Shadowbane Servers Hacked, Chaos Ensues 773
Vanguard(DC) writes "There was a major hacking incident last night on the servers of Shadowbane, a newly released MMORPG by UbiSoft/Wolfpack. The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game. There's already an official statement on the forums - 'Ubi Soft and Wolfpack Studios are now working with law enforcement, and we promise all of you that these individuals will be prosecuted to the full extent of the law.'" There's a little more information via a post on the SBCatacombs messageboard - apparently the carnage (including many less powerful players getting killed) involved "..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."
I just can't get mad about this one... (Score:5, Funny)
Just roll the game back 24 hours and play on.
Re:I just can't get mad about this one... (Score:5, Funny)
PLAYER: You see, my elven warrior had just obtained expert skill level with his scimitar, which allowed him to slay the vicious vampire of the valley, after which he stole this awesome magic amulet that lets him see through walls...
HACKER: aaarrrrrgggghhhh!!! no more! no more!
Another player weighs in. (Score:5, Funny)
Re:Another sniviling player weighs in. (Score:3, Funny)
Some of us have girlfriends and wives.
What about the judge and jury? (Score:5, Funny)
What would a jury think? That people who spent 500 hours building up an imaginary character need to be compensated for their loss? I can just see some uber-gamer breaking down and crying on the stand because their elf now has to start from level 50 when it took him 3 straight months of playing 5 hours a day to get to level 55. (or whatever the terminology is) More than that, how are you going to get a jury of this person's peers to try them in court? How do you interview a jury like that? OK, what is your favorite magic spell? Have you ever spent more that 12 hours straight playing a game? Is your BMI over 40? Picard or Shatner?
Jury of peers (Score:5, Funny)
Cross-Examining Lawyer: And, if I may ask, where did you get those gold pieces in the first place...?
Conan the Barbarian: Well, I killed this dragon and...
Cross-Examining Lawyer: Murderer!! You killed, pillaged and raped to get this money and now you have the stomach of accusing the defendant, and honor student in the other end of the kingdom...
Conan the Barbarian: But it was just a dragon...
Cross-Examining Lawyer: Racist!! There we have it, honored members of the jury, Mr Barbarian here is not only a thief and a murderer, he is also a racist. That nullifies any and all of his allegations. You must aquit.
Re:Jury of peers (Score:4, Funny)
Cross-Examining Lawyer: It does not make sense. Look at me. I'm a lawyer defending a Conan the Barbarian and I'm talkin' about Chewbacca. Does that make sense? Ladies and Gentlemen I'm am not making any sense. None of this makes sense. And so you have to remember when you're in that jury room deliberating and conjugating the Emancipation Proclamation, does it make sense? No. Ladies and Gentlemen of this deposed jury it does not make sense. If Chewbacca lives on Endor you must acquit. The defense rests.
-S
Re:Jury of peers (Score:3)
There may be some real dollar value losses (Score:3, Insightful)
However, in this particular case it sounds like the carnage was limited to newbie areas where it was unlikely that characters had much in the way of equipment or experience. In addition, they can just roll back the servers for 24 hours and get most everyone's stuff back
Re:What about the judge and jury? JANEWAY (Score:3, Funny)
Actually, the full question starts with "Who would be on top?"
Re:I just can't get mad about this one... (Score:3, Funny)
Re:I just can't get mad about this one... (Score:2)
Now hacking into a system and getting GOD authority. Sounds like a fun thing for a game.
It sounds more like a movie. Any of these guys called Bruce?
Re:I just can't get mad about this one... (Score:5, Funny)
It sounds more like a movie. Any of these guys called Bruce?
or Neo?
A great idea (Score:4, Interesting)
Supposed you have a game & server concept similar to this, but programmed in a way to not take game security dead-serious. In fact, as the cheats, etc. came out this would not be shunned, but instead part of the game. The people with the best cheats take the cake, can gather clanmates and share what they know. Your clan is then defined by the abilities they have aquired through manipulation of the game workings (in addition to the standard tags, skins, etc.)
I'm sure you could develop a program in a way to separate out abilities (such as speed, gravity, damage types) such that any crack wouldn't give up everything else
Which brings on two negative points:
-It sure wouldn't be appealing to newbies, who start on ground zero
-Anyone who successfully gets full access ("GOD")
may be unsurpassable and ruin the game for everyone. This can be overcome by having the game focus include things other than Power by Might (i.e. killing sprees), such as trade, etc.
If there ever was a prime canidate for an open-source friendly game, this concept would be it
Kids these days... (Score:5, Funny)
I almost died laughing when I, years later, saw The Wrath of Khan.
Plenty of hacked moby ships too.
Re:I just can't get mad about this one... (Score:3, Interesting)
So why don't game companies build this type of feature into their games? Choose a random person maybe once a week and let them stir things up a bit; and don't 'record' any of the damage that was
done (sorta like a parallel universe).
Even
Re:I just can't get mad about this one... (Score:3, Insightful)
Imagine how many times you would have to log in during those few brief hours to find that "oops, it's 'fake' time, nothing you can do know will matter" before you would move on and look for a different game.
This was tried in one of the first graphical 3D MORPGs (on
Non-AI God also equals fun! (Score:5, Funny)
After all, it is a fantasy game, why couldn't this have happened within the normal confines of the game?
"What, how the hell did I get at the bottom of the ocean? Oh, great. Now I'm in the middle of my worst enemy's keep...This is not my beautiful castle?! This is not my beautiful wench?! How did I get here?"
Well, fun to me, at least. I don't take fantasy computer games that serious
I'm sorry, but that title needs a farkism: (Score:5, Funny)
Hahaha. (Score:5, Funny)
"Now featuring WRATH OF GOD mode, where pissed off GM's show you what it would REALLY be like if god cared. Experience plagues, meteors, and lightning from a clear sky. Divine retribution like you've never seen it before! Just 20 dallars a month."
Heh.
I used to MUD... (Score:2, Funny)
Haha! (Score:3, Funny)
Fear the machines!
I can see the police blotter for the individuals responsible:
"Teens arrested for acting like God in computer game"
unfortunately this is par for the course (Score:5, Interesting)
Server downtime is extreme. Login is at times completely impossible. Rollbacks are nightly. The attrition rate among players is amazing. I've watched my guild vanish over the last few weeks as the host of problems drive out all but the most staunch of players. Ubi/Wolfpack blatantly reject petitions with no regard or consideration for the players. Every patch makes the client actually worse that it was before. This has been a nightmare for most of us. To see news like this only confirms the worst. Bad management, bad hosting, bad coding, and bad customer care have driven most from what I considered to be one of the better games to come out this spring. Just another account cancelled in a long line of departing players.
If it is so bad.... (Score:2, Insightful)
Stop paying $20 a month, I'm sure that you can easily go out and find someone that will abuse you for free.
Re:unfortunately this is par for the course (Score:2, Funny)
A horrible company employing horrible people who should be subjected to cruise missle attacks, or worse.
Why do people pay for MMPORPG Betas? (Score:5, Interesting)
How has it gotten so bad that we now release not only buggy games and expect to patch them later, but charge for development releases in addition to charging for final retail releases? We're giving ourselves a bad name here.
If your game is unfinished but in need of stress testing, don't charge for it or you will alienate your potential best customers. If you *must* charge for bandwidth because your manager didn't budget for such costs (and should be rightly as fired as if s/he forgot to budget for artists), then charge a bare minimum until the game is ready for prime time. Don't develop the game on the dime of your testers, or you will find that once you are ready to ship you don't have any customers.
10 dollars a month for our volunteers to do our jobs? We should be ashamed.
Re:Why do people pay for MMPORPG Betas? (Score:5, Insightful)
If there is enough Demand for Beta positions, and a limited Supply due to bandwidth, then you have to limit the Demand. One excellent way is by charging a fee to join the Beta.
As an aside, when RagnarokOnline switched to a paid beta a while back, the community improved. People who had nothing to lose because they hadn't paid were pricks; they'd steal kills, and steal your loot before you could grab it. Behaviour like this decreased when they switched to a paid beta, because they now had money invested in the game.
Class dismissed.
Re:unfortunately this is par for the course (Score:5, Informative)
No, this is a *VASTLY* different problem than anything we've been experiencing.
> Massive warfronts and assaults utilizing seige weapons and a slew of powerful spells and powers. None of this has come to pass.
What server are you playing on? AFAIK, every server has had at least one battle that would put some of EQ's big raids to shame.
I've personally been a part of most of the raids between TBW + allies and TBI/L7F + allies on the Dread server.
> The game lag is too terrible to support even the smallest of battles. PvP is almost impossible during primetime hours due to the inability of most casters to launch spells in a timely manner.
Again, on which server do you play? 90% of the time, Dread is pretty much fine. Sometimes, we experience lag spikes. What are the detailed specs of the computer on which you're playing Shadowbane? Does it suck? Do you have the detail turned all the way off? Are you talking about Latency, or Low Framerate?
Let's be specific here: if you can't give me a server and system configuration, I can't effectively rebuke you. Yeah, some of the highly populated servers can get pretty bad (Mourning and Death), but others are pretty smooth most of the time.
> Server downtime is extreme.
Sorry, WRONG. You're getting login bottlenecks and 'server downtime' confused. Yeah, the servers gone down periodically for maintainance.
> Login is at times completely impossible.
What a stupid thing to say. Yes, IF THE LOGIN SERVER IS DOWN FOR A PATCH, YOU WON'T BE ABLE TO LOG IN. What I think you MEAN to say, is that SOMETIMES (meaning infrequently; less than once a week) the login servers get congested, and it takes a while to get into the game. Yeah, it's a pain in the neck, but not all MOGs have a launch like DAOC. Remember EQ (probably not, you wouldn't be complaining)? Yeah, it was worse. Don't make me bring out the Terrible Two (AO & WWIIO).
> Rollbacks are nightly.
The last rollback was on Dread on 3/21. It's been a week since any rollbacks, invalidating your comment.
Check out the "SB Support Announcements" of their message boards before making unfounded comments easily rebuked with proof.
> The attrition rate among players is amazing.
Do you have anything to back this up with besides speculation? So your guild has 'vanished', so what? That could mean your guild sucks, or that they created alts, or they switched servers, or any other of the endless posibilities. Give me hard numbers, or quit the bitchin'.
> Ubi/Wolfpack blatantly reject petitions with no regard or consideration for the players.
Wrong again. When I lost my characters to a bug, WP_Ubiq was quick to respond and kept me fairly regularly posted. Yeah, it sucked at the time, but I was by no means ignored or disregarded.
> Every patch makes the client actually worse that it was before.
More sensationalism. I've watched the patches actually fix bugs. I crash less in Shadowbane now than I do in BF1942. Maybe you should take a look at your computer's setup.
> This has been a nightmare for most of us.
You + myself = 2 people. It's a nightmare for you, I'm at least reasonably satisfied and expect things to get better. 1000-1200 people on Dread at peak seems to question this 'nightmare for most' comment.
> Just another account cancelled in a long line of departing players.
See ya, don't let the door hit you on the way out. I'm sure I'll see you complaining on the release of every other game ever made, with the same parting comment, and the same vapid complaints.
-lw
Re:unfortunately this is par for the course (Score:5, Interesting)
Perhaps so but with pretty much every one of those big battles you have more than 1/2 the participants either lagged to death or forced out of the game due to client or server crashes. It happens just about every time there is a battle of 50+ people.
It is not a matter of having a good computer or connection. The servers themselves start to lag in big battles. There have been many times when I've been on a completely different continent and I've heard of a big raid on a city. Sure enough the server lags horribly just about then and sometimes even crashes. Now maybe on some of the less populated servers this is not as evident but I played on Deception, which is one of the top 3 most populated of the servers.
Not only that but the client sucks too. I'm on a computer that handles Unreal Tournament 2003 at over 50 fps with all the eye candy turned up and in huge fights. The graphics of Shadowbane don't even come close to comparing to UT2003 and they barely pass 40 fps when nothing is going on. If I wander into a city with lots of walls, people, and other objects then the frame rates drop into the teens even with all the graphics turned down. Make this a huge battle and many people start getting 1 frame every few seconds. There are some pretty substantial memory leaks and so the game starts to lag even harder once it exhausts your physical RAM and begins to need to page to disk. On top of all of this the client crashes randomly and often.
The kicker is that once you crash or need to re-log into the game due to the buggy client you will often need to try to get back in for 1/2 hour or more because the login servers are horrible. God forbid that more than a few dozen people need to log in at once, you could be there all night trying to get back into the game. A typical night of playing Shadowbane would be: sit down at computer and attempt to log in, 1/2 hour later get to character selection screen, select character and wait 15 more minutes to get on the game server, play for an hour and then get bumped out of game for some odd reason, rinse and repeat.
I know that I'm not alone in this because there have been droves of people leaving for pretty much the same reasons I've stated here. Just look at the message boards and you'll see plenty of people saying the same thing I just have.
I'm not going to even get into the gameplay issues such as amount of farming needed to support a city, unbalanced classes, missing game features, horrible interfaces, lack of content, game exploits, the hard "soft" cap of level 60, the extreme tendency of servers developing uber-guilds that make it nearly impossible to have more than 1 major nation per server, etc.
Re:unfortunately this is par for the course (Score:3, Interesting)
I've crashed a few times in biiig raids (100+ / side). I've gotten low framerates, but I lean towards IQ over FPS. Hell, I've even been on when the server has gone down for a reboot.
But saying that it happens most of the time when battles involve > 50 people is silly. That might be true on your server - I don't have any chara
Re:unfortunately this is par for the course (Score:4, Funny)
It's The End !!! (Score:5, Interesting)
Gosh, I do Hope the poor admin had regular backups 8)
Well, the game was trashed by people that took the time to get WELL into the system before trashing the hell out of it.
Like an "Organized" Attack...
I'm not implying anything, but who gets benefits from this ? Competitors ?
From the forums it seems users are quite unhappy, but then possibly the editor will have another chance, and deply the same "anti-cheat" tech as in Counter Strike and Quake...
Motives... (Score:4, Funny)
A: The hacker has a dislike for the company because he/she/it works for a competitor, and knows that this kind of an embarassment will nearly wipe-out this game.
B: The hacker has a dislike for the company because he/she/it was fired or otherwise feels wronged by the company, and knows that this kind of an embarassment will nearly wipe-out this game.
C: The hacker is immature and just wanted to play god in the game, because that would allow him/her/it to "win" by beating people who had worked hard to attain high status in the game.
No matter which situation turns out to be true, the hacker(s) need to be delivered to law enforcement to be shown that you just don't do this to other people's systems even if you have the technical ability to do so.
Re:Motives... (Score:5, Funny)
(I pick "D").
Re:Motives... (Score:3, Funny)
D: Teleporting people to the bottom of an ocean is funny.
Obligitory Simpsons Reference (Score:5, Funny)
Homer: [fearfully] Marge? Kids? Everything's going to be just fine.
No go upstairs, and pack your bags...we're going to start a new
life...under the sea.
[calypso music starts]
[Homer dances with fish as Lisa plays a seahorse saxophone,
Marge a squid harp, and Bart the xylophone clams]
Homer: [eats a dancing fish, sings]
Under the sea, under the sea,
[eats a couple more fish]
There'll be no accusations, just friendly crustaceans
Under the sea!
[eats a line of seahorses, grabs an escaping one]
[eats a live crab as though it were a shrimp]
[eats a pair of dancing fish, then a snail who tries to escape]
[stands there with fish skeletons floating about]
Marge: Homer, that's your solution to everything: to move under the sea.
It's not going to happen!
Homer: Not with _that_ attitude!
Wow... (Score:2, Insightful)
I can understand players getting mad at this, but at the same time, it's just a game, and if individual users themselves are considering legal action, they really need to shut down the computer and go outside for a while.
Re:Wow... (Score:5, Insightful)
But imagine you're an aspiring artist who's spent several hours a day for the past two months on a painting and someone breaks into your studio and splatters paint all over it. Hey, It's just a piece of canvas after all. It's just your spare time and money down the drain, it's not like it's your job or anything.
Or, you're writing the great American novel and someone sits down at your laptop while you've stepped away to use the bathroom and someone does a search and replace and strips out all the vowels. Hey, it's just bits on a hard drive, right? It's just your time and effort wasted, it's not like it was *worth* anything.
A lot of people really get into these games and put a lot of time, effort (and money!) into building up their characters, and it absolutely sucks when through no fault of your own, all that hard work and effort (and money!) suddenly goes poof.
For those who have never played, it takes a lot of work to build up a character, collect the best equipment - usually by in-game trading which can take hours or days per item, etc.
I've played MMORPGs for years and usually when I quit playing a game it's because of something like this, I get killed by another player who steals all of my hard earned equipment, I suffer lag at the wrong moment and drop into a pit of acid causing me to die and lose all my best armor, etc. When stuff like that happens, I log out and usually never go back. I play for fun, and that stuff is not fun for me.
Re:Wow... (Score:3)
The issue at hand is not "Was it difficult?" the issue is "Was it WRONG?" and I say yes. Stealing someone elses time via the destruction of their pursuits is wrong. If you create something and I destroy it I've wronged you.
Kintanon
Re:Wow... (Score:5, Insightful)
Consider the reaction of thirty adults who rent a stadium to play a sport, and then have that stadium game interrupted.
Or consider the effect of disrupting the superbowl.
Or consider the result of walking up to folk playing chess in the park and overturning the board.
In each case, legal action is both warranted and acceptable. Same thing for hacking a game server which is being actively used; even moreso if it's a private server or a fee-to-play server.
Re:Wow... (Score:3, Interesting)
>Or consider the result of walking up to folk playing chess in the park and overturning the board.
>In each case, legal action is both warranted and acceptable.
IANAL. This is a genuine question.
Can either criminal charges or a civil suit really be brought against you for overturning someone's chess board in a public location? Sure you're a jerk, but what law did you break?
How would you be charged or for what would you be sued?
Re:Wow... (Score:4, Informative)
OTOH, If I owned a private, pay-for-membership chess club, with a sign out front which says "no tresspassing" (pronounce it "terms of service") and you came in and flipped over a chess board and then ran out, I _could_ call the cops on you and file charges for tresspassing. Then sue you in civil court for damage to my business as well.
Nail in the coffin or small hitch? (Score:3, Insightful)
Other MMRPGs have had buggy starts, but this is over the top. Is this just a natural result of the fiercely competitive guild wars in the game? In a game where player cities rise and fall, wasn't it just a matter of time before a guild went too far?
Anyone who played this game in beta surprised? (Score:5, Informative)
This is probably just an exploit from in the game, rather than someone r00ting the server or anything remotely interesting. I had many instances where the server accidently gave me dialogs with GM powers, I imagine that's just what happened here. The culprit(s) may have figured out how to gain access to the GM dialogs dilberatly, but that's about the extent of the "hack" here.
SB was so buggy in the last few weeks of beta that I was finnaly convinced it would not be a worth while game in retail. I likened it to being slightly less bug riddled than UO, and now it appears I was correct. I will say though that OSI never prosecuted (or even remotely punished) me for exploiting their game to "House Loot", because at the time they had the sense not to sue fans for their own mistakes.
Whew! (Score:5, Funny)
that's terrible (Score:5, Funny)
Now please excuse me while I begin laughing hysterically.
Not good for a new game (Score:4, Insightful)
If everything is in game then deal with it there. (Score:5, Interesting)
Man, this world is getting WAY too many levels to it when I have to destinguish the 'real world's' game world, and the movie world's game world and doing 'real' things in a particular game world and...Ah my brain just gave up.
Alternate Headline (Score:5, Funny)
its not a hack, its a 'feature' (Score:5, Funny)
"High level characters summoned the Cthulu mythos through misintrepreting portions of the Necronomicon. Accordingly, some of the space/time contiunuum in the game world was temporarily disrupted."
"If you see a glowing green orb, please be aware that this is the Locknar and should not be approached. Unpredictable results may occur."
"Unfortunately, in Shadowbane a character named "Sauron" acquired a randomly generated treasure named "The One Ring". We are investigating the probability factor of the random treasure generator and will patch this in release 1.01."
"Our improbability drive is malfunctioning. Please stand by."
Honestly, I'd be more willing to buy this game if I realised they had a sense of humour.
It was unbelievable last night (Score:2, Informative)
The weird events started out kind of slowly, like the hackers were testing the water at first. You'd hear of something weird happening, and just think some newbie was lost or confused. But then senior players were getting f*cked up. At that point, I just assumed the servers were cr
'Matrix' comments are so last week (Score:2)
Gee, that Jim Carrey [imdb.com] sure gets around...
Humm Matrix? (Score:2)
He is the one who will bring balence to Shadowbane.
Nerf! (Score:2)
. . . ummm, wait a sec.
---
Jedimom.com [jedimom.com], picking out a thermos for you.
Bottom left of that first link: (Score:4, Funny)
Maybe that should read 'slashdot users'
The EverQuest "Mass-Kill" - Yes, it happened! (Score:5, Interesting)
So, she zoned into the Temple of Veeshan (at that time, the highest level zone in the game) and went right in front of Veeshan herself (the uber dragon.)
And then she did a "/who all 50-60" to get all of the high level players on the server.
Then she started
Well, when they appeared, Veeshan struck them down with about 2 or 3 blows. And since they were just bound there, they respawned, naked, right in front of Veeshan.
Whack, boom, dead. Reappear, whack, boom, dead.
In EverQuest, when you die, you lose experience. And in EverQuest, you can lose levels if your experience dips down too low.
Some people got deleveled from level 58 to level 53 before the GM staff came in to clear the carnage, and ban the Guide. I know they were considering persecution against this Guide, but I'm not sure if they really went through with it or not.
I believe about 25-30 high-level characters with months of
I thought it was funny, but it sure made my job as a Guide harder because the playerbase no longer trusted us to keep our cool, and they were calling for the entire Guide program to be disbanded since we were now "too powerful" all of a sudden.
Not the same as hacking the server, but it had the same effect of destroying the games of a segment of the playerbase.
Different zone, different dragon - I'm stupid. (Score:5, Interesting)
As several replies have pointed out, I got the wrong zone and the wrong dragon.
The zone was Veeshan's Peak (the Luclin expansion with ToV was not out) and the dragon was whoever the end of it was.
People can still believe I'm full of shit, but I did find this:
Former Guide Tweety mentioning the incident [bowlofmice.com]
Jesus Christ you're a retard. (Score:4, Informative)
That was the Velious expansion with ToV, not Luclin. Obviously, taking both your posts together, you know precisely jack shit about the game and its CS history.
Corruption and preying on players for amusement is rampant in the EQ guide program. For most people, it's a slack way to get yourself a free account. You can sneak onto the server at 3am when nobody else is there, and do whatever the hell you want. You don't even have to answer a single petition, the guide reports are on the honor system. I and many others simply made up reports and bullshit petitions to fill in for the manditory 6-hours per week. Bingo: Free account, no work, and endless hours power-tripping across the game world.
For example, a guide friend of mine would sit outside the North Freeport bank, and open the locked door at the back of the bank. This door is never opened by players, because the lock level on the door is some absurdly high level. Invariably, someone curious would wander into this back "closet" behind the door to have a look around. This is when the guide would close the door, locking the player inside. If the player was a caster, they could just gate out, but a melee-type character was stuck more-or-less forever. The guide would wait for this player to petition after a few minutes, then delete the petition, and
Don't pretend this doesn't happen to GMs also. The GM of Mithaniel Marr back in 2001, "Chaolash", was fired for doing favors for friends on his server. Making them free items, spawning mobs for his friends, and so on. Occaisionally these GMs turn abusive, Chao did it, and I'm sure other GMs have also. He wasn't the only GM "quietly" let go for abuses, and he won't be the last.
I don't know if you really were a guide, but I suspect not. If you were, You must have been one of those dumbass Apprentice guides we'd flunk out of the program within their first trial week. You know, the ones who couldn't answer a petition for free GM lewt inside of 10 minutes, and without escalating it two times for the GM to smack you down like the idiot you were for wasting his time.
The one invariable fact of MMORPGs is, in that they are just artificial social ladders to climb, there will always be people who base their entire lives on trying to climb them. They define their self-esteem from these ladders, because these games are the world to them. Generally they have no social lives, and/or are young, or are disabled/sedentary. THESE are the people who are capable of doing the things mentioned in the Shadowbane article. Coincidentally, these are also the prime market targets for the gaming companies. It's inevitable that someone would take advantage of a bug granting GM abilities, and the game companies have only themselves to blame for leaving the back door wide open.
As for the EQ Guide Program, I quit after about 16 months of service. In general, they treat(ed) their guides like small mushrooms: kept in the dark, and eating shit all day. The guide liason at the time was about as friendly and responsive as an IRS Tax clerk, and the system itself was biased to mistrust guides (perhaps justifiably) to such an extent that we couldn't do anything significant for the players besides get them unstuck from a wall. Anything of note had to be handled by a GM. It is this atmosphere that breeds reactions like the Veeshan's Peak incident (for which the person was banned from Everquest permanently, BTW). And this atmosphere, according to friends of mine still in the program, shows no signs of changing anytime soon.
Lastly. I wrote a long article about Everquest and its flaws for Slashdot. You can read it here:
http://slashdot.org/articles/02/12/27/1748252.sht
so public (Score:2, Insightful)
shouldnt law enforcement be secondary to fixing the problem? for law enforcement doesnt solve the problem.
Every MMORPG learns the same lessons (Score:5, Interesting)
Never trust anything a client gives the server.
Isolate the backend servers from the Internet.
Never trust anything a client gives the server.
Patch management isn't as trivial as one would think.
Never trust anything a client gives the server.
Lag isn't under your control so design around it.
Don't rely on a client hiding anything from the user.
Lag isn't under your control so design around it.
Never trust anything a client gives the server.
Don't include "God" tools in every client, nor accept God logins from untrusted addresses.
And most of all, never trust anything a client gives the server.
The server must be the adjudicator of everything, the data master, the sole arbiter of discrepancies. Assume the client is fully hacked or written from scratch to do anything the user wants. Assume the client sees no walls, sees all invisible objects, sees every spawn point, and can filter on anything your server tells your client.
Re:Every MMORPG learns the same lessons (Score:4, Informative)
For instance, you have to have all of the ray-tracing and occlusion logic (or at least a lot of it) running on the server to know when each client would be able to see a particular object that may or may not be behind a wall AND you have to be able to tell the client everything it needs to display that object in real time, instead of just giving position. That would be hard to do in a high-framerate 1st person shooter, for instance.
Luckily enough for me, my project is not a high-framerate 1st person shooter. But still, this kind of thing can be very difficult.
When you are a company with a budget and a deadline, it just may not be worth the extra cost to eliminate the risk. After all, the reason companies are making such games today are because previous efforts (which got hacked) were successful, not failures.
This is a complete joke (Score:3, Insightful)
Webservers get r00ted every day, but very rarely does the FBI go after the cracker responsible.
I bet if you loaded up fsf.org tomorrow morning and saw, "windows is TEH R00LZ!!!", the government's response would be:
"too bad, so sad... guess that Linux thing isn't so great after all!"
It's not about players being inconvenienced, it's about someone with a lot of money losing face.
Back in the BBS/MUD days... (Score:5, Funny)
I used to help run a BBS run on an Atari ST (can you believe it?), and the system was so obscure, that we developed a "DOS simulator" for those who tried to hack our BBS and its (limited) games. We faked things like "dir" and "erase" and even "edlin." It was a multiline, so if the hacker tried to "IM" himself (back then software called it "teleport"), he got through, but if he tried it to others, it went to /dev/null. When people did a "who," they got the job :
Hacker: Port 3: [Thinks he's hacking the BBS, tell his mommy!]
_________________________________________________
www.punkwalrus.com - Shift to the left, shift to the right! Stand up, sit down, byte byte byte!
Punishment to fit the crime... (Score:4, Insightful)
Keeping in mind the actual damage done by the crime, and actions persued (game havoc, but no malicious file deletion, record stealing, theft, etc) - I would say to slap the offender with a nice stiff fine for time involved in fixing the server and possibly reputation loss, revoke his/her account, and deal with him/her through the ISP. Fine can't be too big though, we're probably dealing with a 15-year-old, a $1000-$2000 would be more than enough to bring swift repentance from most.
If it's a game exploit
Suck it down. Track down and ban the player in question, but at least acknowledge that there was a bug in your software. Yes, players exploiting said bugs or lack of security are making online gameplay lose its lustre, but that's also the fault of the developers. You can't solve bad coding or protection with lawsuits, unless you think perhaps that you're Microsoft or the ??AA.
Why can't people simply say "oops, we screwed up, and somebody took advantage of us. It's fixed now, and we're making sure it won't happen again."
Someone to Dethrone Rainz (Score:3, Interesting)
I think this will remind a lot of people of the last time a player had a truly drastic and unpredictable effect on an MMORPG gameworld, when Rainz, an Ultima Online Player, killed Lord British, character of Richard Garriott, when this was supposed to be impossible.
Rainz threw a firewall scroll at Lord British. Seemingly, Lord British's invulnverability flag was not on, and Rainz killed him.
If we ever figure out exactly who did this, he'll be in the running with Rainz for most notorious MMORPGer of all time.
Coming at You Live... (Score:3, Funny)
I mean, isn't this the way that video games were MEANT to be played?
In Virtual Reality... (Score:3, Insightful)
Back in real-life:
FCC Decision on Media Ownership Nears [washingtonpost.com] - rejected
Games are businesses too. (Score:5, Insightful)
Why should computer game servers be exempt from the usual laws about hacking into peoples' systems? Those who break into banks are prosecuted, if caught.
This person or persons compromised security, broke in and disrupted business operations, causing damages. Seems pretty straightforward to me.
ASA
Re:Games are businesses too. (Score:3, Funny)
Yah, but this is like hacking into Chucky Cheese and making the big mouse head start singing the Barney Song.
I mean come on, so freaking what!!!
Isn't there an old story in the Jargon File some place (or some other Sacred Text) about some players who hacked into a text based MUD many years back and went flying around in the Star Ship Enterprise?
Re:because it's just a fucking game (Score:5, Insightful)
I think it's kind of ludicrous to make threats like the Ubi people have made, but the people who did this do deserve some comeuppance because what they did *was* in the real world--they hacked the game, destroyed a lot of people's expenditures of time, and most importantly to Ubi, trashed the hosting company's reputation. All of that is real-world, whether you think it's important or not.
That said, I think the whole thing was hilarious from descriptions, and I'd love to see the recording of the mess they made.
Re:because it's just a fucking game (Score:5, Insightful)
They DID hack into a commercial system and disrupted business.
They DID interfere with paying customers.
Just because they are hacking into a game today and you're willing to let them get qaway with it, what will you say when they're hacking into your bank account tomorrow?
Lalalalalalalaaaa *fingers in my ears* (Score:3, Funny)
Answering your point though, if they did hack into a bank then yes, there should be repercussions, but they didn't. Spitting in the street doesn't lead to homicide, it's not a long slippery slope that needs to be nipped in the bud. Just apply some perspective.
because it's a law (Score:5, Insightful)
No one reasonable is asking for the cops to stop chasing terrorists to do this, but we as a society prosecute any crime (even stupid ones, to even stupider lengths) as a principle.
And just because other problems exist, doesn't mean you let the little ones slide. No one's time is that hard up.
Re:because it's a law (Score:3, Insightful)
Except that this is now defined as "cyberterrorism". Reasonable people no longer run things, and the penalties levied against whatever 15 year old did this could very well run his life.
If the punishment does not fit the crime, should it be carried out anyways?
Re:because it's just a fucking game (Score:5, Insightful)
Re:because it's just a fucking game (Score:3, Insightful)
Re:because it's just a fucking game (Score:5, Insightful)
Do you ever complain if someone's cell phone rings in a theater? Or if they talk loudly through the whole film?
Basically, if you *ever* complain about anything that someone does to make your entertainment choices less fun, you're a hypocrite.
I bet if you were in the middle of an intense game of chess and I, a complete stranger, came by and intentionally knocked the board over, you might feel like throwing a punch in my direction. How is this any different, except that the jerks are safely far away from having their asses kicked right then and there, is beyond me.
Saying it's "just games" ignores just how important a certain amount of play is to a healthy life.
.
No it's NOT just a fucking game (Score:5, Insightful)
The point is that if they were your servers, and they were your customers, and it was your business model you would be screaming bloody murder.
And if you wern't then you need a serious reality check about how the real world operates. This is a company with shareholders who now has to explain why they wouldn't react the way they are to their shareholders.
On another note, does anyone else notice a trend on the games.slashdot.org stories and how many of them suffer from morre thoughtless comments than a normal Slashdot storie?
Ted Tschopp
Re:Games are businesses too. (Score:3, Insightful)
Re:Games are businesses too. (Score:5, Insightful)
You pay 40$ a month for cable TV. It's just entertainment, no realy value behind it beyond that. Some jackass hacks the cable company and broadcasts 80's daytime soapoperas on ALL of the channels for a week.
Hilarious? Yes. Wrong? Also Yes.
This is precisely the same thing. And believe me, your average Television watching joe schmoe will NOT be amused that "Who wants to marry a millionaire friends star island 3" has been pre-empted by Days of Our Lives reruns from 1985.
The bottom line is that people paid for their entertainment, someone else fucked their entertainment up. The person doing all the fucking up should be punished for depriving me of a service I paid for, and for depriving the company of revenue. End of story.
Kintanon
Re:game world != real world... (Score:5, Interesting)
if that will happen, then WHO will take responsibility for all the holes in Windows?!
well, not exactly. they're not going after the people for breaking into a game, but for breaking into a server. Nor are they going after the people responsible for the lousy security on their servers (as your windows comment might suggest), but rather the ones responsible for exploiting that lousy security. This is pretty much standard in the real world. I break into a system, I get caught, I get prosecuted.
Re:game world != real world... (Score:4, Interesting)
Like an undocumented bit/byte pattern in the interface.
Anyone remember the the undocumented instructions in 8085? or the Z-80? or IBM Midranges?
Re:game world != real world... (Score:5, Insightful)
Just because there is a hole doesn't mean you have the responsibility to exploit it and break in. Indeed, it's illegal to do so. UbiSoft will no doubt come down on their admins for shoddy security. But that does NOT give you carte blanche to break in, nor does it protect you from prosecution.
Protesting 'Security Through Obscurity' is not the same as 'ooo, let's a be a script kiddy and exploit this bug and wreak havoc, because they should have known better.' If that's your attitude, you'd better get used to a felony rap sheet and a large, tattooed boyfriend named Slash.
Re:game world != real world... (Score:5, Insightful)
Not to mention the tarnished reputation, which is also worth damages.
Not to mention that breaking a law is illegal, whether you hurt some one or not.
Re:game world != real world... (Score:2, Insightful)
Re:game world != real world... (Score:5, Funny)
Jack Nicholson and Calvin Klein, notwithstanding...
Re:game world != real world... (Score:2)
For the same reason they should be prosecuted for DoS attacks in real life, because that's basically what this is. People pay for playing this game, and they're not being allowed to play because of these hackers. It's pretty much the definition of denial of service, only this time it directly affects paying customers, so it's really even worse than a standard DoS attack
Re:game world != real world... (Score:2)
Because hacking into other people's systems is illegal whether or not they're running a game on it. And it should be illegal.
Most people's houses are horribly insecure. Does that make it their fault when someone breaks in and trashes the place?
Re:game world != real world... (Score:3, Insightful)
Oh, this is damned funny, but if the that people did it got caught, they should expect to get into trouble.
Your MS analogy is completly crap and utterly irrelevent as well. UBI are taking responsiblity by patching the servers, doing rollbacks and fixing things.
Is that ironic in the Alanis sense bt
Re:game world != real world... (Score:4, Funny)
Not if it takes more then one click to do it
Re:game world != real world... (Score:5, Insightful)
It's not just a game, it's a service provided by a company to paying customers. The hackers disrupted a service being provided, that is a prosecutable offense right? And if US/W loses money (i.e. customers, downtime, and IT expenses) then they can claim damages right.
Re:Imagine if it happened to Evercrack...... (Score:2)
Ragnarok Users [slashdot.org]
Yes, Law (Score:2, Insightful)
But it is illegal to hack company property(MMORPG servers) and disrupt a company's business. This could put some serious hurt on sales and memebership on their servers.
Think, man.
Re:law? (Score:5, Interesting)
Ubisoft is calling it a hack, of course they will to save face... but what if it's just a bug or flaw in the game. What if they did all this through the game client? Is exploiting one of these flaws in a game against the law?
What if I'm playing EQ, and I find a spot in a zone where mobs can't get to. Then I kill things from there. I'm exploiting a bug to become more powerful. Is that the same?
What if I'm playing, and find out if I crouch and jump at the same time I can kill anyone I want? It's obviously cheating, but is it ILLEGAL for me to exploit that?
What if these guys found out if you hit the Ctrl-alt-f3-f4 keys while running north gave them these powers? Then is what they did illegal?
What if these guys used a special piece of software that ran the game in a special mode? Is that illegal? I mean, EVERYONE uses software (your OS) to run the game in a "special" mode (namely, a mode that works properly). Is this worse than exploiting the bug through the normal game interface?
Is this only a problem because is affected other people?
(Remember... big difference between illegal, immoral, and just plain annoying)
Re:law? (Score:3, Informative)
If I see a door open to a warehouse I *KNOW* I'm not supposed to be in, is it a crime to walk in and take a couple High-Def TVs?
If I see a gun just lying around, is it a crime for me to shoot people with it? I mean, it's not my gun.
YES!
So why is it so unusual that manipulating private software, even if the entry point is public and easily accessible, should be a crime? Why should we expect the virtual "world" to be any diffe
Re:law? (Score:3, Insightful)
Second, the key here is that somebody created a lot of trouble in a public venue. It's not like somebody cheating at a D&D game; it's more like going into a gaming store and knocking all the shit to the ground and harassing the patrons. It's freaking illegal.
Just because it was on a computer screen doesn't make it less real. This is the Mitnick mentality that people have to dump.
Re:law? (Score:5, Insightful)
I didn't see anything that led me to believe the baddies didn't do anything that someone with "god" powers in the game could do. Did you read the description of what was happening? It sounded more like they got god/admin/developer/whatever access, and not that someone was manipulating the underlying database. It didn't sound like they teleported EVERYONE, just the people they happened to come accros, the slashdot story made it seem that way tho.
Nobody's stupid enough to allow an up-up-down-down-left-right-left-right-select-star
I hope not too, but it looks like something did go wrong! It doesn't matter so much WHAT the method was, but that there was a method, and since we don't know how, it could easily have been done entirely in the game client, and that was my point. If you want a more realistic flaw... Maybe they were able to overflow a chat buffer somewhere by typing in a long message.
Re:Been there, done that... (Score:2)
That's the problem here. Somebody clearly got more access than they should have to the game's database, and were able to make table-level changes that created game sitati
Nobody wants risk (Score:5, Insightful)
MMORPG players today are losers of the highest calibre. They consider their wasted time an "investment" in their character. I know several who don't actually enjoy playing the game at all, but they want to get the "Deluxe Two-Handed Sword of Power" before some other loser gets one.
And woe betide the day when one of them dies in combat and loses some XP or an item. -That's- when you hear about another dorm-room suicide.
I'm not trying to be flamebait, I'm just bitter. I knew a guy at RIT who pretty-much sat in his room 24/7 playing Asheron's Call. Only left to attend class and occaisionally eat (he would bring the food back with him to keep playing). He was vacant. Away from the game, he had no way of interacting with normal people. We often considered nuking his box just to push him off the deep end.
Re:Slashdot in Action (Score:3, Funny)
You're talking about the SCO conference calls.
If I had 'God' powers, I'd teleport your post there...or worse.