cyber attacks - our account info secure?

ultimateblu · September 2015

hi, i just started playing and i was wondering what is the nature of these cyber attacks? is someone trying to get our account and payment info?

artanisen · September 2015

beginning to wonder that my self.

theycallmetomu · September 2015

DDoS has nothing to do with our account info; it's just the attacker contacting the server repeatedly using system resources.

A "hack" and a DDoS are two different things. Someone who knows more about it can tell you more than I can, I'm afraid.

wylonus · September 2015

DDOS mean, someone using the program to "Flood it" with junk spams to host side, creating the bootings.
once it get full, it crashed. so it made server to "reboot it self" with empty server.
i hope i explain best i could.

neoxyphus · September 2015

The nature is that they are using a network of compromised or even dedicated/rented systems (for example, cloud instances) collectively called a "botnet" to each send requests to a critical resource that is used/depended on by the game. In this case, seems like the account server(s). With the level of automation available at one's fingertips nowadays, one can bring up/shut down botnets at the flip of a switch.

Typical infrastructure practice 10 years ago is to put say, x number of servers behind a virtual IP, or a set of IPs (public facing IPs in both cases). In this case it appears its behind either single or contiguous set of IPs that is easily obtained by just watching an app's login traffic.

But that's 10 years ago...In today's world that's like putting a "DDOS ME" sign on Cryptic's back for any botter worth their salt. This is, most likely, methods employed to save money.

PWI/Cryptic in their ultimate wisdom chose to forego things like:

- Geo load balancing
- Anycasting (e.g. same IP, but announced through BGP at different parts of the world, effectively distributing the load rendering DDOS which is used to attack CENTRALIZED resources much less effective)
- Hybrid mitigation methods which uses combination of the above based on dynamic thresholds...One way is to punt by signature/traffic patterns to an extranet so that the bots continue to attack dummy services while legitimate traffic continues to flow through

They are probably working hard to combat the problem, probably started by changing VIPs/DNS records, which is not hard at all to track by good hackers. But until they can revamp their infrastructure, all attempts are just in time meaning there will be a hiccup/etc measured in minutes, unless they have the resources to automate said efforts, which would require a pretty sophisticated IIS and/or netops team that actually knows what they are doing.

Or they can just opt to adopt DDOS mitigation through cloudflare/Akamai, which costs money.

Although this is not an intrusive attack, this can be used to expose vulnerabilities while services are down, which can make assets susceptible to intrusive attacks.

Anyway expect NeverGodz to continue to have fun at PWI/Cryptic's expense until they get their act together.

alin119 · September 2015

it is because that my client became unplayable ?
took me over 2h to update the 200mb and i cant do nothing ...the lag its impossible
any solution ?

dairiuschi3 · September 2015

You basically just have to wait it out, it seems random since it doesn't hit 100% of the playerbase at the same time or anything. Basically luck of the draw, sadly.

plasticbat · September 2015

Another analogy is you want to go to work and there is one elevator to your office. Somebody send a million person to line up to use that elevator. Just because they can use the elevator, it does not mean anyone of them can open the door of your office.

d4rthd00fus · September 2015

DDoS attacks are used by professional hackers as a diversion at the front door while they sneak in the back. The idiot doing this attack was no hacker and likely just using DDoS rental services from orgs like lizard squad. He was retaliating for the recent bonehead AD change and certainly proof that 2 wrongs don't make a right.

alin119 · September 2015

so just for me if any can help ... its that the reason i cannot play anymore ? my problem start after the last maintenance and i still can log in but the lag its impossible
also any fix .... or just wait until neverever fix this ?
thx for help

archanarchist · September 2015

if you just started u should be ok the last hack like that was like a yr ago the recent ones have just, apparently been DDOS only

ambisinisterr · September 2015

archanarchist said:
if you just started u should be ok the last hack like that was like a yr ago the recent ones have just, apparently been DDOS only

Please don't spread false rumors. There was no hack a year ago...

alin119 said:
so just for me if any can help ... its that the reason i cannot play anymore ? my problem start after the last maintenance and i still can log in but the lag its impossible
also any fix .... or just wait until neverever fix this ?
thx for help

Depending on what time of the day it is possible if is from the DDoS attacks. It could be any number of things though depending on your network connection, computer specifications and whether or not you are going through cogentco's ISP node. More information would be required but this isn't the thread for that.

As for the topic of whether a DDoS can take information off of the server: as others have said the answer is NO.
It is simply a flood of ping requests which overloads the system.

Another way of describing it would be to imagine juggling balls. You might be bale to juggle 3 balls effortlessly but for each additional ball it gets harder and harder. Well a DDoS attack is like throwing more and more balls for the server to juggle and eventually when it can't keep up anymore all of the balls are dropped and the system has to restart from scratch.

hoofit · September 2015

Every connection on the net has someone (normally automated) trying to gain access to it just check your own routers firewall and you'll see lots of things, port scans ect. I bet cryptics firewall is pretty busy most days stopping stuff and has been for a while which should be of some comfort to you.
Nothing on the net is ever 100% secure no matter who it is that is storing it.
Your own computer is probably more at risk as most don't change there routers default admin and passphrase making it very easy for attackers to get on your network and then esculate things.............. I reccomend a look at your own firewall logs, do remember that firewalls often have Faulse alerts in there logs and not all will be malicious

d4rthd00fus · September 2015

The unfortunate thing about the DDoS attacks is that real cyber criminal gangs are quite patient and opportunistic and can run several sweeps against a system prior to launching an actual attack while looking for potential attack vectors. If an opportunity arises such as the recent DDoS attacks, they may use that as cover for an intrusion into the system. I'm not saying that happened, but if the criminals have any reason to believe there are payment databases housed on those systems they are already targeted and are just waiting for an opportunity to strike. I do hope that Cryptic has good protections on those systems and payment processing done somewhere else entirely with very strong encryption on their databases.

dufisto · September 2015

neoxyphus said:

PWI/Cryptic in their ultimate wisdom chose to forego things like:

- Geo load balancing
- Anycasting (e.g. same IP, but announced through BGP at different parts of the world, effectively distributing the load rendering DDOS which is used to attack CENTRALIZED resources much less effective)
- Hybrid mitigation methods which uses combination of the above based on dynamic thresholds...One way is to punt by signature/traffic patterns to an extranet so that the bots continue to attack dummy services while legitimate traffic continues to flow through

i'll fault cryptic for alot of things. but geoloadbalancing doesnt work well with instanced games, it works well with sharded games.
they might be using anycast, the account server getting overload wont be prevented from anycast. limited server resources will always be an issue.

there are several other mitigations that could be put in. like signature checking ids/ips. and they'll stop most bot attacks, depending on how well attack was planned.

darkdrayken · September 2015

omghelp said:
hi, i just started playing and i was wondering what is the nature of these cyber attacks? is someone trying to get our account and payment info?

DDOSing isn't going to cause a security breach. The only thing it does is overflow the servers so that they crash and people are unable to log in. Think of it as a clogged drain.

ultimateblu · September 2015

ok i hope so. i dont want to lose all my personal info just because i spent 10 dollars on astral diamonds lol. incidentally, the launcher no longer works. i wonder if they are making security updates?

dirtimus78 · September 2015

Yeah, I just made my first purchase yesterday...

flambridge · September 2015

DDoS want down server only.
It isn't a security atk...

carrytiex · September 2015

As has been said, in this case I wouldn't worry about account information. However I wouldn't trust that Cryptic would actually tell us if our details are vulnerable. I've heard of more reputable companies storing passwords as plain text in the past...

cyber attacks - our account info secure?

Comments