These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

So... Who's Responsible?
Author
Previous Topic Next Topic
Haulie Berry
#21 - 2013-06-03 15:02:39 UTC
Brooks Puuntai wrote:
Ronix Aideron wrote:
http://community.eveonline.com/news/news-channels/eve-online-news/tranquility-downtime-on-sunday-june-2-and-monday-june-3/

It was not a DDoS attack but someone or a group that was able to exploit a vulnerability to some back-end services.


It states in the first sentence it was a DDoS. The whole point of DDoS is to exploit a vulnerability to gain access.



I... what?

No. The point of a denial of service attack is to... well, deny service. That's the whole point of the vast majority of them - to simply cause a service interruption by rendering the system unreachable. They don't, generally, allow the attacker to access the system.

The DDoS and the vulnerability here are almost certainly related and perpetrated by the same group or individual, but are two distinct attacks.
Vincent Athena
Photosynth
#22 - 2013-06-03 15:12:29 UTC
Maybe it was both. The DDOS attack was a smoke screen. While everyone was busy with that, the hack attempt would go unnoticed.

Except CCP was on the ball and noticed.

Know a Frozen fan? Check this out

Frozen fanfiction
FlamesOfHeaven
Ministry of War
Amarr Empire
#23 - 2013-06-03 15:25:29 UTC
Vincent Athena wrote:
Maybe it was both. The DDOS attack was a smoke screen. While everyone was busy with that, the hack attempt would go unnoticed.

Except CCP was on the ball and noticed.


This is what me and my peeps was talking about during the server downtime. Just wild guess from the limited info given to us from CCP. It was a good idea to pull the servers down and do a full analysis imo.

Better safe than sorry.
silens vesica
Corsair Cartel
#24 - 2013-06-03 15:29:12 UTC
FlamesOfHeaven wrote:
Vincent Athena wrote:
Maybe it was both. The DDOS attack was a smoke screen. While everyone was busy with that, the hack attempt would go unnoticed.

Except CCP was on the ball and noticed.


This is what me and my peeps was talking about during the server downtime. Just wild guess from the limited info given to us from CCP. It was a good idea to pull the servers down and do a full analysis imo.

Better safe than sorry.

Attempted backend services exploit... can you image what a powerful zombie the CCP cluster would make?
Is it possible the attack wasn't aimed at CCP, per se, but rather at gaining access to CCP's horsepower in aid of an attack on a third party?

Tell someone you love them today, because life is short. But scream it at them in Esperanto, because life is also terrifying and confusing.

Didn't vote? Then you voted for NulBloc
Vera Algaert
Republic University
Minmatar Republic
#25 - 2013-06-03 15:33:50 UTC  |  Edited by: Vera Algaert
Haulie Berry wrote:
Brooks Puuntai wrote:
Ronix Aideron wrote:
http://community.eveonline.com/news/news-channels/eve-online-news/tranquility-downtime-on-sunday-june-2-and-monday-june-3/

It was not a DDoS attack but someone or a group that was able to exploit a vulnerability to some back-end services.


It states in the first sentence it was a DDoS. The whole point of DDoS is to exploit a vulnerability to gain access.



I... what?

No. The point of a denial of service attack is to... well, deny service. That's the whole point of the vast majority of them - to simply cause a service interruption by rendering the system unreachable. They don't, generally, allow the attacker to access the system.

The DDoS and the vulnerability here are almost certainly related and perpetrated by the same group or individual, but are two distinct attacks.


it's quite common to use a ddos in order to sneak by other malicious stuff - an IDS will often look for deviations from the statistical patterns of normal network traffic in order to spot intrusions (a ddos drowns out any meaningful patterns) or inspect individual packets (in which case a ddos might cause a poorly configured IDS to choke on all the traffic).

The attention of human staff is of course diverted as well while they are trying to deal with a ddos attack (which will cause delays in them sorting through and reacting to automated reports on potential intrusions).

the ddos is basically a massive smokescreen behind which the attacker is trying to hide his probing and/or intrusion.

.
Kult Altol
The Safe Space
#26 - 2013-06-03 15:36:33 UTC
It was a bunch of wow kids. They got mad that eve is growing.

[u]Can't wait untill when Eve online is Freemium.[/u] WiS only 10$, SP booster for one month 15$, DPS Boost 2$, EHP Boost 2$ Real money trading hub! Cosmeitic ship skins 15$ --> If you don't [u]pay **[/u]for a product, you ARE the [u]**product[/u].

Mr Epeen
It's All About Me
#27 - 2013-06-03 15:41:24 UTC
Wernher VonBrawn wrote:
Was the DDoS attack just some random kids wanting to DDoS something for teh lulz? Or was it something more sinister...
like North Korea! tryin' to steal EVE's advanced ship technology?


I don't care who's responsible.

What I care about is that my personal information wasn't stolen thanks to CCP being on the ball.

That can't be said for the big boys, including Blizzard and Sony. Any accts I have with them are fake info on throw away email addys thanks to their pathetic past performance.

At this point, CCP is the only one I trust to protect my privacy.

Mr Epeen Cool
Haulie Berry
#28 - 2013-06-03 15:42:15 UTC
Vera Algaert wrote:
Haulie Berry wrote:
Brooks Puuntai wrote:
Ronix Aideron wrote:
http://community.eveonline.com/news/news-channels/eve-online-news/tranquility-downtime-on-sunday-june-2-and-monday-june-3/

It was not a DDoS attack but someone or a group that was able to exploit a vulnerability to some back-end services.


It states in the first sentence it was a DDoS. The whole point of DDoS is to exploit a vulnerability to gain access.



I... what?

No. The point of a denial of service attack is to... well, deny service. That's the whole point of the vast majority of them - to simply cause a service interruption by rendering the system unreachable. They don't, generally, allow the attacker to access the system.

The DDoS and the vulnerability here are almost certainly related and perpetrated by the same group or individual, but are two distinct attacks.


it's quite common to use a ddos in order to sneak by other malicious stuff - an IDS will often look for deviations from the statistical patterns of normal network traffic in order to spot intrusions (a ddos drowns out any meaningful patterns) or inspect individual packets (in which case a ddos might cause a poorly configured IDS to choke on all the traffic).

The attention of human staff is of course diverted as well while they are trying to deal with a ddos attack (which will cause delays in them sorting through and reacting to automated reports on potential intrusions).

the ddos is basically a massive smokescreen behind which the attacker is trying to hide his probing and/or intrusion.



Hence the last line of my post (it's almost like I put it there for a reason). That said, the fact that they get used that way sometimes definitely does not make it the entire point of a DDOS.
James Amril-Kesh
Viziam
Amarr Empire
#29 - 2013-06-03 15:46:04 UTC
silens vesica wrote:
FlamesOfHeaven wrote:
Vincent Athena wrote:
Maybe it was both. The DDOS attack was a smoke screen. While everyone was busy with that, the hack attempt would go unnoticed.

Except CCP was on the ball and noticed.


This is what me and my peeps was talking about during the server downtime. Just wild guess from the limited info given to us from CCP. It was a good idea to pull the servers down and do a full analysis imo.

Better safe than sorry.

Attempted backend services exploit... can you image what a powerful zombie the CCP cluster would make?
Is it possible the attack wasn't aimed at CCP, per se, but rather at gaining access to CCP's horsepower in aid of an attack on a third party?

There's probably a considerable number of server clusters accessible to varying degrees on the internet with equivalent or greater computing power.

Enjoying the rain today? ;)
FlamesOfHeaven
Ministry of War
Amarr Empire
#30 - 2013-06-03 15:47:01 UTC
silens vesica wrote:
FlamesOfHeaven wrote:
Vincent Athena wrote:
Maybe it was both. The DDOS attack was a smoke screen. While everyone was busy with that, the hack attempt would go unnoticed.

Except CCP was on the ball and noticed.


This is what me and my peeps was talking about during the server downtime. Just wild guess from the limited info given to us from CCP. It was a good idea to pull the servers down and do a full analysis imo.

Better safe than sorry.

Attempted backend services exploit... can you image what a powerful zombie the CCP cluster would make?
Is it possible the attack wasn't aimed at CCP, per se, but rather at gaining access to CCP's horsepower in aid of an attack on a third party?


potentially

Nothing is impossible.

I am too, tempted to have my hands on that horsepower if it does get within my grasp. Twisted

Must resist...
Evei Shard
Shard Industries
#31 - 2013-06-03 15:47:59 UTC
A thread titled "So.. Who's Responsible?" and after two pages no-one has blamed the Goons yet?

I'm on the Eve Online forums right?

Did we lose the tin-foil rolls in the attack or something?

Profit favors the prepared
Andski
Science and Trade Institute
Caldari State
#32 - 2013-06-03 15:48:13 UTC
Mr Epeen wrote:
I don't care who's responsible.

What I care about is that my personal information wasn't stolen thanks to CCP being on the ball.

That can't be said for the big boys, including Blizzard and Sony. Any accts I have with them are fake info on throw away email addys thanks to their pathetic past performance.

At this point, CCP is the only one I trust to protect my privacy.

Mr Epeen Cool


Timecode vendors have more secure billing systems than them

Twitter: @EVEAndski

"It's easy to speak for the silent majority. They rarely object to what you put into their mouths."    - Abrazzar
THC Trader
Doomheim
#33 - 2013-06-03 15:48:50 UTC
There seem to be a lot of misconceptions. Let me clear this up, considering I know how a DDoS works, and understand what CCP said in their post.

Someone found a vulnerability in CCP's servers. This doesn't mean they were able to gain access, or compromise the system. Vulnerabilities like that are pretty rare when you have a development team that knows what they're doing. Instead, what this most likely means, is they found a way to make CCP's servers do excessive amounts of work. They then either used a single computer, or multiple computers, to repeatedly send the data to CCP's servers that would make them do excessive amounts of work. This resulted in a Denial of Service.

Think of it in terms of a website, as it's a bit easier that way. Imagine you found a page on a website that took forever to load, and while loading slowed the entire website down. Now imagine if you had control of thousands of computers, and commanded all of those computers to request that page over and over again. The effect would be that the website would go offline under the load while trying to process all of those requests.

CCP took the servers offline to ensure no further vulnerabilities had been found/exploited. This is precautionary, and a smart move on their part. It doesn't mean the attacker actually gained any access though.
Random Majere
Rogue Fleet
#34 - 2013-06-03 15:49:02 UTC
It was a group called "MAD WIVES OF EVE". My wife is part of that group and.... oh crap got to leave the computer..she just got back and I don't want to get DDed. Big smile
Minty Aroma
Deep Core Mining Inc.
Caldari State
#35 - 2013-06-03 15:50:24 UTC
Nobody expects the Spanish Inquisition!
silens vesica
Corsair Cartel
#36 - 2013-06-03 15:50:39 UTC
James Amril-Kesh wrote:
silens vesica wrote:
FlamesOfHeaven wrote:
Vincent Athena wrote:
Maybe it was both. The DDOS attack was a smoke screen. While everyone was busy with that, the hack attempt would go unnoticed.

Except CCP was on the ball and noticed.


This is what me and my peeps was talking about during the server downtime. Just wild guess from the limited info given to us from CCP. It was a good idea to pull the servers down and do a full analysis imo.

Better safe than sorry.

Attempted backend services exploit... can you image what a powerful zombie the CCP cluster would make?
Is it possible the attack wasn't aimed at CCP, per se, but rather at gaining access to CCP's horsepower in aid of an attack on a third party?

There's probably a considerable number of server clusters accessible to varying degrees on the internet with equivalent or greater computing power.

Almost certainly true - But the attackers can't know for certain which is accessable until they try, can they?

Leads to certain surreal possiblities...

Lulzsec uses the Boy Scouts to control the International Monetary Fund which partners with Sony to attack CitiGroup…
Illuminati the Game comes to life.

Tell someone you love them today, because life is short. But scream it at them in Esperanto, because life is also terrifying and confusing.

Didn't vote? Then you voted for NulBloc
Colonel Xaven
Perkone
Caldari State
#37 - 2013-06-03 15:52:47 UTC
Kult Altol wrote:
It was a bunch of wow kids. They got mad that eve is growing.


Pretty much this Big smile

www.facebook.com/RazorAlliance
Evei Shard
Shard Industries
#38 - 2013-06-03 15:54:07 UTC
On a more serious note...

THC Trader wrote:
There seem to be a lot of misconceptions. Let me clear this up, considering I know how a DDoS works, and understand what CCP said in their post.

Someone found a vulnerability in CCP's servers. This doesn't mean they were able to gain access, or compromise the system. Vulnerabilities like that are pretty rare when you have a development team that knows what they're doing. Instead, what this most likely means, is they found a way to make CCP's servers do excessive amounts of work. They then either used a single computer, or multiple computers, to repeatedly send the data to CCP's servers that would make them do excessive amounts of work. This resulted in a Denial of Service.

Think of it in terms of a website, as it's a bit easier that way. Imagine you found a page on a website that took forever to load, and while loading slowed the entire website down. Now imagine if you had control of thousands of computers, and commanded all of those computers to request that page over and over again. The effect would be that the website would go offline under the load while trying to process all of those requests.

CCP took the servers offline to ensure no further vulnerabilities had been found/exploited. This is precautionary, and a smart move on their part. It doesn't mean the attacker actually gained any access though.



The question that came to mind for me when the word got out that it was a DDoS, was whether or not it had something to do with the new launcher. With all the problems CCP has been having with it, specifically related to connections and such, it seems there's a small chance it's more than coincidental. Not saying that some player or group of players hate the launcher so much that they decided to attack over it, but someone may have seen the problems and decided to probe for potential exploits.

Profit favors the prepared
silens vesica
Corsair Cartel
#39 - 2013-06-03 15:54:27 UTC
Evei Shard wrote:
A thread titled "So.. Who's Responsible?" and after two pages no-one has blamed the Goons yet?

I'm on the Eve Online forums right?

Did we lose the tin-foil rolls in the attack or something?
The foil got nerfed.

Tell someone you love them today, because life is short. But scream it at them in Esperanto, because life is also terrifying and confusing.

Didn't vote? Then you voted for NulBloc
Vincent Athena
Photosynth
#40 - 2013-06-03 15:55:41 UTC
Evei Shard wrote:
A thread titled "So.. Who's Responsible?" and after two pages no-one has blamed the Goons yet?

I'm on the Eve Online forums right?

Did we lose the tin-foil rolls in the attack or something?

If the new expansion included content that was massively hurting the Goons, I could see them trying something like this to extort CCP.

But there is nothing in the expansion like that. You may say "Tech!" except the goons have said many times that although they are exploiting the current Tech situation, that situation should not exist.

Know a Frozen fan? Check this out

Frozen fanfiction