PvP.net hacked; League of Legends Unsafe
At this time I am reporting that League of Legends’ PvP.net client was hacked.
Although some believe it to be a simple DDoS attack (crashing the servers), many players have experienced spam messages from the culprits within the game client.
As I report this, the PvP.net chat system has been brought down. Riot has yet to comment whether they are even responsible for its downtime, but one would guess it to be the case since messages included links which directed to various unsafe websites.
Some speculate that this is another lulzsec hacking, while others point out the mention of ‘NoS’ (a brazilian hacking group, if I remember right) in the spam messages. In my opinion, it is probably some random messing around while hacking is ‘the in thing to do’. Hell, it might even be a script-kiddy (or ‘skiddy’, a pseudo-hacker who uses tools and programs a real hacker created to mimic them); there’s a fair amount of resources floating around on the internet right now.
Many of Riot Games’ clients are worried and paranoid thanks to several of the messages mentioning (in an almost cryptic fashion) that an excess of people have been exposed to keyloggers.
One of the more interesting side-effects can be found on the League of Legends 5×5 rankings page. I do not recommend going to Riot’s website for the time being, but I did so myself out of suspicion and grabbed you all a screenshot of my discovery:
Oh aren't you just the special children!
It wasn’t hard to guess that they would hit the site rankings after considering past hacks against gaming websites. Hopefully very few others thought to check this page and, again, hopefully it’s clean.
Luckily this is occurring on the afternoon of the 4th of July for American clients, so at least they are guaranteed to have a better use for their time.
I will edit this article as/if the story develops, but for the time being I recommend that all League of Legends gamers avoid the Riot Games website and game client for at least a few hours.
Update 1: It seems that Riot was responsible for bringing down PvP.net.
“Summoners! We’ve had to temporarily disable our chat system due to technical difficulties. This means you can currently not see the online status of your friends, talk to them, or queue up with them. We realize how disruptive this is and we do apologize. We’ll have the chat system back up as soon as possible.” ZenonTheStoic
It’s difficult to manoeuvre around the Riot Games’ site at the moment. This announcement wasn’t even linked in the forums or on the main page, I had to stumble across it. Either the site has been hit decently or their offices are in a bit of disarray.
Update 2: Somebody using the handle ‘Neonir’, seemingly stolen from an already existing member of the League of Legends community, has claimed a level of responsibility for the hacking.
Attempts have been made by this person to market the tools used, but capable individuals have pointed out that the program was probably created by somebody else. It’s currently assumed that the individual is using a RAT (Remote Administration Tool) and is using keyloggers to grant himself access to victims’ computers.
Update 3: A posting by Pendragon
“Summoners!
As you are aware we recently had issues with our chat services. Rest assured that we have no reason to believe any billing information has been compromised. Any impacted accounts will be fully restored.
Please always exercise caution when visiting any third party websites.
We will keep you updated with additional information as it becomes available” -Pendragon
Final Word: If you didn’t access any websites linked to you through either PvP.net or the Riot Games website, you should be fine. If you are suspicious, run a scan using an anti-malware program to hunt down any threats.
There are 3 programs which I recommend: Malwarebytes, Spybot Search & Destroy and AVG AntiVirus. One of any of those 3 should do the job, though I encourage you to use anti-virus software at all times. If they come up clean and you are completely convinced that you have been hacked, turn off your internet connection and wait out a few days to discourage RAT access, update your scanners’ definitions and scan again.
PvP.net hacked; League of Legends UnsafeSony Offline Entertainment
So the Sony Network is coming back online today, much to the joy of many gamers who utilize an internet connection on the PS3 or Sony’s online PC games (primarily MMOs), but information is scarce as to why it was down in the first place. Allow me to save you several hours of wading through the various stories, interviews, rumours and accusations that are floating around the internet.
This is the story of why (and how) Sony’s network went down for the better part of a month.
The whole saga began when two gamers known as George ‘GeoHot’ Hotz and Alexander ‘graf_chokolo’ Egorenkov succeeded at jailbreaking the security features on the Playstation 3. Such an accomplishment had the downside of making cheating in online play more commonplace, but it did also allow homebrew software to be utilized on the machine.
Sony was not impressed. They began a rather ruthless backlash campaign (particularly against GeoHot) using their influence and the legal system. The court case has been going on since January this year and is still unresolved, notably threatening GeoHot with a million-dollar Euro lawsuit. The monetary demands struck me as rather sadistic; that kind of suit would cripple most Europeans for the rest of their lives and, honestly, it seems as if they pulled the number straight out of their arses.
To add insult to injury; Sony had authorities raid his home and take possession of anything which might have been related to his work on the PS3. It just goes to show that in Europe “You never buy. You rent.”
Sony even went so far as subpeonaing information from Hotz’s various online connections, including Paypal account associated with him. Sony now has a list of IP addresses of people who they suspect have made the modifications to their systems.
Gamers have been modding their systems since consoles have existed and, as far as I am aware, every court case to deny such a right has sided with the consumer. It’s understandable that the gaming community responded with aggravation at Sony’s antics.
The organization of internet hackers ‘Anonymous’ took note, releasing a statement that is rather effectively summarized in this video:
Anonymous began a campaign to harass Sony, particularly targeting their websites. The whole operation was problematic for them; Anonymous’ main goal was to lay pressure on Sony and, as specified, NOT to grief the gamers who used their network.
In response to this, Sony hired a company named Prolexic and began mitigating the damage. Sites were crashing and rebooting constantly for the first few days while both the hackers and the security firm scrambled to gain the upper hand. Prolexic apparently succeeded in blocking off a range of IP addresses commonly used by Anonymous’ personnel (and many gamers, unfortunately) due to the experiences both parties have had with each other in the past.
Sony could have potentially dodged a bullet if they had just weathered the storm, but during this time they made a particularly big mistake; they gloated. Sony quipped that the attacks were of ‘medium strength’, were just an ‘annoyance to our network engineers’ and shrugged them off, stating they would just ‘get bored’ eventually.
Anonymous announced that they would stop the attacks to prevent harm to the innocent gamers, but a few days later Sony’s PSN network suffered a massive attack which flabbergasted their engineers. A statement was released quoting that the servers would be down for ‘a day or two’ which has since been revealed to have been made as pure P.R. [A course of action made to make a company, product or person more appealing to an audience or consumers], causing frustration for their gaming community.
βThe fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea” Hotz later stated.
Anonymous denied involvement in the attack, reinforcing their stance on not harming the players who used the Playstation Network.
Sony later released a notice that much of the information stored on their servers had been stolen, including some old credit card information. The servers stayed down and have been until today, with little word to the public regarding when they would return.
Whoever was responsible for this attack has apparently made a devastating job of it; Sony has been dumbfounded since it happened. Was it Anonymous, laying down propaganda to hide a more vindictive nature? Was it a rogue hacker, seeking to punish Sony for mocking Anonymous or the gaming community? Maybe it’s something more sinister, like an opportunistic dollar-seeker who just found the cover scandal too good to be true?
Either way; gamers aren’t the only ones suffering from this event. Retailers are reporting that the Playstation 3 is being traded in and sold at an alarming rate, up by 200% in a single month [Source]. Strangely enough, the PS3 is reporting a 13% increase in hardware sales during this time despite the PSN being offline [Source], though many are skeptical since their statement was released as a response to an NPD date report.
My opinion is: They are either lying, or they are including the sales of used systems in their report. Think about it. A 200% increase in trade-in probably results in some pretty cheap Playstation 3 consoles floating around in stores. Conversely, if you’ve been looking to buy a PS3 then this might be the time to do it; the PSN is coming back up soon and the consoles are probably on sale at many locations.
Sony announced a few days ago that it will be offering compensation to their MMO clients [Source], but many customers have already moved on, and the few remaining are frustrated about the lack of information presented to them. A common question is “Are they even still working on [Insert patch here]?”
Take what you will from the whole mess, but it’s safe to say that Sony has likely learned a valuable lesson.
Sony Offline Entertainment