League of Legends and Battlefield 4 attackers were using rare DDoS method

DERP trolling group using virtually unheard of NTP attack to grind popular online games to a halt.

The recent wave of distributed denial-of-service (DDoS) attacks that took out EA's Origin service, Blizzard's Battle.net, and League of Legends, amongst others, was using a virtually unheard of method to amplify the amount of data being sent in order to grind many popular online games to a halt.

The group, calling itself DERP and its tools the "Gaben Laser Beam," is said to have used the Network Time Protocol (NTP) to carry out its attacks, Arstechnica explains. NTP is used to synchronise computers and other devices to the correct local time, and the group managed to inflate the effectiveness of its DDoS attacks by sending out a barrage of requests to these servers while pretending to be one of these gaming services (such as League of Legends), with the NTP.

It's an effective tactic because the DDoS attacker gets more than a 5800% return on their investment: sending the fake request uses up eight bytes of data for the attacker, but the reply from the NTP server weighs in at 468 bytes of strain for the victim's server.

"Prior to December [2013], an NTP attack was almost unheard of because if there was one it wasn't worth talking about," said Shawn Marck, CEO of DoS-mitigation service Black Lotus.

"It was so tiny it never showed up in the major reports. What we're witnessing is a shift in methodology," Marck added. More information about the NTP attacks, and other forms of DDoS amplification, can be found in the full Arstechnica article.

Meanwhile, Motty Alon, director of security services at data center application and security company Radware, said to GameSpot that he believes DERP must have some kind of incentive other than causing trouble. "As this attack campaign evolved," said Alon, "I’ve changed my opinion several times as to what’s really going on here. In the beginning, I believed that this was just a kid just taking revenge on society. Then, as we entered the second and third days of the campaign, I had a different take."

"Taking into consideration the damage that DERP is creating and the length of these attacks, this person (or group) is spending quite a lot of time to keep up with these attacks, and regardless of the hurdles, must they have a hidden incentive."

When asked if online games could expect to see more DDoS attacks from disgruntled individuals and groups in the future, Alon said that these kinds of online attacks have only become more common over the past few years.

"Since the beginning of 2010, we saw an increased trend of DDoS attacks happening to the extent that they are now about 30 percent of all cyber attacks," he said. "We see this trend growing, and we believe that this trend will continue as DDoS attacks very easily become a tool used by protestors."

At time of writing, DERP's last message on Twitter was posted on January 7 and read "goodbye for now."

Written By

Hi! I'm Martin, for some reason or another I have managed to convince the people who run GameSpot that I am actually wor

Want the latest news about League of Legends?

League of Legends

League of Legends

Follow

Discussion

52 comments
Hollowdimension
Hollowdimension

I think it was the Chinese. Probably still pissed off they were included in Battlefield 4 for some reason.

LightEffect
LightEffect

I thought it was funny following them on twitter and seeing who gets taken down today. 

WR_Platinum
WR_Platinum

Everyone seems so bitter about the hackers when they should be bitter towards companies like EA who fail to provide efficient security to tackle these attacks.

billlabowski
billlabowski

It's funny because as this asshole was DDoS'ing our BF4 servers (private) we have logs of our members' ip addresses. So when he targetted ours it was easy to spot these morons and send his private protocols to Dice to take to the authorities. These idiots think they're being cute but they're not. Didn't hurt us any.

Unfallen_Satan
Unfallen_Satan

Smart. I hope cyber security evolves as a result.

RELeon
RELeon

They have no hidden motive. They just want attention. And bigger epeens.

PlatinumPaladin
PlatinumPaladin

I'm not the most programming savvy so forgive me for asking, but was the result of this simply limiting or halting gamers' usage of those games' online multi-player modes?

ggregd
ggregd

Haven't they caught these people and sent them to Federal-pound-me-in-the-ass-prison yet?

x_hunter00
x_hunter00

If there is one thing that unites us SONY, XBOX, Nintendo fanboys. It is that we all despise hackers!

pidow
pidow

People who attack sites only hurt the people who want to play on these sites, I personally do not get the point of attacking sites and limiting or denies others the ability to do what they like to do, proves a point.  Why not take that ability and improve things rather than deny other's.

Thanatos2k
Thanatos2k

As a programmer myself, this is pretty genius.


Also lol at the "Gaben Laser Beam:

chechak7
chechak7

why cheating play for fun ...they never understand ...why hack ...if u simply can't play some game ..go to other one  

Hurvl
Hurvl

Oh, well, good for them. They used a rare way to be like every other scumbag hacker that ruins a product that other people are trying to use.

thisBlueDude
thisBlueDude

I feel like GS gets DDoS'd all the time.

kerrman
kerrman

This is why I hate people.

Warlord_Irochi
Warlord_Irochi

"DERP trolling", and they just follow a trend...


Not only they are sooooo useful to society, they are also sooooo original.

MAGIC-KINECT
MAGIC-KINECT

PC master race....victims. I can't believe my eyes. I thought they lived in a perfect world....

noandno
noandno

What kind of name is DERP?

JastGG
JastGG

@WR_Platinum It's pretty hard to block DDOSing. They overload the server and crash it due to too many networks pinging it and they take it down. It's the same as when a server goes down from too many people being on it and it can't take the load.

Anigmar
Anigmar

@WR_PlatinumLet's see if I can explain it to you. You buy a car and during the night someone breaks one window. Are you gonna blame the car company or the piece of trash who broke it?

gladin09
gladin09

@billlabowski Well one of these guys did manage to get their personal information posted online by another hacker so he failed prity hard.

Gen007
Gen007

@PlatinumPaladin DDOS basically crashes the servers or at least bogs them down and degrades the service. So yes people either had problems playing or could not play at all.  Its actually pretty damaging for the companies involved. Just imagine how much money a game like say lol losses just for being offline even if its only for a few hours. 

spikepigeo
spikepigeo

@Thanatos2k Always great when journalists trying to be professional have to put things like LULZ, DERP and Gaben Laser Beam in their articles.

Fiendvinny
Fiendvinny

I laughed and through this whole article the names are too good.

Earthbound_X
Earthbound_X

@chechak7 I think you are misundertanding the term hacker in relation to this problem.

They aren't even playing these games.

randomkidlol
randomkidlol

@MAGIC-KINECT PSN or XBL goes down, all multiplayer connectivity is gimped.


PC on the other hand has multiple servers and multiple services providing servers, not to mention the number of private servers available for some games.


ie. DDoS all of steam, no problem. ill just play on bnet servers. take that down too? gamespy.

A_Rabid_Dog
A_Rabid_Dog

@MAGIC-KINECT Oh stop. I can name multiple occassions where Sony, Microsoft, and even Nintendo servers have been DDoS'ed. 

Riddick123
Riddick123

@noandno Because they aren't affecting the companies they're pissed at...just the gamers.  Unless that was their intent was to make gamers mad.

WR_Platinum
WR_Platinum

@JastGG I am aware of that, but it still does not mean that nothing should be done. If nothing is done at all, then this will continue with no end. I believe a solution can be developed.

WR_Platinum
WR_Platinum

@Anigmar thats a bad example. You are comparing a product you own physically (a car) to a service that you don't own physically (online mp). You are responsible for your vehicle, Not the car company. The publisher is responsible for security for all its user base. 


Have you heard of the attack hackers made at Target stealing over 40 million accounts credit card information? That is similar to apply to these attacks on these games. 


Nice try to be all defensive. Believe it or not, as much as it sucks for everyone that these attacks occur, its for the better of cyber security and for us all.

sniperwol_basic
sniperwol_basic

@Thanatos2k @x_hunter00 Well bro same here. I will give him thumb up for F*****kng EA. Good job hackers

WR_Platinum
WR_Platinum

@JastGG I am more than fully aware of that which is why I stated it is for the good of cyber security.

noladem504
noladem504

@WR_Platinum@JastGG

Are you at all familiar with DDoS? Of course measures will be put in place that will prevent this same attack from happening again...its called an update. But that is why new attacks are invented and implemented. It is the nature of technological evolution. 

noladem504
noladem504

@WR_Platinum@Anigmar

the Target situation is very different. This was a DDoS attack using NTP. As stated in the article it is rarely even used and there is very little to nothing you can do to prevent it. 

Earthbound_X
Earthbound_X

@Thanatos2k@Earthbound_X@x_hunter00 Oh grow up.


Why the hell am I reading comments on GS again anyway? It's just like IGN's comment section now.


DrizztDark
DrizztDark

Your a weird one in life aren't you? Bet you get fucked with all the time