Game Over: Battlefield 3 DDoS attack


A couple of years ago, a 17 year old was arrested for his part in a denial of service attack against gamers playing the online multiplayer version of Call of Duty: Black Ops. The teenager was accused of selling cheat software called 'Phenom Booter' which prevented others from playing (it's a shell booter) while at the same time enabling the player to boost their scores. As someone who is a bit of a Black Ops obsessive (currently fast approaching 9th Prestige level on Black Ops 2) any kind of cheating really gets my goat. But one that involves preventing me, and others, from playing at all really is at the top of the lame behaviour pile. Which is why I was disappointed to see that Battlefield 3 was taken offline by a DDoS attack earlier this week.

686769632c0359434ae750190e515bbb On the afternoon of 8th May, a game spokesperson revealed that "the current Battlefield 3 outages are a result of activity that appears to be aimed at overwhelming our back-end infrastructure. We are working on a variety of solutions to address this problem and are focused on resolution as quickly as possible... We are incredibly disappointed by these activities and the impact they are having on all of our ability to enjoy BF3, thank you for your patience as we work to resolve these issues."

Six hours later, the same person admitted "despite our security measures, we have been working around the clock to mitigate the impact of an ongoing denial-of-service attack on our Battlefield 3 game infrastructure over the last several days. While the motives are unclear, the focus of the attack has been interference with network communications preventing access to multiplayer gameplay." The attacks continued over a number of days, and the attempts to mitigate these by the game developers involved patches and restarts that effectively booted players out of games while they were implemented.

Ashley Stephenson, CEO of Corero Network Security, says that the Battlefield 3 DDoS attack "conforms with what our clients in the gaming industry have experienced, persistent and over several days. In this case it has impacted Battlefield 3’s back-end servers and prevented players from accessing multiplayer features in the game. So far it appears, according to EA that the attack was aimed at knocking the multiplayer servers offline and not as a diversion to pilfer data. The attack, however, has dealt a blow to EA, forcing it to cancel their planned “double XP weekend”. Whether it was timed to coincide with this event is unclear, and neither according to EA are the motives, but we have seen an uptick in what appears to be competitors trying to disrupt their competition as well as attackers carrying out attacks just for fun, or lulz."

But there is another explanation as to why games sites might be getting hit by the DDoS'ers, and that's simply botnet testing before rolling out financially lucrative attacks against the banks and other commercial organisations. In March, I was told by security researchers that the Brobot botnet was being used to attack online RPGs rather than the more usual banking targets. There's no evidence to connect the Battlefield 3 attack with these earlier gaming attacks, but there is some evidence that they were hit by the same Brobot botnet being used by the
Izz ad-Din al-Qassam Cyber Fighter hacktivist group, not least as the same newly developed attack tools were used against the game sites as used against banking targets such as Morgan Chase and Capital One.

Octet commented: A very informative, and interesting post! +4
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

jwenting 1,649 duckman Team Colleague

other online communities are also experiencing an increased level of griefing and other attacks.
I'm active in second life, and there we've seen an alarming increase in griefer activity, with the clear intent to deny users and content owners access to selected parts of the infrastructure.

General idea is that these are random vandalism, but there's ever more indication they're directed attacks by people intent on either hurting the community as a whole or people having to gain from certain people leaving the community or at least abandoning their property (which would then be up for grabs by others, mostly the attacks are focussed on high value land which could bring certain people a lot of money if they could gain it cheap and resell it for its actual value, more than one user has seen himself the target of denial of service attacks after refusing offers to buy their property at ridiculously low compensation).

bguild 163 Posting Whiz

Nothing on the internet should ever be trusted totally. Just as operating systems should be designed with the assumption that each piece of software may be the enemy, games should be designed with the assumption that each player may be the enemy. The most important element of ensuring players have good experiences with your game is protecting them from other players.

Lp_baez 0 Light Poster

I agree, with bguild. I wonder if that is what Microsoft was talking about when they said that the players' activity will separate them from those who have a different activity pattern. Monitoring players every move and activity when entering the game should now standard in the gamming community.

mrgreen 0 Newbie Poster

DDos attacks have been happening on most online games (FPSs like Halo,COD,etc mainly) since around 2007. It has just evolved from then. Nowadays anybody can download a program like tsbooter and use it for $10/month to attack other players online. I wish there were better security measures against DDoS, botnets, etc.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.