How DERP Was Able to Take Down Origin, League of Legends

January 9, 2014 - GamePolitics Staff

Ars Technica offers some interesting insights into why the recent distributed denial-of-service (DDoS) attacks that took out EA's Origin service, Blizzard's Battle.net, and League of Legends were particularly potent. According to the report the DDoS attacks used an unheard of method to amplify the amount of data being sent in order to grind many popular online games to a halt.

The hacking group calling itself DERP used the Network Time Protocol (NTP) in its attack; NTP is generally used to synchronize computers and other devices to the correct local time, but DERP amplified the power of its DDoS attacks by sending out requests to these servers while pretending to be the gaming service they were targeting. The Ars Technica article goes on to say that this method increased the amount of requests by 5800 percent.

"Prior to December [2013], an NTP attack was almost unheard of because if there was one it wasn't worth talking about," said Shawn Marck, CEO of security firm Black Lotus to Ars Technica. "It was so tiny it never showed up in the major reports. What we're witnessing is a shift in methodology," Marck added.

DERP has jumped off the grid as of late. It's latest post on Twitter simply says "Goodbye for now."

We'll have more on this story as it develops. For a more technical explanation of how DERP used NTP to its benefit, check out this excellent Ars Technica article.


Comments

Re: How DERP Was Able to Take Down Origin, League of Legends

I don't see why this wasn't on people's radar before now, it's identical to a DNS attack just using  the NTP requests instead.

 
Forgot your password?
Username :
Password :

Poll

Should 'Hatred' have been removed from Steam Greenlight?:
 

Be Heard - Contact Your Politician