Over the weekend video gamers who enjoy exploring the galaxy in Star Trek Online and fighting orcs with swords in Neverwinter Online found themselves briefly unable to do so. Some players described lag spiking so high that characters began “rubber banding”–or repeatedly teleporting back every time a player tries to move somewhere else. Cryptic Studios, Inc., the developer of Star Trek Online and Neverwinter quickly tweeted about the problem.
The attack, a distributed denial of service (DDoS) attack hit the servers affecting both games and caused the network supporting them to crumble. The first hit the servers at approximately noon PST on Sunday and the second at 8pm PST on the same day.
These sorts of attacks are commonly used by Internet trolls and rabble rousers to attract attention such as the likes of Lizard Squad, DerpTrolling, and LulzSec. Gaming networks are particularly susceptible to DDoS attacks with potentially thousands (or hundreds of thousands) of players expecting a flawless experience that requires the quick response of networks and servers.
The attacker who claimed responsibility in the case of the Cryptic Studio’s properties is named NeverGodz (@NeverWinterGod) and may have only targeted Neverwinter Online–the effect on Star Trek Online’s servers mere collateral damage in the attack. Due to the nature of DDoS, the damage rarely affects just one service, and can disrupt the entire data center or network node adjacent to the target.
There were two separate attacks committed by @NeverwinterGod.
Both attacks lasted long enough to bring both games down and make it difficult for players to log in or play.
Players of both games went to Reddit (Neverwinter Online, Star Trek Online) and Twitter to voice their confusion as to the server issues and cited the tweets from Cryptic when they did. Some, such as STO commentator Lootcritter expressed curiosity over the reason for the attacks.
So far, most attackers who hit online games have appeared to claim they do it “for the lulz,” or because the attacker is having fun. Although some, like Lizard Squad, claimed to do it to show how security at these sites is lax and unable to withstand attacks. Surviving DDoS attacks has nothing to do with traditional cybersecurity, however, and everything to do with the power and reaction time of network engineers.
Most of the Internet mayhem crews and DDoS attackers to hit online games have been young, male and out to make names for themselves by causing disruption. The claims and trumpets of @NeverWinterGod looks no different.
DDoS attacks easier, on the rise and a constant threat to online games
In 2013, CloudFlare, Inc. CEO Matthew Prince predicted that DDoS attacks would only expand in scope and ease in 2014 and this has remained true for 2015. In April of this year, Arbor Networks, Inc. reported one of the largest DDoS attacks ever detected at 334Gbps. Akamai Technologies Limited backed up these figures stating that attacks had increased in volume and quality, the report stated that the total number of DDoS attacks increased 132.43 percent compared to Q2 2014.
As for ease, one of the takeaways from Lizard Squad’s arrival was the launch of the Lizard Stresser DDoS-for-hire service, it is still online today. Although few would be foolish enough to use it after it’s previous hacks. According to Nexusguard Inc. there is a thriving market in DDoS-for-hire services even before Lizard Squad came on the scene, but if an ad hoc Internet mayhem crew could build one it shows how easily such a setup can be built.
DDoS attacks are not easy to stop. Due to their distributed nature it’s impossible to squash them at the source, since the attack uses thousands to millions of computers across the globe to produce garbage connections and data directed at the target. Halting the attack at the target is difficult because all that garbage traffic can saturate the network across multiple tiers. Network engineers from anti-DDoS outfits such as Nexusguard need to work with upstream providers to filter out the garbage traffic before it reaches the smaller networks.
Stopping a DDoS attack takes a lot of coordinated effort across region-spanning networks and affects more properties than just the intended target. Much in the same way a traffic jam in a city can make multiple exits from a freeway inaccessible.
Efforts continue to attempt to thwart DDoS attacks, but it looks as if 2015 will continue to be a year when the volume and capabilities of attacks will rise.
Update 09/14/2015 2:25pm PST: Star Trek Online and Neverwinter Online are under DDoS attack again today starting at approximately 1:45pm PST. Tweets suggest that the attacker is targeting Cryptic Studio’s Boston datacenters but did not last long, a mere 20 minutes. The attacker has shown an interest in knocking the servers offline repeatedly so there may be further attempts today.