back to article LulzSec hacks EVE Online as rampage goes on

Prolific hacker pranksters LulzSec took out sci-fi game EVE Online on Tuesday as part of a run of attacks apparently perpetrated purely for the lulz. A DDoS attack left EVE Online offline for around five hours as part of an operation called Titanic Takeover Tuesday. CCP Games, the firm behind the popular multiplayer game, said …

COMMENTS

This topic is closed for new posts.
  1. Danny 5
    Thumb Up

    be thankfull

    they're white hatters, shudder to think what would've happened had they been malicious.

    I can't help but chuckle every time i read a story about them hacking something, purely for the lulz. It's what i would want to do, had i been a good hacker.

    these guys are exposing flaws that should've been taken care of ages ago and firmly puts the companies affected in their place, i can't really see anything wrong with that.

    i work in IT and if i where the person responsible for security and this happened to me, i would probably still laugh while cleaning out my desk ;)

    1. Loyal Commenter Silver badge
      FAIL

      With an attitude like that...

      ...I'm surprised that you haven't been asked to clean your desk out already. Personal stuff only...

      Launching ddos attacks against people isn't 'white hat', it's the definition of malicious.

      1. Marcus Aurelius
        Go

        Agreed

        Ddos is crude, unsophisticated and an indication they can't do better.

        Legitimate protesting like breaking into Senate systems is fair game IMO

      2. Anonymous Coward
        FAIL

        DDOS != Hack

        A ddos is more attributed to ripping the door of your office building and throwing rocks through the windows. A DDOS is not a "hack" as the media are calling them.

        LuLzsec are far from White Hat. They release private data into the wild before even notifying the vendors. Why did they tell the NHS they where vulnerable and not anyone else?

        1. Anonymous Coward
          Thumb Up

          Question? White Hatters or Black Hatters ...

          That would make them Brown Hatters?

        2. Anonymous Coward
          Anonymous Coward

          er

          A Distributed Denial of Service attack may well be a hack. It depends on what type we are talking about. Flooding IP ranges via botnets it not a hack in itself (depending on what packets you are sending and to where) but gaining the collection of infected hosts in the first place could well have been "a hack" job, all be it some less competent kids use automated processes to do this but other more competent users use a variety of exploits, custom or POC to gain their zombies.

          A DDOS attack which may include floods of emails could not realistically be construed as a hack and neither could the Anonymous method of it's users running a flood script however NOT all DDOS attacks are carried out by kids with scripts, many are by very good programmers who are still a little naive, enough so not to see it as an offence that may gain them some jail time in the near future.

    2. Paul 172
      WTF?

      @Danny 5

      They're not white hats though, are they....

    3. Anonymous Coward
      Mushroom

      @Danny 5

      How much more stupid and self-righteous can you be?

      No white-hat would leak the information they managed to grab, nor would they gallivant around with this holier-than-thou attitude.

      LulzSec is as much a group as Anonymous is. If you've been on their IRC, they invite anyone to submit leaks and information about possible targets. They are a bunch of teenagers having fun with open-source tools.

  2. Atonnis

    Sooner or later...

    ...they'll hit one too many companies, and these companies will join together...and hire better 'hackers' than the Lulzsec fun-times kids...and then this group will disappear.....quietly......at night....

    1. irish donkey
      Big Brother

      The thing about a Gorilla War...

      is its impossible to win by force of might.

      ... you just never know when or where the next attack will happen and you have to spread your forces trying to cover all your bases.

      Why would they hire hackers.... Who would these white hat hackers hack? They don't know who they are up against never mind what their email/facebook address is.

      And how would they know the WhiteHats they have hired aren't the people they are trying to catch.

      Much more likely the Goberment will draft some new legislation that says you can only access the intertubes with an aabacus and a piece of chalk.

      1. Paul 172
        WTF?

        lmao

        "Gorilla war"

        guerilla...

      2. Anonymous Coward
        Coat

        Actually, the thing about a Gorilla War is ...

        ... it is best won by throwing exploding bananas at each other!

        1. Thomas 4
          Mushroom

          As a friend of mine pointed out last night

          A lot of Goonswarm folks were displeased at the prospect of unwanted EVE downtime. A showdown between the wretched scum of 4chan vs the wretched scum of the Something Awful forums will make for superb entertainment.

        2. NmEWarlok
          Thumb Up

          Exploding Bananas "gorilla war"

          And someone actually remembers that old qbasic game ...

      3. TheRealRoland
        Happy

        Well, Gorilla war it may very well be...

        With all that chest-thumping

      4. Tom Maddox Silver badge
        Megaphone

        Gorillas

        "Get your filthy packets off me, you damn dirty apes!"

      5. Anonymous Coward
        Black Helicopters

        @Irish donkey

        "The thing about a Gorilla War is its impossible to win by force of might."

        This is true, but it depends on who is actually the Gorilla...

        I have a funny feeling that if a news story aired saying that two or three people had been found dead, tortured slowly over several days, and the only connection appeared to be membership of an online group known as LulzSec, the 'hacks' would taper off pretty quickly!

        It really wouldn't take government 'analysts' long to track down a few culprits if they put their resources towards it, even if it was only the mouthpieces rather than the actual do-ers... But that kind of thing would probably only happen if they were stupid enough to directly target some sort of government security agency...

  3. ledmil
    Thumb Down

    Hacked?

    Can you please explain how a DDoS attack is a 'hack'? Or was the headline purely in competition with the Daily Wail for sensationalism? Surely being hacked means that someone has compromised one or more systems on the network being hacked. From your article this would appear to not be the case.

    Also there is no reference to the post at the Eve Online website from the COO stating they took both the game servers and web site offline in response to a DDoS attack for them to check for signs of compromise.

    Less sentationalism and definately less tardy journalism would be appreaciated.

    Where is the El Reg Tombstone icon when you need it.

    1. DarkOrb
      FAIL

      Agreed...

      I agree, it's one of the many things that's starting to make me visit here less and less.

      A DDoS is not a hack - and it isn't even apparent that the DDoS was the reason why it went offline. Looking at BGP stats from last night they pulled all their routes at the same time - not something that would have happened without CCP doing it.

      Maybe you should research your stories before you post them.

      P.S. For those that aren't aware here's a link to the post mentioned by ledmil: http://www.eveonline.com/news.asp?a=single&nid=4616&tid=1

    2. CASIOMS-8V

      what he said

      "Also there is no reference to the post at the Eve Online website from the COO stating they took both the game servers and web site offline in response to a DDoS attack for them to check for signs of compromise."

      CCP didn't cave in to the DDOS as the author of the article suggests. They cautiously took the entire thing offline as they were worried the DDOS was a smoke screen for something else. Which correct me if I am wrong it is understood this is what happened with SONY?

      As for the forum wailing - the EvE forums are always wailing. I haven't had time to read them all but the few pages I read on General Discussion very early this morning showed a balanced view with about half saying good job CCP - you can't be too careful and the other half comprised of naive nitiwts wanting free stuff for the downtime.

      I salute CCP for how they reacted to this. Paying customer for several years btw.

      1. Anonymous Coward
        FAIL

        Re: "HACK"

        People call everything a hack these days. Some dummy leaves their facebook logged in at the library and suddenly "they've been hacked". Someone guesses their qwerty email password and they "got hacked". They go to a pron site and get keylogged and credit card number stolen and "they got hacked".

        Just the general degradation of our society.

        Unfortunately the lawmakers know even LESS about this technology, and they're the ones making decisions on this kind of thing.

        1. This post has been deleted by its author

  4. vdascda

    But Why?

    I play EVE Online, its WOW for adults in a space ship, I dont get why anyone would want to take EVE online down the game does not hurt anyone?

    1. Oliver Mayes

      There isn't a reason

      It's a group of teenagers with too much time on their hands who think that disrupting high visibility targets makes them cool. There is no reason to any of these hacks, it's purely because they think it's funny to annoy people.

    2. ZankerH
      Black Helicopters

      Because Sony

      CCP hf. (the company behind EVE Online) announced an exclusive deal with Sony for its upcoming console MMOFPS game. Sony and their allies have been targeted by LulzSec from the start. Likewise, Mojang (the Minecraft guys) are bringing Minecraft mobile to the Sony's phone/portable console thing (Xperia?) only at first.

      Sounds like a more plausible explanation than targets being picked at random.

    3. Loyal Commenter Silver badge

      I don't think there's any particular reason behind the attacks

      It's the online equivalent of bored teenagers dropping things off bridges onto train lines. Usually harmless, but occasionally potentially dangerous, and always illegal. Once one or two of their less careful members get caught and get the book thrown at them, they'll go back to vandalising bus shelters instead.

      Personally, I think CCP should be commended for the way they ring-fenced their servers, although it may have been a slight over-response to take down all their web servers, including those for DUST 514. Sony took the opposite response when they were hacked a few months ago, and kept things running while they were still assessing what kind of damage was being done. Look what happened there. CCP are bound to have billing information for their customer's accounts, which by necessity is available through the web to their user base, so ti seems like a prudent move to me.

      It might be a little annoying to Eve players that they couldn't play last night, but CCP usually give out freebies after extended down-time, such as special in-game items, extra skill-points, etc.

      As for the issue of bot-nets in the game; I have been playing for a couple of years and never come across this problem. The game is designed in such a way that it can be fairly well self-policing; when there was a spate of people using bots to mine minerals in ships (called Hulks), the player base responed with 'hulkageddon', where a bunch players went round and blew their ships up. Anyone found using bots gets their account banned.

    4. Anonymous Coward
      Anonymous Coward

      Trolling or....

      ...you simply have no clue about the game you're playing.

      There are people in Eve (lots of them) who would quite cheerfully plant child porn on a machine & report you to the local police if they believed they could gain an advantage from it.

      The fact there's shedloads of bots getting banned (tradebots now too) so there's people losing RL money (thousands of Euros a month in some cases) and lulzsec have setup a "who do you want targeted" phoneline....

      You join the dots.

      Intenet spaceships is still serious (RL) business :D

      1. Anonymous Coward
        Facepalm

        Re

        This "its a bunch of bored teenagers in their mom's basement" rhetoric is getting old. Wish we could get some bans for it.

        And even if that's true, just think, they're more skilled and more intelligent than the entire collective IT staff at Fortune 500 companies. More intelligent than the entire government cybersecurity team. If they can pull it off, what do you think the terrorists are doing? Perhaps if we lived in a society that valued intelligence rather than insulted it they'd have something "better" to do with their time.

        Either way, much more likely that they are mid 20s individuals looking to take payback for real or imagined oppression by "the man". Probably recently unemployed IT professionals. Many of the acts have been fairly justified, and they haven't profited from any of it. I don't see a problem with publishing the data, data cannot be "stolen" and the lack of security around it is laughable. Their acts are tantamount to someone going to a museum, sketching a copy of a painting and people complaining that the artwork is being "stolen".

        1. Loyal Commenter Silver badge

          If you think...

          ...that a bunch of people launching a ddos attack, most likely, with something like LOIC, are more intelligent than all those people, then you are wrong. I seriously doubt that they have access toa botnet to lauch the attacks, as such things are usually controlled by criminals for profit, not by kids for what amounts to online vandalism. They might, however, be more intelligent than you, as you seem to have failed to have even a basic grasp of the issues at hand.

    5. Anonymous Coward
      Happy

      But Why?

      I play EVE Online, its WOW for adults in a space ship, I dont get why anyone would want to take EVE online down the game does not hurt anyone?

      It's OK I sent EVE a get well soon card and am baking it a cake right now.

  5. Bilgepipe

    Hmm

    >>> Some have praised LulzSec for its gonzo-security antics...

    Methinks this has gone way beyond some kind of Robin Hood-esque campaign for better internet security.

    1. Daniel 1
      Meh

      As Adam Shostack wrote, a few days ago...

      When it comes to conveying the importance of computer security, to those who will pay for it, we are currently being out-communicated by a bunch of people who can't even spell LOL.

      How bad is that?

    2. Anonymous Coward
      Anonymous Coward

      Re

      Just think of how jaded a person must become when they discover that no one is adequately protecting their data. I can see how they'd go from "hey lets show how bad this security is" to "burn the whole thing down".

  6. Anonymous Coward
    Big Brother

    On the other hand...

    If you were a government agency tasked with making major companies and infrastructure providers WAKE UP AND DO SOMETHING about making themselves secure, this wouldn't be a bad way to do it, would it?

    Effective, high profile, and above all deniable, not to mention being both good practice and a chance for those 1337 kids you just employed to prove that they have what it takes.

    Just a thought.

    1. Destroy All Monsters Silver badge
      Big Brother

      WAKE UP AND DO SOMETHING?

      What, like, financing cybersecurity lobbyists who then can get a new cybersecurity czar anointed by the Powers That Be who then can order expensive gear at said companies for Government Use and/or ram through legislation that everyone needs to order expensive gear at said companies?

  7. EVE player

    CCP is bad at security

    When CCP recently released a new forum the security was so hilariously bad that people had managed to get access to the admin parts of the forums within hours (and got their accounts banned after pointing it out to CCP). At first CCP took the forum offline in the hope to fix the issue, but after a few days we got the old (and superior) forum back and the new forum went into the memory hole. If CCP had my credit card details (they don't) I would have it blocked.

    1. kosh

      au contraire

      How is that "bad at security"? Bad at security would've been leaving the vulnerable forum code running.

      It's not wrong to be vulnerable - all systems are. What's wrong is allowing glaring problems to fester.

      I'd hate to be CCP. Browsing the forums reveals they have some of the most awful, ungrateful, childish, self-serving customers. Add in that EVE is a haven for real-money-traded russian & chinese goldfarming, and I'm not surprised they get owned, and quickly how la.

      1. Anonymous Coward
        Anonymous Coward

        Game Devs = Meh

        When I was a games dev we never had a second thought about forum whiners. I doubt much has changed in 8 years.

  8. Diziet Sma
    Devil

    DDOS != Hack

    See title . :P

  9. Anonymous Coward
    Anonymous Coward

    Lulzsec in Nullsec

    One of the larger factions (a few thousand members) during the 4 years I played was Goonswarm which also originated from 4chan. I haven't played in a year and a 1/2 but I know they're still around.

    So if DDoS has been used as a smokescreen w/Eve before and there is reason to think there's at least some membership overlap in GS/Lulzsec I can understand CCP being concerned. Given the unfettered PvP sandbox, and single-server, nature of the game, the egg on their face over a 5 hour shutdown is less damaging than a successful hack by a group that likely includes players.

    More to it than just that obviously, both in terms of possible membership overlap, and CCP's recent deal with Sony.

    1. Anonymous Coward
      Facepalm

      Look at how dumb you are...

      Goons come from Something Awful. You should know that if you had been playing as long as you claim.

      Damn pubbies keep opening their mouths when they have no idea...

    2. Anonymous Coward
      Anonymous Coward

      Good point...

      ...except that Goonswarm is affiliated with SomethingAwful, not 4chan.

      Goons - SA

      Anons - 4chan

    3. Anonymous Coward
      Anonymous Coward

      I do have to wonder though

      LulzSec sounds like a name a script-kiddie who lives in Eve would come up with.

  10. Captain Hogwash
    Headmaster

    Gorilla War?

    I'm not sure what the events on Monkey Island have to do with this.

    http://www.youtube.com/watch?v=qHxNLdATrVY

  11. Anonymous Coward
    FAIL

    But why?

    TBH I can't see what they gain from this. Everyone nodded their heads at a job well done when LS exposed the flaws which have existed in Sonys environment for years. But the latest sailing does not raise their cred at all, instead it takes them back to the level of a bot herder working for cash.

    I would be more impressed if they went after Human Right infringing nations or Sexual predators instead of running phone line asking the average pleb to leave a message suggesting their next target. almost like X-Factor.

  12. Anonymous Coward
    Anonymous Coward

    But why?

    TBH I can't see what they gain from this. Everyone nodded their heads at a job well done when LS exposed the flaws which have existed in Sonys environment for years. But the latest sailing does not raise their cred at all, instead it takes them back to the level of a bot herder working for cash.

    I would be more impressed if they went after Human Right infringing nations or Sexual predators instead of running phone line asking the average pleb to leave a message suggesting their next target. almost like X-Factor.

  13. Anonymous Coward
    FAIL

    Unusually poor article - not like you, Reg?

    I struggle to understand why there is criticism of CCP, or any company, for being "overly cautious" with customers credit card information? I applaud CCP for the way this has been handled.

    You don't have to look far to find that the servers were in fact taken down voluntarily, by CCP, in order to protect user data. I suppose looking as far as CCP's twitter feed or facebook page is too much like journalism on this occasion? You could argue that Minecraft recovered rather quicker, but given that Minecraft is neither an MMO nor a subscription service, CCP's cautiousness is very much warranted.

    Instead, this article paraphrases the scare-tactics of lesser publications by suggesting this is 'Hacktivism' which successfully highlights poor security. Firstly, as many have said, DDoS isn't hacking in the same sense as driving a truck through the door of a house isn't lock-picking.

    Equally, successfully getting said truck through the door is not indicative that the door was insufficiently secure. Why are CCP expected to be able to fend off a massive DDoS attack, or any other extreme situation, and stay active as though nothing had happened?

    Conversely, I'm sure their protection against actual, real hacking is more than sufficient. Switching off the servers for a mere 5 hours in the interests of protecting customer data is an effective if basic strategy that I'm perfectly happy with.

  14. John Savard

    Getting Bored

    Whatever. Maybe they'll get caught or get bored. But things like this shouldn't happen in the first place.

    Hopefully, someday Microsoft will get around to releasing a version of Windows without vulnerabilities, so there won't be any computers out there capable of being made into parts of botnets. However unrealistic a hope this may seem, it is the only solution.

    1. Anonymous Coward
      Anonymous Coward

      Re

      Are you posting just to demonstrate that you know nothing about technology? Is this a troll? I don't get it.

    2. Boris the Cockroach Silver badge
      Holmes

      Perhaps a

      better solution would be for admins not to have accounts named "admin" with a password of 1234

      Then again , I'm someone who sfeels it was a shame Valve software never managed to get the guy who hacked them to US territory ......

    3. A handle is required
      Thumb Down

      Last I checked...

      Microsoft isn't the only company that makes servers.

  15. LulzSuks
    FAIL

    Sad, Pathetic, Little Losers...

    LulzSec - Losers United Lacking Zyprexa - Sadly Erectile Challenged

    Get a job, move out of mommy's basement and contribute something useful to society. If the only way you can feel good about yourself (or have a LULZ) is to tear down something that someone else has built then you have serious issues. The good news is... they make medication for that. Try some!!!

    :(

    1. Anonymous Coward
      Stop

      Medication

      You appear to have forgotten yours.

  16. Anonymous Coward
    Anonymous Coward

    5 hrs

    "A DDoS attack left EVE Online offline for around five hours"

    I've never played EVE but I get the impression the five hours is long enough for something to almost happen. So thanks to LulzSec something didn't quite almost happen.

    1. MajorTom
      Meh

      5 hours is a long time

      I typically am logged into Eve less than 5 hours a day, so some players lost a day of play.

      I logged on late last night Pacific USA time, and saw the note about the shutdown earlier in the day. Something not reported here was that there was a SECOND shutdown about (IIRC)10:30PM Pacific time, after things had been getting increasingly slow and laggy over the past hour. Another DDoS? Regardless, this time, about 15 min. after shutting down, Eve tranquility server came back up. I got a few minutes practically alone in the Eve universe, which was pretty cool.

      1. Anonymous Coward
        Anonymous Coward

        "some players lost a day of play."

        i wonder how many extra suicides there were that day.

        stats anyone?

  17. Justin Clements
    FAIL

    Author of this article needs a slap

    If you are being DDoS'ed and no one can reach you (as per the definition of a DDoS) then why keep the servers up?

    So why not "throw the towel in" and work to secure the servers from any other mischief that you do have control over?

  18. Killraven

    Other unwanted rhetoric...

    I tire of the fertilizer-soaked rhetoric of how the victims of these attacks "should have had better security". Yes, perhaps they should, but that's blaming the victim and it's a poor justification for anything.

  19. J. Cook Silver badge
    Coat

    DDoS...

    I always thought that a DDoS attack was not like getting the doors ripped off and rock through the windows, but rather a couple cubic kilometers of water air-dropped on some poor sod in a 20 cubic meter building- It shows up, you can't breath for a while, and after it all drains away, you have a pile of dead, smelly fish and a building to clean out.

    Mine's the HEV Mk IV.

  20. DragonKin37
    Mushroom

    Take your picks

    What gaming company will be Lulzsecs next target.

    A - Blizzard/Activison

    B - Vaulve

    C- EA

    D - Bungie

    Make your selctions at anytime!

  21. Head
    Thumb Up

    Hmmm

    the 4chan corp are still in TEST Alliance... which just so happens to be best friends forever (BFF) with the Goons.

    In TEST there is: 4chan, Reddit, Ars Technica and several other big forum groups. I am just glad i got out of TEST when i did, but i do miss talking to the 4Chan leader on Eve, he's a legend.

    As to CCP taking the servers offline, it's a lot better than leaving them on and just hoping for the best.

  22. cloudgazer

    There's something kinda poetic

    EvE, a game were griefing and scamming are tolerated and large gank blobs are de rigeur, being griefed by a a blob of script kiddies. Maybe not poetic, but definitely meta.

    1. M Gale

      "...a game were griefing and scamming are tolerated..."

      "Tolerated" is not the word you are looking for. "Tolerated" implies that it is disliked but allowed to exist.

      I think perhaps a better term would be "integral". As in "griefing, scamming and gate camping are integral to EVE."

      Not that this is a bad thing. It gives the trolls a sandbox to play in, and keeps them out of the more care-beary games like WoW. I'm kinda thinking of getting onto EVE meself, what with knowing two or three friends that also play it. I'm just under no illusions as to what my grievance rights are if some bunch of small-dicked children decide to sit behind a jump gate with with a whole load of battleships.

      All part of the game. Just get a bigger bunch of small-dicked children or put a bounty on their head!

  23. Anonymous Coward
    Thumb Down

    They're not hackers

    They're not even crackers. They're just skiddies.

    Thumbs down in the manner of a Roman Emperor.

  24. LtJoker

    Strange choice of target

    EVE is a strange choice of target, it's the only MMORPG I know where you don't get your hand held ad nauseum; the stakes can be high but that's half the fun.

    They were right to take it offline as a precaution - EVE with lag is not fun at the best of times, I'd hate to be in a fleet battle the same time as a DDos attack let alone think about all the claims of "I lost my ship to lag, compensate me CCP" that would be bound to follow.

  25. Dave Murray Silver badge

    Research much? Facts? Nah...

    Bethsada did not write Quake or Doom, that was id Software.

    According to CCP, Lulz did not force the game or CCP websites offline. CCP took them offline as a precaution to prevent Lulz using the DDOS as a smoke screen for a hacking attempt. Think I mentioned this when I sent you the story last night.

    And, as I commented on the previous article about EVE becomming a battlefield for Eastern Eurpoean botnets that idea is just ridiculous nonsense. Until very recently I was a member of some of the groups you're talking about and we did not DDOS anyone before an attack. Some farming bots were in use by individual members, some of them important people in the alliance, but they were not used in an organised fashion.

    What happened to the old El Reg tombstone icon? I need it now.

This topic is closed for new posts.