Hacker Taunts Blizzard After Knocking Gamers Offline

Reader itwbennett writes: A person nicknamed AppleJ4ck, who has been previously been linked to Lizard Squad, a group notorious for DDoS attacks against gaming platforms, including the PlayStation Network and Xbox Live, has taken credit for server outages affecting gaming giant Blizzard (Alternate source: ZDNet) Monday morning. The outages led to authentication lockouts for gamers attempting to access Overwatch, Hearth Stone, World of Warcraft, Diablo, Heroes of the Stone, and others. During the outage, AppleJ4ck said Monday's problems were just a test, promising more outages in the future.

DDOS is lame

[KlomDark]

Never had any respect for lamers who just do DDOSs. That's not hacking, it's just being annoying. Doesn't take any special skills.

It's nothing like breaking through some code or router or something that actually proves that you are of elite intelligence.

Breaking directly into Blizzard is one thing, but just snowing them under with myriad packets just isn't impressive.

Find something else to do with your life.

Re:DDOS is lame

[Killall -9 Bash]

No, skill is using a DDoS as a smokescreen for the ACTUAL hack....

3 or 4 weeks from now, we'll hear all about how millions of BNet accounts have been compromised..... or worse yet, we won't hear.

Re:

[subanark]

> Doesn't take any special skills.

Depends on who you are attacking. Anyone who could find a weak point in AWS and take down a whole datacenter, would be impressive and quite scary.

Sure, renting a bunch of zombie machines and doing DDOS is nothing special, but rolling up your own malware (or just convincing a shit load of people to help you) is much more impressive.

Note: by impressive, I mean likelihood of a SWAT team to come down and bust your ass.

Re:

[Anonymous Coward]

I've said it before and I'll say it again.

DDOSing is the online equivalent of the 3 stooges getting stuck in a door.

Morons like that deserve to be smacked across the face, at minimum. Doing it on purpose to keep others out deserves what another AC said - to be skinned alive on public display to inform others of what they can expect for themselves if they want to be "cool" like that. I do not believe in reforming people who are willfully malicious. Snuff them out.

Re:

[sexconker]

For end uses, the denial of service lasted several hours.

Re:

[cfalcon]

Even if these games were cracked- and effectively, some are, such as the ability to play WoW on a server your friend sets up, trivially- the issue here is that almost all the gameplay is completely online, for real reasons, such as needing to play with people who are not in the same room as you. Yes, yes, your point has some merit- for instance, for the Diablo 3 campaign, or the Starcraft campaign- but overall, its silly, because the multiplayer parts of these games are huge. Hearthstone is just a multipl

Re:Skin him alive on Twitch

[93 Escort Wagon]

It's funny how the DDOS of a gaming service is what it takes to get people upset here.

Attack a bank? Obviously they should have paid more attention to security - it's really their own fault.

Attack a politician? Well, they're evil anyway.

Attack someone suspected of a crime, even though they haven't stood trial? Well, these things happen.

Take down World of Warcraft? THIS SHALL NOT STAND!!

Re:

[Anonymous Coward]

Yeah, but a bank or a politician getting hacked doesn't affect me - a gaming service I use does.

Re:

[Anonymous Coward]

Maybe if you spent less time gaming you'd have something to put in a bank?

Re:

[Anonymous Coward]

Maybe if the bankers spend less time banking, you'd have something to put in a bank.

Re:Skin him alive on Twitch

[Eosi]

DDOS and actual hacking are not the same thing. Therefore your message is wrong. No one cares if you DDOS Trump or Clinton, will not even make the news.....

Re:

[simcop2387]

Nah, that might make the news. Trump would go on twitter immediately and blame the wrong people.

Re:

[Eosi]

Ah true. Then he would say that he is really really rich, and can afford it.

Re:

[Texmaize]

Wouldn't a better and far more accurate joke be:
Hillary would just hire someone to cover it up
Reflexive liberal bias is still reflexive.

Re:Skin him alive on Twitch

[Gojira Shipi-Taro]

Comedy is when it happens to you.

Tragedy is when it happens to me.

Or something like that...

Re:

[drinkypoo]

Comedy is when it happens, tragedy is having to clean up after

Re:Skin him alive on Twitch

[KlomDark]

DDOSing a bank is no hack, it gives you no access to money. Not a security issue, it's a network redundancy issue.

Not impressed with DDOS kiddies. It's like farting in church. Might drive a few people away.

But if you want to impress me: Build your own god.

Re:

[Penguinisto]

To be fair, DDoS'ing a bank or other (small) institution could potentially get you a bit of ransom if you're able to...
1) knock them offline for long enough, and
2) if enough of their business is reliant on being online, and
3) the network guys at the target institution and their ISP are completely clueless about blackholing or other countermeasures.

It would have to be a real small institution with a shit ISP, though for all three to occur. It also predicates on the target being willing to pay up.

Re:

[guises]

But if you want to impress me: Build your own god.

That's what it takes to impress you? You're setting the bar awfully high there.

Re:

[93 Escort Wagon]

It is the END of the WORLD ....of warcraft.

... and I feel fine...

Re:

[mark-t]

Speaking for myself, I'm more pissed off by the hacker's attitude of "I'm doing people a favor" than anything else... like he (or she) is somehow ethically justified to make decisions about what other people are supposed to be doing with their time instead of playing a video game.

Perhaps it isn't the most productive way to spend one's time, but the decision to play or not should be theirs... not someone else's.

Re:

[thegarbz]

It's funny how the DDOS of a gaming service is what it takes to get people upset here.

Attack a bank? Obviously they should have paid more attention to security - it's really their own fault.

Attack a politician? Well, they're evil anyway.

Attack someone suspected of a crime, even though they haven't stood trial? Well, these things happen.

Take down World of Warcraft? THIS SHALL NOT STAND!!

It's only funny when you phrase it like that. If instead you phrased it like this:

Attack an evil corporation who had it coming?
Attack an evil politician who had it coming?
Attack an evil person who had it coming?
Attack someone who is in general good standing with the Slashdot community? THIS SHALL NOT STAND!!

You'll find yourself just nodding your head in agreement.

It's a DDOS

[phorm]

Anyone, including a bank, can be DDOS'ed. It's just a matter of firepower, and is's not particularly complicated.

I might get upset if my bank got *hacked* due to some poor security practice - especially if money was last - but I wouldn't be that upset at the bank itself for a 1h DDOS due to self botnet loser.

In either case the guy doing the attacks needs to face some consequences though.

Re:

[DiEx-15]

Take down World of Warcraft? THIS SHALL NOT STAND!!

Considering the collective yawning and dismissal of most Slashdotters. Combined by the general lack of impressive talent to do said attack:

That should be a clear indication that the level of anger, with the exception of the usual die hard fanboys, is around "Meh" to "So Fucking What?" levels.

Re:

[bev_tech_rob]

I second the motion....

Re: Skin him alive on Twitch

[pinkushun]

Extra, Extra! Link found between violent games and the people who play them - story at 11.

Internet not designed for this

[DogDude]

This is going to keep happening, because the Internet was never, every designed for something like this. Security is near impossible, because it was designed to be an OPEN system, not a closed one, with security everywhere. Like it or not, the Internet is going to continue to break in bigger and bigger ways.

Re:

[fustakrakich]

It may have been designed to be open, but in practice it suffers a deep mono-culture of protocols (DNS and DHCP) and a lack of redundancy, especially at the proverbial "last mile", where the ISP can 'drop anchor' on your connection on a whim. It is still not an ad hoc network, which it needs to be if it is to be truly open, and if you want to keep it from breaking.

Re:

[Thanatiel]

If AS owners were filtering the traffic in and out, it would reduce this kind of attacks.

By filtering I mean that if a packet goes out, it has to originate from an IP of the AS; and if a packet goes in, it cannot come from an IP on the inside.

This would effectively anihilate a type of DDOS I will not describe here for obvious reasons.

But AFAIK, the infrastructure cost is not worth it ... yet ?

Re:

[OverlordQ]

> This is going to keep happening, because the Internet was never, every designed for something like this.

All it'll actually take is ISPs to actually implement egress filtering. Pretty much every major DDoS method out there requires forged packets to execute. Deny them that and the problem goes away.

Didn't affect me

[The-Ixian]

I played WoW pretty much all weekend and did not encounter any issues.

Hopefully apple jack continues to throw this level of expertise at the "real" attack.

Re:

[Mashiki]

Keep in mind that WoW and Overwatch use a whole pile of different data centers. Personally? I hope Blizzard comes after them with everything they can gather and sue the shit weasel into the ground.

Re:

[riis138]

Same here, no issues all weekend on both WoW and Overwatch.

Re:

[DroolTwist]

I got DC'd from Battle.net so I lost my D3 connection, but I reconnected in less than 3 minutes. A bit annoying, but nothing to ruffle feathers about.

How about...

[Lumpy]

Game makers stop with the fucking cloud required crap?

Let me run my own damn server, and authentication so I can just play it? Stuff that in your bunghole.

Re:How about...

[Gojira Shipi-Taro]

I don't think you understand what "MMO"s are.

This isn't a case of people not being able to play single player games. Not even a case of people not being able to play something that could be reasonably hosted by individuals, such as Quake ][.

Multiplayer games do have a huge audience for which much of the appeal lies in the service having huge numbers of other players. I don't play any of them anymore, but I can see how this could be a problem for a large number of people.

Re:

[Anonymous Coward]

I don't think you understand what "MMO"s are.

This isn't a case of people not being able to play single player games. Not even a case of people not being able to play something that could be reasonably hosted by individuals, such as Quake ][.

Multiplayer games do have a huge audience for which much of the appeal lies in the service having huge numbers of other players. I don't play any of them anymore, but I can see how this could be a problem for a large number of people.

As far as it being a problem, consumers can obtain some pretty incredible upload speeds these days, so I fail to see why you could not break apart the hosting burden (ala P2P/torrent) across those players who have the bandwidth and hosting horsepower to handle a "chunk" of that.

Of course, this would also require finding a reasonable ISP who doesn't try and ass-rape you with usage caps or other bullshit restrictions that would mandate a higher-priced "business" account. Sadly, that could be a larger challen

Re:

[Calydor]

Because the instant you allow hosting on one of the clients you make it a LOT more likely that some kind of hack (as in god mode, wallhacks and such) is going to be deployed.

If you 100% control the server it is far less likely.

As an example, in WoW's early days the server trusted client information too much resulting in people running around at insane speeds. Glide, I believe the hack was called. Imagine how that would go down if a random player had actual access to the server information.

Re:

[Ravaldy]

As far as it being a problem, consumers can obtain some pretty incredible upload speeds these days

Most services have a high download rate and a low upload rate. Additionally, many services provide burstable connectivity which is horrible for hosting gaming servers.

I really don't see the need to host your own server in today's wide availability of servers. Gaming companies don't cater to the minority, they cater to the majority because that's what makes the games lucrative and stable.

There are still indie companies out there that make games where you can self host (such as Rust) but the cost of hardware

Re:

[cfalcon]

If you want to play on a private server, go ahead. There's plenty of them.

But if you want to play on a full Blizzard server, then you need a whole datacenter tracking MANY players, that's multiple machines, not just one, all interconnected. That's the world of warcraft- millions of players who can communicate instantly, and interact in game instantly. The reason everyone is connecting to these datacenters is because they provide a service you can't repeat locally. It's not about upload bandwidth, it is

Re:

[metaforest]

If you want to play on a private server, go ahead. There's plenty of them.

But if you want to play on a full Blizzard server, then you need a whole datacenter tracking MANY players, that's multiple machines, not just one, all interconnected. That's the world of warcraft- millions of players who can communicate instantly, and interact in game instantly. The reason everyone is connecting to these datacenters is because they provide a service you can't repeat locally. It's not about upload bandwidth, it is about latency, and a distributed network is inherently terrible at that. It is very much about processing power, and RAM, and these are serious machines all hooked together doing that to support that many players.

Just think about designing it for a second- if I move my character from X to Y, on the live system my client tells the wow server what I did, which validates it (so I'm not teleport hacking), updates its internal state, figures out which players are close to me, and then sends data needed to draw my character to them. This means that your client doesn't need to know the whole of the world, it just needs the section you can see, etc.

Now try this distributed. Every distributed node needs a constant copy of the world, and all must be in sync. You need a way to figure out how to resolve disputes, and if some of the nodes are compromised you need to find a way to figure that out. You have the same problems that bitcoin does, but you need to do it instantly and simultaneously. It's laughable.

WoW is divided into shards. Each shard might have a few thousand client subscriptions of which only a few hundred are online at any time. Most MMOs operate this way. What this means is that millions of WoW players do not interact in the same world, and they cannot even chat between the different shards. In fact the only place all WoW players can interact together is on the Community Forum.

If you want a real MMO experience where all* the players are in the same persistent, real time, game instance (sing

Re:

[cfalcon]

> WoW is divided into shards.

This is technically true, but read on!

> What this means is that millions of WoW players do not interact in the same world

They absolutely do. I can send you a tell from any server. I can invite you to party from any other server, and then you will phase into my server immediately. The only exception? If I'm a lower level than you by a lot, then I will instead phase onto your server (no matter who did the invite: prevented from people making world hopping alts- o

Re:

[Anonymous Coward]

I don't think you've played modern MMOs recently.

The "massively multiplayer" part is a joke. Everything is instanced off and you have large, empty zones that might as well be single player.

There's no reason not to let people host the instances themselves just like old Quake II servers, since pretty much all a modern MMO does is have a bunch of players run around a given map. Hell, they'll even teleport you to the map rather than require you to go there in the game world, and automated match-making means you

Re:

[jklovanc]

Can you tell me why single player Diablo 3 needs to be connected? Especially considering that the connection, which only updates the chat, keeps going down so often. I can play WoW, WoT, STO, etc all day but get kicked off of D3 regularly.

Re:

[XxtraLarGe]

I don't think you understand what "MMO"s are.

If I could play WoW solo or have my own server & only play with friends, I'd probably get back into it again.

Re: How about...

[pinkushun]

Give me DRM free games any day!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[thegarbz]

...figure out the ping command. Sending packets? Only a mastermind.

Oh? Did you have first hand knowledge of the attack to base your comments on the fact that someone read the man page for ping? Or maybe DDOSing can be done in a wide variety of attacks ranging from the fairly lame (ping) to the far more advanced (e.g. NTP Reflection). Or do you actually think a bunch of computers running ping are able to bring down a large high bandwidth datacentre, in which case pot meet kettle.

Re:

[Maow]

...figure out the ping command. Sending packets? Only a mastermind.

There's a lot more to modern DDoS attacks via amplification / reflection [akamai.com] than a bunch of ping packets (from 2013):

Recently, DDoS attacks have spiked up well past 100 Gbps several times. A common move used by adversaries is the DNS reflection attack, a category of Distributed, Reflected Denial of Service (DRDos) attack. To understand how to defend against it, it helps to understand how it works.

100 Gbps is staggeringly large and nearly impossible to defend against. "Well past 100 Gbps" is mind boggling. Di

Re:

[Bengie]

100Gb is nothing these days. We now have 32Tb/s trunk lines with 400Gb/s channels, soon 1Tb/s channels. Core routers rated in petabits per second. 100Gb just doesn't seem like a lot.

Someone put out the memo

[stealth_finger]

DDoS isn't hacking.

Re:

[Mashiki]

Anything is hacking these days according to the media. Didn't ya get the memo? Sneezing is hacking, rubbing a balloon against someones head is hacking. DDoSing 127.0.0.1 is also hacking.

Re:

[Calydor]

You need to stop posting my IP on the internet!

Re:

[Ravaldy]

No, it's the definition. The media is using the word properly.

Re:

[Ravaldy]

The process for achieving a DDoS requires what you would like to consider "hacking".

The actual definition of hacking however includes any computer crime: https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[yodleboy]

"DDoS isn't hacking." No it's a network micro-aggression.

Re: Ya'll are underestimating the accomplishment..

[Anonymous Coward]

"Bring it down" is a huge overstatement. The majority of people had no problem logging on, a few had to try twice and a very small number were locked out for a de minimus length of time. Not exactly hacking the Gibson, yo.

New game revealed by this DDoS?

[darniil]

The outages led to authentication lockouts for gamers attempting to access Overwatch, Hearth Stone, World of Warcraft, Diablo, Heroes of the Stone, and others.

Looking forward to seeing if it's any good.

it wuz haxx0rz!

[Anonymous Coward]

No, just another poser s'kiddie. But that's the only kind you get on /. these days. You just know where the editor's sympathies are.

New game from Blizzard!

[Vegan Cyclist]

Heroes of the Stone? Wow - can't wait for this new game!

And isn't the 'others' really just Starcraft...? (If you clump the Warcraft games in with WoW.)

Re:

[Spamalope]

with stretch goals that included finger removal.

I think that's the best way to handle persistent spammers. Spend the anti-spam infrastructure budget on the dark web and hold a quarterly drawing to decide which top 20 spammer gets the contract.

Good anybody can run their own overwatch server

[nyet]

Oh, wait.

The real problem

[JustNiz]

OK so you have managed to build a botnet large enough to give you the potential to apply pressure to change the world in some small way, and the best you can come up with is to ruin the weekend for a few kids by disrupting traffic to some game servers? Pathetic, just Utterly Pathetic.
Thats the real trouble with Lizard Squad and all the other DDOS skript kiddies these days. They have zero fucking style or imagination.

We know one thing

[Yvan256]

With a name like AppleJ4ck, it does tell us that he's part of a team. Expect more hacks from Flutt3rShy, P1nkieP1e, R4riTy, Rainb0wD4sh and Tw1l1ghtSp4rkle.

Re:

[WallyL]

My Little Pwnies?