News just broke that Quake Live is undergoing a DDoS attack.
According to PC Gamer:
““Quake Live is experiencing issues due to a DDoS attack, and may be down intermittently while we seek to address the problem,” a brief message on the Quake Live site states. “We apologize for the inconvenience.” The DDoS warning was actually posted last night but users on the Quake Live forums are still complaining about difficulty connecting to the game, and according to Blue’s, the Quake Live site itself has also been forced offline at times.”
The article’s author, Andy Chalk, went on to offer a bit of personal commentary:
“I’m compelled to take a moment to note that a DDoS attack—Distributed Denial of Service—is the lowest form of “hack” that a person can undertake, essentially the digital equivalent of setting a bag of dog poop on fire and leaving it on someone’s front porch. Worse, actually, because at least the poop is only going to be stomped on by one particular person, who’s presumably caused you some sort of irritation; a DDoS attack is tedious, indiscriminate jerkery that accomplishes nothing.”
Hmmmm. I’m conflicted here.
You see, as a player, I tend to sympathize with Mr. Chalk’s opinion that the people who get their jollies griefing any game I enjoy playing are jerks.
But as a security specialist I’m forced to disagree with his contention that these attacks “accomplish nothing”.
Experience tells me that the people who are weaponizing DDoS against game operators might in fact be attempting actual financial harm to the game’s players, and through them, the operator. DDoS, for example, may be used to strong-arm online businesses into paying a ransom to stop the attack, costs that eventually will roll down to us, the players. Worse, one need look no further than online banking for another use of DDoS in specific relation to criminal activity, specifically that this aggressive and disruptive attack vector is often employed to distract targets from other, much more harmful activities such as this recent incident targeting online bank accounts: “Cybercrooks use DDoS attacks to mask theft of banks’ millions”.
While it is quite possible that this current attack targeting Quake Online is simply some form of trivial “indiscriminate jerkery”, in my opinion it would be foolish for any publisher or game operator to assume that simple griefing is the only reason for the attack.
Bottom line: as more and more money moves through online games, it becomes more and more likely it is that these sorts of “nuisance” tools like DDoS will eventually be deployed to obfuscate the bad guy’s more harmful activities.
Matthew Cook ()
30 January, 2015