lizard Squad has a program called Lizard Stresser that you can use to launch your own attacks if you are unwise enough to grab something that is now understood within the security community. Citing our company, Geifman notes why Lizard Stresser should be considered particularly alarming. “According to Nexusguard Inc. there is a thriving market in DDoS-for-hire services even before Lizard Squad came on the scene,” he says, “but if an ad hoc Internet mayhem crew could build one it shows how easily such a setup can be built.”

Getting defense against DDoS

Will you be prepared if a malicious troll, hacktivist group, or even a competitor comes at you with a distributed denial of service assault? We can help. Keeping your availability at 100% during a DDoS attack, Nexusguard DDoS Protection provides comprehensive, professional, and cost-effective protection against the most challenging denial-of-service attacks. Learn more.

Get the latest cybersecurity news and expert insights direct to your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.