How Should MMO Games Handle DDoS Attacks?

By Jeff Francis
How should mmo DDoS attacks be handled?

One of the banes of online gaming is the dreaded DDoS attack. Instead of sitting down and adventuring through the virtual worlds of your favorite games, you're instead stuck trying to log in or are getting continually disconnected. Making matters even worse is that such mmo DDoS attacks are normally done just for kicks by those looking to ruin the good times of others. However, there are cases where an mmo DDoS attack is followed by a ransom demand in order to make the problem go away, as was the case recently with Albion Online. How should game companies handle mmo DDoS attacks?

Albion Online caravan

As stated above, Albion Online was hit with an mmo DDoS attack not too long ago, which was followed by a ransom demand. The developers quickly posted in the game's forum the following message, "Hello everyone, We just wanted to inform you that the problems which occurred yesterday were because of a DDOS attack. We also received a ransom demand from the attackers. There is a huge probability that these attacks might continue. We are actually getting reports of increased traffic from our hoster (UTC 12:25). We will keep you updated about the situation." It should be noted that Albion Online did not give in to the ransom demand.

Of course, Albion Online isn't alone in suffering mmo DDoS attacks. Wurm Online recently had their service disrupted, and I had issues some time back trying to play Guild Wars 2 over a weekend due to some hacking group having fun. The most notorious DDoS attack was the one that struck down the PlayStation Network over Christmas vacation a couple of years ago, ruining the holiday break for many kids. No matter how you slice it, mmo DDoS attacks just plain suck.

So how should game companies handle mmo DDoS attacks? Some hackers claim that they're just showing the security breaches that exist within the network to supposedly get the game company to fix the issue. Of course, they don't seem to just stop with a short attack to get their point across. First and foremost, game companies should do their best to ensure the safest possible network to combat the possibility of mmo DDoS attacks. They are responsible for creating a fun experience for players, and being able to access the game counts towards that experience. That being said, there's no way that a company can one hundred percent negate the chance of an mmo DDoS attack occurring. No matter how great a game's security is, there's always a way around it. As long as the company makes a reasonable, good faith attempt at security, then it's not the company's fault if an mmo DDoS attack happens. Would you blame yourself if you had a great home security system but somehow some crooks managed to bypass it and rob your home? Of course not.

PlayStation Network ad

As for ransom demands that can occur after an mmo DDoS attack, such as what happened with Albion Online, then the game company should refuse to pay the ransom. If a game actually paid the ransom, then it would become open season as every other hacker group would try to get a piece of the pie for themselves. Giving in and paying ransom is a huge sign of weakness and should never be done. I applaud Albion Online for standing up for themselves and not giving in. No matter what form of mmo DDoS attack takes, game companies should notify the appropriate authorities. While it's highly likely that nothing will come of this, it's at least something to have some sort of paper trail started. The problem is that many hackers live in countries that have extremely lax laws on cybersecurity. One member of the infamous Lizard Squad hacking group was convicted of over 50,000 hacking charges in Finland, and the only punishment the hacker received was a two year suspended sentence and that his online activities had to be monitored.

At best, companies can only respond to mmo DDoS attacks by getting the network back up, refusing to pay any ransom demands, and doing what they can reasonably be expected to do to keep such attacks from being successful. That being said, if I was incredibly rich and owned a major online rpg who had been hacked repeatedly by some group just for kicks or a ransom, I would hire Chinese or Russian hackers to trace down the offending parties. Then I would hire mercs to snatch them and transport them to a country with no extradition treaties and have an example made of them to all other hackers. Petty and vicious, I know, and I've taken this to an extreme for argument's sake. But fear is the only real thing that will stop hackers from doing mmo DDoS attacks or any other type of hack. Some time back, the group Anonymous bragged that they had info that would topple the Mexican drug cartels and threatened to release it. Nothing happened. Why? Because I'm sure the people in Anonymous realized that the Mexican drug cartels had no compunction in hunting them down and killing them. That being said, companies can only do their best to protect against mmo DDoS attacks by having the best (and reasonable) security network in place, refuse to give in to ransom demands, and work with law enforcement to find and punish those who are breaking the law.

Sep042017

Add comments:

comments powered by Disqus