Overwatch Servers Back Up After DDoS Attack

[HardOCP News]

It looks as though the kiddies were at it again. For the second time this month, a DDoS attack was launched against Battle.net's servers making it impossible to play Overwatch this morning. Blizzard responded swiftly and, as of 11am, all was right in the world again.

The DDoS attack was reported earlier this morning as the attackers have targeted Blizzard’s network providers, which as a result is affecting latency and connections to all of its games. That means if you’re looking to play any of its games, like Overwatch, Heroes of the Storm, World of Warcraft, or anything else that runs on Blizzard’s servers, you could be in for a bad time today.

 

[Twisted Kidney]

So if you get caught cheating and get banned you openly DDOS the people who caught you cheating and banned you.

Within the year this will be in court and some very sad teenagers and young 20 somethings are going to feel right stupid.

The internet is a real thing and the things you do have real consequences.

 

[SGTGimpy]

So if you get caught cheating and get banned you openly DDOS the people who caught you cheating and banned you.

Within the year this will be in court and some very sad teenagers and young 20 somethings are going to feel right stupid.

The internet is a real thing and the things you do have real consequences.

Beat me to it.

 

[Wildace]

There is a cam girl site, thats been getting DDOS attacked for 2 weeks, and is currently being attacked right now... or so i've been told

 

[Shmee]

There is a cam girl site, thats been getting DDOS attacked for 2 weeks, and is currently being attacked right now... or so i've been told

Didn't get what you paid for eh?

 

[Wildace]

Didn't get what you paid for eh?

lol

 

[nysmo]

You know I always wondered how accurate the stereotypes of script kiddies were until I saw some sort of public feud streamed live between the leaders of Lizardsquad and some other group. Absolutely every single thing we assume about them is spot on. We're talking 100% 20 year old virgins, geeky voices (even though I think they were masked, you could still tell by their vocal inflections), terribly cliched attempts to insult each other. These guys are literally just an embarrassment on earth, and I'm not saying that out of rage. I mean honestly I was just like "really guys? you really fit the prototype for complete life loser this hard?" I mean, I wanted to expect more. I was hoping there would at least be a little "hackers" persona or something to them. But nope, just the guy you expect to be made fun of all his life, but not because there's nothing he couldnt do to change himself, but because he really is that big of a loser.

 

[DrLobotomy]

My vote goes to mad TF2 players who want all the overwatch players to come back to TF2.

 

[krotch]

You know I always wondered how accurate the stereotypes of script kiddies were until I saw some sort of public feud streamed live between the leaders of Lizardsquad and some other group. Absolutely every single thing we assume about them is spot on. We're talking 100% 20 year old virgins, geeky voices (even though I think they were masked, you could still tell by their vocal inflections), terribly cliched attempts to insult each other. These guys are literally just an embarrassment on earth, and I'm not saying that out of rage. I mean honestly I was just like "really guys? you really fit the prototype for complete life loser this hard?" I mean, I wanted to expect more. I was hoping there would at least be a little "hackers" persona or something to them. But nope, just the guy you expect to be made fun of all his life, but not because there's nothing he couldnt do to change himself, but because he really is that big of a loser.

No, they just run scripts built by someone who actually knows. If they were real hackers, they would be working at some company making a lot of money and not having time to waste other ppl's time.

 

[nysmo]

No, they just run scripts built by someone who actually knows. If they were real hackers, they would be working at some company making a lot of money and not having time to waste other ppl's time.

Oh I know they didnt code a damn thing or are even responsible for the infections of the zombie PC's they control, that they're just renting out botnets from their mom's allowance money. I was just surprised to see them literally exhibiting the attitudes and mentality of children. I thought maybe they'd have some ulterior motive or at least something important to them to brag about, but nope. Just a bunch of cretins who cant get a girlfriend and live at home. The term "kiddie" fits so perfectly.

 

[krotch]

Oh I know they didnt code a damn thing or are even responsible for the infections of the zombie PC's they control, that they're just renting out botnets from their mom's allowance money. I was just surprised to see them literally exhibiting the attitudes and mentality of children. I thought maybe they'd have some ulterior motive or at least something important to them to brag about, but nope. Just a bunch of cretins who cant get a girlfriend and live at home. The term "kiddie" fits so perfectly.

I think the only thing that is important to them for this is "my group brought down X site". They just happened to pick the largest thing they can attack, so it gets more publicity. If they pick something small, no one is going to know about it.

The method of attack doesn't matter to them, cause well, they don't know how to actually do anything outside of renting a botnet to DDOS a site. Real hackers on the other hand figure out ways to get in, get data, and then sell data off.

 

[Farkle]

I don't understand how a company such as Blizzard, or any of their hosting providers involved can be so bad given their budget. Battle.net should be able to laugh at these little attacks that still manage to cripple them. There should already be methodology in place to prevent an outage of that type from ever happening.

Network engineers seem to not be doing their job. From obfuscating network hops (makes tracking an attack more difficult, even if the attack isn't forged path addressing), to changing TTL to break standards -- people are going to exploit those networks they're creating, and denial of service is not going to go away until people that know what the hell they're doing actually care enough to fix it. Distributed denial of service is low hanging fruit and very much kiddie tactics, it is much easier to exceed the functional pps of a router at whatever octet the architecture/software is weak at processing from a single source you never touch again after the attack. Throwing a 10gbit link in front of something is "good enough" for the majority of the world, and if it exceeds that just go ahead and cry to the uplink and get the traffic null routed... that type of mentality, is never going to fix the problem, but it will continue to earn money off of suckers who think it is the only way.

Even vendors are part of the problem; Cisco, Juniper, Brocade, HP and Arista continue to supply solutions that are only "just enough". Newer 16nm ASIC are impressive, but they still aren't addressing real world problems in the box, because it isn't profitable enough, and it seems like these companies very much exist in a vacuum of perfect network conditions whenever they release a new product.

We could have all of these problems solved inside of a few months, if we actually cared enough and created standards to address the issue. NIST, OFSI, FFIEC, all of the big boys are out there dealing with this have different approaches, due to different concerns. When broadcast floods were a major issue, ingress filtering and shutting down broadcast addresses became standardized. That is the push we need again, but on a much wider scale.

No, they just run scripts built by someone who actually knows. If they were real hackers, they would be working at some company making a lot of money and not having time to waste other ppl's time.

That's not how the world works. Just because you have skill, doesn't mean you can apply it with methodology that earns income. The majority of my peers I've ran into in that world have social issues precluding them from ever being able to market any such skill, and they end up working technical support or some other dead-end job. No one wants to touch them, because just being around them you can feel something is not right, or their egotism gets in the way and you realize they're a risky hire due to how they handle a hypothetical scenario during the interview process.

The method of attack doesn't matter to them, cause well, they don't know how to actually do anything outside of renting a botnet to DDOS a site. Real hackers on the other hand figure out ways to get in, get data, and then sell data off.

Only very few do; "Real hackers" as you describe, take on more risk and usually end up getting caught due to how a person functions and grows complacent in their ways. In a situation as described, it is common to end up feeling untouchable and eventually make a mistake with someone running a paranoid syslog configuration that is offsite, or you think it is so easy you don't realize what you just compromised is a honeypot. While it is a myth about the "perp returning to the scene of a crime" and "one more job" applying to getting caught, it is very much reality that we all get lazy if we do something enough.

You know I always wondered how accurate the stereotypes of script kiddies were until I saw some sort of public feud streamed live between the leaders of Lizardsquad and some other group. Absolutely every single thing we assume about them is spot on. We're talking 100% 20 year old virgins, geeky voices (even though I think they were masked, you could still tell by their vocal inflections), terribly cliched attempts to insult each other. These guys are literally just an embarrassment on earth, and I'm not saying that out of rage. I mean honestly I was just like "really guys? you really fit the prototype for complete life loser this hard?" I mean, I wanted to expect more. I was hoping there would at least be a little "hackers" persona or something to them. But nope, just the guy you expect to be made fun of all his life, but not because there's nothing he couldnt do to change himself, but because he really is that big of a loser.

Lizardsquad, LulzSec, all of these public facing groups aren't even a threat, but they are helping the rest of the world perceive every hacker as "some script kiddie", and that is doing many favors to those behind the curtain. It reminds me of all of those Satan oriented films that say the best trick ever pulled was convincing people that he didn't exist -- that is exactly what is happening with real hacking groups, and independents.

 

[krotch]

I
That's not how the world works. Just because you have skill, doesn't mean you can apply it with methodology that earns income. The majority of my peers I've ran into in that world have social issues precluding them from ever being able to market any such skill, and they end up working technical support or some other dead-end job. No one wants to touch them, because just being around them you can feel something is not right, or their egotism gets in the way and you realize they're a risky hire due to how they handle a hypothetical scenario during the interview process.

I don't see how them having social issues somehow puts them into technical support or something that's customer facing. Although, bad customer support in those fields isn't exactly unheard of either. I think they just haven't figured out how to leverage their skills into a job where they aren't customer facing. But I don't know, I have no idea what kind of skills are needed to be competent hacker.

Only very few do; "Real hackers" as you describe, take on more risk and usually end up getting caught due to how a person functions and grows complacent in their ways. In a situation as described, it is common to end up feeling untouchable and eventually make a mistake with someone running a paranoid syslog configuration that is offsite, or you think it is so easy you don't realize what you just compromised is a honeypot. While it is a myth about the "perp returning to the scene of a crime" and "one more job" applying to getting caught, it is very much reality that we all get lazy if we do something enough.

Well there's all kinds of hackers out there, why we label them with the whole "hat" label. But ya, when you become complacent, that's when you'll probably get caught.

Lizardsquad, LulzSec, all of these public facing groups aren't even a threat, but they are helping the rest of the world perceive every hacker as "some script kiddie", and that is doing many favors to those behind the curtain. It reminds me of all of those Satan oriented films that say the best trick ever pulled was convincing people that he didn't exist -- that is exactly what is happening with real hacking groups, and independents.

I don't think it makes people perceive hackers as all being "script kiddies". Most don't even know much about them, except that they took down something they wanted to work with (XBL, PSN, Battle.net, etc). Most probably think hacking is like what people do in movies and tv shows.

 

[Armenius]

I don't understand how a company such as Blizzard, or any of their hosting providers involved can be so bad given their budget. Battle.net should be able to laugh at these little attacks that still manage to cripple them. There should already be methodology in place to prevent an outage of that type from ever happening.

Network engineers seem to not be doing their job. From obfuscating network hops (makes tracking an attack more difficult, even if the attack isn't forged path addressing), to changing TTL to break standards -- people are going to exploit those networks they're creating, and denial of service is not going to go away until people that know what the hell they're doing actually care enough to fix it. Distributed denial of service is low hanging fruit and very much kiddie tactics, it is much easier to exceed the functional pps of a router at whatever octet the architecture/software is weak at processing from a single source you never touch again after the attack. Throwing a 10gbit link in front of something is "good enough" for the majority of the world, and if it exceeds that just go ahead and cry to the uplink and get the traffic null routed... that type of mentality, is never going to fix the problem, but it will continue to earn money off of suckers who think it is the only way.

Even vendors are part of the problem; Cisco, Juniper, Brocade, HP and Arista continue to supply solutions that are only "just enough". Newer 16nm ASIC are impressive, but they still aren't addressing real world problems in the box, because it isn't profitable enough, and it seems like these companies very much exist in a vacuum of perfect network conditions whenever they release a new product.

We could have all of these problems solved inside of a few months, if we actually cared enough and created standards to address the issue. NIST, OFSI, FFIEC, all of the big boys are out there dealing with this have different approaches, due to different concerns. When broadcast floods were a major issue, ingress filtering and shutting down broadcast addresses became standardized. That is the push we need again, but on a much wider scale.



That's not how the world works. Just because you have skill, doesn't mean you can apply it with methodology that earns income. The majority of my peers I've ran into in that world have social issues precluding them from ever being able to market any such skill, and they end up working technical support or some other dead-end job. No one wants to touch them, because just being around them you can feel something is not right, or their egotism gets in the way and you realize they're a risky hire due to how they handle a hypothetical scenario during the interview process.



Only very few do; "Real hackers" as you describe, take on more risk and usually end up getting caught due to how a person functions and grows complacent in their ways. In a situation as described, it is common to end up feeling untouchable and eventually make a mistake with someone running a paranoid syslog configuration that is offsite, or you think it is so easy you don't realize what you just compromised is a honeypot. While it is a myth about the "perp returning to the scene of a crime" and "one more job" applying to getting caught, it is very much reality that we all get lazy if we do something enough.



Lizardsquad, LulzSec, all of these public facing groups aren't even a threat, but they are helping the rest of the world perceive every hacker as "some script kiddie", and that is doing many favors to those behind the curtain. It reminds me of all of those Satan oriented films that say the best trick ever pulled was convincing people that he didn't exist -- that is exactly what is happening with real hacking groups, and independents.

Well I think it says something that the likes of Blizzard and Steam are able to deal with these attacks in a matter of hours or even less, while bigger companies like Sony and Microsoft will have their services taken down for weeks at a time. I think the last time I saw Steam down due to an attack it was back up in 15 minutes.

 

[groebuck]

The difference being the people who hacked Sony and ddos MS are much larger....still - it is the same principle.