A couple of years ago, a 17 year old was arrested for his part in a denial of service attack against gamers playing the online multiplayer version of Call of Duty: Black Ops. The teenager was accused of selling cheat software called 'Phenom Booter' which prevented others from playing (it's a shell booter) while at the same time enabling the player to boost their scores. As someone who is a bit of a Black Ops obsessive (currently fast approaching 9th Prestige level on Black Ops 2) any kind of cheating really gets my goat. But one that involves preventing me, and others, from playing at all really is at the top of the lame behaviour pile. Which is why I was disappointed to see that Battlefield 3 was taken offline by a DDoS attack earlier this week.
On the afternoon of 8th May, a game spokesperson revealed that "the current Battlefield 3 outages are a result of activity that appears to be aimed at overwhelming our back-end infrastructure. We are working on a variety of solutions to address this problem and are focused on resolution as quickly as possible... We are incredibly disappointed by these activities and the impact they are having on all of our ability to enjoy BF3, thank you for your patience as we work to resolve these issues."
Six hours later, the same person admitted "despite our security measures, we have been working around the clock to mitigate the impact of an ongoing denial-of-service attack on our Battlefield 3 game infrastructure over the last several days. While the motives are unclear, the focus of the attack has been interference with network communications preventing access to multiplayer gameplay." The attacks continued over a number of days, and the attempts to mitigate these by the game developers involved patches and restarts that effectively booted players out of games while they were implemented.
Ashley Stephenson, CEO of Corero Network Security, says that the Battlefield 3 DDoS attack "conforms with what our clients in the gaming industry have experienced, persistent and over several days. In this case it has impacted Battlefield 3’s back-end servers and prevented players from accessing multiplayer features in the game. So far it appears, according to EA that the attack was aimed at knocking the multiplayer servers offline and not as a diversion to pilfer data. The attack, however, has dealt a blow to EA, forcing it to cancel their planned “double XP weekend”. Whether it was timed to coincide with this event is unclear, and neither according to EA are the motives, but we have seen an uptick in what appears to be competitors trying to disrupt their competition as well as attackers carrying out attacks just for fun, or lulz."
But there is another explanation as to why games sites might be getting hit by the DDoS'ers, and that's simply botnet testing before rolling out financially lucrative attacks against the banks and other commercial organisations. In March, I was told by security researchers that the Brobot botnet was being used to attack online RPGs rather than the more usual banking targets. There's no evidence to connect the Battlefield 3 attack with these earlier gaming attacks, but there is some evidence that they were hit by the same Brobot botnet being used by the
Izz ad-Din al-Qassam Cyber Fighter hacktivist group, not least as the same newly developed attack tools were used against the game sites as used against banking targets such as Morgan Chase and Capital One.
