Feeds

back to article LulzSec hacks EVE Online as rampage goes on

Prolific hacker pranksters LulzSec took out sci-fi game EVE Online on Tuesday as part of a run of attacks apparently perpetrated purely for the lulz. A DDoS attack left EVE Online offline for around five hours as part of an operation called Titanic Takeover Tuesday. CCP Games, the firm behind the popular multiplayer game, said …

COMMENTS

This topic is closed for new posts.

Page:

Thumb Up

be thankfull

they're white hatters, shudder to think what would've happened had they been malicious.

I can't help but chuckle every time i read a story about them hacking something, purely for the lulz. It's what i would want to do, had i been a good hacker.

these guys are exposing flaws that should've been taken care of ages ago and firmly puts the companies affected in their place, i can't really see anything wrong with that.

i work in IT and if i where the person responsible for security and this happened to me, i would probably still laugh while cleaning out my desk ;)

3
32
Silver badge
FAIL

With an attitude like that...

...I'm surprised that you haven't been asked to clean your desk out already. Personal stuff only...

Launching ddos attacks against people isn't 'white hat', it's the definition of malicious.

9
2
Go

Agreed

Ddos is crude, unsophisticated and an indication they can't do better.

Legitimate protesting like breaking into Senate systems is fair game IMO

1
1
WTF?

@Danny 5

They're not white hats though, are they....

2
0
FAIL

DDOS != Hack

A ddos is more attributed to ripping the door of your office building and throwing rocks through the windows. A DDOS is not a "hack" as the media are calling them.

LuLzsec are far from White Hat. They release private data into the wild before even notifying the vendors. Why did they tell the NHS they where vulnerable and not anyone else?

2
1
Bronze badge
Thumb Up

Question? White Hatters or Black Hatters ...

That would make them Brown Hatters?

2
0
Anonymous Coward

er

A Distributed Denial of Service attack may well be a hack. It depends on what type we are talking about. Flooding IP ranges via botnets it not a hack in itself (depending on what packets you are sending and to where) but gaining the collection of infected hosts in the first place could well have been "a hack" job, all be it some less competent kids use automated processes to do this but other more competent users use a variety of exploits, custom or POC to gain their zombies.

A DDOS attack which may include floods of emails could not realistically be construed as a hack and neither could the Anonymous method of it's users running a flood script however NOT all DDOS attacks are carried out by kids with scripts, many are by very good programmers who are still a little naive, enough so not to see it as an offence that may gain them some jail time in the near future.

1
0
Mushroom

@Danny 5

How much more stupid and self-righteous can you be?

No white-hat would leak the information they managed to grab, nor would they gallivant around with this holier-than-thou attitude.

LulzSec is as much a group as Anonymous is. If you've been on their IRC, they invite anyone to submit leaks and information about possible targets. They are a bunch of teenagers having fun with open-source tools.

0
0

Sooner or later...

...they'll hit one too many companies, and these companies will join together...and hire better 'hackers' than the Lulzsec fun-times kids...and then this group will disappear.....quietly......at night....

0
2
Big Brother

The thing about a Gorilla War...

is its impossible to win by force of might.

... you just never know when or where the next attack will happen and you have to spread your forces trying to cover all your bases.

Why would they hire hackers.... Who would these white hat hackers hack? They don't know who they are up against never mind what their email/facebook address is.

And how would they know the WhiteHats they have hired aren't the people they are trying to catch.

Much more likely the Goberment will draft some new legislation that says you can only access the intertubes with an aabacus and a piece of chalk.

2
0
WTF?

lmao

"Gorilla war"

guerilla...

7
0
Coat

Actually, the thing about a Gorilla War is ...

... it is best won by throwing exploding bananas at each other!

4
0
Mushroom

As a friend of mine pointed out last night

A lot of Goonswarm folks were displeased at the prospect of unwanted EVE downtime. A showdown between the wretched scum of 4chan vs the wretched scum of the Something Awful forums will make for superb entertainment.

2
1
Thumb Up

Exploding Bananas "gorilla war"

And someone actually remembers that old qbasic game ...

0
0
Happy

Well, Gorilla war it may very well be...

With all that chest-thumping

1
0
Megaphone

Gorillas

"Get your filthy packets off me, you damn dirty apes!"

1
0
Black Helicopters

@Irish donkey

"The thing about a Gorilla War is its impossible to win by force of might."

This is true, but it depends on who is actually the Gorilla...

I have a funny feeling that if a news story aired saying that two or three people had been found dead, tortured slowly over several days, and the only connection appeared to be membership of an online group known as LulzSec, the 'hacks' would taper off pretty quickly!

It really wouldn't take government 'analysts' long to track down a few culprits if they put their resources towards it, even if it was only the mouthpieces rather than the actual do-ers... But that kind of thing would probably only happen if they were stupid enough to directly target some sort of government security agency...

0
0
Thumb Down

Hacked?

Can you please explain how a DDoS attack is a 'hack'? Or was the headline purely in competition with the Daily Wail for sensationalism? Surely being hacked means that someone has compromised one or more systems on the network being hacked. From your article this would appear to not be the case.

Also there is no reference to the post at the Eve Online website from the COO stating they took both the game servers and web site offline in response to a DDoS attack for them to check for signs of compromise.

Less sentationalism and definately less tardy journalism would be appreaciated.

Where is the El Reg Tombstone icon when you need it.

14
0
FAIL

Agreed...

I agree, it's one of the many things that's starting to make me visit here less and less.

A DDoS is not a hack - and it isn't even apparent that the DDoS was the reason why it went offline. Looking at BGP stats from last night they pulled all their routes at the same time - not something that would have happened without CCP doing it.

Maybe you should research your stories before you post them.

P.S. For those that aren't aware here's a link to the post mentioned by ledmil: http://www.eveonline.com/news.asp?a=single&nid=4616&tid=1

0
0

what he said

"Also there is no reference to the post at the Eve Online website from the COO stating they took both the game servers and web site offline in response to a DDoS attack for them to check for signs of compromise."

CCP didn't cave in to the DDOS as the author of the article suggests. They cautiously took the entire thing offline as they were worried the DDOS was a smoke screen for something else. Which correct me if I am wrong it is understood this is what happened with SONY?

As for the forum wailing - the EvE forums are always wailing. I haven't had time to read them all but the few pages I read on General Discussion very early this morning showed a balanced view with about half saying good job CCP - you can't be too careful and the other half comprised of naive nitiwts wanting free stuff for the downtime.

I salute CCP for how they reacted to this. Paying customer for several years btw.

3
0
Bronze badge
FAIL

Re: "HACK"

People call everything a hack these days. Some dummy leaves their facebook logged in at the library and suddenly "they've been hacked". Someone guesses their qwerty email password and they "got hacked". They go to a pron site and get keylogged and credit card number stolen and "they got hacked".

Just the general degradation of our society.

Unfortunately the lawmakers know even LESS about this technology, and they're the ones making decisions on this kind of thing.

1
0

This post has been deleted by its author

But Why?

I play EVE Online, its WOW for adults in a space ship, I dont get why anyone would want to take EVE online down the game does not hurt anyone?

5
0

There isn't a reason

It's a group of teenagers with too much time on their hands who think that disrupting high visibility targets makes them cool. There is no reason to any of these hacks, it's purely because they think it's funny to annoy people.

4
4
Black Helicopters

Because Sony

CCP hf. (the company behind EVE Online) announced an exclusive deal with Sony for its upcoming console MMOFPS game. Sony and their allies have been targeted by LulzSec from the start. Likewise, Mojang (the Minecraft guys) are bringing Minecraft mobile to the Sony's phone/portable console thing (Xperia?) only at first.

Sounds like a more plausible explanation than targets being picked at random.

2
2
Silver badge

I don't think there's any particular reason behind the attacks

It's the online equivalent of bored teenagers dropping things off bridges onto train lines. Usually harmless, but occasionally potentially dangerous, and always illegal. Once one or two of their less careful members get caught and get the book thrown at them, they'll go back to vandalising bus shelters instead.

Personally, I think CCP should be commended for the way they ring-fenced their servers, although it may have been a slight over-response to take down all their web servers, including those for DUST 514. Sony took the opposite response when they were hacked a few months ago, and kept things running while they were still assessing what kind of damage was being done. Look what happened there. CCP are bound to have billing information for their customer's accounts, which by necessity is available through the web to their user base, so ti seems like a prudent move to me.

It might be a little annoying to Eve players that they couldn't play last night, but CCP usually give out freebies after extended down-time, such as special in-game items, extra skill-points, etc.

As for the issue of bot-nets in the game; I have been playing for a couple of years and never come across this problem. The game is designed in such a way that it can be fairly well self-policing; when there was a spate of people using bots to mine minerals in ships (called Hulks), the player base responed with 'hulkageddon', where a bunch players went round and blew their ships up. Anyone found using bots gets their account banned.

5
0
Anonymous Coward

Trolling or....

...you simply have no clue about the game you're playing.

There are people in Eve (lots of them) who would quite cheerfully plant child porn on a machine & report you to the local police if they believed they could gain an advantage from it.

The fact there's shedloads of bots getting banned (tradebots now too) so there's people losing RL money (thousands of Euros a month in some cases) and lulzsec have setup a "who do you want targeted" phoneline....

You join the dots.

Intenet spaceships is still serious (RL) business :D

1
0
Bronze badge
Facepalm

Re

This "its a bunch of bored teenagers in their mom's basement" rhetoric is getting old. Wish we could get some bans for it.

And even if that's true, just think, they're more skilled and more intelligent than the entire collective IT staff at Fortune 500 companies. More intelligent than the entire government cybersecurity team. If they can pull it off, what do you think the terrorists are doing? Perhaps if we lived in a society that valued intelligence rather than insulted it they'd have something "better" to do with their time.

Either way, much more likely that they are mid 20s individuals looking to take payback for real or imagined oppression by "the man". Probably recently unemployed IT professionals. Many of the acts have been fairly justified, and they haven't profited from any of it. I don't see a problem with publishing the data, data cannot be "stolen" and the lack of security around it is laughable. Their acts are tantamount to someone going to a museum, sketching a copy of a painting and people complaining that the artwork is being "stolen".

0
3
Happy

But Why?

I play EVE Online, its WOW for adults in a space ship, I dont get why anyone would want to take EVE online down the game does not hurt anyone?

It's OK I sent EVE a get well soon card and am baking it a cake right now.

0
0
Silver badge

If you think...

...that a bunch of people launching a ddos attack, most likely, with something like LOIC, are more intelligent than all those people, then you are wrong. I seriously doubt that they have access toa botnet to lauch the attacks, as such things are usually controlled by criminals for profit, not by kids for what amounts to online vandalism. They might, however, be more intelligent than you, as you seem to have failed to have even a basic grasp of the issues at hand.

2
0

Hmm

>>> Some have praised LulzSec for its gonzo-security antics...

Methinks this has gone way beyond some kind of Robin Hood-esque campaign for better internet security.

6
0
Meh

As Adam Shostack wrote, a few days ago...

When it comes to conveying the importance of computer security, to those who will pay for it, we are currently being out-communicated by a bunch of people who can't even spell LOL.

How bad is that?

3
0
Bronze badge

Re

Just think of how jaded a person must become when they discover that no one is adequately protecting their data. I can see how they'd go from "hey lets show how bad this security is" to "burn the whole thing down".

0
0
Big Brother

On the other hand...

If you were a government agency tasked with making major companies and infrastructure providers WAKE UP AND DO SOMETHING about making themselves secure, this wouldn't be a bad way to do it, would it?

Effective, high profile, and above all deniable, not to mention being both good practice and a chance for those 1337 kids you just employed to prove that they have what it takes.

Just a thought.

0
0
Silver badge
Big Brother

WAKE UP AND DO SOMETHING?

What, like, financing cybersecurity lobbyists who then can get a new cybersecurity czar anointed by the Powers That Be who then can order expensive gear at said companies for Government Use and/or ram through legislation that everyone needs to order expensive gear at said companies?

0
0

CCP is bad at security

When CCP recently released a new forum the security was so hilariously bad that people had managed to get access to the admin parts of the forums within hours (and got their accounts banned after pointing it out to CCP). At first CCP took the forum offline in the hope to fix the issue, but after a few days we got the old (and superior) forum back and the new forum went into the memory hole. If CCP had my credit card details (they don't) I would have it blocked.

0
0

au contraire

How is that "bad at security"? Bad at security would've been leaving the vulnerable forum code running.

It's not wrong to be vulnerable - all systems are. What's wrong is allowing glaring problems to fester.

I'd hate to be CCP. Browsing the forums reveals they have some of the most awful, ungrateful, childish, self-serving customers. Add in that EVE is a haven for real-money-traded russian & chinese goldfarming, and I'm not surprised they get owned, and quickly how la.

1
1

Game Devs = Meh

When I was a games dev we never had a second thought about forum whiners. I doubt much has changed in 8 years.

0
0
Devil

DDOS != Hack

See title . :P

0
0
Anonymous Coward

Lulzsec in Nullsec

One of the larger factions (a few thousand members) during the 4 years I played was Goonswarm which also originated from 4chan. I haven't played in a year and a 1/2 but I know they're still around.

So if DDoS has been used as a smokescreen w/Eve before and there is reason to think there's at least some membership overlap in GS/Lulzsec I can understand CCP being concerned. Given the unfettered PvP sandbox, and single-server, nature of the game, the egg on their face over a 5 hour shutdown is less damaging than a successful hack by a group that likely includes players.

More to it than just that obviously, both in terms of possible membership overlap, and CCP's recent deal with Sony.

2
0
Facepalm

Look at how dumb you are...

Goons come from Something Awful. You should know that if you had been playing as long as you claim.

Damn pubbies keep opening their mouths when they have no idea...

0
0

Good point...

...except that Goonswarm is affiliated with SomethingAwful, not 4chan.

Goons - SA

Anons - 4chan

0
0
Bronze badge

I do have to wonder though

LulzSec sounds like a name a script-kiddie who lives in Eve would come up with.

0
0
Bronze badge
Headmaster

Gorilla War?

I'm not sure what the events on Monkey Island have to do with this.

http://www.youtube.com/watch?v=qHxNLdATrVY

2
0
Anonymous Coward

But why?

TBH I can't see what they gain from this. Everyone nodded their heads at a job well done when LS exposed the flaws which have existed in Sonys environment for years. But the latest sailing does not raise their cred at all, instead it takes them back to the level of a bot herder working for cash.

I would be more impressed if they went after Human Right infringing nations or Sexual predators instead of running phone line asking the average pleb to leave a message suggesting their next target. almost like X-Factor.

1
0
FAIL

But why?

TBH I can't see what they gain from this. Everyone nodded their heads at a job well done when LS exposed the flaws which have existed in Sonys environment for years. But the latest sailing does not raise their cred at all, instead it takes them back to the level of a bot herder working for cash.

I would be more impressed if they went after Human Right infringing nations or Sexual predators instead of running phone line asking the average pleb to leave a message suggesting their next target. almost like X-Factor.

2
0
FAIL

Unusually poor article - not like you, Reg?

I struggle to understand why there is criticism of CCP, or any company, for being "overly cautious" with customers credit card information? I applaud CCP for the way this has been handled.

You don't have to look far to find that the servers were in fact taken down voluntarily, by CCP, in order to protect user data. I suppose looking as far as CCP's twitter feed or facebook page is too much like journalism on this occasion? You could argue that Minecraft recovered rather quicker, but given that Minecraft is neither an MMO nor a subscription service, CCP's cautiousness is very much warranted.

Instead, this article paraphrases the scare-tactics of lesser publications by suggesting this is 'Hacktivism' which successfully highlights poor security. Firstly, as many have said, DDoS isn't hacking in the same sense as driving a truck through the door of a house isn't lock-picking.

Equally, successfully getting said truck through the door is not indicative that the door was insufficiently secure. Why are CCP expected to be able to fend off a massive DDoS attack, or any other extreme situation, and stay active as though nothing had happened?

Conversely, I'm sure their protection against actual, real hacking is more than sufficient. Switching off the servers for a mere 5 hours in the interests of protecting customer data is an effective if basic strategy that I'm perfectly happy with.

3
0
Bronze badge

Getting Bored

Whatever. Maybe they'll get caught or get bored. But things like this shouldn't happen in the first place.

Hopefully, someday Microsoft will get around to releasing a version of Windows without vulnerabilities, so there won't be any computers out there capable of being made into parts of botnets. However unrealistic a hope this may seem, it is the only solution.

0
5
Bronze badge

Re

Are you posting just to demonstrate that you know nothing about technology? Is this a troll? I don't get it.

0
0
Silver badge
Holmes

Perhaps a

better solution would be for admins not to have accounts named "admin" with a password of 1234

Then again , I'm someone who sfeels it was a shame Valve software never managed to get the guy who hacked them to US territory ......

0
0

Page:

This topic is closed for new posts.