DerpTrolling’s mmo attacks reveal new threat

By Tam Mageean
derp investigated

Recently, we reported on the wave of attacks from hacking fraternity, DerpTrolling, who’s cold, calculated DDoS attacks shut down several mmo games last week and even resulted in the malicious shutdowns of livestreams belonging to popular online gaming personalities. Games including League of Legends, APB Reloaded and any mmo tied to the servers were affected, and all have since made a full recovery.

Over a week has passed now, and as the dust settles, technologist blog, ArsTechnica has uncovered the secrets behind the hackers’ success, and a never-before-seen “hacking” technique has been revealed.

More an exploit, than a hack; the feared "DDoS attack" has circulated for some time now, gaining infamy through Hacktivists like Anonymous and LulzSec. As security has tightened and awareness of DDoS has spread, combat against the method has improved.

Typically DDoS-ing involves flooding a server with “junk traffic”, forcing it to temporarily deny access to the server for all, which means, in the interest of your favorite mmo, that you can no longer access the server, and the massive, multiplayer and online aspects of your game all sadly fade away. The system relies on the hackers having access to a massive battery of imaginary traffic; often generated through tools such as the dreaded “loic” DDoS-engine, but the DerpTrollers seem to have found a way to cut out the middle-man.

According to ArsTechnica, rather than attacking a site or server, DerpTrolling's new technique involved attacking a game's respective NTP server, pretending to be the victim site. This resulted in the NTP server, which handled the site’s time-data, sending replies to the original game site that were 58 times larger than the original request. In short: they tricked the site into attacking itself, and then attacking itself again even harder.

Hacker-trackers, Black Lotus have issued a statement to vulnerable gaming sites, stating how they can defend themselves against future attacks. Although this method of attack is only just emerging, hopefully, this workaround means it will disappear swiftly.



comments powered by Disqus