A new type of DDoS ( Distributed Denial of Service) attack has taken down several servers last weekend. Popular games servers for Steam, Origin, Battle.net, and League of Legends were victim of the attack
The new type of DDoS abuses the Network Time Protocol (NTP), which keeps computers’ clocks synced up to Coordinated Universal Time, is proving more difficult to thwart. For getting down a server like ‘League of Legends’ the hacker tricked NTP servers thinking they have been queried by the LoL server.
( DDOS, short for Distributed Denial of Service, is a type of DOS attack where multiple compromised systems — which are usually infected with a Trojan — are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack. )
These NTP respond to a legitimate traffic/query/message the “League of Legends” server, overloading it with as many as 100 gigabits per second (Gbps). That’s large even for a DDoS attack.
“A hacker group going by the handle DERP claimed responsibility for the Origin attack on Twitter, saying it used a “Ion Cannon” DDoS tool it’s calling the “Gaben Laser Beam,” after Valve founder Gabe Newell. DERP claimed responsibility for similar attacks on Battle.net, League of Legends, World of Tanks, EA.com, and more earlier this week. Meanwhile, a pair of Twitter users areclaiming responsibility for last night’s attack on Steam.”
“These people generate revenue using game servers, so when they’re attacked, it creates dramatic financial loss for them,” Matt Mahvi, CEO of DDoS protection company Staminus, told Ars Technica.
Staminus told Ars Technica that many of its customers have been targeted by NTP-style DDoS attacks in the past few weeks, including several popular “Minecraft” servers.
“It’s the first time I’ve ever seen volumetric NTP at noteworthy levels,” says Shawn Marck, CEO at Black Lotus, which provides DDoS mitigation services, adding his impression is that the DerpTrolling group, which took credit for the attack, is doing this mainly for the kicks they get in disrupting online games like War of Wizard and Steam.