Online multi-player video game networks provide fertile ground for malicious hackers and criminals. Gaming networks and servers are used to target other gamers, networks and even non-gaming businesses with DDoS attacks. Learn more in this summary of our DDoS attack protection white paper.
Dr dos and d dos attacks involving online multi-player video games
1. 1
An Analysis of DrDoS and DDoS Attacks Involving the Multiplayer
Video Gaming Community: Part IV of the DrDoS White Paper Series
Selected excerpts
The technology infrastructure that supports hundreds of millions of online gamers is also used by
malicious actors to launch distributed denial of service (DDoS) attacks against fellow players, rival
systems and non-gaming businesses, including the financial industry.
Malicious behavior involving online video games harkens back to at least the 1990s. Video game
infrastructures are attractive to criminals due to the industry’s large number of servers and
broadband capabilities. Gaming servers with poorly implemented security controls and server
configurations are vulnerable.
Why do they do it?
Criminals and players engage in different types of denial of service activities and for different
reasons. Some criminals use misconfigured and vulnerable gaming servers to boost the power of
their attacks against non-gaming businesses. Others seek to take over and sell high-value player
accounts in a black market economy that values access to in-game currency, powerful character
profiles and downloadable software.
Disgruntled gamers, on the other hand, may only seek to temporarily knock fellow competitors off
a server to gain in-game advantage. With so many competitive players with a desire to get ahead,
some may rationalize this kind of cheating. Other gamers may target other gaming systems to
damage the playing experience on rival platforms.
A tradition of DrDoS attacks in gaming
Some attack methodologies, including Distributed Reflection Denial of Service (DrDoS) attacks
date have been around for decades. Early DrDoS attacks took advantage of misconfigurations
within the servers that hosted Counter-Strike, Quake and Half Life – and they still do.
The most common method for engaging in denial of service attacks in the gaming community is
called packeting, which refers to a denial of service attack where excessive data packets are sent to
a target IP address in an effort to slow or stop Internet service. A packeting attack can be directed
at any IP address, which may belong to other gamers, the game server itself, or a target outside of
the gaming network. A resolver may be used in conjunction with packeting to first reveal the IP
addresses of fellow players or servers to attack.
DrDoS attack tools for gaming servers
Gaming-server aggregators, provide a legitimate service for players looking for a gaming server.
They also provide a good source of server IP addresses for criminals to use in DrDoS attacks. By
2. 2
abusing multiple game servers at once, attackers can increase the volume of malicious traffic
directed to the intended target. One popular Perl-based attack toolkit described in the white
paper lets attackers target several types of game servers and allows for varied attack payloads.
Other attacks against gaming communities (non-reflection)
Both amateur and sophisticated methods of attack are used frequently to target gaming servers –
and players. Simpler attacks target individual players or a gaming server, such as Counter-Strike
or Minecraft. The attacker’s goal is to damage the gaming experience for one or more players.
These attacks do not involve reflection or amplification; instead, they simply flood a default game
server port on a target IP address.
More sophisticated attacks use crimeware kits and phishing techniques. Sophisticated stresser
suites and booter scripts are sold by enterprising developers as a service to take gaming systems
offline. In addition, some malicious actors seek to take over Xbox Live and Steam accounts to make
use of a gaming network without paying for a subscription or to sell compromised account
credentials on underground forums. Account checker tools allow criminals to retry previously
harvested username:password logins from third-party breaches to see if the logins have also been
used to an account on a gaming platform.
Get the full white paper for more details, a financial services case study and more
Download the white paper for extensive details about DDoS and DrDoS attacks and attack tools
that involve the gaming industry.
The white paper also includes:
• A case study of a Prolexic customer in the financial industry who was the target of a
DrDoS attack that used gaming servers to reflect and amplify traffic to the firm
• Prevention measures that gaming network administrators can take to reduce the
likelihood that their servers will participate in – or be the target of – a denial of service
attack
About Prolexic
Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and
mitigation services. Learn more at www.prolexic.com.