Shadowbane Servers Hacked, Chaos Ensues

Vanguard(DC) writes "There was a major hacking incident last night on the servers of Shadowbane, a newly released MMORPG by UbiSoft/Wolfpack. The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game. There's already an official statement on the forums - 'Ubi Soft and Wolfpack Studios are now working with law enforcement, and we promise all of you that these individuals will be prosecuted to the full extent of the law.'" There's a little more information via a post on the SBCatacombs messageboard - apparently the carnage (including many less powerful players getting killed) involved "..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."

I just can't get mad about this one...

...'cause that shit is funny!!!

Just roll the game back 24 hours and play on.

Re:I just can't get mad about this one...

The only proper punishment for such a crime is to have the offenders sit and listen to each player as they describe the characters that were tampered with and the achievements that were lost due to this reckless vandalism. Then again, that might amount to cruel and unusual punishment!

PLAYER: You see, my elven warrior had just obtained expert skill level with his scimitar, which allowed him to slay the vicious vampire of the valley, after which he stole this awesome magic amulet that lets him see through walls...

HACKER: aaarrrrrgggghhhh!!! no more! no more!

Another player weighs in.

PLAYER 2: It devoured my avatar. It was a really good avatar. Then I had to play it all again to get the skills back and I had to do it fast, and it wasn't as good. It was kind of a ...bummer.

What about the judge and jury?

I can just imagine the look on the judges face if this went to trial, and some of the players had to be called to the witness stand. Reading the transcripts of that testimony would be hilarious.

What would a jury think? That people who spent 500 hours building up an imaginary character need to be compensated for their loss? I can just see some uber-gamer breaking down and crying on the stand because their elf now has to start from level 50 when it took him 3 straight months of playing 5 hours a day to get to level 55. (or whatever the terminology is) More than that, how are you going to get a jury of this person's peers to try them in court? How do you interview a jury like that? OK, what is your favorite magic spell? Have you ever spent more that 12 hours straight playing a game? Is your BMI over 40? Picard or Shatner?

Jury of peers

Conan the Barbarian: ... and the next morning my sword was gone, and the gold pieces, and...

Cross-Examining Lawyer: And, if I may ask, where did you get those gold pieces in the first place...?

Conan the Barbarian: Well, I killed this dragon and...

Cross-Examining Lawyer: Murderer!! You killed, pillaged and raped to get this money and now you have the stomach of accusing the defendant, and honor student in the other end of the kingdom...

Conan the Barbarian: But it was just a dragon...

Cross-Examining Lawyer: Racist!! There we have it, honored members of the jury, Mr Barbarian here is not only a thief and a murderer, he is also a racist. That nullifies any and all of his allegations. You must aquit.

/Tor

Re:Jury of peers

Toss in a bit of the Chewbacca defense and they should be all set...

Cross-Examining Lawyer: It does not make sense. Look at me. I'm a lawyer defending a Conan the Barbarian and I'm talkin' about Chewbacca. Does that make sense? Ladies and Gentlemen I'm am not making any sense. None of this makes sense. And so you have to remember when you're in that jury room deliberating and conjugating the Emancipation Proclamation, does it make sense? No. Ladies and Gentlemen of this deposed jury it does not make sense. If Chewbacca lives on Endor you must acquit. The defense rests.

-S

Re:I just can't get mad about this one...

Now hacking into a system and getting GOD authority. Sounds like a fun thing for a game.

It sounds more like a movie. Any of these guys called Bruce?

or Neo?

A great idea

You just need to take it a bit further...

Supposed you have a game & server concept similar to this, but programmed in a way to not take game security dead-serious. In fact, as the cheats, etc. came out this would not be shunned, but instead part of the game. The people with the best cheats take the cake, can gather clanmates and share what they know. Your clan is then defined by the abilities they have aquired through manipulation of the game workings (in addition to the standard tags, skins, etc.)

I'm sure you could develop a program in a way to separate out abilities (such as speed, gravity, damage types) such that any crack wouldn't give up everything else

Which brings on two negative points:

-It sure wouldn't be appealing to newbies, who start on ground zero

-Anyone who successfully gets full access ("GOD")
may be unsurpassable and ruin the game for everyone. This can be overcome by having the game focus include things other than Power by Might (i.e. killing sprees), such as trade, etc.

If there ever was a prime canidate for an open-source friendly game, this concept would be it :)

Kids these days...

Old news for multi-player games. The best one (done to me) was in 1976. I was playing a starship game on the school board mini. Once in a while the game would glitch and give you control of someone else's ship for one command. Someone I was dueling with got my ship and turned off the shields.

I almost died laughing when I, years later, saw The Wrath of Khan.

Plenty of hacked moby ships too.

Non-AI God also equals fun!

Not only is it funny, it sounds like it might have actually been fun in a weird warped way to have been playing at the time...

After all, it is a fantasy game, why couldn't this have happened within the normal confines of the game?

"What, how the hell did I get at the bottom of the ocean? Oh, great. Now I'm in the middle of my worst enemy's keep...This is not my beautiful castle?! This is not my beautiful wench?! How did I get here?"

Well, fun to me, at least. I don't take fantasy computer games that serious

Games are businesses too.

ok... this is getting ridiculous... why should anyone that found a way to compromise security for a game be prosecuted in real life?!

Why should computer game servers be exempt from the usual laws about hacking into peoples' systems? Those who break into banks are prosecuted, if caught.

This person or persons compromised security, broke in and disrupted business operations, causing damages. Seems pretty straightforward to me.

ASA

Re:Games are businesses too.

Think about it this way:

You pay 40$ a month for cable TV. It's just entertainment, no realy value behind it beyond that. Some jackass hacks the cable company and broadcasts 80's daytime soapoperas on ALL of the channels for a week.
Hilarious? Yes. Wrong? Also Yes.
This is precisely the same thing. And believe me, your average Television watching joe schmoe will NOT be amused that "Who wants to marry a millionaire friends star island 3" has been pre-empted by Days of Our Lives reruns from 1985.
The bottom line is that people paid for their entertainment, someone else fucked their entertainment up. The person doing all the fucking up should be punished for depriving me of a service I paid for, and for depriving the company of revenue. End of story.

Kintanon

Re:because it's just a fucking game

The main point of prosecution is that people paid real money for the privelege to play the game, and were deprived of the value of that money when some juvenile jerk decided to go on a rampage.

I think it's kind of ludicrous to make threats like the Ubi people have made, but the people who did this do deserve some comeuppance because what they did *was* in the real world--they hacked the game, destroyed a lot of people's expenditures of time, and most importantly to Ubi, trashed the hosting company's reputation. All of that is real-world, whether you think it's important or not.

That said, I think the whole thing was hilarious from descriptions, and I'd love to see the recording of the mess they made.

Re:because it's just a fucking game

Yes, it's just a game. However,

They DID hack into a commercial system and disrupted business.

They DID interfere with paying customers.

Just because they are hacking into a game today and you're willing to let them get qaway with it, what will you say when they're hacking into your bank account tomorrow?

because it's a law

This is informative? I'm not saying that the hackers ought to be sent to a labor camp over this, but letting it go is like not prosecuting the shoplifter 'cause they're murders in the world.

No one reasonable is asking for the cops to stop chasing terrorists to do this, but we as a society prosecute any crime (even stupid ones, to even stupider lengths) as a principle.

And just because other problems exist, doesn't mean you let the little ones slide. No one's time is that hard up.

Re:because it's just a fucking game

Tell that to the guys who got the pager call in the middle of the night and had to get up leave their wife and kids, go in to work and fix this. The kid should pay, not because he killed an Orc/B. He should pay because he disrupted a business, and caused them monetary damages. The kid should have least have to pay for all of the overtime he caused.

Re:because it's just a fucking game

You sir, are an idiot.

Do you ever complain if someone's cell phone rings in a theater? Or if they talk loudly through the whole film?

Basically, if you *ever* complain about anything that someone does to make your entertainment choices less fun, you're a hypocrite.

I bet if you were in the middle of an intense game of chess and I, a complete stranger, came by and intentionally knocked the board over, you might feel like throwing a punch in my direction. How is this any different, except that the jerks are safely far away from having their asses kicked right then and there, is beyond me.

Saying it's "just games" ignores just how important a certain amount of play is to a healthy life.

.

No it's NOT just a fucking game

It's a business.

The point is that if they were your servers, and they were your customers, and it was your business model you would be screaming bloody murder.

And if you wern't then you need a serious reality check about how the real world operates. This is a company with shareholders who now has to explain why they wouldn't react the way they are to their shareholders.

On another note, does anyone else notice a trend on the games.slashdot.org stories and how many of them suffer from morre thoughtless comments than a normal Slashdot storie?

Ted Tschopp

Re:game world != real world...

why should anyone that found a way to compromise security for a game be prosecuted in real life?!
if that will happen, then WHO will take responsibility for all the holes in Windows?!
well, not exactly. they're not going after the people for breaking into a game, but for breaking into a server. Nor are they going after the people responsible for the lousy security on their servers (as your windows comment might suggest), but rather the ones responsible for exploiting that lousy security. This is pretty much standard in the real world. I break into a system, I get caught, I get prosecuted.

Re:game world != real world...

And if the "break-in" was not really a server break-in but a software bug that allow a player to become GOD?

Like an undocumented bit/byte pattern in the interface.

Anyone remember the the undocumented instructions in 8085? or the Z-80? or IBM Midranges?

Re:game world != real world...

Yes. You break in, you get caught, you get prosecuted. By your logic, if I have a rusty lock on my door...hell, if my front door is ajar, and you break into my house, I should be prosecuted? Bullshit. You should then hypothetically fear for your life, 'cause if I'm home, there's a shotgun pointed at your chest.

Just because there is a hole doesn't mean you have the responsibility to exploit it and break in. Indeed, it's illegal to do so. UbiSoft will no doubt come down on their admins for shoddy security. But that does NOT give you carte blanche to break in, nor does it protect you from prosecution.

Protesting 'Security Through Obscurity' is not the same as 'ooo, let's a be a script kiddy and exploit this bug and wreak havoc, because they should have known better.' If that's your attitude, you'd better get used to a felony rap sheet and a large, tattooed boyfriend named Slash.

Re:game world != real world...

Real simple, the in-game actions these people did caused real world finacial harm to the game developers. I saw at least one post stating that people canceled their subscriptions, in part, because of this.

Not to mention the tarnished reputation, which is also worth damages.

Not to mention that breaking a law is illegal, whether you hurt some one or not.

Re:game world != real world...

Just because it happens to be a game doesn't mean that no one is responsible for screwing things up. Try walking into the NBA playoffs and stealing the ball.

Jack Nicholson and Calvin Klein, notwithstanding...

Re:game world != real world...

Do you also not think that anyone hacking Amazon should get prosecuted?

Not if it takes more then one click to do it ;)

Re:game world != real world...

ok... this is getting ridiculous... why should anyone that found a way to compromise security for a game be prosecuted in real life?!

It's not just a game, it's a service provided by a company to paying customers. The hackers disrupted a service being provided, that is a prosecutable offense right? And if US/W loses money (i.e. customers, downtime, and IT expenses) then they can claim damages right.

I'm sorry, but that title needs a farkism:

Shadowbane Servers Hacked, Hilarity Ensues

Hahaha.

Man that rules. I would have loved to have seen that. Should be a feature in more MMORPGs.

"Now featuring WRATH OF GOD mode, where pissed off GM's show you what it would REALLY be like if god cared. Experience plagues, meteors, and lightning from a clear sky. Divine retribution like you've never seen it before! Just 20 dallars a month."

Heh.

Haha!

Boy did I have a good laugh about the chaos going on in Shadowbane. The Matrix has them.

Fear the machines!

I can see the police blotter for the individuals responsible:

"Teens arrested for acting like God in computer game"

unfortunately this is par for the course

For those of us that have been playing this game regularly, this is only the icing on the cake for a plague of problems. This was a game that was touted for it's massive guild vs guild and player vs player capabilities. Massive warfronts and assaults utilizing seige weapons and a slew of powerful spells and powers. None of this has come to pass. The game lag is too terrible to support even the smallest of battles. PvP is almost impossible during primetime hours due to the inability of most casters to launch spells in a timely manner. (Although you -can- watch your nukes launch 45 seconds after your death)

Server downtime is extreme. Login is at times completely impossible. Rollbacks are nightly. The attrition rate among players is amazing. I've watched my guild vanish over the last few weeks as the host of problems drive out all but the most staunch of players. Ubi/Wolfpack blatantly reject petitions with no regard or consideration for the players. Every patch makes the client actually worse that it was before. This has been a nightmare for most of us. To see news like this only confirms the worst. Bad management, bad hosting, bad coding, and bad customer care have driven most from what I considered to be one of the better games to come out this spring. Just another account cancelled in a long line of departing players.

Why do people pay for MMPORPG Betas?

The computer game industry has been earning a reputation for releasing buggy code these past few years, and now it has come to a situation where what should be an internal release now costs money. Unlike retail games where occasionally Beta testers are charged, but given the full retail game later, Beta testers on MMPORPG's are not given additional months of play for the priviledge of paying to be guinea pigs. They are not compensated with reduced pay rates or additional in-game powers. In short, they pay to fill a necessary position in the production cycle, then they pay again for the retail product. Many, of course, don't pay for the retail product, and go on diatribes about how unplayable and unbalanced the game (they paid for) is.

How has it gotten so bad that we now release not only buggy games and expect to patch them later, but charge for development releases in addition to charging for final retail releases? We're giving ourselves a bad name here.

If your game is unfinished but in need of stress testing, don't charge for it or you will alienate your potential best customers. If you *must* charge for bandwidth because your manager didn't budget for such costs (and should be rightly as fired as if s/he forgot to budget for artists), then charge a bare minimum until the game is ready for prime time. Don't develop the game on the dime of your testers, or you will find that once you are ready to ship you don't have any customers.

10 dollars a month for our volunteers to do our jobs? We should be ashamed.

Re:Why do people pay for MMPORPG Betas?

Welcome to Economics 101; Supply and Demand.

If there is enough Demand for Beta positions, and a limited Supply due to bandwidth, then you have to limit the Demand. One excellent way is by charging a fee to join the Beta.

As an aside, when RagnarokOnline switched to a paid beta a while back, the community improved. People who had nothing to lose because they hadn't paid were pricks; they'd steal kills, and steal your loot before you could grab it. Behaviour like this decreased when they switched to a paid beta, because they now had money invested in the game.

Class dismissed.

Re:unfortunately this is par for the course

> this is only the icing on the cake for a plague of problems

No, this is a *VASTLY* different problem than anything we've been experiencing.

> Massive warfronts and assaults utilizing seige weapons and a slew of powerful spells and powers. None of this has come to pass.

What server are you playing on? AFAIK, every server has had at least one battle that would put some of EQ's big raids to shame.

I've personally been a part of most of the raids between TBW + allies and TBI/L7F + allies on the Dread server.

> The game lag is too terrible to support even the smallest of battles. PvP is almost impossible during primetime hours due to the inability of most casters to launch spells in a timely manner.

Again, on which server do you play? 90% of the time, Dread is pretty much fine. Sometimes, we experience lag spikes. What are the detailed specs of the computer on which you're playing Shadowbane? Does it suck? Do you have the detail turned all the way off? Are you talking about Latency, or Low Framerate?

Let's be specific here: if you can't give me a server and system configuration, I can't effectively rebuke you. Yeah, some of the highly populated servers can get pretty bad (Mourning and Death), but others are pretty smooth most of the time.

> Server downtime is extreme.

Sorry, WRONG. You're getting login bottlenecks and 'server downtime' confused. Yeah, the servers gone down periodically for maintainance.

> Login is at times completely impossible.

What a stupid thing to say. Yes, IF THE LOGIN SERVER IS DOWN FOR A PATCH, YOU WON'T BE ABLE TO LOG IN. What I think you MEAN to say, is that SOMETIMES (meaning infrequently; less than once a week) the login servers get congested, and it takes a while to get into the game. Yeah, it's a pain in the neck, but not all MOGs have a launch like DAOC. Remember EQ (probably not, you wouldn't be complaining)? Yeah, it was worse. Don't make me bring out the Terrible Two (AO & WWIIO).

> Rollbacks are nightly.

The last rollback was on Dread on 3/21. It's been a week since any rollbacks, invalidating your comment.

Check out the "SB Support Announcements" of their message boards before making unfounded comments easily rebuked with proof.

> The attrition rate among players is amazing.

Do you have anything to back this up with besides speculation? So your guild has 'vanished', so what? That could mean your guild sucks, or that they created alts, or they switched servers, or any other of the endless posibilities. Give me hard numbers, or quit the bitchin'.

> Ubi/Wolfpack blatantly reject petitions with no regard or consideration for the players.

Wrong again. When I lost my characters to a bug, WP_Ubiq was quick to respond and kept me fairly regularly posted. Yeah, it sucked at the time, but I was by no means ignored or disregarded.

> Every patch makes the client actually worse that it was before.

More sensationalism. I've watched the patches actually fix bugs. I crash less in Shadowbane now than I do in BF1942. Maybe you should take a look at your computer's setup.

> This has been a nightmare for most of us.

You + myself = 2 people. It's a nightmare for you, I'm at least reasonably satisfied and expect things to get better. 1000-1200 people on Dread at peak seems to question this 'nightmare for most' comment.

> Just another account cancelled in a long line of departing players.

See ya, don't let the door hit you on the way out. I'm sure I'll see you complaining on the release of every other game ever made, with the same parting comment, and the same vapid complaints.

-lw

Re:unfortunately this is par for the course

AFAIK, every server has had at least one battle that would put some of EQ's big raids to shame.

Perhaps so but with pretty much every one of those big battles you have more than 1/2 the participants either lagged to death or forced out of the game due to client or server crashes. It happens just about every time there is a battle of 50+ people.

It is not a matter of having a good computer or connection. The servers themselves start to lag in big battles. There have been many times when I've been on a completely different continent and I've heard of a big raid on a city. Sure enough the server lags horribly just about then and sometimes even crashes. Now maybe on some of the less populated servers this is not as evident but I played on Deception, which is one of the top 3 most populated of the servers.

Not only that but the client sucks too. I'm on a computer that handles Unreal Tournament 2003 at over 50 fps with all the eye candy turned up and in huge fights. The graphics of Shadowbane don't even come close to comparing to UT2003 and they barely pass 40 fps when nothing is going on. If I wander into a city with lots of walls, people, and other objects then the frame rates drop into the teens even with all the graphics turned down. Make this a huge battle and many people start getting 1 frame every few seconds. There are some pretty substantial memory leaks and so the game starts to lag even harder once it exhausts your physical RAM and begins to need to page to disk. On top of all of this the client crashes randomly and often.

The kicker is that once you crash or need to re-log into the game due to the buggy client you will often need to try to get back in for 1/2 hour or more because the login servers are horrible. God forbid that more than a few dozen people need to log in at once, you could be there all night trying to get back into the game. A typical night of playing Shadowbane would be: sit down at computer and attempt to log in, 1/2 hour later get to character selection screen, select character and wait 15 more minutes to get on the game server, play for an hour and then get bumped out of game for some odd reason, rinse and repeat.

I know that I'm not alone in this because there have been droves of people leaving for pretty much the same reasons I've stated here. Just look at the message boards and you'll see plenty of people saying the same thing I just have.

I'm not going to even get into the gameplay issues such as amount of farming needed to support a city, unbalanced classes, missing game features, horrible interfaces, lack of content, game exploits, the hard "soft" cap of level 60, the extreme tendency of servers developing uber-guilds that make it nearly impossible to have more than 1 major nation per server, etc.

Re:unfortunately this is par for the course

Wow, an apologist for substandard roleplaying software. Haven't seen one of those since the days of the UO beta. Hope not to see one again.

It's The End !!!

Armaggedon !!!

Gosh, I do Hope the poor admin had regular backups 8)

Well, the game was trashed by people that took the time to get WELL into the system before trashing the hell out of it.

Like an "Organized" Attack...

I'm not implying anything, but who gets benefits from this ? Competitors ?

From the forums it seems users are quite unhappy, but then possibly the editor will have another chance, and deply the same "anti-cheat" tech as in Counter Strike and Quake...

Motives...

The list of reasons for why a hacker would want to do this is pretty short.

A: The hacker has a dislike for the company because he/she/it works for a competitor, and knows that this kind of an embarassment will nearly wipe-out this game.
B: The hacker has a dislike for the company because he/she/it was fired or otherwise feels wronged by the company, and knows that this kind of an embarassment will nearly wipe-out this game.
C: The hacker is immature and just wanted to play god in the game, because that would allow him/her/it to "win" by beating people who had worked hard to attain high status in the game.

No matter which situation turns out to be true, the hacker(s) need to be delivered to law enforcement to be shown that you just don't do this to other people's systems even if you have the technical ability to do so.

Re:Motives...

D. Hacker thought it would be funny as shit to send a boatload of users to the bottom of the ocean.

(I pick "D").

Obligitory Simpsons Reference

"...city at the bottom of the sea."

Homer: [fearfully] Marge? Kids? Everything's going to be just fine.
No go upstairs, and pack your bags...we're going to start a new
life...under the sea.
[calypso music starts]
[Homer dances with fish as Lisa plays a seahorse saxophone,
Marge a squid harp, and Bart the xylophone clams]
Homer: [eats a dancing fish, sings]
Under the sea, under the sea,
[eats a couple more fish]
There'll be no accusations, just friendly crustaceans
Under the sea!
[eats a line of seahorses, grabs an escaping one]
[eats a live crab as though it were a shrimp]
[eats a pair of dancing fish, then a snail who tries to escape]
[stands there with fish skeletons floating about]
Marge: Homer, that's your solution to everything: to move under the sea.
It's not going to happen!
Homer: Not with _that_ attitude!

Re:Wow...

it's just a game

But imagine you're an aspiring artist who's spent several hours a day for the past two months on a painting and someone breaks into your studio and splatters paint all over it. Hey, It's just a piece of canvas after all. It's just your spare time and money down the drain, it's not like it's your job or anything.

Or, you're writing the great American novel and someone sits down at your laptop while you've stepped away to use the bathroom and someone does a search and replace and strips out all the vowels. Hey, it's just bits on a hard drive, right? It's just your time and effort wasted, it's not like it was *worth* anything.

A lot of people really get into these games and put a lot of time, effort (and money!) into building up their characters, and it absolutely sucks when through no fault of your own, all that hard work and effort (and money!) suddenly goes poof.

For those who have never played, it takes a lot of work to build up a character, collect the best equipment - usually by in-game trading which can take hours or days per item, etc.

I've played MMORPGs for years and usually when I quit playing a game it's because of something like this, I get killed by another player who steals all of my hard earned equipment, I suffer lag at the wrong moment and drop into a pit of acid causing me to die and lose all my best armor, etc. When stuff like that happens, I log out and usually never go back. I play for fun, and that stuff is not fun for me.

Re:Wow...

I can understand players getting mad at this, but at the same time, it's just a game, and if individual users themselves are considering legal action, they really need to shut down the computer and go outside for a while.

Consider the reaction of thirty adults who rent a stadium to play a sport, and then have that stadium game interrupted.

Or consider the effect of disrupting the superbowl.

Or consider the result of walking up to folk playing chess in the park and overturning the board.

In each case, legal action is both warranted and acceptable. Same thing for hacking a game server which is being actively used; even moreso if it's a private server or a fee-to-play server.

Re:Wow...

If you had paid by the hour for that seat at the park, and had several hours (or days, or months) invested in the game you would probably have civil recourse, but I'm not aware of a law which would forbid you to do such a thing (maybe disorderly conduct?)

OTOH, If I owned a private, pay-for-membership chess club, with a sign out front which says "no tresspassing" (pronounce it "terms of service") and you came in and flipped over a chess board and then ran out, I _could_ call the cops on you and file charges for tresspassing. Then sue you in civil court for damage to my business as well.

Nail in the coffin or small hitch?

It seems like they will roll the server time back a few hours, so things will go back to the way they were before the carnage. However, I cannot recall anything like this ever happening in any other MMRPG.

Other MMRPGs have had buggy starts, but this is over the top. Is this just a natural result of the fiercely competitive guild wars in the game? In a game where player cities rise and fall, wasn't it just a matter of time before a guild went too far?

Anyone who played this game in beta surprised?

As one of the many people who betaed this for years; I have to say this doesn't come as surprise in the least.

This is probably just an exploit from in the game, rather than someone r00ting the server or anything remotely interesting. I had many instances where the server accidently gave me dialogs with GM powers, I imagine that's just what happened here. The culprit(s) may have figured out how to gain access to the GM dialogs dilberatly, but that's about the extent of the "hack" here.

SB was so buggy in the last few weeks of beta that I was finnaly convinced it would not be a worth while game in retail. I likened it to being slightly less bug riddled than UO, and now it appears I was correct. I will say though that OSI never prosecuted (or even remotely punished) me for exploiting their game to "House Loot", because at the time they had the sense not to sue fans for their own mistakes.

Whew!

It's a good thing I've got a life, otherwise I'd be pissed.

that's terrible

Maybe some company should start selling some type of insurance to help people in these trying times.

Now please excuse me while I begin laughing hysterically.

Not good for a new game

Ubisoft will have to be very careful about how they handle the aftermath of this. The game is only a few months old, and many players who stream into games like this when they open will leave just as quickly if they perceive the game to be sub-par, in a number of areas. Crashes and loss of items/progress in particular seem to be real bugbears for most players. It already happened with Anarchy Online, where players quickly left in droves due to the incredibly buggy release code. How many players are going to stick around if incidents such as this can apparently happen so easily?

If everything is in game then deal with it there.

If they only screwed around in the game world itself and left the real world alone (eg. credit cards, account data, etc) then the company should do the same. From the sound of it, they just showed that 'there is no spoon' to the rest of the game world. We love the movie and the character for doing so, but when someone does the same thing in a 'Real Life' virtual world then they get mad.

Man, this world is getting WAY too many levels to it when I have to destinguish the 'real world's' game world, and the movie world's game world and doing 'real' things in a particular game world and...Ah my brain just gave up.

Nobody wants risk

They don't actually want their characters to be able to die. They just want to gain levels and powers at a regular rate, so that they will be more powerful than everyone who joined the game after them.

MMORPG players today are losers of the highest calibre. They consider their wasted time an "investment" in their character. I know several who don't actually enjoy playing the game at all, but they want to get the "Deluxe Two-Handed Sword of Power" before some other loser gets one.

And woe betide the day when one of them dies in combat and loses some XP or an item. -That's- when you hear about another dorm-room suicide.

I'm not trying to be flamebait, I'm just bitter. I knew a guy at RIT who pretty-much sat in his room 24/7 playing Asheron's Call. Only left to attend class and occaisionally eat (he would bring the food back with him to keep playing). He was vacant. Away from the game, he had no way of interacting with normal people. We often considered nuking his box just to push him off the deep end.

Alternate Headline

Shadowbane Servers Hacked, Brief Period of Actual Fun Ensues

its not a hack, its a 'feature'

Roll back the game 24 hours, harden the servers, and prepare a creative press release -- problem solved.

"High level characters summoned the Cthulu mythos through misintrepreting portions of the Necronomicon. Accordingly, some of the space/time contiunuum in the game world was temporarily disrupted."

"If you see a glowing green orb, please be aware that this is the Locknar and should not be approached. Unpredictable results may occur."

"Unfortunately, in Shadowbane a character named "Sauron" acquired a randomly generated treasure named "The One Ring". We are investigating the probability factor of the random treasure generator and will patch this in release 1.01."

"Our improbability drive is malfunctioning. Please stand by."

Honestly, I'd be more willing to buy this game if I realised they had a sense of humour.

Bottom left of that first link:

7 registered and 721 anonymous users are browsing this forum.

Maybe that should read 'slashdot users' :)

The EverQuest "Mass-Kill" - Yes, it happened!

I was a Guide (volunteer CS rep, like an Advisor in Anarchy Online or a Counselor in Ultima Online) for two years in EverQuest, and during that time, one of the other Guides on one of the other servers decided that it would be cool to go out with a bang.

So, she zoned into the Temple of Veeshan (at that time, the highest level zone in the game) and went right in front of Veeshan herself (the uber dragon.)

And then she did a "/who all 50-60" to get all of the high level players on the server.

Then she started /summoning them to her location, and then binding them to that location when they appeared.

Well, when they appeared, Veeshan struck them down with about 2 or 3 blows. And since they were just bound there, they respawned, naked, right in front of Veeshan.

Whack, boom, dead. Reappear, whack, boom, dead.

In EverQuest, when you die, you lose experience. And in EverQuest, you can lose levels if your experience dips down too low.

Some people got deleveled from level 58 to level 53 before the GM staff came in to clear the carnage, and ban the Guide. I know they were considering persecution against this Guide, but I'm not sure if they really went through with it or not.

I believe about 25-30 high-level characters with months of /played time were affected.

I thought it was funny, but it sure made my job as a Guide harder because the playerbase no longer trusted us to keep our cool, and they were calling for the entire Guide program to be disbanded since we were now "too powerful" all of a sudden.

Not the same as hacking the server, but it had the same effect of destroying the games of a segment of the playerbase.

Different zone, different dragon - I'm stupid.

As several replies have pointed out, I got the wrong zone and the wrong dragon.

The zone was Veeshan's Peak (the Luclin expansion with ToV was not out) and the dragon was whoever the end of it was.

People can still believe I'm full of shit, but I did find this:

Former Guide Tweety mentioning the incident [bowlofmice.com]

WEEKLY UPDATE: 11/22/00 - The Guide of Veeshan's Peak

I wanted to post yesterday, about the guide who went bananas on the TT server. I wanted to, I really did. But what's the point in posting if the sum total of your reaction is:

BWHAHAHAHAHAHAHA!

Put the unlicensed handguns away, it's not that I don't feel sorry for the innocent victims. There were probably several harmless bystanders who got whooshed into a really BIG dragon's ass, and those people didn't deserve to lose the three weeks that it took them to earn their four lousy pixels of experience. I hope that Verant has as promised checked the logs and restored all the folks involved to their previous levels of exp. If they don't, well, don't bother calling the paramedics because I sure won't have a heart attack over the shock of Verant being too pathetic to touch their testicles AND provide customer service.

Remember my little rant entitled "Try Being a Guide"? The ONLY reason I typed a rant instead of hauling some d00ds into VP was because I'm just a big mush ball at heart. I kept thinking that maybe Mr. 58th Level Douchebag had just had a bad day when he was ripping into me. Maybe he didn't really MEAN to call me names and tell me how stupid I was. Remember, I'm the big fan of thinking of the fellow behind the keyboard when it comes to actual interaction - I try to always keep in mind that I don't know the kind of day the other guy is having.

I was also afraid that if I tried that summoning trick, I'd accidentally summon "Pimps," who hadn't ever talked to me, instead of "Pimpz," the intended recipient. Mistakes like that happen, and I didn't want to make one.

But I'll bet you a million dollars that at least half the people still picking dragon teeth out of their asses were the sort of people who said, "fuk you d00d, Ive done this 4 ever, its not an xpl0it" and "wtf u mean u wont rezz me, it's a fucking bug, you stupid twat."

Oh, and yes, it does sound EXACTLY like a normal "event," except that the guide should have convinced someone to let him become a dragon to prevent the players from losing exp (clue alert - a guide-controlled NPC NEVER takes experience from you when he kills you). That's what good little guides do when they want to kill players.

Jesus Christ you're a retard.

(the Luclin expansion with ToV was not out)

That was the Velious expansion with ToV, not Luclin. Obviously, taking both your posts together, you know precisely jack shit about the game and its CS history.

Corruption and preying on players for amusement is rampant in the EQ guide program. For most people, it's a slack way to get yourself a free account. You can sneak onto the server at 3am when nobody else is there, and do whatever the hell you want. You don't even have to answer a single petition, the guide reports are on the honor system. I and many others simply made up reports and bullshit petitions to fill in for the manditory 6-hours per week. Bingo: Free account, no work, and endless hours power-tripping across the game world.

For example, a guide friend of mine would sit outside the North Freeport bank, and open the locked door at the back of the bank. This door is never opened by players, because the lock level on the door is some absurdly high level. Invariably, someone curious would wander into this back "closet" behind the door to have a look around. This is when the guide would close the door, locking the player inside. If the player was a caster, they could just gate out, but a melee-type character was stuck more-or-less forever. The guide would wait for this player to petition after a few minutes, then delete the petition, and /zone away, laughing his ass off at the poor sap caught in the trap.

Don't pretend this doesn't happen to GMs also. The GM of Mithaniel Marr back in 2001, "Chaolash", was fired for doing favors for friends on his server. Making them free items, spawning mobs for his friends, and so on. Occaisionally these GMs turn abusive, Chao did it, and I'm sure other GMs have also. He wasn't the only GM "quietly" let go for abuses, and he won't be the last.

I don't know if you really were a guide, but I suspect not. If you were, You must have been one of those dumbass Apprentice guides we'd flunk out of the program within their first trial week. You know, the ones who couldn't answer a petition for free GM lewt inside of 10 minutes, and without escalating it two times for the GM to smack you down like the idiot you were for wasting his time.

The one invariable fact of MMORPGs is, in that they are just artificial social ladders to climb, there will always be people who base their entire lives on trying to climb them. They define their self-esteem from these ladders, because these games are the world to them. Generally they have no social lives, and/or are young, or are disabled/sedentary. THESE are the people who are capable of doing the things mentioned in the Shadowbane article. Coincidentally, these are also the prime market targets for the gaming companies. It's inevitable that someone would take advantage of a bug granting GM abilities, and the game companies have only themselves to blame for leaving the back door wide open.

As for the EQ Guide Program, I quit after about 16 months of service. In general, they treat(ed) their guides like small mushrooms: kept in the dark, and eating shit all day. The guide liason at the time was about as friendly and responsive as an IRS Tax clerk, and the system itself was biased to mistrust guides (perhaps justifiably) to such an extent that we couldn't do anything significant for the players besides get them unstuck from a wall. Anything of note had to be handled by a GM. It is this atmosphere that breeds reactions like the Veeshan's Peak incident (for which the person was banned from Everquest permanently, BTW). And this atmosphere, according to friends of mine still in the program, shows no signs of changing anytime soon.

Lastly. I wrote a long article about Everquest and its flaws for Slashdot. You can read it here:

http://slashdot.org/articles/02/12/27/1748252.shtm l?tid=127 [slashdot.org]

Every MMORPG learns the same lessons

Every time I see a new MMORPG, I am saddened to see that the designers don't learn the well-publicized lessons of their predecessors and competition.

Never trust anything a client gives the server.

Isolate the backend servers from the Internet.

Never trust anything a client gives the server.

Patch management isn't as trivial as one would think.

Never trust anything a client gives the server.

Lag isn't under your control so design around it.

Don't rely on a client hiding anything from the user.

Lag isn't under your control so design around it.

Never trust anything a client gives the server.

Don't include "God" tools in every client, nor accept God logins from untrusted addresses.

And most of all, never trust anything a client gives the server.

The server must be the adjudicator of everything, the data master, the sole arbiter of discrepancies. Assume the client is fully hacked or written from scratch to do anything the user wants. Assume the client sees no walls, sees all invisible objects, sees every spawn point, and can filter on anything your server tells your client.

Re:Every MMORPG learns the same lessons

I agree, in principal. But, it's probably pretty hard to do in practice. I'm kind of half-ass thinking about some day designing a gaming system along the lines of which you speak. It's even more of an issue for what I want to do because my client would be open source. However, if you consider some of the bandwidth and other issues with not letting the client software know about anything the player shouldn't see until they should, it's very difficult.

For instance, you have to have all of the ray-tracing and occlusion logic (or at least a lot of it) running on the server to know when each client would be able to see a particular object that may or may not be behind a wall AND you have to be able to tell the client everything it needs to display that object in real time, instead of just giving position. That would be hard to do in a high-framerate 1st person shooter, for instance.

Luckily enough for me, my project is not a high-framerate 1st person shooter. But still, this kind of thing can be very difficult.

When you are a company with a budget and a deadline, it just may not be worth the extra cost to eliminate the risk. After all, the reason companies are making such games today are because previous efforts (which got hacked) were successful, not failures.

This is a complete joke

They didn't touch credit cards or the actual accounts, but this is counted as illegal because it happened to a big, rich company.

Webservers get r00ted every day, but very rarely does the FBI go after the cracker responsible.

I bet if you loaded up fsf.org tomorrow morning and saw, "windows is TEH R00LZ!!!", the government's response would be:
"too bad, so sad... guess that Linux thing isn't so great after all!"

It's not about players being inconvenienced, it's about someone with a lot of money losing face.

Back in the BBS/MUD days...

[dusts off old photo albums]

I used to help run a BBS run on an Atari ST (can you believe it?), and the system was so obscure, that we developed a "DOS simulator" for those who tried to hack our BBS and its (limited) games. We faked things like "dir" and "erase" and even "edlin." It was a multiline, so if the hacker tried to "IM" himself (back then software called it "teleport"), he got through, but if he tried it to others, it went to /dev/null. When people did a "who," they got the job :

Hacker: Port 3: [Thinks he's hacking the BBS, tell his mommy!]

_________________________________________________
www.punkwalrus.com - Shift to the left, shift to the right! Stand up, sit down, byte byte byte!

Punishment to fit the crime...

If it's an actual rooted server or other high-level problem
Keeping in mind the actual damage done by the crime, and actions persued (game havoc, but no malicious file deletion, record stealing, theft, etc) - I would say to slap the offender with a nice stiff fine for time involved in fixing the server and possibly reputation loss, revoke his/her account, and deal with him/her through the ISP. Fine can't be too big though, we're probably dealing with a 15-year-old, a $1000-$2000 would be more than enough to bring swift repentance from most.

If it's a game exploit
Suck it down. Track down and ban the player in question, but at least acknowledge that there was a bug in your software. Yes, players exploiting said bugs or lack of security are making online gameplay lose its lustre, but that's also the fault of the developers. You can't solve bad coding or protection with lawsuits, unless you think perhaps that you're Microsoft or the ??AA.

Why can't people simply say "oops, we screwed up, and somebody took advantage of us. It's fixed now, and we're making sure it won't happen again."

Someone to Dethrone Rainz

For further information on events as they happen, check The Shadowbane Scorn Server Board [ign.com] and Shadowbane Main Boards [ign.com] on IGN.

I think this will remind a lot of people of the last time a player had a truly drastic and unpredictable effect on an MMORPG gameworld, when Rainz, an Ultima Online Player, killed Lord British, character of Richard Garriott, when this was supposed to be impossible.

Rainz threw a firewall scroll at Lord British. Seemingly, Lord British's invulnverability flag was not on, and Rainz killed him.

If we ever figure out exactly who did this, he'll be in the running with Rainz for most notorious MMORPGer of all time.

Coming at You Live...

"When I arived at the ToL in Khar all I saw was a field of tombstones, and some guys kyting the guards around. Next thing i see (as i make my way to the Runemaster) is a R30 Mino barb beating the piss out of some r1 who went there to train (like i did), i mean beating him like a red headed step child."

I mean, isn't this the way that video games were MEANT to be played?

In Virtual Reality...

A game server got hacked.

Back in real-life:
FCC Decision on Media Ownership Nears [washingtonpost.com] - rejected

Re:law?

Acutally... that's kind of insightful.

Ubisoft is calling it a hack, of course they will to save face... but what if it's just a bug or flaw in the game. What if they did all this through the game client? Is exploiting one of these flaws in a game against the law?

What if I'm playing EQ, and I find a spot in a zone where mobs can't get to. Then I kill things from there. I'm exploiting a bug to become more powerful. Is that the same?

What if I'm playing, and find out if I crouch and jump at the same time I can kill anyone I want? It's obviously cheating, but is it ILLEGAL for me to exploit that?

What if these guys found out if you hit the Ctrl-alt-f3-f4 keys while running north gave them these powers? Then is what they did illegal?

What if these guys used a special piece of software that ran the game in a special mode? Is that illegal? I mean, EVERYONE uses software (your OS) to run the game in a "special" mode (namely, a mode that works properly). Is this worse than exploiting the bug through the normal game interface?

Is this only a problem because is affected other people?

(Remember... big difference between illegal, immoral, and just plain annoying)

Re:law?

I do have the slightest understanding of how these games work. I also know that they're extremly complex pieces of software that are very hard to throughougly QA since there are SO many things that can be done in-game.

I didn't see anything that led me to believe the baddies didn't do anything that someone with "god" powers in the game could do. Did you read the description of what was happening? It sounded more like they got god/admin/developer/whatever access, and not that someone was manipulating the underlying database. It didn't sound like they teleported EVERYONE, just the people they happened to come accros, the slashdot story made it seem that way tho.

Nobody's stupid enough to allow an up-up-down-down-left-right-left-right-select-start sequence in the client to grant table-level control of the database... at least I hope not.

I hope not too, but it looks like something did go wrong! It doesn't matter so much WHAT the method was, but that there was a method, and since we don't know how, it could easily have been done entirely in the game client, and that was my point. If you want a more realistic flaw... Maybe they were able to overflow a chat buffer somewhere by typing in a long message.