Shadowbane Servers Hacked, Chaos Ensues 773
Vanguard(DC) writes "There was a major hacking incident last night on the servers of Shadowbane, a newly released MMORPG by UbiSoft/Wolfpack. The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game. There's already an official statement on the forums - 'Ubi Soft and Wolfpack Studios are now working with law enforcement, and we promise all of you that these individuals will be prosecuted to the full extent of the law.'" There's a little more information via a post on the SBCatacombs messageboard - apparently the carnage (including many less powerful players getting killed) involved "..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."
game world != real world... (Score:1, Insightful)
if that will happen, then WHO will take responsibility for all the holes in Windows?!
talk about ironic...
computer security review people.. use them.
Games are businesses too. (Score:5, Insightful)
Why should computer game servers be exempt from the usual laws about hacking into peoples' systems? Those who break into banks are prosecuted, if caught.
This person or persons compromised security, broke in and disrupted business operations, causing damages. Seems pretty straightforward to me.
ASA
Wow... (Score:2, Insightful)
I can understand players getting mad at this, but at the same time, it's just a game, and if individual users themselves are considering legal action, they really need to shut down the computer and go outside for a while.
Re:game world != real world... (Score:5, Insightful)
Not to mention the tarnished reputation, which is also worth damages.
Not to mention that breaking a law is illegal, whether you hurt some one or not.
Re:game world != real world... (Score:2, Insightful)
Nail in the coffin or small hitch? (Score:3, Insightful)
Other MMRPGs have had buggy starts, but this is over the top. Is this just a natural result of the fiercely competitive guild wars in the game? In a game where player cities rise and fall, wasn't it just a matter of time before a guild went too far?
Not good for a new game (Score:4, Insightful)
Re:game world != real world... (Score:3, Insightful)
Oh, this is damned funny, but if the that people did it got caught, they should expect to get into trouble.
Your MS analogy is completly crap and utterly irrelevent as well. UBI are taking responsiblity by patching the servers, doing rollbacks and fixing things.
Is that ironic in the Alanis sense btw?
Stupid troll.
Re:game world != real world... (Score:5, Insightful)
It's not just a game, it's a service provided by a company to paying customers. The hackers disrupted a service being provided, that is a prosecutable offense right? And if US/W loses money (i.e. customers, downtime, and IT expenses) then they can claim damages right.
Yes, Law (Score:2, Insightful)
But it is illegal to hack company property(MMORPG servers) and disrupt a company's business. This could put some serious hurt on sales and memebership on their servers.
Think, man.
If it is so bad.... (Score:2, Insightful)
Stop paying $20 a month, I'm sure that you can easily go out and find someone that will abuse you for free.
so public (Score:2, Insightful)
shouldnt law enforcement be secondary to fixing the problem? for law enforcement doesnt solve the problem.
because it's just a fucking game (Score:-1, Insightful)
Re:I just can't get mad about this one... (Score:3, Insightful)
Imagine how many times you would have to log in during those few brief hours to find that "oops, it's 'fake' time, nothing you can do know will matter" before you would move on and look for a different game.
This was tried in one of the first graphical 3D MORPGs (only one M because it wasn't Massive), Meridian 59, and it sucked... pretty much made me quit playing it.
Nobody wants risk (Score:5, Insightful)
MMORPG players today are losers of the highest calibre. They consider their wasted time an "investment" in their character. I know several who don't actually enjoy playing the game at all, but they want to get the "Deluxe Two-Handed Sword of Power" before some other loser gets one.
And woe betide the day when one of them dies in combat and loses some XP or an item. -That's- when you hear about another dorm-room suicide.
I'm not trying to be flamebait, I'm just bitter. I knew a guy at RIT who pretty-much sat in his room 24/7 playing Asheron's Call. Only left to attend class and occaisionally eat (he would bring the food back with him to keep playing). He was vacant. Away from the game, he had no way of interacting with normal people. We often considered nuking his box just to push him off the deep end.
Re:because it's just a fucking game (Score:5, Insightful)
I think it's kind of ludicrous to make threats like the Ubi people have made, but the people who did this do deserve some comeuppance because what they did *was* in the real world--they hacked the game, destroyed a lot of people's expenditures of time, and most importantly to Ubi, trashed the hosting company's reputation. All of that is real-world, whether you think it's important or not.
That said, I think the whole thing was hilarious from descriptions, and I'd love to see the recording of the mess they made.
Now we can all sleep in peace (Score:2, Insightful)
Haven't the law enforcement agencies got something better to do, like chasing down bullies who knock down sandcastles or something?
The hackers may have pissed off a few geeks and suits, but they've given them relatively painless object lessons in what really matters in life (i.e. "not your role playing characters", and "having decent security if you do business on the internet", respectively).
Imagine if they had gone after credit card numbers instead, for example?
And that's without even considering the benefit to mankind in increased happiness, by giving a load of other folks a good laugh.
Re:because it's just a fucking game (Score:5, Insightful)
They DID hack into a commercial system and disrupted business.
They DID interfere with paying customers.
Just because they are hacking into a game today and you're willing to let them get qaway with it, what will you say when they're hacking into your bank account tomorrow?
Re:Wow... (Score:5, Insightful)
But imagine you're an aspiring artist who's spent several hours a day for the past two months on a painting and someone breaks into your studio and splatters paint all over it. Hey, It's just a piece of canvas after all. It's just your spare time and money down the drain, it's not like it's your job or anything.
Or, you're writing the great American novel and someone sits down at your laptop while you've stepped away to use the bathroom and someone does a search and replace and strips out all the vowels. Hey, it's just bits on a hard drive, right? It's just your time and effort wasted, it's not like it was *worth* anything.
A lot of people really get into these games and put a lot of time, effort (and money!) into building up their characters, and it absolutely sucks when through no fault of your own, all that hard work and effort (and money!) suddenly goes poof.
For those who have never played, it takes a lot of work to build up a character, collect the best equipment - usually by in-game trading which can take hours or days per item, etc.
I've played MMORPGs for years and usually when I quit playing a game it's because of something like this, I get killed by another player who steals all of my hard earned equipment, I suffer lag at the wrong moment and drop into a pit of acid causing me to die and lose all my best armor, etc. When stuff like that happens, I log out and usually never go back. I play for fun, and that stuff is not fun for me.
because it's a law (Score:5, Insightful)
No one reasonable is asking for the cops to stop chasing terrorists to do this, but we as a society prosecute any crime (even stupid ones, to even stupider lengths) as a principle.
And just because other problems exist, doesn't mean you let the little ones slide. No one's time is that hard up.
Re:Games are businesses too. (Score:3, Insightful)
Re:because it's just a fucking game (Score:5, Insightful)
Re:Wow... (Score:5, Insightful)
Consider the reaction of thirty adults who rent a stadium to play a sport, and then have that stadium game interrupted.
Or consider the effect of disrupting the superbowl.
Or consider the result of walking up to folk playing chess in the park and overturning the board.
In each case, legal action is both warranted and acceptable. Same thing for hacking a game server which is being actively used; even moreso if it's a private server or a fee-to-play server.
Re:because it's just a fucking game (Score:3, Insightful)
Re:because it's just a fucking game (Score:5, Insightful)
Do you ever complain if someone's cell phone rings in a theater? Or if they talk loudly through the whole film?
Basically, if you *ever* complain about anything that someone does to make your entertainment choices less fun, you're a hypocrite.
I bet if you were in the middle of an intense game of chess and I, a complete stranger, came by and intentionally knocked the board over, you might feel like throwing a punch in my direction. How is this any different, except that the jerks are safely far away from having their asses kicked right then and there, is beyond me.
Saying it's "just games" ignores just how important a certain amount of play is to a healthy life.
.
Now I know what it's like to be slashdotted. (Score:2, Insightful)
Re:When all those gas tanks exploded on cars (Score:2, Insightful)
No it's NOT just a fucking game (Score:5, Insightful)
The point is that if they were your servers, and they were your customers, and it was your business model you would be screaming bloody murder.
And if you wern't then you need a serious reality check about how the real world operates. This is a company with shareholders who now has to explain why they wouldn't react the way they are to their shareholders.
On another note, does anyone else notice a trend on the games.slashdot.org stories and how many of them suffer from morre thoughtless comments than a normal Slashdot storie?
Ted Tschopp
Re:game world != real world... (Score:5, Insightful)
Just because there is a hole doesn't mean you have the responsibility to exploit it and break in. Indeed, it's illegal to do so. UbiSoft will no doubt come down on their admins for shoddy security. But that does NOT give you carte blanche to break in, nor does it protect you from prosecution.
Protesting 'Security Through Obscurity' is not the same as 'ooo, let's a be a script kiddy and exploit this bug and wreak havoc, because they should have known better.' If that's your attitude, you'd better get used to a felony rap sheet and a large, tattooed boyfriend named Slash.
Re:law? (Score:5, Insightful)
I didn't see anything that led me to believe the baddies didn't do anything that someone with "god" powers in the game could do. Did you read the description of what was happening? It sounded more like they got god/admin/developer/whatever access, and not that someone was manipulating the underlying database. It didn't sound like they teleported EVERYONE, just the people they happened to come accros, the slashdot story made it seem that way tho.
Nobody's stupid enough to allow an up-up-down-down-left-right-left-right-select-star
I hope not too, but it looks like something did go wrong! It doesn't matter so much WHAT the method was, but that there was a method, and since we don't know how, it could easily have been done entirely in the game client, and that was my point. If you want a more realistic flaw... Maybe they were able to overflow a chat buffer somewhere by typing in a long message.
Re:Why do people pay for MMPORPG Betas? (Score:5, Insightful)
If there is enough Demand for Beta positions, and a limited Supply due to bandwidth, then you have to limit the Demand. One excellent way is by charging a fee to join the Beta.
As an aside, when RagnarokOnline switched to a paid beta a while back, the community improved. People who had nothing to lose because they hadn't paid were pricks; they'd steal kills, and steal your loot before you could grab it. Behaviour like this decreased when they switched to a paid beta, because they now had money invested in the game.
Class dismissed.
Re:because it's a law (Score:3, Insightful)
Except that this is now defined as "cyberterrorism". Reasonable people no longer run things, and the penalties levied against whatever 15 year old did this could very well run his life.
If the punishment does not fit the crime, should it be carried out anyways?
Re:because it's just a fucking game (Score:1, Insightful)
Ubisoft would disagree with you. So would Sony/Funcom/whoever else.
No one wants a direct connection between time spent in the game and money. If this jerk is liable for causing you to lose items/experience in a game, then so are the big boys. Liability is bad.
This is why Sony fights selling in game items for real life money (ebay, etc). It's not so much that they want to stop it, but they want to make sure that it is perfectly clear this is not condoned. They don't want to show any sign of having a dollar amount on a cyber persona.
Re:because it's just a fucking game (Score:2, Insightful)
You also can't put this off as, "Well they should of had tighter security". Do you blame someone whose house was broken into because they didn't have a state of the art security system? No, and neither should a company be blamed if a small subset of computer users who posses special skills are able to break into their systems.
This is a complete joke (Score:3, Insightful)
Webservers get r00ted every day, but very rarely does the FBI go after the cracker responsible.
I bet if you loaded up fsf.org tomorrow morning and saw, "windows is TEH R00LZ!!!", the government's response would be:
"too bad, so sad... guess that Linux thing isn't so great after all!"
It's not about players being inconvenienced, it's about someone with a lot of money losing face.
Punishment to fit the crime... (Score:4, Insightful)
Keeping in mind the actual damage done by the crime, and actions persued (game havoc, but no malicious file deletion, record stealing, theft, etc) - I would say to slap the offender with a nice stiff fine for time involved in fixing the server and possibly reputation loss, revoke his/her account, and deal with him/her through the ISP. Fine can't be too big though, we're probably dealing with a 15-year-old, a $1000-$2000 would be more than enough to bring swift repentance from most.
If it's a game exploit
Suck it down. Track down and ban the player in question, but at least acknowledge that there was a bug in your software. Yes, players exploiting said bugs or lack of security are making online gameplay lose its lustre, but that's also the fault of the developers. You can't solve bad coding or protection with lawsuits, unless you think perhaps that you're Microsoft or the ??AA.
Why can't people simply say "oops, we screwed up, and somebody took advantage of us. It's fixed now, and we're making sure it won't happen again."
Capacity for empathy (Score:1, Insightful)
Personally, I think he's a person who has the capacity for empathy, and some degree of objectivity. By this I mean that he can put himself in anothers' shoes and understand the story both from the viewpoint of the perpetrator and the victim.
Empathy of this kind is simply a part of what we call maturity. This, in turn, is the capacity to realize one's goals as a part of society, or any social group of human beings, while not hindering the pursuits of others unnecessarily.
Re:because it's just a fucking game (Score:2, Insightful)
So hacking related to 'games' is just fine?
If someone were to hack into the computers running a NBA or NFL game, crash the scoring system and the video system... made the game get cancelled for the night - you'd just dismiss the hacker and say 'it was just a game... no real harm done...' ????
I don't think so.
Re:Games are businesses too. (Score:5, Insightful)
You pay 40$ a month for cable TV. It's just entertainment, no realy value behind it beyond that. Some jackass hacks the cable company and broadcasts 80's daytime soapoperas on ALL of the channels for a week.
Hilarious? Yes. Wrong? Also Yes.
This is precisely the same thing. And believe me, your average Television watching joe schmoe will NOT be amused that "Who wants to marry a millionaire friends star island 3" has been pre-empted by Days of Our Lives reruns from 1985.
The bottom line is that people paid for their entertainment, someone else fucked their entertainment up. The person doing all the fucking up should be punished for depriving me of a service I paid for, and for depriving the company of revenue. End of story.
Kintanon
Re:You've lost me. (Score:2, Insightful)
Kintanon
Re:law? (Score:3, Insightful)
Second, the key here is that somebody created a lot of trouble in a public venue. It's not like somebody cheating at a D&D game; it's more like going into a gaming store and knocking all the shit to the ground and harassing the patrons. It's freaking illegal.
Just because it was on a computer screen doesn't make it less real. This is the Mitnick mentality that people have to dump.
Re:Wow... (Score:2, Insightful)
Forcing him to quit is a bad idea (Score:2, Insightful)
law enforcement (Score:2, Insightful)
I've heard of many incidents where honest (non-cheating) mmorpg players who reported security exploits in private were ignored for months and finally banned after going public with them. Some are banned before going public. Many of the companies focus too much on fighting the discovery and sharing of exploits rather than taking steps to reduce them.
There may be some real dollar value losses (Score:3, Insightful)
However, in this particular case it sounds like the carnage was limited to newbie areas where it was unlikely that characters had much in the way of equipment or experience. In addition, they can just roll back the servers for 24 hours and get most everyone's stuff back.
In Virtual Reality... (Score:3, Insightful)
Back in real-life:
FCC Decision on Media Ownership Nears [washingtonpost.com] - rejected