Recently, Blizzard has been hit by several waves of DDOS attacks. As a result, most of their game services have been experiencing intermittent latency spikes, connection issues, or outright outages.
And lately, DDOS attacks seem to occur more and more frequently, and not just against Blizzard.
But what are DDOS attacks, exactly? And how can they be stopped? Perhaps more importantly, why do they happen in the first place?
While some of these questions are easier to answer than others, we'll be going over all of them and hopefully giving you a better idea of everything DDOS.
What is a DDOS attack?
For starters, "DDOS" stands for "direct denial of service," and attempts to do exactly that: deny anyone access to a particular online service. The way this is done is surprisingly simple in concept. Have you ever tried to log into a game or website at the same time as everyone else and found an error page? That's more or less what a DDOS attack is doing, but sneaky.
A DDOS attack tricks the service provider into thinking that hundreds of people are trying to log into a particular location every second at literally the exact same time. The other method behind DDOS attacks involves overloading a target's bandwidth.
Ever try to watch Netflix while playing online games and searching Google on your phone while your roommate Facetimes and streams Spotify, all on a relatively slow internet connection? DDOS attacks can also mimic that sort of situation by sending random data to a target that must all be processed simultaneously.
Attackers can make this happen — and make it particularly hard to prevent — by taking control of computers across the globe and using them to execute the attacks. Malware can infect computers and make them unwitting tools for attackers to run DDOS-aiding programs in the background. Additionally, attacks can be rerouted with relative ease, making attack sources shift from one location to another quickly.
How can I tell if something is being DDOSd?
The easiest way to see an attack visually is by visiting site like Norse Corp., which shows any occurring DDOS attacks. Keep in mind, DDOS attacks occur all the time, so there will always be something present — and usually, that something is a few "ping ping" sounds away from being a laser fight.
However, in the event of a major DDOS event, it's usually pretty noticeable, like in the picture below (notice how several attacks are targeting one specific location).
Sometimes, on the other hand, a company will flat-out tell you it's being DDOSd.
In Blizzard's case, their Customer Service team generally posts to Twitter if thier battle.net service is being DDOSd. Other companies may follow similar practices, but notice may not occur immediately. In those cases, there are a few signposts to follow:
- Is there a major release occurring?
- Is it some sort of holiday?
- Has the targeted company recently had a banwave or done something to piss off gamers?
For many big-name game releases, hacking groups will try to "celebrate" the game's release by launching a DDOS attack. This happened two years ago during World of Warcraft: Warlords of Draenor's launch, resulting in extreme frustrating for millions of players trying to experience the new expansion and, sadly, is expected to happen during the upcoming Legion launch.
In other cases, a holiday break may initiate DDOS attacks. Back in 2014, Xbox Live and the PlayStation Network were both taken down as a result of DDOS attacks. This meant gamers all over the world weren't able to play most of the games or systems they'd gotten as Christmas gifts.
Sometimes, though, it's just a result of angry cheaters.
Again, back to Blizzard, it seems as though every Overwatch banwave is followed by DDOS attacks. In cases like these, it's pretty straightforward; cheaters cheated and got caught, and now they're getting revenge. In other cases, though, it's a little less straightforward.
Why do game companies get DDOSd?
Honestly, the biggest answer here — outside "revenge" — is that some people just like to ruin other people's fun. DDOS attacks can occur against non-gaming entities such as banks, though, and these usually have more concrete — though still frustratingly childish — reasons. That's not to say that DDOS attacks against game companies are always pointless, though.
Take, for example, the 2014 Christmas DDOSing I mentioned above. While the reasoning is, um, debatable, Lizard Squad took responsibility for the attacks and explained they were done as a way of showing big-name companies that they should invest more in cyber security. From an interview with The Daily Dot, one member explains the group's reasoning:
"Microsoft and Sony are [expletive], literally monkeys behind computers...They would have better luck if they actually hired someone who knew what they were doing. Like, if they went around prisons and hired people who were convicted for stuff like this they would have a better chance at preventing attacks
"If I was working [at Microsoft or Sony] and had a big enough budget I could totally stop these attacks...I'd buy more bandwidth, some specific equipment, and configure it correctly. It's just about programming skill. With an attack of this scale it could go up to the millions. But that's really no problem for Sony and Microsoft."
Of course, hackers don't always claim responsibility nor do they always give a reason for their attacks. Outside of large-scale ones like the Christmas attacks, the attention is not necessarily worth it.
So how do companies prevent DDOS attacks?
Here's the thing: It's hard to outright prevent DDOS attacks. What we've covered here is a pretty basic level of attacker methodology, but there are technically several different ways groups can execute a DDOS attack. For that reason, companies often have to be reactive rather than proactive. Again, using Blizzard as an example, this is why you'll typically see the company acknowledge the attacks and then work to fix them as soon as possible.
To do this, there are a variety of different methods that also vary based on the type of attack. The short version is that companies need to identify which traffic is legitimate and which is automated as part of the attack and then re-route or block that traffic. My personal favorite defense? The "black hole" method where traffic gets redirected to a "black hole" - aka non-existent - server. (Admittedly, it's mostly my favorite because I love the mental imagery that it provides.)
Unfortunately, since DDOS attacks mimic regular traffic and that traffic can be rerouted to any location, a company can't simply blacklist one source and never worry about attacks again. It's a primary reason DDOS attacks have become so popular in recent years. As with most things of this nature, it's no doubt a matter of time before someone invents a fool-proof prevention method. Hopefully that time comes sooner rather than later.
Have Blizzard's or any other DDOS attacks affected you?
Source: Daily Dot