If enough people stop spending money on this game and their oh-so-precious metrics take a serious hit, then they will do something about it. Until pwe/cryptic are properly motivated by poor ROI and declining revenue, they will simply shrug their shoulders and tell everyone, "We can't do anything." Of course you cannot do anything if it is painfully obvious you have no intention of even trying.
I wonder how other game companies keep their servers from suffering such an attack from the same person repeatedly?
I am willing to bet:
a) there is a viable solution which is currently in place and working somewhere.
b) It costs money.
c) pwe/cryptic do not want to spend extra cash on what they view as a 'captive' audience.
d) CBS, the license holders, are not completely aware of how weak the protection of their IP is over here at pwe/cryptic.
I am also willing to bet the second CBS's revenue takes a hit from this, they'll be all over pwe/cryptic like stink on horse droppings about finding this guy and shutting him down.
I'm pretty sure if people can't play the game, there is no revenue.
The problem seems to be that this particular person is very persistent. Almost a whole week now. Large companies get DDOS'd all the time. The BBC was shut down for a few hours just last month.
I'm pretty sure if people can't play the game, there is no revenue.
The problem seems to be that this particular person is very persistent. Almost a whole week now. Large companies get DDOS'd all the time. The BBC was shut down for a few hours just last month.
i remember that. I have the RSS feed for them on my laptop. I also remember it was only for a few hours and they've not been down again since then. Which proves the point I was trying to make. Someone has a solution for this problem somewhere.
A six year old boy and his starship. Living the dream.
Yes, it's that dipshit again. He's bragging about it as we speak. Funny thing is, he PLAYS on an Arc Game, never winter. So Cryptic knows the person and/or has his IP and mac address. If they would just give me that info.....
We'll never know who this person is unless you're either an IT pro and can dig up info on your own, or he's on the news. Sad thing is, no game company will EVER reveal that person's identity even after they are caught; they are too afraid of legal actions. Which I think is kinda sad. I'm more of a "you made your bed now lie in it" type of guy. You create a TRIBBLE storm, now reap the whirlwind TRIBBLE.
0
rattler2Member, Star Trek Online ModeratorPosts: 58,596Community Moderator
i remember that. I have the RSS feed for them on my laptop. I also remember it was only for a few hours and they've not been down again since then. Which proves the point I was trying to make. Someone has a solution for this problem somewhere.
Or the perp was discovered.
Or it was a one time thing.
Or any number of reasons.
Or the perp was discovered.
Or it was a one time thing.
Or any number of reasons.
This.
There's really no form of security that can overcome persistence. Really if anything, this should be an example to PWE/Cryptic to not host all their products on the same servers.
If enough people stop spending money on this game and their oh-so-precious metrics take a serious hit, then they will do something about it. Until pwe/cryptic are properly motivated by poor ROI and declining revenue, they will simply shrug their shoulders and tell everyone, "We can't do anything." Of course you cannot do anything if it is painfully obvious you have no intention of even trying.
I wonder how other game companies keep their servers from suffering such an attack from the same person repeatedly?
I am willing to bet:
a) there is a viable solution which is currently in place and working somewhere.
b) It costs money.
c) pwe/cryptic do not want to spend extra cash on what they view as a 'captive' audience.
d) CBS, the license holders, are not completely aware of how weak the protection of their IP is over here at pwe/cryptic.
I am also willing to bet the second CBS's revenue takes a hit from this, they'll be all over pwe/cryptic like stink on horse droppings about finding this guy and shutting him down.
Go ahead tell that to the guys at Xbox Live and the Playstation network who have been hit with multiple DDOS attacks by the same group of people who were ultimately stopped by a different group of people angry at the ones doing it but not employed by either Microsoft or Sony. Companies MUCH bigger than PWE/Cryptic get hit with DDOS and have no more success stopping it that PWE/Cryptic.
You know, I bet a group of "white hat" hackers could make a tidy sum contracting themselves to companies to "deal" with this stuff...off the record of course.
My question is, why is whoever this is, able to just brag about doing very illegal activities on a site like Twitter without being banned from there? I am sure that must be a major violation of their terms of use. Shutting down a means to brag to the masses would be a huge demotivation for doing things like this. If they don't ban him from using their service, it's practically like they are condoning, aiding and abetting a federal crime!
My question is, why is whoever this is, able to just brag about doing very illegal activities on a site like Twitter without being banned from there? I am sure that must be a major violation of their terms of use. Shutting down a means to brag to the masses would be a huge demotivation for doing things like this. If they don't ban him from using their service, it's practically like they are condoning, aiding and abetting a federal crime!
Unfortunatley i think all that matters to twitter is likes and how many posts you can get in a 30 minutes time span, would like to see this little whelp dealt with finally.
0
rattler2Member, Star Trek Online ModeratorPosts: 58,596Community Moderator
Agreed. But I think its complicated by international stuff.
My question is, why is whoever this is, able to just brag about doing very illegal activities on a site like Twitter without being banned from there? I am sure that must be a major violation of their terms of use. Shutting down a means to brag to the masses would be a huge demotivation for doing things like this. If they don't ban him from using their service, it's practically like they are condoning, aiding and abetting a federal crime!
Unfortunatley i think all that matters to twitter is likes and how many posts you can get in a 30 minutes time span, would like to see this little whelp dealt with finally.
It's also not good for their reputation, to be a place where criminals have impunity to brag and have an audience. They very much should care, and I hope PWE really gets on their case for that with a complaint. Even if PWE can't make Twitter do anything about it, they still need to be given a real earful about allowing this on their community. But maybe PWE already has for all we know, and Twitter is just being a twit about it.
If enough people stop spending money on this game and their oh-so-precious metrics take a serious hit, then they will do something about it. Until pwe/cryptic are properly motivated by poor ROI and declining revenue, they will simply shrug their shoulders and tell everyone, "We can't do anything." Of course you cannot do anything if it is painfully obvious you have no intention of even trying.
I wonder how other game companies keep their servers from suffering such an attack from the same person repeatedly?
I am willing to bet:
a) there is a viable solution which is currently in place and working somewhere.
b) It costs money.
c) pwe/cryptic do not want to spend extra cash on what they view as a 'captive' audience.
d) CBS, the license holders, are not completely aware of how weak the protection of their IP is over here at pwe/cryptic.
I am also willing to bet the second CBS's revenue takes a hit from this, they'll be all over pwe/cryptic like stink on horse droppings about finding this guy and shutting him down.
I hear your frutration, and share it. PWE's attitude in this appears to be annoyingly passive and downright lazy. Especially since they already know full well who the guy is (at least Twitter does, and PWE know his Twitter account).
Someone needs to pick up a phone and call the authorities. If they have time to arrest a 10-year-old boy for living in a 'terrorist house' (had to be 'terraced house', but he misunderstood the teacher; true story), then they sure as heck can get off their lazy arses and pick up a real criminal.
I hear your frutration, and share it. PWE's attitude in this appears to be annoyingly passive and downright lazy. Especially since they already know full well who the guy is (at least Twitter does, and PWE know his Twitter account).
Someone needs to pick up a phone and call the authorities. If they have time to arrest a 10-year-old boy for living in a 'terrorist house' (had to be 'terraced house', but he misunderstood the teacher; true story), then they sure as heck can get off their lazy arses and pick up a real criminal.
With all do respect, I don't think you really understand how difficult something like this really is. Internet crime, especially something as anonymous as DDOS Attacks are very difficult to prosecute. The nature of the attack makes it impossible to determine a source and something like having a Twitter Handle goes nowhere. The best they might get is if they get Twitter to give the IP Addresses associated with that account, but even that is more difficult then it sounds.
Most companies will not just hand over user information without a subpoena, because simply put.. it's 'bad for business.' Even if they did hand it over, another subpoena is required to get the information from the Internet Service Provider in question and even after that, it only works if he happened to update twitter from his home address or didn't use a Proxy service. Even if they do find him, there are a surprising amount of hurdles facing PWE in prosecuting the crime including determining exact financial cost as a result of the attack. The laws unfortunately favor protecting the attacker in cases like these.
I know the assumption is that all that PWE has to do is call Twitter, get the info, take it to the ISP and bam.. it's done, but sadly, that's not how it works. When ISP's get known for handing over information without a fight, they lose customers. When users feel that Twitter will give their info for any reason, they stop using Twitter. Those businesses care more about their own bottom line then they do about the effect that one user is having on a video game server. The sad fact is that this process is a very difficult uphill battle. On top of that, if this guy knows even a little bit about how to not get caught, none of it will probably work anyway. DDOS Attacks are very difficult to prove and even harder to prosecute, hence the reason that they're so popular.
I hear your frutration, and share it. PWE's attitude in this appears to be annoyingly passive and downright lazy. Especially since they already know full well who the guy is (at least Twitter does, and PWE know his Twitter account).
Someone needs to pick up a phone and call the authorities. If they have time to arrest a 10-year-old boy for living in a 'terrorist house' (had to be 'terraced house', but he misunderstood the teacher; true story), then they sure as heck can get off their lazy arses and pick up a real criminal.
With all do respect, I don't think you really understand how difficult something like this really is. Internet crime, especially something as anonymous as DDOS Attacks are very difficult to prosecute. The nature of the attack makes it impossible to determine a source and something like having a Twitter Handle goes nowhere. The best they might get is if they get Twitter to give the IP Addresses associated with that account, but even that is more difficult then it sounds.
Most companies will not just hand over user information without a subpoena, because simply put.. it's 'bad for business.' Even if they did hand it over, another subpoena is required to get the information from the Internet Service Provider in question and even after that, it only works if he happened to update twitter from his home address or didn't use a Proxy service. Even if they do find him, there are a surprising amount of hurdles facing PWE in prosecuting the crime including determining exact financial cost as a result of the attack. The laws unfortunately favor protecting the attacker in cases like these.
I know the assumption is that all that PWE has to do is call Twitter, get the info, take it to the ISP and bam.. it's done, but sadly, that's not how it works. When ISP's get known for handing over information without a fight, they lose customers. When users feel that Twitter will give their info for any reason, they stop using Twitter. Those businesses care more about their own bottom line then they do about the effect that one user is having on a video game server. The sad fact is that this process is a very difficult uphill battle. On top of that, if this guy knows even a little bit about how to not get caught, none of it will probably work anyway. DDOS Attacks are very difficult to prove and even harder to prosecute, hence the reason that they're so popular.
With all due respect, I think you're underestimating how relatively easy this is to prosecute. The guy already admitted to his crimes, in full, and in writing (that alone makes Twitter liable too, btw). With a written confession already in their pockets, the guy wouldn't stand a chance. Go ahead and make a terrorist threat on the Internet, guaranteed you'll be picked up within hours: no subpoenas, no hassle, no alleged impossibility: they will simply do it. I'm not saying PWE could do this alone, but the FBI, or Homeland Security, certainly could. It's just a matter of willingness. The latter seems largely absent.
The bottom line, as you pointed out, is 'determining exact financial cost as a result of the attack.' And then PWE does what it always does, like with bugs: if doing nothing costs less, then that's what they'll do.
I think you're underestimating how relatively easy this is to prosecute. The guy already admitted to his crimes, in full, and in writing (that alone makes Twitter liable too, btw). With a written confession already in their pockets, the guy wouldn't stand a chance. Go ahead and make a terrorist threat on the Internet, guaranteed you'll be picked up within hours: no subpoenas, no hassle, no alleged impossibility: they will simply do it. I'm not saying PWE could do this alone, but the FBI, or Homeland Security, certainly could. It's just a matter of willingness. The latter seems largely absent.
The bottom line, as you pointed out, is 'determining exact financial cost as a result of the attack.' And then PWE does what it always does, like with bugs: if doing nothing costs less, then that's what they'll do.
These things are only true if you can prove who actually wrote it. And to be clear, taking responsibility on Twitter for a DDOS attack is not taken with the same level of severity as something like terrorist threats. You're crossing two very different worlds here, and these cases are not handled the same way.
I'm not an expert, I have had minimal experience in cyber crime cases from a former job but not nearly enough to qualify me as an expert. I have however, seen first hand how much a company has to go through and how long it takes to prove and prosecute something like this. I'll put it this way, if it was as easy as you believe, then why do you believe PWE would ignore it? These attacks threaten to cost them business, they require either paying staff to be onsite or paying for on call support to respond when attacks like this take place. They're all together bad for PWE, I'm curious why you think that PWE would not respond if it was as easy as you believe.
Do you believe that they just don't care? I'm not asking that sarcastically or trying to be snide in any way, I'm just legitimately curious why you believe what you believe.
These things are only true if you can prove who actually wrote it. And to be clear, taking responsibility on Twitter for a DDOS attack is not taken with the same level of severity as something like terrorist threats. You're crossing two very different worlds here, and these cases are not handled the same way.
I know this. My point was, it *can* be done, if they're willing to go after it. To the FBI, or whoever handles this, it's simply not a priority (like a terrorist threat would be).
I'll put it this way, if it was as easy as you believe, then why do you believe PWE would ignore it? These attacks threaten to cost them business, they require either paying staff to be onsite or paying for on call support to respond when attacks like this take place. They're all together bad for PWE, I'm curious why you think that PWE would not respond if it was as easy as you believe.
Do you believe that they just don't care? I'm not asking that sarcastically or trying to be snide in any way, I'm just legitimately curious why you believe what you believe.
Pretty much for the reason you already mentioned: the bottom line: doing nothing costs less. So, yes, I think they care, as long as it doesn't cost them money (or more money to get it resolved than having to deal with upset customers).
At any rate, the rationale of 'We can't do anything, so we're not going to do anything." is the surest route to DDOS-ing ppl with impunity.
Pretty much for the reason you already mentioned: the bottom line: doing nothing costs less. So, yes, I think they care, as long as it doesn't cost them money (or more money to get it resolved than having to deal with upset customers).
Fair enough.
At any rate, the rationale of 'We can't do anything, so we're not going to do anything." is the surest route to DDOS-ing ppl with impunity.
To be clear, I'm not advocating doing nothing or saying that nothing can be done. I'm simply saying that it's not as easy as some people believe. Just because we don't see action, it doesn't mean that no action is being taken.
Pretty much for the reason you already mentioned: the bottom line: doing nothing costs less. So, yes, I think they care, as long as it doesn't cost them money (or more money to get it resolved than having to deal with upset customers).
Fair enough.
At any rate, the rationale of 'We can't do anything, so we're not going to do anything." is the surest route to DDOS-ing ppl with impunity.
To be clear, I'm not advocating doing nothing or saying that nothing can be done. I'm simply saying that it's not as easy as some people believe. Just because we don't see action, it doesn't mean that no action is being taken.
Cryptic sends out free t6 ships, server gets bombarded.
Yessssssss. Now to write a letter to CBS. With the 2017 show coming out, might be time to look at investing in a studio that doesnt TRIBBLE its players around.
0
rattler2Member, Star Trek Online ModeratorPosts: 58,596Community Moderator
Cryptic sends out free t6 ships, server gets bombarded.
Yessssssss. Now to write a letter to CBS. With the 2017 show coming out, might be time to look at investing in a studio that doesnt TRIBBLE its players around.
Comments
I'm pretty sure if people can't play the game, there is no revenue.
The problem seems to be that this particular person is very persistent. Almost a whole week now. Large companies get DDOS'd all the time. The BBC was shut down for a few hours just last month.
Anyone friends with a "goon"?
i remember that. I have the RSS feed for them on my laptop. I also remember it was only for a few hours and they've not been down again since then. Which proves the point I was trying to make. Someone has a solution for this problem somewhere.
We'll never know who this person is unless you're either an IT pro and can dig up info on your own, or he's on the news. Sad thing is, no game company will EVER reveal that person's identity even after they are caught; they are too afraid of legal actions. Which I think is kinda sad. I'm more of a "you made your bed now lie in it" type of guy. You create a TRIBBLE storm, now reap the whirlwind TRIBBLE.
Or the perp was discovered.
Or it was a one time thing.
Or any number of reasons.
This.
There's really no form of security that can overcome persistence. Really if anything, this should be an example to PWE/Cryptic to not host all their products on the same servers.
You know, I bet a group of "white hat" hackers could make a tidy sum contracting themselves to companies to "deal" with this stuff...off the record of course.
You have google. Prove it. Here, I'll even give you a link to start off with:
https://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
Edit: hmm...it stopped...
Unfortunatley i think all that matters to twitter is likes and how many posts you can get in a 30 minutes time span, would like to see this little whelp dealt with finally.
It's also not good for their reputation, to be a place where criminals have impunity to brag and have an audience. They very much should care, and I hope PWE really gets on their case for that with a complaint. Even if PWE can't make Twitter do anything about it, they still need to be given a real earful about allowing this on their community. But maybe PWE already has for all we know, and Twitter is just being a twit about it.
I hear your frutration, and share it. PWE's attitude in this appears to be annoyingly passive and downright lazy. Especially since they already know full well who the guy is (at least Twitter does, and PWE know his Twitter account).
Someone needs to pick up a phone and call the authorities. If they have time to arrest a 10-year-old boy for living in a 'terrorist house' (had to be 'terraced house', but he misunderstood the teacher; true story), then they sure as heck can get off their lazy arses and pick up a real criminal.
With all do respect, I don't think you really understand how difficult something like this really is. Internet crime, especially something as anonymous as DDOS Attacks are very difficult to prosecute. The nature of the attack makes it impossible to determine a source and something like having a Twitter Handle goes nowhere. The best they might get is if they get Twitter to give the IP Addresses associated with that account, but even that is more difficult then it sounds.
Most companies will not just hand over user information without a subpoena, because simply put.. it's 'bad for business.' Even if they did hand it over, another subpoena is required to get the information from the Internet Service Provider in question and even after that, it only works if he happened to update twitter from his home address or didn't use a Proxy service. Even if they do find him, there are a surprising amount of hurdles facing PWE in prosecuting the crime including determining exact financial cost as a result of the attack. The laws unfortunately favor protecting the attacker in cases like these.
I know the assumption is that all that PWE has to do is call Twitter, get the info, take it to the ISP and bam.. it's done, but sadly, that's not how it works. When ISP's get known for handing over information without a fight, they lose customers. When users feel that Twitter will give their info for any reason, they stop using Twitter. Those businesses care more about their own bottom line then they do about the effect that one user is having on a video game server. The sad fact is that this process is a very difficult uphill battle. On top of that, if this guy knows even a little bit about how to not get caught, none of it will probably work anyway. DDOS Attacks are very difficult to prove and even harder to prosecute, hence the reason that they're so popular.
With all due respect, I think you're underestimating how relatively easy this is to prosecute. The guy already admitted to his crimes, in full, and in writing (that alone makes Twitter liable too, btw). With a written confession already in their pockets, the guy wouldn't stand a chance. Go ahead and make a terrorist threat on the Internet, guaranteed you'll be picked up within hours: no subpoenas, no hassle, no alleged impossibility: they will simply do it. I'm not saying PWE could do this alone, but the FBI, or Homeland Security, certainly could. It's just a matter of willingness. The latter seems largely absent.
The bottom line, as you pointed out, is 'determining exact financial cost as a result of the attack.' And then PWE does what it always does, like with bugs: if doing nothing costs less, then that's what they'll do.
These things are only true if you can prove who actually wrote it. And to be clear, taking responsibility on Twitter for a DDOS attack is not taken with the same level of severity as something like terrorist threats. You're crossing two very different worlds here, and these cases are not handled the same way.
I'm not an expert, I have had minimal experience in cyber crime cases from a former job but not nearly enough to qualify me as an expert. I have however, seen first hand how much a company has to go through and how long it takes to prove and prosecute something like this. I'll put it this way, if it was as easy as you believe, then why do you believe PWE would ignore it? These attacks threaten to cost them business, they require either paying staff to be onsite or paying for on call support to respond when attacks like this take place. They're all together bad for PWE, I'm curious why you think that PWE would not respond if it was as easy as you believe.
Do you believe that they just don't care? I'm not asking that sarcastically or trying to be snide in any way, I'm just legitimately curious why you believe what you believe.
I know this. My point was, it *can* be done, if they're willing to go after it. To the FBI, or whoever handles this, it's simply not a priority (like a terrorist threat would be).
Pretty much for the reason you already mentioned: the bottom line: doing nothing costs less. So, yes, I think they care, as long as it doesn't cost them money (or more money to get it resolved than having to deal with upset customers).
At any rate, the rationale of 'We can't do anything, so we're not going to do anything." is the surest route to DDOS-ing ppl with impunity.
Fair enough.
To be clear, I'm not advocating doing nothing or saying that nothing can be done. I'm simply saying that it's not as easy as some people believe. Just because we don't see action, it doesn't mean that no action is being taken.
Thank you for your clarification.
Agreed completely.
Fair enough.
Cryptic sends out free t6 ships, server gets bombarded.
Yessssssss. Now to write a letter to CBS. With the 2017 show coming out, might be time to look at investing in a studio that doesnt TRIBBLE its players around.
Dude... it was a coincidence.