Ubisoft sues DDoS for hire operators for ruining game play
Mega-big online gaming company Ubisoft, maker of mega-hit games including Assassin’s Creed, Far Cry, Just Dance and Tom Clancy’s RainbowSix: Siege (R6S), is suing four operators of the DDoS-for-hire sites that have been launched against its RainbowSix servers.
These guys aren’t just launching attacks that kick all players on a targeted server out of a game, or degrade the game performance down to sludge, Ubisoft alleges. They also allegedly went so far as to throw up a bogus domain seizure notice on one of their sites, claiming that the domain had been seized by “Microsoft Inc. and Ubisoft Entertainment” pursuant to a fictional “Operation(D)DoS OFF”, according to the complaint (posted courtesy of Polygon) that Ubisoft filed on Thursday in the US District Court of Northern California.
Ubisoft says it was part of the operators’ attempts to rub out their tracks:
Defendants are well aware of the harm that the DDoS Services and DDoS Attacks cause to Ubisoft. Indeed, knowing that this lawsuit was imminent, Defendants have hastily sought to conceal evidence concerning their involvement.
It’s not just alleged DDoS-for-hire operators who knew this lawsuit was coming. Everybody in the gaming world knew. Ubisoft picked up on an increase in DDoS attacks in September 2019, banned the worst offenders, and said that it was talking to its legal team about legal action.
Last week, Ubisoft filed the complaint against five people whom it thinks run a network of four distributed denial of service- (DDoS)-for-hire services via various domain names and websites – the websites SNG.one, R6S.support, r6ddos.com, and (could they possibly be more redundant?) stressed-stresser-stressing-stressers.com – and that they hide behind various anonymous online aliases to do so.
The defendants: Dennis Kruk (based in Germany), Maximilian Kuehl (Germany), Kelvin Uttih (Nigeria), an individual identified as B.R. (the Netherlands), and an individual identified only by their email address: firstname.lastname@example.org.
Booter who, now?
Stressers – also known as booters or DDoS-for-hire – are publicly available, web-based services that launch server-clogger-upper attacks for a small fee or, sometimes, none at all.
As befits the “stresser this” and “stresser that” brand names for a lot of these services – besides the stresser-stressy-stress-o-matic name mentioned in the complaint, such services have included ExoStresser, QuezStresser, Betabooter, Databooter, Instabooter, Polystress, and Zstress – DDoS-for-hire sites sell high-bandwidth internet attack services, sometimes under the guise of “stress testing.” SNG.ONE does the same: its site describes it as a “penetration testing service.”
DDoS attacks are blunt instruments that work by overwhelming targeted sites with so much traffic that nobody can reach them. They can be used to render competitor or enemy websites temporarily inoperable out of malice, lulz or profit: as in, some attackers extort site owners into paying for attacks to stop.
One example is Lizard Squad, which, until its operators were busted in 2016, rented out its LizardStresser attack service. LizardStresser was given a dose of its own medicine when it was hacked in 2015.
You might remember Lizard Squad as the Grinch who ruined gamers’ Christmas with a DDoS against the servers that power PlayStation and Xbox consoles – an attack it carried out for our own good.
For our own good, as in, the attackers didn’t feel bad: some kids would just have to spend time with their families instead of playing games, one of them said at the time.
These services, in other words, are used a lot in the online gaming world. Booter-based DDoS attack tools offer a low barrier to entry for users looking to engage in cybercrime. Indeed, hiring a service to paralyze your enemies’, your competition’s and/or your targets’ sites makes it as easy as simply handing over the money, no technical skill required… nor much money.