test content
What is the Arc Client?
Install Arc

cyber attacks - our account info secure?

hi, i just started playing and i was wondering what is the nature of these cyber attacks? is someone trying to get our account and payment info?

Comments

  • artanisenartanisen Member Posts: 159 Arc User
    beginning to wonder that my self.
    "Power tends to corrupt, and absolute power corrupts absolutely."
    "Great men are almost always bad men."
    “If God is all-powerful He cannot be good, if God is good He cannot be all-powerful!”
  • theycallmetomutheycallmetomu Member, NW M9 Playtest Posts: 1,861 Arc User
    DDoS has nothing to do with our account info; it's just the attacker contacting the server repeatedly using system resources.

    A "hack" and a DDoS are two different things. Someone who knows more about it can tell you more than I can, I'm afraid.
  • edited September 2015
    This content has been removed.
  • wylonuswylonus Member, NW M9 Playtest Posts: 2,376 Arc User
    DDOS mean, someone using the program to "Flood it" with junk spams to host side, creating the bootings.
    once it get full, it crashed. so it made server to "reboot it self" with empty server.
    i hope i explain best i could.
  • neoxyphusneoxyphus Member Posts: 43 Arc User
    The nature is that they are using a network of compromised or even dedicated/rented systems (for example, cloud instances) collectively called a "botnet" to each send requests to a critical resource that is used/depended on by the game. In this case, seems like the account server(s). With the level of automation available at one's fingertips nowadays, one can bring up/shut down botnets at the flip of a switch.

    Typical infrastructure practice 10 years ago is to put say, x number of servers behind a virtual IP, or a set of IPs (public facing IPs in both cases). In this case it appears its behind either single or contiguous set of IPs that is easily obtained by just watching an app's login traffic.

    But that's 10 years ago...In today's world that's like putting a "DDOS ME" sign on Cryptic's back for any botter worth their salt. This is, most likely, methods employed to save money.

    PWI/Cryptic in their ultimate wisdom chose to forego things like:

    - Geo load balancing
    - Anycasting (e.g. same IP, but announced through BGP at different parts of the world, effectively distributing the load rendering DDOS which is used to attack CENTRALIZED resources much less effective)
    - Hybrid mitigation methods which uses combination of the above based on dynamic thresholds...One way is to punt by signature/traffic patterns to an extranet so that the bots continue to attack dummy services while legitimate traffic continues to flow through

    They are probably working hard to combat the problem, probably started by changing VIPs/DNS records, which is not hard at all to track by good hackers. But until they can revamp their infrastructure, all attempts are just in time meaning there will be a hiccup/etc measured in minutes, unless they have the resources to automate said efforts, which would require a pretty sophisticated IIS and/or netops team that actually knows what they are doing.

    Or they can just opt to adopt DDOS mitigation through cloudflare/Akamai, which costs money.

    Although this is not an intrusive attack, this can be used to expose vulnerabilities while services are down, which can make assets susceptible to intrusive attacks.

    Anyway expect NeverGodz to continue to have fun at PWI/Cryptic's expense until they get their act together.
    Casamir
    3K IL WK Sabo TR
    Trying to suck less @ pvp near you
  • edited September 2015
    This content has been removed.
  • alin119alin119 Member Posts: 50 Arc User
    it is because that my client became unplayable ?
    took me over 2h to update the 200mb and i cant do nothing ...the lag its impossible
    any solution ?
  • dairiuschi3dairiuschi3 Member Posts: 40 Arc User
    You basically just have to wait it out, it seems random since it doesn't hit 100% of the playerbase at the same time or anything. Basically luck of the draw, sadly.
  • plasticbatplasticbat Member, NW M9 Playtest Posts: 12,408 Arc User
    Another analogy is you want to go to work and there is one elevator to your office. Somebody send a million person to line up to use that elevator. Just because they can use the elevator, it does not mean anyone of them can open the door of your office.
    *** The game can read your mind. If you want it, you won't get it. If you don't expect to get it, you will. ***
  • d4rthd00fusd4rthd00fus Member Posts: 453 Arc User
    DDoS attacks are used by professional hackers as a diversion at the front door while they sneak in the back. The idiot doing this attack was no hacker and likely just using DDoS rental services from orgs like lizard squad. He was retaliating for the recent bonehead AD change and certainly proof that 2 wrongs don't make a right.
  • alin119alin119 Member Posts: 50 Arc User
    so just for me if any can help ... its that the reason i cannot play anymore ? my problem start after the last maintenance and i still can log in but the lag its impossible
    also any fix .... or just wait until neverever fix this ?
    thx for help
  • archanarchistarchanarchist Member Posts: 144 Arc User
    if you just started u should be ok the last hack like that was like a yr ago the recent ones have just, apparently been DDOS only
  • ambisinisterrambisinisterr Member, Neverwinter Moderator Posts: 10,462 Community Moderator

    if you just started u should be ok the last hack like that was like a yr ago the recent ones have just, apparently been DDOS only

    Please don't spread false rumors. There was no hack a year ago...
    alin119 said:

    so just for me if any can help ... its that the reason i cannot play anymore ? my problem start after the last maintenance and i still can log in but the lag its impossible
    also any fix .... or just wait until neverever fix this ?
    thx for help

    Depending on what time of the day it is possible if is from the DDoS attacks. It could be any number of things though depending on your network connection, computer specifications and whether or not you are going through cogentco's ISP node. More information would be required but this isn't the thread for that.


    As for the topic of whether a DDoS can take information off of the server: as others have said the answer is NO.
    It is simply a flood of ping requests which overloads the system.

    Another way of describing it would be to imagine juggling balls. You might be bale to juggle 3 balls effortlessly but for each additional ball it gets harder and harder. Well a DDoS attack is like throwing more and more balls for the server to juggle and eventually when it can't keep up anymore all of the balls are dropped and the system has to restart from scratch.
  • hoofithoofit Member, NW M9 Playtest Posts: 122 Arc User
    Every connection on the net has someone (normally automated) trying to gain access to it just check your own routers firewall and you'll see lots of things, port scans ect. I bet cryptics firewall is pretty busy most days stopping stuff and has been for a while which should be of some comfort to you.
    Nothing on the net is ever 100% secure no matter who it is that is storing it.
    Your own computer is probably more at risk as most don't change there routers default admin and passphrase making it very easy for attackers to get on your network and then esculate things.............. I reccomend a look at your own firewall logs, do remember that firewalls often have Faulse alerts in there logs and not all will be malicious

  • d4rthd00fusd4rthd00fus Member Posts: 453 Arc User
    The unfortunate thing about the DDoS attacks is that real cyber criminal gangs are quite patient and opportunistic and can run several sweeps against a system prior to launching an actual attack while looking for potential attack vectors. If an opportunity arises such as the recent DDoS attacks, they may use that as cover for an intrusion into the system. I'm not saying that happened, but if the criminals have any reason to believe there are payment databases housed on those systems they are already targeted and are just waiting for an opportunity to strike. I do hope that Cryptic has good protections on those systems and payment processing done somewhere else entirely with very strong encryption on their databases.
  • dufistodufisto Member Posts: 537 Arc User
    neoxyphus said:


    PWI/Cryptic in their ultimate wisdom chose to forego things like:

    - Geo load balancing
    - Anycasting (e.g. same IP, but announced through BGP at different parts of the world, effectively distributing the load rendering DDOS which is used to attack CENTRALIZED resources much less effective)
    - Hybrid mitigation methods which uses combination of the above based on dynamic thresholds...One way is to punt by signature/traffic patterns to an extranet so that the bots continue to attack dummy services while legitimate traffic continues to flow through

    i'll fault cryptic for alot of things. but geoloadbalancing doesnt work well with instanced games, it works well with sharded games.
    they might be using anycast, the account server getting overload wont be prevented from anycast. limited server resources will always be an issue.

    there are several other mitigations that could be put in. like signature checking ids/ips. and they'll stop most bot attacks, depending on how well attack was planned.
  • darkdraykendarkdrayken Member Posts: 43 Arc User
    omghelp said:

    hi, i just started playing and i was wondering what is the nature of these cyber attacks? is someone trying to get our account and payment info?


    DDOSing isn't going to cause a security breach. The only thing it does is overflow the servers so that they crash and people are unable to log in. Think of it as a clogged drain.


  • This content has been removed.
  • ultimateblu#0961 ultimateblu Member Posts: 28 Arc User
    ok i hope so. i dont want to lose all my personal info just because i spent 10 dollars on astral diamonds lol. incidentally, the launcher no longer works. i wonder if they are making security updates?
  • dirtimus78dirtimus78 Member Posts: 4 Arc User
    Yeah, I just made my first purchase yesterday...
  • flambridgeflambridge Member, NW M9 Playtest Posts: 191 Arc User
    DDoS want down server only.
    It isn't a security atk...
  • This content has been removed.
  • carrytiexcarrytiex Member Posts: 231 Arc User
    As has been said, in this case I wouldn't worry about account information. However I wouldn't trust that Cryptic would actually tell us if our details are vulnerable. I've heard of more reputable companies storing passwords as plain text in the past...
Sign In or Register to comment.