Slashdot Mirror
Shadowbane Servers Hacked, Chaos Ensues
Vanguard(DC) writes "There was a major hacking incident last night on the servers of Shadowbane, a newly released MMORPG by UbiSoft/Wolfpack. The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game. There's already an official statement on the forums - 'Ubi Soft and Wolfpack Studios are now working with law enforcement, and we promise all of you that these individuals will be prosecuted to the full extent of the law.'" There's a little more information via a post on the SBCatacombs messageboard - apparently the carnage (including many less powerful players getting killed) involved "..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."
Talk about your tarroist action. I wonder if this will increase the theat level more...
...'cause that shit is funny!!!
Just roll the game back 24 hours and play on.
ok... this is getting ridiculous... why should anyone that found a way to compromise security for a game be prosecuted in real life?!
if that will happen, then WHO will take responsibility for all the holes in Windows?!
talk about ironic...
computer security review people.. use them.
Shadowbane Servers Hacked, Hilarity Ensues
Man that rules. I would have loved to have seen that. Should be a feature in more MMORPGs.
"Now featuring WRATH OF GOD mode, where pissed off GM's show you what it would REALLY be like if god cared. Experience plagues, meteors, and lightning from a clear sky. Divine retribution like you've never seen it before! Just 20 dallars a month."
Heh.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Boy did I have a good laugh about the chaos going on in Shadowbane. The Matrix has them.
Fear the machines!
I can see the police blotter for the individuals responsible:
"Teens arrested for acting like God in computer game"
ok... this is getting ridiculous... why should anyone that found a way to compromise security for a game be prosecuted in real life?!
Why should computer game servers be exempt from the usual laws about hacking into peoples' systems? Those who break into banks are prosecuted, if caught.
This person or persons compromised security, broke in and disrupted business operations, causing damages. Seems pretty straightforward to me.
ASA
All employees must wash hands before seeking equitable relief.
For those of us that have been playing this game regularly, this is only the icing on the cake for a plague of problems. This was a game that was touted for it's massive guild vs guild and player vs player capabilities. Massive warfronts and assaults utilizing seige weapons and a slew of powerful spells and powers. None of this has come to pass. The game lag is too terrible to support even the smallest of battles. PvP is almost impossible during primetime hours due to the inability of most casters to launch spells in a timely manner. (Although you -can- watch your nukes launch 45 seconds after your death)
Server downtime is extreme. Login is at times completely impossible. Rollbacks are nightly. The attrition rate among players is amazing. I've watched my guild vanish over the last few weeks as the host of problems drive out all but the most staunch of players. Ubi/Wolfpack blatantly reject petitions with no regard or consideration for the players. Every patch makes the client actually worse that it was before. This has been a nightmare for most of us. To see news like this only confirms the worst. Bad management, bad hosting, bad coding, and bad customer care have driven most from what I considered to be one of the better games to come out this spring. Just another account cancelled in a long line of departing players.
Some really powerful shadowbane players!
Armaggedon !!!
Gosh, I do Hope the poor admin had regular backups 8)
Well, the game was trashed by people that took the time to get WELL into the system before trashing the hell out of it.
Like an "Organized" Attack...
I'm not implying anything, but who gets benefits from this ? Competitors ?
From the forums it seems users are quite unhappy, but then possibly the editor will have another chance, and deply the same "anti-cheat" tech as in Counter Strike and Quake...
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
"...city at the bottom of the sea."
Homer: [fearfully] Marge? Kids? Everything's going to be just fine.
No go upstairs, and pack your bags...we're going to start a new
life...under the sea.
[calypso music starts]
[Homer dances with fish as Lisa plays a seahorse saxophone,
Marge a squid harp, and Bart the xylophone clams]
Homer: [eats a dancing fish, sings]
Under the sea, under the sea,
[eats a couple more fish]
There'll be no accusations, just friendly crustaceans
Under the sea!
[eats a line of seahorses, grabs an escaping one]
[eats a live crab as though it were a shrimp]
[eats a pair of dancing fish, then a snail who tries to escape]
[stands there with fish skeletons floating about]
Marge: Homer, that's your solution to everything: to move under the sea.
It's not going to happen!
Homer: Not with _that_ attitude!
Gibble: Descriptive of an emotional state in which one's mind is scrabbling for some purchase on reality
Wow, that sounds like fun. I mightve actually considered buying SB if I was there! I wish I could play in a city at the bottom of the sea, with special monsters... Ah well, they promoted chaos and got it.
This is the kind of thing that as a fifteen year old, I only dreamed about.
I can understand players getting mad at this, but at the same time, it's just a game, and if individual users themselves are considering legal action, they really need to shut down the computer and go outside for a while.
Do not look into laser with remaining eye.
When people start to exhibit the ability to really fuck up your world like this... ...it's time to send in Agent Smith.
graspee
It seems like they will roll the server time back a few hours, so things will go back to the way they were before the carnage. However, I cannot recall anything like this ever happening in any other MMRPG.
Other MMRPGs have had buggy starts, but this is over the top. Is this just a natural result of the fiercely competitive guild wars in the game? In a game where player cities rise and fall, wasn't it just a matter of time before a guild went too far?
As one of the many people who betaed this for years; I have to say this doesn't come as surprise in the least.
This is probably just an exploit from in the game, rather than someone r00ting the server or anything remotely interesting. I had many instances where the server accidently gave me dialogs with GM powers, I imagine that's just what happened here. The culprit(s) may have figured out how to gain access to the GM dialogs dilberatly, but that's about the extent of the "hack" here.
SB was so buggy in the last few weeks of beta that I was finnaly convinced it would not be a worth while game in retail. I likened it to being slightly less bug riddled than UO, and now it appears I was correct. I will say though that OSI never prosecuted (or even remotely punished) me for exploiting their game to "House Loot", because at the time they had the sense not to sue fans for their own mistakes.
SBCatacombs struck by massive DDoS attack. Shadowy band of crackers known only as "/." suspected. Law enforcement has been called in.
they should be clever about it, and turn all the offending player chars into NPC-evil-masterminds to be defeated after wreaking havoc on the entire continent...
Machine9dotNet
Before of after the riot that insued from rabid players that lost months of player buildup?
I shouldn't be talking though. I'd probably go nuts if something like this happened to Ragnarok Online.
In Soviet Russia, Trojan exploits YOU!
given that no care in MMORPG is ever given to do server rollback's when they crash or just whimsically decide to [ala OSI / UO] they should just do a rollback of 24 hours and learn from their mistakes. hopefully some screenshots will popup from it soon, that sounds hilarious!
If it was that easy and quick for someone to break into their system that is something the mgmt team needs to explore as the competency of their QA and programmers.
Fear Breeds Knowledge
It's a good thing I've got a life, otherwise I'd be pissed.
Maybe some company should start selling some type of insurance to help people in these trying times.
Now please excuse me while I begin laughing hysterically.
"..teleporting people all over the world, teleporting hostile guards into the safe-holds, ... and teleporting everyone to a city at the bottom of the sea."
Ubisoft will have to be very careful about how they handle the aftermath of this. The game is only a few months old, and many players who stream into games like this when they open will leave just as quickly if they perceive the game to be sub-par, in a number of areas. Crashes and loss of items/progress in particular seem to be real bugbears for most players. It already happened with Anarchy Online, where players quickly left in droves due to the incredibly buggy release code. How many players are going to stick around if incidents such as this can apparently happen so easily?
Cala-te seu anormal, e aprende a escrever ingles
brilliant. thing is they must have been messing ages before in the system to work out exactly what to do without crashing the server. Which implies they knew a little too much about the inner workings.. I mean, you cannot just guess what bits of code to change on a MMPOG server to make everyone get sent to the bottom of the sea etc etc..
Sounds like exactly the sort of thing everyone encourages the DM's of my neverwinter nights server to do...
haha, that's hilarious. i bet they were pissed
--
Matt Keeler
ODP Editor - http://dmoz.org
http://elysium.org
If they only screwed around in the game world itself and left the real world alone (eg. credit cards, account data, etc) then the company should do the same. From the sound of it, they just showed that 'there is no spoon' to the rest of the game world. We love the movie and the character for doing so, but when someone does the same thing in a 'Real Life' virtual world then they get mad.
Man, this world is getting WAY too many levels to it when I have to destinguish the 'real world's' game world, and the movie world's game world and doing 'real' things in a particular game world and...Ah my brain just gave up.
Is this the end yet?...How 'bout now...how 'bout now...how 'bout now?
There is a difference between pointing out a security problem, either publicly or directly to the owner of the compromised product, and hacking a server. If I saw that the door to your apartment was ajar, I might ring the bell or call in and point it out. That would be one thing. If I went in for no reason wrecked everything in sight, that would be something completely different. And that's what been done here. Property is property (we're talking about infringement here, not copying, which is not relevant to this discussion), virtual or not.
Doesn't this make the whole gaming experience more realistic (in a fantasy sense)?
:)
Does anyone remember the days of mudding in ascii terminals? Gods, coders, wizards could be good, or bad. You just had to try not to piss them off or you would get your equipment stripped and you would be slain. I think it adds a nice dimension to the game. Especially when a "good" wizard/god comes and fights the bad one
Maybe someone should contact Steve Jackson Games...
Ita erat quando hic adveni.
This may be of interest to you:
Ragnarok Users
Good money lost, nobody gains anything.
History shows that in other systems, like the long-dead Habitat or the - almost-as-dead - WorldsAway (http://www.vzones.com), users would always find and abuse security holes.
It was considered part of the game, the players hurt by the actions were given their old status back and noone was ever prosecuted.
This makes the hackers look bad. Prosecution makes them heroes instead.
Wont somebody think of the children???
(obligitory Simpsons reference)
-- "Man is born free, and everywhere he is in chains." Jean Jacques Rousseau
Shadowbane Servers Hacked, Brief Period of Actual Fun Ensues
The list of reasons for why a hacker would want to do this is pretty short.
A: The hacker has a dislike for the company because he/she/it works for a competitor, and knows that this kind of an embarassment will nearly wipe-out this game.
B: The hacker has a dislike for the company because he/she/it was fired or otherwise feels wronged by the company, and knows that this kind of an embarassment will nearly wipe-out this game.
C: The hacker is immature and just wanted to play god in the game, because that would allow him/her/it to "win" by beating people who had worked hard to attain high status in the game.
No matter which situation turns out to be true, the hacker(s) need to be delivered to law enforcement to be shown that you just don't do this to other people's systems even if you have the technical ability to do so.
... im glad I only buy non-subscription games like Warcraft III and Neverwinter Nights. Nevewinter may not be a MMORPG, but it can actually serve to that purpose with several connected servers.
:) It was a great concept... but I guess it still has alot to go yet..
Have fun in shadowbane world
And there was this time the implimentor was drunk. Turns out he's an angry drunk. This story really brought back memories. :)
--Jimmy has fancy plans; and pants to match.
Oh no! Call the national guard! Somebody's game-playing experience has been disturbed!
The tone of the headline is pretty funny IMHO. I know people take these things seriously, but it might be helpful to keep in mind that it is, after all, just a game. Turns out, it is actually not the end of the world if something should go wrong with it.
That is not to say that the people who did this shouldn't be tracked down and prosecuted. They have caused problems for players and the people who are running this thing as part of their business, but more importantly, they apparently need to someone to "explain" to them via fines and/or jail time that it's not OK to do things that negatively affect others just because it amuses you.
Roll back the game 24 hours, harden the servers, and prepare a creative press release -- problem solved.
"High level characters summoned the Cthulu mythos through misintrepreting portions of the Necronomicon. Accordingly, some of the space/time contiunuum in the game world was temporarily disrupted."
"If you see a glowing green orb, please be aware that this is the Locknar and should not be approached. Unpredictable results may occur."
"Unfortunately, in Shadowbane a character named "Sauron" acquired a randomly generated treasure named "The One Ring". We are investigating the probability factor of the random treasure generator and will patch this in release 1.01."
"Our improbability drive is malfunctioning. Please stand by."
Honestly, I'd be more willing to buy this game if I realised they had a sense of humour.
John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
No.
But it is illegal to hack company property(MMORPG servers) and disrupt a company's business. This could put some serious hurt on sales and memebership on their servers.
Think, man.
Kalen D'arrie
This guy is full of it. Nightly rollbacks? Nope.
45 seconds to launch a nuke? Dude, try out broadband. No, really. They say it's actually better than dialup.
Better call the waaaambulance. This one's a bleeder.
I was one of the people online last night when it happened. I've only been playing Shadowbane for a little over a week, so my character is pretty weak. However, I've played Everquest extensively, so I knew something wasn't right.
The weird events started out kind of slowly, like the hackers were testing the water at first. You'd hear of something weird happening, and just think some newbie was lost or confused. But then senior players were getting f*cked up. At that point, I just assumed the servers were crashing or something, and I just left the game. I had no idea that the game was being hacked. I should have stayed on longer to see all the wackiness unfold.
There's are reasons I pay my $10+ a month to play MMORPGs. Expanding content is one reason, but combatting cheating is another major one.
I have been amazed that in playing DAOC for over a year, I have heard of a total of two cheat programs. Unlike Diablo 2 or counter-strike, I can log in and play the game without obvious exploits on the part of my competition. I hope that SB will be the same in this respect.
"why should anyone that found a way to compromise security for a game be prosecuted in real life?!"
This is a dispute between a company and people who gained unauthorized access to their servers and used it to the harassment of other users. The law exists to settle disputes between people and maintain the peace. Seems to me that it's "working as intended."
Prosecute away!
Dude, it's just like Matrix! Why didn't he teleport those Australian whitey dreadlox to the bottom of the sea?
(-1, Raw and Uncut is the only way to read)
Acutally... that's kind of insightful.
Ubisoft is calling it a hack, of course they will to save face... but what if it's just a bug or flaw in the game. What if they did all this through the game client? Is exploiting one of these flaws in a game against the law?
What if I'm playing EQ, and I find a spot in a zone where mobs can't get to. Then I kill things from there. I'm exploiting a bug to become more powerful. Is that the same?
What if I'm playing, and find out if I crouch and jump at the same time I can kill anyone I want? It's obviously cheating, but is it ILLEGAL for me to exploit that?
What if these guys found out if you hit the Ctrl-alt-f3-f4 keys while running north gave them these powers? Then is what they did illegal?
What if these guys used a special piece of software that ran the game in a special mode? Is that illegal? I mean, EVERYONE uses software (your OS) to run the game in a "special" mode (namely, a mode that works properly). Is this worse than exploiting the bug through the normal game interface?
Is this only a problem because is affected other people?
(Remember... big difference between illegal, immoral, and just plain annoying)
It seems as if The Continuum has let another one of its members run amok.
Terrorism in virtual societies has a similar impact to that in flesh & blood ones. One would think it's hard to get emotional about some bits moving around the Internet, but people do. We can laugh about how it's just a dumb game, but if one looks at the wording of the statements, the players' reactions, it is reminiscent of the 9/11 aftermath.
I work with a guy who plays Everquest. His guild broke up, and it really affected him. He had even traveled (in the "real" world) to San Francisco (from Texas) and even to Australia to hang out with these people.
I guess the message is that human beings will find a way to develop a culture based on whatever idioms are available. Whether based on a game, religion, sports, pr0n, people evaluate themselves using the metrics whatever culture(s) they belong to value. I agree that losing some hitpoints (or whatever) doesn't compare to starving to death in Somalia, but I do feel sorry for the people who lost something important to them.
"Stop throwing the Constitution in my face, it's just a goddamned piece of paper!" - George W. Bush Nov. 2005
From his Speech, on the Conferance Call-
"Last year we had 7 callers for our earnings, this year we have over.. 240 callers on the line"
Behold the Power of Slashdot.
-Colin
Colin Davis
The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game.
Gee, that Jim Carrey sure gets around...
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
...why the hell are you playing?!?!
Stop paying $20 a month, I'm sure that you can easily go out and find someone that will abuse you for free.
"No Comm, No Bomb"
It's like Neo is trapped inside the game...
He is the one who will bring balence to Shadowbane.
Aw hell, now Sony's gonna go and nerf the monks again. And you know the troublemaker was just a damn dr00d...
. . . ummm, wait a sec.
---
Jedimom.com, picking out a thermos for you.
StrategyTalk.com, PC Game Forums
Now if they had interrupted the network feed of the final American Idol or something I could see where we might need to get the full force of the Government involved...
By the way, why do these gamers need a 'Safe Zone'? Is that to rest? Do you get those in real life when you want to take a break from the action?
Keep passing the open windows...
W_Bombs
(Registered)
Posts : 33
As I write this, the Mega Guild R30's has HACKED the server on SCORN. 12:25 AM
And taken over Khar. its amazing.
Rolling Thirties (r30's as we fondly call them) some how, hacked or otherwize took over the safehold we know as Khar.
They wiped out everyone in the city, all you see is massive grave sites of young r1's - r5's who thought they were going to a safehold to sell trade etc...
When I arived at the ToL in Khar all I saw was a field of tombstones, and some guys kyting the guards around. Next thing i see (as i make my way to the Runemaster) is a R30 Mino barb beating the piss out of some r1 who went there to train (like i did), i mean beating him like a red headed step child. Just as the runemaster was telling me that i'd successfully repledged to Wainthorp(I was dancing around waiting on that response like a child in a long bathroom line at Disney Land), i saw the barb headed my way, wiping the r1 newbe blood off of his probably godly 2h axe. I checked my shorts when I arived at Wainthorp, and was pleased to find no hershey squirts.
People back at the newbe island didnt believe me, so i did what any rational person would do, dared them to go to Khar. Of course the suckers took me up on it and sent me tells of how very right I was, you could practically hear the axe swings hitting the r1's in the ass over the tells.
And thus I escaped to tell the tail of the day that a MEGA GUILD HACKED and conquered the major safehold on Scorn. My only regret is that could have captured it all on film for the rest of you.
Wonder what UBI/WP will have to say about it. I'd love to see their post, I hope they deny it or something. Anyone who was playing tonight on Scorn will tell you. Shadowbane's safeholds wernt safe this night.
Hacked the server. hmmmmmm.
Well, I'm out. I sincerely hope this doesnt happen to your server.
Whirln Bombs
TopDawg
(Registered)
Posts : 10
RE: As I write this, the Mega Guild R30's has HACKED the server on SCORN. 1:11 AM
I can confirm this as you'll find my grave there a few times (die and respawn to Kahr). Hope Wolfpack and UBI get their act together soon or they will lose another customer. These bugs should have been worked out in BETA.
TopDawg
W_Bombs
(Registered)
Posts: 33
This is from the UBI website 1:42 AM
Found this on the UBI website:
"We are beginning a massive investigation into the incidents surrounding the Scorn server tonight immeadiately. The Scorn server will most likely be rolled back several hours tonight to a time before these events started occuring. We will be taking the server offline until more information can be gathered. I will update everyone about the server status as more information comes available.
PSiKoTiC
:)
(Registered)
Posts : 52
RE: As I write this, the Mega Guild R30's has HACKED the server on SCORN. 4:28 AM
Lolz TopDawg. this game IS beta
I am a Base-defender.
What's mine is mine, and I make sure everyone knows it. Nobody invades my space without permission - I'd destroy everything I own before letting someone take it from me. I tend to be forward-facing, which is both a strength and a weakness. What Video Game Character Are You?
Sinisterr
(Registered)
Posts : 5
RE: As I write this, the Mega Guild R30's has HACKED the server on SCORN. 9:03 AM
Just another example of how poorly this game was done, and a waste of time and money. But it is fun to read posts like this lol.
Trol
(Planetside Mascot)
Posts: 1254
RE: As I write this, the Mega Guild R30's has HACKED the server on SCORN. 9:13 AM
How the hell could an MMOG have one of their servers hacked? I have never heard of any compan
Oh wait isn't .hack about this, I'd better leave work and check my PS2 just to be sure.
7 registered and 721 anonymous users are browsing this forum.
:)
Maybe that should read 'slashdot users'
Dude...he's "the one". He got into the core, figure out how to change the world. Saved us all from the slavery and bondage of the Ubisoft programmers.
I find the following comments relevant and funny...
-teleporting hostile guards into the safe-holds
-teleporting everyone to a city at the bottom of the sea
(from another post)
Homer Simpson: There'll be no accusations, just friendly crustaceans [under the sea]
I really like that! I hate the directed ordinarity of MMORPGs in which you "have to know your place in the world". In most MMORPGs you are like Dilbert at a desk: everything is forecastable and stable. This event can bring real life to the stinky mud of MUDs.
heh, those features are just par for the course in Ragnarok Online.. teleporting people to weird places , and summoning huge monsters in the middle of towns among a pile of AFK'ers with messages like "AFK SLEEP" "AFK DINNER" and "AFK BEST FRIEND JUST DIED" and once "AFK GETTING MARRIED" XD
I was a Guide (volunteer CS rep, like an Advisor in Anarchy Online or a Counselor in Ultima Online) for two years in EverQuest, and during that time, one of the other Guides on one of the other servers decided that it would be cool to go out with a bang.
/summoning them to her location, and then binding them to that location when they appeared.
/played time were affected.
So, she zoned into the Temple of Veeshan (at that time, the highest level zone in the game) and went right in front of Veeshan herself (the uber dragon.)
And then she did a "/who all 50-60" to get all of the high level players on the server.
Then she started
Well, when they appeared, Veeshan struck them down with about 2 or 3 blows. And since they were just bound there, they respawned, naked, right in front of Veeshan.
Whack, boom, dead. Reappear, whack, boom, dead.
In EverQuest, when you die, you lose experience. And in EverQuest, you can lose levels if your experience dips down too low.
Some people got deleveled from level 58 to level 53 before the GM staff came in to clear the carnage, and ban the Guide. I know they were considering persecution against this Guide, but I'm not sure if they really went through with it or not.
I believe about 25-30 high-level characters with months of
I thought it was funny, but it sure made my job as a Guide harder because the playerbase no longer trusted us to keep our cool, and they were calling for the entire Guide program to be disbanded since we were now "too powerful" all of a sudden.
Not the same as hacking the server, but it had the same effect of destroying the games of a segment of the playerbase.
beta testing does work!
shouldnt law enforcement be secondary to fixing the problem? for law enforcement doesnt solve the problem.
I know you are psychotic, but please make an effort.
Keep passing the open windows...
sadistic and omnipotent deities should be a selling point for any fantasy MMORPG? If yours doesn't have them then it's not worth playing, try the real world.
Looks like a lot of fun to me..... Damn.... I just hate "gamers" that do take all those game stuff(even the mmorpg's) too seriously.... finally if it's not for the fun of it - why bother playing????????
As I see things.... those guys have done everything with some sense of humour;oP....
Oh, wait... but that's forbidden => they're definitely some high-ranked, evil-bitching crackers group, fighting for world domination(and it looks that they actually got it on some worlds;oP)....
Sue them to death....let them all feel "the chair!!!!.....
1. No sig. 2. ???? 3. Profit!!!
I almost died laughing when I, years later, saw The Wrath of Khan.
Plenty of hacked moby ships too.
One line blog. I hear that they're called Twitters now.
This news actually makes me smile after wasting 8 months beta testing this garbage. Waiting and waiting and waiting for the game to get a even hint of some content. Waiting and waiting and waiting for the lag to stop, for no mem leaks, and server stability. Until finally it was released I am so utterly disappointed with its total lack of any original ideas, gameplay that blows, classes and races that are completely unbalanced for pvp, I could go on forever. Looks like some others got as bored and fed up as me. I love it. I just wish i could have seen the look on all the losers faces that still play this crap when they got smacked around.
"At first, we thought it was just another snake cult."
>However, I cannot recall anything like this ever happening in any other MMRPG
I guess you haven't played Diablo II then.
Never trust anything a client gives the server.
Isolate the backend servers from the Internet.
Never trust anything a client gives the server.
Patch management isn't as trivial as one would think.
Never trust anything a client gives the server.
Lag isn't under your control so design around it.
Don't rely on a client hiding anything from the user.
Lag isn't under your control so design around it.
Never trust anything a client gives the server.
Don't include "God" tools in every client, nor accept God logins from untrusted addresses.
And most of all, never trust anything a client gives the server.
The server must be the adjudicator of everything, the data master, the sole arbiter of discrepancies. Assume the client is fully hacked or written from scratch to do anything the user wants. Assume the client sees no walls, sees all invisible objects, sees every spawn point, and can filter on anything your server tells your client.
[
Any screenshots of these happenings? Like when Lord British got killed in UO.
You'd think that with the large troll population (people who are just self-hating geeks) on Slashdot, there would be a lot of people trying to hack Slashdot's servers and try to do similar things. (Imagine if all troll posts suddenly got +5!, or troll stories were posted). Kudos to the server admins for keeping everything so secure.
Most GM events on EQ are this way. Way higher level mobs showing up and slaughtering zones? Sounds about right.
They don't actually want their characters to be able to die. They just want to gain levels and powers at a regular rate, so that they will be more powerful than everyone who joined the game after them.
MMORPG players today are losers of the highest calibre. They consider their wasted time an "investment" in their character. I know several who don't actually enjoy playing the game at all, but they want to get the "Deluxe Two-Handed Sword of Power" before some other loser gets one.
And woe betide the day when one of them dies in combat and loses some XP or an item. -That's- when you hear about another dorm-room suicide.
I'm not trying to be flamebait, I'm just bitter. I knew a guy at RIT who pretty-much sat in his room 24/7 playing Asheron's Call. Only left to attend class and occaisionally eat (he would bring the food back with him to keep playing). He was vacant. Away from the game, he had no way of interacting with normal people. We often considered nuking his box just to push him off the deep end.
GeekNights!
Late Night Radio for Geeks!
The computer game industry has been earning a reputation for releasing buggy code these past few years, and now it has come to a situation where what should be an internal release now costs money. Unlike retail games where occasionally Beta testers are charged, but given the full retail game later, Beta testers on MMPORPG's are not given additional months of play for the priviledge of paying to be guinea pigs. They are not compensated with reduced pay rates or additional in-game powers. In short, they pay to fill a necessary position in the production cycle, then they pay again for the retail product. Many, of course, don't pay for the retail product, and go on diatribes about how unplayable and unbalanced the game (they paid for) is.
How has it gotten so bad that we now release not only buggy games and expect to patch them later, but charge for development releases in addition to charging for final retail releases? We're giving ourselves a bad name here.
If your game is unfinished but in need of stress testing, don't charge for it or you will alienate your potential best customers. If you *must* charge for bandwidth because your manager didn't budget for such costs (and should be rightly as fired as if s/he forgot to budget for artists), then charge a bare minimum until the game is ready for prime time. Don't develop the game on the dime of your testers, or you will find that once you are ready to ship you don't have any customers.
10 dollars a month for our volunteers to do our jobs? We should be ashamed.
The ______ Agenda
Every serious post here is about the breach of security and if they should be prosecuted. Well, Ubisoft/Wolfpack I'm sure just got the attention they didn't want by the /. story, but the result is likely to increase their sales. Hell, I'm not into games so much, but I wish I could see the results of the hack. It sounds absolutely hilarious. This sounds like what the game needed to be propelled back into a top spot.
And you better secure your other online games out there. They have just become a MAJOR target. These hackers are instant celebrities, not just criminals.
I think it's kind of ludicrous to make threats like the Ubi people have made, but the people who did this do deserve some comeuppance because what they did *was* in the real world--they hacked the game, destroyed a lot of people's expenditures of time, and most importantly to Ubi, trashed the hosting company's reputation. All of that is real-world, whether you think it's important or not.
That said, I think the whole thing was hilarious from descriptions, and I'd love to see the recording of the mess they made.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
Actually, this post above discusses the terrible shape UBI was in because of poor management. Perhaps it was an inside job to be able to blame this incident for when it goes down the shitter. An idea that is completely unfounded, but interesting...
This is my digital signature. 10011011001
... on a mud where I was an administrator. How is something like this big news now? Is it the fact since money is involved or is it that possible laws exist to prosecute the offenders? Or something else...?
Speak truth to power.
Someone found the Key of the Twilight eh?
He IS the one...
There are two kinds of people in the world: Those with good memory.
- the hacker has a dislike for the game
- ...
- (No) Profit! (for Ubisoft)
For those folks who actually enjoy Shadowbane (all four of you including Mr Wolfpack's mama) you have my condolences.My own experience with the game was very bad (lag, etc on broadband).I am surprised the game server was hacked. Yes the folks at Ubisoft/Wolfpack did sell a product that was very inferior to other offerings in their niche market (Diablo 1 on cheaternet). So there would be no shortage of people with motives to wreak a little mayhem. But I am surprised that the game survived long enough to give anyone the opportunity to hack it.
You either believe in rational thought or you don't
It did. not long ago there was a bug that allowed PvP. a friend of mine at the time was attacked by some punk. so she opened up a can of whoop-ass magic on the guy and fried him. then, reveling in the new darkside powers she discovered, created a trail of bodies in her path. she had fun while she turned lots of annoying players into crispy critters :x
You can imagine how many man hours it takes to keep an MMORPG going smoothly, and this might hurt the game's reputation so much for cheating that it may hurt future sales and subscriptions. Not to mention the cost of PR with angry customers, angry stockholders, and, oh yeah, fixing this shit while having customers flood your inbox with the same complaints over and over and investers wondering if their money is safe.
Yes....erm....compensation normally covers you for things that you don't like doing - "If I hadn't been in the car wreck my boss would have paid me a months salary for being at work". These people PAID to potter around building up their orcs - they enjoyed it. Now they get the opportunity to do it all over again, lucky lucky people - double the fun.
Even if they get one subscriber out of 500 people who read that article on /. it's still better than no press and no new subscribers.
I haven't heard of SB until today and I was still playing RPGs like everquest, I would definitely check it out.
Agent Smith writes "There was a major hacking incident last night on the servers of the Matrix. The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game. There's already an official statement on the forums - 'The Machine Overlords are now working with law enforcement, and we promise all of you that these individuals will be prosecuted to the full extent of the law.'" There's a little more information via a post on the Matrix messageboard - apparently the carnage (including many less powerful players getting killed) involved "..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."
www.eFax.com are spammers
Haven't the law enforcement agencies got something better to do, like chasing down bullies who knock down sandcastles or something?
The hackers may have pissed off a few geeks and suits, but they've given them relatively painless object lessons in what really matters in life (i.e. "not your role playing characters", and "having decent security if you do business on the internet", respectively).
Imagine if they had gone after credit card numbers instead, for example?
And that's without even considering the benefit to mankind in increased happiness, by giving a load of other folks a good laugh.
They DID hack into a commercial system and disrupted business.
They DID interfere with paying customers.
Just because they are hacking into a game today and you're willing to let them get qaway with it, what will you say when they're hacking into your bank account tomorrow?
Non tam praeclarum est scire Latine, quam turpe nescire
-- Cicero
... for the Slashdotting?
I have a friend who plays Shadowbane with his son, and they're really into it. They pay a monthly fee for the privelege. If someone ruins the game, then why *shouldn't* they be punished? It was a commercial enterprise, making money for the game host company, and now it's ruined.
People may quit, they lose revenue while they clean up the mess, so therefore they can and probably should prosecute. Hell, why not even pursue civil damages for the people responsible? There is a tangible loss in revenue when the server(s) are down.
I say, throw the book at 'em. If the crackers knew it was wrong, knew that people who were paying to play the game would be screwed, then they deserve criminal punishment.
Joe G.
Bishop, CA
Don't Die Wondering
the manufacturer got massively sued over it - following your logic this wouldn't have happened as it'd have been all the fault of people who crashed into you. There has to be some duty of care placed on the MMORPG provider, otherwise you could just produce a game with no security, wait until somebody hacked it and then sue them for the entire lost revenue your game would have had. Hackers should be treated like a force of nature, they're always going to be there and you should take all reasonable precautions to protect yourself from them.
You spoony bard!
This is informative? I'm not saying that the hackers ought to be sent to a labor camp over this, but letting it go is like not prosecuting the shoplifter 'cause they're murders in the world.
No one reasonable is asking for the cops to stop chasing terrorists to do this, but we as a society prosecute any crime (even stupid ones, to even stupider lengths) as a principle.
And just because other problems exist, doesn't mean you let the little ones slide. No one's time is that hard up.
Tell that to the guys who got the pager call in the middle of the night and had to get up leave their wife and kids, go in to work and fix this. The kid should pay, not because he killed an Orc/B. He should pay because he disrupted a business, and caused them monetary damages. The kid should have least have to pay for all of the overtime he caused.
http://www.windmeadow.com/
merely agreeing to the above comment
don't mind me
SIGERR: laziness exceeds quota
The "hackers" just obviously found the Key of the Twilight!
That's f ing weak, just because it doesn't meet your definition of cool doesn't mean it wasn't illegal. Don't cry me a river about the "real" problems of the world. If I pay a monthly fee to play a game to (at least briefly) forget about those "real" problems, I should be safe from a "real" criminal screwing with my time and investment. Get over yourself.
As several replies have pointed out, I got the wrong zone and the wrong dragon.
The zone was Veeshan's Peak (the Luclin expansion with ToV was not out) and the dragon was whoever the end of it was.
People can still believe I'm full of shit, but I did find this:
Former Guide Tweety mentioning the incident
My bank has reasonably good protection from hackers. If they didn't I wouldn't bank with them, perhaps people should have applied that to their choice of MMORPG (if you look there are enough reports of similar happening on this game before).
Answering your point though, if they did hack into a bank then yes, there should be repercussions, but they didn't. Spitting in the street doesn't lead to homicide, it's not a long slippery slope that needs to be nipped in the bud. Just apply some perspective.
I bet a lot of people are going to quit the game over this, and even more won't buy it. That is monetary damage to Ubisoft. That is why the person is screwed if they get caught.
You sir, are an idiot.
Do you ever complain if someone's cell phone rings in a theater? Or if they talk loudly through the whole film?
Basically, if you *ever* complain about anything that someone does to make your entertainment choices less fun, you're a hypocrite.
I bet if you were in the middle of an intense game of chess and I, a complete stranger, came by and intentionally knocked the board over, you might feel like throwing a punch in my direction. How is this any different, except that the jerks are safely far away from having their asses kicked right then and there, is beyond me.
Saying it's "just games" ignores just how important a certain amount of play is to a healthy life.
.
That is an interesting "what if" but it's also a highly unlikely one.
t sequence in the client to grant table-level control of the database... at least I hope not.
If you have even the slightest understanding of how these games work, the most likely way that "everybody winds up at the bottom of the ocean" is that somebody ran an update query on a key database table with values that almost certainly would have never occured in normal gameplay.
Nobody's stupid enough to allow an up-up-down-down-left-right-left-right-select-star
SB Catacombs is my site. :/
"People" using "unnecessary" quotes should be "shot".
haha... I may have posted AC, but I actually *do* have some dignity. :)
It's a business.
The point is that if they were your servers, and they were your customers, and it was your business model you would be screaming bloody murder.
And if you wern't then you need a serious reality check about how the real world operates. This is a company with shareholders who now has to explain why they wouldn't react the way they are to their shareholders.
On another note, does anyone else notice a trend on the games.slashdot.org stories and how many of them suffer from morre thoughtless comments than a normal Slashdot storie?
Ted Tschopp
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
It's a lot easier to say that when you're not the one that has to deal with hordes of angry paying customers, isn't it?
:)
I'm not sure what you would find a valid reason to prosecute someone, but the fact is that the law doesn't really give a damn what the servers were running- they were privately owned by a business, and were illegaly accessed and altered, and that's really all that matters
Tough luck for the kid if he though he was gonna be ignored because it's "just a game".
It's not an investment. You pay them money every month and you walk away when the game finally shuts down with absolutely nothing. You pay because you enjoy playing it.
I've coded a couple of things that are currently exposed to the real world, both for work and in my own time. When somebody (as always happens) finds a bug in say my community board and happily starts running amok they usually go wild for a bit, somebody points me in their direction, I tell them to please stop it - which they do. Usually I ask them what they did (if I haven't figured it out), fix the bug and mod them up. I've played about with other people's stuff with much the same response.
The world needs people who look up and wonder how it all works and have a play with it. Rules in the real world can be broken, and occasionally it does good for those in this etheral domain to be given a good shake as well. Keeps stuff interesting.
The difference between your car exploding tale and this is that the people who "crashed into you" (ie hacked the server) knew what was going to happen.
If I were to spot one of the cars you mentioned, and blatantly crash into it only because I knew the gas tank would explode, I would have some liability in what I have done. Likewise, the hackers knew what was going to happen when they hacked the server and (comically, I might add - hackers tend to have a sense of humor) teleport everybody to the sea.
There's a difference in accidentally causing someone's "car" to "explode" and purposely causing it.
I do have the slightest understanding of how these games work. I also know that they're extremly complex pieces of software that are very hard to throughougly QA since there are SO many things that can be done in-game.
t sequence in the client to grant table-level control of the database... at least I hope not.
I didn't see anything that led me to believe the baddies didn't do anything that someone with "god" powers in the game could do. Did you read the description of what was happening? It sounded more like they got god/admin/developer/whatever access, and not that someone was manipulating the underlying database. It didn't sound like they teleported EVERYONE, just the people they happened to come accros, the slashdot story made it seem that way tho.
Nobody's stupid enough to allow an up-up-down-down-left-right-left-right-select-star
I hope not too, but it looks like something did go wrong! It doesn't matter so much WHAT the method was, but that there was a method, and since we don't know how, it could easily have been done entirely in the game client, and that was my point. If you want a more realistic flaw... Maybe they were able to overflow a chat buffer somewhere by typing in a long message.
I would just like to say that a successful mmorpg company makes huge amounts of money. I think Mythic takes in like 10million a month ( or something like that ). Regardless, you screw with that much money, it doesn't matter what the product is, you are going to be pursued. If you are cought, they are going to file criminal charges.
a/c
Not only is it funny, it sounds like it might have actually been fun in a weird warped way to have been playing at the time...
After all, it is a fantasy game, why couldn't this have happened within the normal confines of the game?
"What, how the hell did I get at the bottom of the ocean? Oh, great. Now I'm in the middle of my worst enemy's keep...This is not my beautiful castle?! This is not my beautiful wench?! How did I get here?"
Well, fun to me, at least. I don't take fantasy computer games that serious
---"What did I say that sounded like 'Tell me about your day?'"---
"If you genuinely believe some poor kid deserves to be banged up and have his life wrecked because he dropped your Orc in the sea then Get A Life."
.NET by the end of the week...
Orc in the sea today, carding AOL accounts tomorrow, programming
OD
Oddly Draconis
Too cynical to live, too stubborn to die.
I realize it is a grey area, but by your logic, buffer overflow attacks to open ports are not necessarily illegal. Although, I gues in a game it is different. I think the point is that not only did they potentially find a bug, they exploited it and totally laid waste.
-Sean
I ATTACK THE DARKNESS!
"Stuff... In my home!? NEVER!" - Zim on Invader Zim
"I want the toilet seat!" - Little Dog on Two Stupid Dogs
When it's your company that is adversely effected, maybe you'll feel differently. If this happens multiple times, it will cost the company money (users lose confidence and leave). I think the company should be more attentive about their security, but a breach is a breach.
I agree with you to a *slight* degree, but since you brought it up: if you're into 'REAL problems' then go out and fix the world instead of sitting on your ass and replying Slashdot messages.
LOL u KNOW one of those hackers was just sitting there at his computer summoning squads and uttering with glee:
"Get me Everyone"
"EVVVVEEERRRRYYYYOOOONNNNNEEEEE!!!!!"
3-Server OC-3 Linux Counter-Strike Cluster
www.rnp.ca
Totally offtopic, but I just wanted to say I appreciate the logo of the bard and wizard characters from FFII (US). FFII is among the best games I've played on any system, even with a crappy translation.
Memories swarm in, a tear comes to the eyes, oh poor Tellah, what you gave to save the world!
Hey, dropping my Orc in the sea today, dropping my money in his bank account tomorrow.
Fact is - cracking/hacking whatever - if done on a system that is not yours for the most part is ILLEGAL.
RonB
It is human nature to take shortcuts in thinking.
If I create a game with crappy security then it's going to get hacked. Doesn't matter by who - but it's going to happen - I dare you to deny this! If I release said game and charge people for it, then surely I must take some responsibility?
Every time a MS patch is released for an exploit the Slashdot response is to slate MS - you don't get them petitioning to track down and prosecute every person who used the exploit.
In fact why patch software at all? Why should we waste our time writing code to fix the gaping flaws we left on a nicotine fuelled all nighter.
They're not paid, however, to watch those characters be destroyed by hackers.
In your car wreck example, the guy was paid to drive the car - not to get in a wreck.
Would your opinion be different if it turns out that the makers of another multi-player game did the hacking in order to get rid of some competition? If so, what's the difference? The damage is the same, and it was clearly done deliberately.
Say what you will about these guys, but I think its better they did this in a game, rather than going out and shooting up a school or something.
The main point of prosecution is that people paid real money for the privelege to play the game, and were deprived of the value of that money when some juvenile jerk decided to go on a rampage.
Ubisoft would disagree with you. So would Sony/Funcom/whoever else.
No one wants a direct connection between time spent in the game and money. If this jerk is liable for causing you to lose items/experience in a game, then so are the big boys. Liability is bad.
This is why Sony fights selling in game items for real life money (ebay, etc). It's not so much that they want to stop it, but they want to make sure that it is perfectly clear this is not condoned. They don't want to show any sign of having a dollar amount on a cyber persona.
The next ponient question: Someone knows something, and gets prosocuted. Someone else releases bug riden software, and gets anaward, and sometimes a cult like following, am I missing something here?
Bah, this is just a PR stunt. What a way to get your game in the news. LOL freaks!
Are you Blackwulf the Dragon Master from the Triumph/Star Wars video?
The fact that it happened to more than 14 people. And the fact that these people are paying and the company is paying to fix the crap that went on.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
You also can't put this off as, "Well they should of had tighter security". Do you blame someone whose house was broken into because they didn't have a state of the art security system? No, and neither should a company be blamed if a small subset of computer users who posses special skills are able to break into their systems.
PLAYER 2: It devoured my avatar. It was a really good avatar. Then I had to play it all again to get the skills back and I had to do it fast, and it wasn't as good. It was kind of a ...bummer.
Irene KHAAAAAAN!
Imagine if they had gone after credit card numbers instead, for example?
Yes. Imagine if they had.
Now imagine what they (or some other group) might think if they can do this and get away with it free and clear?
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
or perhaps it was a poor analogy on my part. Basically you pay them for the experience of playing the game. If you're character loses some stats over this then it's not taken away the last month's worth of fun - nor will it prevent you spending the next month enjoying building up the character. You're not financially any worse off, you've not suddenly lost days from your life you'd have spent working productively.
Look at it like Slashdot karma, I'd not be too bothered if mine all vanished. I write as I enjoy posting, not to obtain some mythical level of superiority.
they hacked the game, destroyed a lot of people's expenditures of time, and most importantly to Ubi, trashed the hosting company's reputation.
So we have a thousand or so dorks that couldn't cast magic missile. Ok. It was one night, if they were doing upgrades that night, same thing. Quit bitching about that. It's not "destroying" anything, it was just making one night a little out of the norm.
As for trashing the hosting company's reputation, any company that allows this to happen deserves their reputation.
Kinda like if a child molester moves in they have to post the "Convicted Sex Offender" flyers up. It's good to know what type of scum is in your pool.
Dacels Jewelers can't be trusted.
If I see somebody drop $100, is it a crime to pick it up and walk off with it?
If I see a door open to a warehouse I *KNOW* I'm not supposed to be in, is it a crime to walk in and take a couple High-Def TVs?
If I see a gun just lying around, is it a crime for me to shoot people with it? I mean, it's not my gun.
YES!
So why is it so unusual that manipulating private software, even if the entry point is public and easily accessible, should be a crime? Why should we expect the virtual "world" to be any different, especially considering that it's much more anonymous and therefore much more enticing to break the law?
If I expose a bug in an online ordering system to get a stereo for $.01, I'm breaking the law. If I append &debug=1 to the end of a URL and suddenly get into their CMS, I'm breaking the law.
And if I use a bug I've discovered, and KNOW I shouldn't be manipulating, to ruin a game for thousands of other people...well, it's the same as causing a public disturbace at any large function. Might as well have streaked at the superbowl; at least that would have impressed the chicks.
Hey freaks: now you're ju
They didn't touch credit cards or the actual accounts, but this is counted as illegal because it happened to a big, rich company.
Webservers get r00ted every day, but very rarely does the FBI go after the cracker responsible.
I bet if you loaded up fsf.org tomorrow morning and saw, "windows is TEH R00LZ!!!", the government's response would be:
"too bad, so sad... guess that Linux thing isn't so great after all!"
It's not about players being inconvenienced, it's about someone with a lot of money losing face.
The US Army: promoting democracy through unquestioned obedience
I used to help run a BBS run on an Atari ST (can you believe it?), and the system was so obscure, that we developed a "DOS simulator" for those who tried to hack our BBS and its (limited) games. We faked things like "dir" and "erase" and even "edlin." It was a multiline, so if the hacker tried to "IM" himself (back then software called it "teleport"), he got through, but if he tried it to others, it went to /dev/null. When people did a "who," they got the job :
Hacker: Port 3: [Thinks he's hacking the BBS, tell his mommy!]
_________________________________________________
www.punkwalrus.com - Shift to the left, shift to the right! Stand up, sit down, byte byte byte!
The perp has to write a script that ups the stats of everybody in the game. Yep - I'd force them to write a sql statement. It'd completely right their wrong and still leave me with the wonderful mental image of several thousand lockins bouncing up and down on their chairs at the indiginity of losing their hammer of asnogamore and sword of schithering.
The point you're missing is that law enforcement helps people realise that there are principles and laws they should abide in. It is not even about the size of the disruption that cause kid -it's all about not interfering with foreign property in a manner you are not authorised to, period.
People, nowadays, accept white-hat policies and, quite frankly, this works. What that kid did is fool, and impresses nobody. Treat it as he had broken a window.
And remember, is not about the money that company might have probably lost. Is about comprehending the extent of your priviledges.
What would a jury think? That people who spent 500 hours building up an imaginary character need to be compensated for their loss? I can just see some uber-gamer breaking down and crying on the stand because their elf now has to start from level 50 when it took him 3 straight months of playing 5 hours a day to get to level 55. (or whatever the terminology is) More than that, how are you going to get a jury of this person's peers to try them in court? How do you interview a jury like that? OK, what is your favorite magic spell? Have you ever spent more that 12 hours straight playing a game? Is your BMI over 40? Picard or Shatner?
My beliefs do not require that you agree with them.
That was the Velious expansion with ToV, not Luclin. Obviously, taking both your posts together, you know precisely jack shit about the game and its CS history.
Corruption and preying on players for amusement is rampant in the EQ guide program. For most people, it's a slack way to get yourself a free account. You can sneak onto the server at 3am when nobody else is there, and do whatever the hell you want. You don't even have to answer a single petition, the guide reports are on the honor system. I and many others simply made up reports and bullshit petitions to fill in for the manditory 6-hours per week. Bingo: Free account, no work, and endless hours power-tripping across the game world.
For example, a guide friend of mine would sit outside the North Freeport bank, and open the locked door at the back of the bank. This door is never opened by players, because the lock level on the door is some absurdly high level. Invariably, someone curious would wander into this back "closet" behind the door to have a look around. This is when the guide would close the door, locking the player inside. If the player was a caster, they could just gate out, but a melee-type character was stuck more-or-less forever. The guide would wait for this player to petition after a few minutes, then delete the petition, and
Don't pretend this doesn't happen to GMs also. The GM of Mithaniel Marr back in 2001, "Chaolash", was fired for doing favors for friends on his server. Making them free items, spawning mobs for his friends, and so on. Occaisionally these GMs turn abusive, Chao did it, and I'm sure other GMs have also. He wasn't the only GM "quietly" let go for abuses, and he won't be the last.
I don't know if you really were a guide, but I suspect not. If you were, You must have been one of those dumbass Apprentice guides we'd flunk out of the program within their first trial week. You know, the ones who couldn't answer a petition for free GM lewt inside of 10 minutes, and without escalating it two times for the GM to smack you down like the idiot you were for wasting his time.
The one invariable fact of MMORPGs is, in that they are just artificial social ladders to climb, there will always be people who base their entire lives on trying to climb them. They define their self-esteem from these ladders, because these games are the world to them. Generally they have no social lives, and/or are young, or are disabled/sedentary. THESE are the people who are capable of doing the things mentioned in the Shadowbane article. Coincidentally, these are also the prime market targets for the gaming companies. It's inevitable that someone would take advantage of a bug granting GM abilities, and the game companies have only themselves to blame for leaving the back door wide open.
As for the EQ Guide Program, I quit after about 16 months of service. In general, they treat(ed) their guides like small mushrooms: kept in the dark, and eating shit all day. The guide liason at the time was about as friendly and responsive as an IRS Tax clerk, and the system itself was biased to mistrust guides (perhaps justifiably) to such an extent that we couldn't do anything significant for the players besides get them unstuck from a wall. Anything of note had to be handled by a GM. It is this atmosphere that breeds reactions like the Veeshan's Peak incident (for which the person was banned from Everquest permanently, BTW). And this atmosphere, according to friends of mine still in the program, shows no signs of changing anytime soon.
Lastly. I wrote a long article about Everquest and its flaws for Slashdot. You can read it here:
http://slashdot.org/articles/02/12/27/1748252.sht
occultae nullus est respectus musicae - originally a Greek proverb
I think you are a hypocrite a bit, if not a fool. That kid accessed some foreign physical property without having being authorised in advance. Moreover, tolerating such behaviour implies that we, as a society, should do nothing about people decide to assign them extra priviledges to those originally assigned to them.
And your example about the theater -I don't think there is some law that covers the case you presented. Use brain instead of arse.
If a bank has crappy security, does that mean the bank is responsible if someone robs the bank? I dare you to deny this!
Just because you can rob the bank, just because you can hack the server, doesn't mean it is the fault of the bank, or fault of the server-provider, if you do.
I'd pick the pieces up and put them back on the board and wonder wtf was running the security at my grand-master event. I believe there is also a difference, between the crude act of knocking over a board and being a member of a party of invading gods. One is stupid, one is reasonably skillful and made me laugh out loud in the office.
You drive to the local movie theater to catch "Matrix: Reloaded". You paid for the ticket, get your seat, and the movie starts. Ten minutes into the film, I sneak into the projectionists booth, bonk the projectionist on the head with a mallet, and steal the film.
Question: Will goldcd be the first in line screaming for his/her/its money back?
EQ for example has a GM client, different from the user client. They could of obtained a similar thing for SB or simply activated the admin fuctions in the client through an editor.
Once that is done, everything they did sounds just like GM powers typical of a MUD.
If it's an actual rooted server or other high-level problem
Keeping in mind the actual damage done by the crime, and actions persued (game havoc, but no malicious file deletion, record stealing, theft, etc) - I would say to slap the offender with a nice stiff fine for time involved in fixing the server and possibly reputation loss, revoke his/her account, and deal with him/her through the ISP. Fine can't be too big though, we're probably dealing with a 15-year-old, a $1000-$2000 would be more than enough to bring swift repentance from most.
If it's a game exploit
Suck it down. Track down and ban the player in question, but at least acknowledge that there was a bug in your software. Yes, players exploiting said bugs or lack of security are making online gameplay lose its lustre, but that's also the fault of the developers. You can't solve bad coding or protection with lawsuits, unless you think perhaps that you're Microsoft or the ??AA.
Why can't people simply say "oops, we screwed up, and somebody took advantage of us. It's fixed now, and we're making sure it won't happen again."
then they wouldn't be able to be insured, and fortunately without insurance they would be prevented from operating. I always find the insurance industry has a good view on the world as they have to put a financial value to practically everything. Maybe MMORPGs should have hacker insurance - I suspect if the insurance company had had a look at their code it would have told them where to go.
Agreed. While it isn't and shouldn't be legal, enforcement is often way overboard.
I'd like to see someone go down for Enron, Worldcom, Microsoft (they were convicted of FAR worse!), and every major brokerage on Wall St which has been screwing over investors for years.
This is just the tip of the iceberg, corporations do far worse EVERY DAY, pay a small fine IF caught.
Parity in justice is severely lacking here...JWall: GUI client for IPTables
in "A Taste of Armageddon".
Sorry, Professor Chaos.
So here a bunch of real guys kill a mess of virtual people and they'll be sent to a real prison for their virtual deed.
I knew this week was making too much sense.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
I'd thank them for sparing me the rest of it (or is that an unpopular view around here)?
Seriously, the submitter needs a life... a REAL life where big worries don't involved having your magic skills docked 3 levels whilst you're trapped in an undersea with a level 4 dwarf from Dayton.
You seem to think that because you don't value something (like a level of experience you've achieved in a game), it has no value. Nice attitude.
Oh, by the way, don't assume that because I can understand the perspective of those who do see value in the game stats that I necessarily agree. Or did you miss the part where I was amused at what happened?
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
I've tested everything from Asheron's Call to the new Everquest Online PS2 edition (and some now I can't talk about yet), getting into most of them at the closed beta stage. I've never paid. I just sign up when I hear about them, and they often let me in.
On the other hand, I've also never volunteered to be a game guide, or whatever, after a game starts. I have no idea why any of them would voluntarily pay to provide what amounts to a company's in-game customer service department, but some do.
Get off my launchpad!
In the MMORPG worlds, people are beginning to re-discover the age-old wisdom that Time is Money. Just check Ebay and you'll find plenty of auctions for game accounts with trained-up characters, or for in-game assets. That is only natural: if you have lots of cash but little time, why spent ages building your character or walking the virtual world to find a spot to build your house, when you can just plonk down some cash and be in business, ready to 'just play the game'?
People are starting to attach real-world value to in-game assets. For Ultima Online there's even a common exchange rate for in-game Gold to Dollars. In the heyday of housing shortage, a castle in Ultima Online might sell for as much as $5000,-, and find plenty of buyers.
Now some 'poor kid' comes along and deletes your $5000 castle for shits and giggles. I'd be royally pissed about that and I'd be real happy if the game company would throw the book at him. Such kids do more than cause a minor inconvenience to a few players: they may cause damage in in-game assets or characters that have a real-world dollar value attached to them. In addition, they cause the game company a bad headache and a bad press, plus the efforts for fixing the servers incur real costs, which can be quite high.
Fry 'im, I say...
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
And them my computer went beep beep beep and I was teleported to the bottom of the sea... it was a really good elf too.
Ellen
.... Is because they have learned that lesson, given that they know well that a good percentage of the population runs an application called Decal which allows you to plug in various user built modules. Everything from ungamerelated things like Media player consoles, to in game utilities providing various information, to up to nearly complete automation systems. (And yes, it's also funny to imagine fantasy characters with more cyberwear then most SF characters.)
And while some applications may be questionable, on the whole, it was nice to have people instead of complaining about UI issues, being able to consider and create their own fixes. It certainly kept me playing for extra months.
I would have bought the damn game and played it, sounds like a wickedly funny wheeze, rather than the usual hummel figurine collector style attitude to such games :P
Oh, that's nice.
You lost a few $$ so you think its of equal value to ruin the future of one person because we cost you money?
We have but one lifetime to live. Often our punishment for the loss of property do not fit the crime. But that's why you and everone else I know think that capitalism, not communism, is the right way to live.
If that is what you believe then I would only ask one thing of you. Please cut the hand off of someone who stole from you. Do it sometime. By yourself. Just once. And tell me you still think your property is worth more than another human's freedom.
I just want people to stop being hypocrites for one fucking minute and admit that they value their car and their TV sets more than they care about their neighbor and their children. Come on, you know it. You're going to kick those kids out as soon as they turn 18 so you can have a bigger TV or a nice new car. C'mon, admit it. Hypocrite!
trashed the hosting company's reputation
Perhaps most of you capitalists don't deserve the reputation your marketting department advertises.
Want to know what is important? Life. Time. Things you will understand one day, when it is too late.
GO play EQ...we have been through this...betas suck.
EQ > ALL --- the thousands who play are the proof.
NO ONE CAN STOP EQ !!!! muuuhhahhha
Sure, if you mess things up you have to straighten it out (or take the punishment). But don't make it sound like this is a big tragedy.
The people who got paged in the middle of the night were probably the same people who didn't do their job while securing this server. The internet is so big and far reaching now, if you put an unsecure box on it, it will get hacked. It doesn't really matter who does it. Harsh punishment of scriptkiddies won't make this go away.
How small a thought it takes to fill a whole life
It doesn't have any real "value" Everything in life has it's value assigned to it comparatively. My £10 note only has a value as I know I can exchange it for goods and services. Maybe if this MMORPG had a community trading in goods and services for Real Money (e.g. could be auctioned on Ebay), and if Ubisoft refuse to reinstate lost items/money then perhaps there would be a case for persuing the hackers for remuneration.
What if a MMORPG did this every April Fool's day? Then, on April 2nd, the admins could restore the March 31st backup and the game would continue as normal. The people who wanted to be part of WRATH OF GOD day could log on and those who didn't like the idea would stay away.
It would be like being on the receiving end of a SimCity disaster.
You don't honestly think the lock on your door and the deadbolt is going to keep out a determined theif, do you?
You don't think that "anti-theft" or "electronic key" system is going to keep away the most determined and skilled car theif?
You can't honestly think that ANY box out there is %100 explot-free.
That said, this hack is the same thing as if a gang of theives broke into a large company, and moved every office in the building to a different location.
Nothing is stolen, and yet it costs the company money. The employees are visibly upset and distracted. Computers have been moved to different domains, and documents have been shuffled to who knows where.
Would the above be written off as a childish prank? Certainly not. It doesn't matter WHAT the target was, so long as it has value in someone's eyes.
Man is the animal that laughs.
And occasionally whores for Karma.
For further information on events as they happen, check The Shadowbane Scorn Server Board and Shadowbane Main Boards on IGN.
I think this will remind a lot of people of the last time a player had a truly drastic and unpredictable effect on an MMORPG gameworld, when Rainz, an Ultima Online Player, killed Lord British, character of Richard Garriott, when this was supposed to be impossible.
Rainz threw a firewall scroll at Lord British. Seemingly, Lord British's invulnverability flag was not on, and Rainz killed him.
If we ever figure out exactly who did this, he'll be in the running with Rainz for most notorious MMORPGer of all time.
I value my stuff over my neighbors and their kids... if they mess with it I would chop their hands off.
God Bless Capitalism!
Personally, I think he's a person who has the capacity for empathy, and some degree of objectivity. By this I mean that he can put himself in anothers' shoes and understand the story both from the viewpoint of the perpetrator and the victim.
Empathy of this kind is simply a part of what we call maturity. This, in turn, is the capacity to realize one's goals as a part of society, or any social group of human beings, while not hindering the pursuits of others unnecessarily.
No matter what they call it....it was an act of GOD! Case dismissed!
.. they write this happening into the history of the game world.
Massive slaughter and carnage is always good for the history of fantasy worlds, and it having really happened is just a plus.
Those players are lucky. If they'd been on synthiotics they'd actually be under the sea right now.
that's why most of us found the whole incident so funny. People getting so so irrate about losing something so completely and utterly meaningless. Basis of half the comedy you experience, the juxtapositioning of different peoples perception of value.
My guess is this isn't a crime, even if it may be unethical, but IANAL. Of course, I'm talking from an American point of view, so I don't know about elsewhere.
If I see a door open to a warehouse I *KNOW* I'm not supposed to be in, is it a crime to walk in and take a couple High-Def TVs?
Yeah, that's called trespassing and larceny. Somehow I don't think any states would call acquiring GM powers without authorization trespassing.
If I see a gun just lying around, is it a crime for me to shoot people with it? I mean, it's not my gun.
Yeah, that's called murder. Last time I checked my state (MA) doesn't think killing a game character is murder.
So why is it so unusual that manipulating private software, even if the entry point is public and easily accessible, should be a crime? Why should we expect the virtual "world" to be any different, especially considering that it's much more anonymous and therefore much more enticing to break the law?
You need a serious dose of Real Life, man. The reason private spaces are PRIVATE is because government should not be regulating them. Do you really think that there should be a law against fraud in a Dungeons and Dragons game because the same unethical boundary was crossed in the private space of your basement? This kind of regulation would be a crazy encroachment upon our freedoms. And how would you define what's "right" and "wrong" behavior in a private space? Clearly, becoming a false God in the game was not intended, but where do you draw the line? Would the game publishers need to publish a list of every Acceptable Behavior? Clearly there could be no global standard -- killing may be against the standards of one community (The Sims) and not another (Vice City).
The bottom line is that a private Game World is simply not the same as the Real World, nor should they be regulated in a similar fashion. Stop conflating games and reality and get out a bit.
So hacking related to 'games' is just fine?
If someone were to hack into the computers running a NBA or NFL game, crash the scoring system and the video system... made the game get cancelled for the night - you'd just dismiss the hacker and say 'it was just a game... no real harm done...' ????
I don't think so.
/sig
Some poor kid - if it even is a kid - deserves to have his life wrecked at least temporarily because he knowingly and willfully commiteed a CRIME that may have cost a company thousands if not tens of thousands of dollars.
...who doesn't care about the breathless reporting of a GAME SERVER HACK that did nothing more than allow some players "power overwhelming"? Am I the only slashdot reader who just doesn't see this as news? How many informative, worthwhile stories were shot down to make room for this?
Maybe I just don't understand, but unless people are riding money on this game, this strikes me as marginally less important than a "where's ESR?" update.
B
"I'm payin' taxes, but what am I buyin'?" -- James Brown
Zzzeeeeeennnnnng
"Great! The judge had me sent to Bermuda!"
Zzzeeeeeennnnnng
"D'oh!"
You seem to think that because you don't value something (like a level of experience you've achieved in a game), it has no value. Nice attitude.
No, I think it has no value because a) It was one night. b) It's a game. and c) it's in beta.
I guess they can go ahead and give everybody on that server a $0.60 credit for their next bill.
Oh, by the way, don't assume that because I can understand the perspective of those who do see value in the game stats that I necessarily agree. Or did you miss the part where I was amused at what happened?
You were the one using the terms such as "destroyed," not me. It's not like gamestats were destroyed, they're rolling back by a few hours.
Dacels Jewelers can't be trusted.
"When I arived at the ToL in Khar all I saw was a field of tombstones, and some guys kyting the guards around. Next thing i see (as i make my way to the Runemaster) is a R30 Mino barb beating the piss out of some r1 who went there to train (like i did), i mean beating him like a red headed step child."
I mean, isn't this the way that video games were MEANT to be played?
The Death Penalty: Killing people to show others that killing people is wrong.
Ya know, the guy doesn't HAVE to go to jail. They could reach a cash settlement. Guy pays, life isn't destroyed (which I'm sure you must agree with, as you're suggesting that UbiSoft's losses are not worth compensation?).
FWIW, kicking your kids out at 18 is about a lot more than your own money. It's about responsibility.
In fact, this whole thing is about responsibility. The hackers (crackers? maybe both!) involved here should own up to it.
I don't think they should go to jail for it. I don't know if that's what you mean by "ruin the future", but it sounds like it.
No offense, but I say lets not hop on every idiot who decides to crack into a system. This is the cracking equivalent of showing your little brother a double headed quarter.
Hehe, if we lived in a communist country we could just take the hackers out and shoot them in the back of the head.
You're right, that would be much more efficient than a trial and lawyers and all that other nonsense.
MMORPG's get hacked all the time. Its happened a number of times on mir, hell even WEMADE Entertainment left the server software on their public ftp for weeks while a number of coders downloaded it to find new ways into it. I think i even submitted a story about that, and i think it would have been a bit more.. interesting..
I've left to find myself. If you happen to see me, please, keep me there until I return.
These people cracked the game's systems in order to do what they did, they did the crime, they knew there'd be consequences if they were caught. I hope that if they are caught, there ARE harsh pentalties. "ruin the future of one person..."? that's such a bullshit statement, they knew their future could/would be ruined if they were caught cracking a system when they decided to do it in the first place. Of course, this is all just my opinion..
-matt
So if I lock my door, some criminal breaks down my door and robs my house under your theory: The people who got paged in the middle of the night were probably the same people who didn't put up a strong enough door on your house. The world is so big and far reaching now, if you put a regular wood door rather than a fort knox grade steel door, it will get hacked.
http://www.windmeadow.com/
Disconnected the harddrive, and then dragged him out when the computer just didn't work. Keep him away for a few days and hope the detox isn't so bad.
Honestly there's healthy hobbies and unhealthy obsessions/addictions. I'm not one to say how anyone should spend their time, but this is way up there with being as useless as smoking crack.
Play for a bit, enjoy it, go read a book, go on a date, build a model, look at the clouds, make some money, play a D&D type game with some friends, do anything but level up a character that won't exist in 5-10 years.
-- taking over the world, we are.
The crash command was not added so that people wouldn't have to figure out how to crash it. Rather, it was so that a system administrator or developer could get a chance to debug the system by working with the core dump of the OS (!). It crashed the system in a very specific way. Why not allow a random person to futz with the system? Because the hackers will already know that any "anomolies" will be detected and the system rolled back. Plus, how will one determine who is hacking and who isn't? Moreover, if the effects of the hack are far reaching, it may also be prohibitively difficult to roll back the damage and not roll back the entire game and all players (who may not have even been involved, and thus get pissed when their time is wasted).
Fuck Beta. Fuck Dice
Heh. Back where I came from we called this finding the "gauntlet of DM power"
we should launch real world insurance for your MMORPG seeing as people care so much and attribute real money to their virtual assets? Would naturally involve a security audit of the hosting code to allow the underwriters to calculate premiums - which would incidentally make interested reading for those planning which game to sign up with.
First of all, I don't play online games. I don't even have a working computer. It's remarkably freeing.
Second, the key here is that somebody created a lot of trouble in a public venue. It's not like somebody cheating at a D&D game; it's more like going into a gaming store and knocking all the shit to the ground and harassing the patrons. It's freaking illegal.
Just because it was on a computer screen doesn't make it less real. This is the Mitnick mentality that people have to dump.
Hey freaks: now you're ju
what are you talking about?
the guy's reply to anyone complaining about this is "it's just a game"
well, a movie is "just a movie" or a novel is "just a novel", that was my point. And in fact, if someone is disruptive to a theater, they can be kicked out by management, and if they keep it up, banned from the establishment.
It's the other guy that is in favor of just laughing about the hacking, instead of doing anything about it.
(OTOH, some posts here suggest that it was a failure of the game's coders to remove backdoors, in which case, it's really not as simple as just throwing the perps in jail. I'm not too keen on sending folks to jail in general; my reply to his post was more about his "it's just a game, get over it" than anything else.)
You make security sound so easy! dear god, if it were that easy then everything would be secure. You cant think of everything to be secure against, if you could then there would be no such thing as hacking. Only an idiot would not realise this.
If you don't vote, you don't matter, so don't waste your time telling me your opinion
I gotta tell you, if I were on the jury I wouldn't convict - it's just too damned funny. Law or no law, the hilarity of it excuses the action.
I'm sure the players don't feel that way. But to my way of thinking they're in serious need of a reality check anyway. Getting upset over some fictional character suddenly being teleported to Evil Central is indicative of a psychological problem best dealt with by *not* playing the game for awhile.
In any event, I'd think that a person who plays the game for *fun* (rather than as a replacement for a pathetic life) would've found the hacking event to be rather exciting. I certainly would have, but I don't take any of this crap seriously anyways...kinda like playing Total War online and finding that the enemy troops are all armed with machine guns (grin).
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
Now go play .hack//INFECTION and watch .hack//sign :)
no
If your front door were accessible instantenously from anywhere in the world, by a very large amount of people, then yeah.
Btw. those analogies between houses/locked doors and computer security are getting really tired.
How small a thought it takes to fill a whole life
Heh, I see what you're saying, but don't worry as the programmers will be punished as well (maybe sacked for developing poor code). I don't think the kid would go to jail, just some monetary fine.
at 3030 trans all; force all quit
:)
Oh.. Never played DIKU MUD?
What's 'fucking weak' is that people take this shit so seriously. Christ, they need to rename MMORP "Losers 'R Us", or something equally appropriate.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
Security could be easy and there still would be such a thing as hacking. If otoh security was easy, AND people weren't stupid, there would be no such thing as hacking.
Do you really think that you have any more insight into MMORPG design than everyone else? Your list is exactly like the 50-item lists that people propose to completely secure their non-gaming servers, i.e. pedantically correct but COMPLETELY UNFEASIBLE. Do you have any idea how computationally intensive modern MMORPG's are, in terms of bandwidth, database hits, and CPU cycles? To do what you are proposing, the monthly fee would have to be raised to $50/month, and development costs would skyrocket. MMORPGs are already absurdly risky to finance given their huge development costs; to make a "completely secure" MMORPG would be prohibitively expensive.
This has nothing to do with misplaced orcs. This has to do with an invasion of private property, known as "hacking" or "criminal trespass" or even under the Homeland Security act, "cyber terrorism" ... Who knows what trade secrets they stole about the game engine or server or network or security or etc while they were inside of the system? So in reality, it could be both criminal cyber-tresspass and theft. Also harassment... also..... C'mon, use your frickin' head.
This isn't "just a fucking game"; It's a business. When a serious security flaw is discovered in an application and that flaw is made public knowledge, the application publisher's reputation takes a beating--as does its' stock. Not to mention the loss of investor confidence and the loss of the customer base and etc. Most pay-for-play subscription based MMORPGs rely upon recurring income; even if only 10% of their customers say "fuck this" in response to this hack, that's 10% of their recurring income down the drain.
The players have no recourse. For them, yes, it is just a game. The admins can roll everything back 24 hours and let the players play on. On the business side of things though, it's much more complicated; for the reasons outlined above.
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
Yippie! Lets all blame the victim.
She wanted to get raped, just look what she was wearing!
That old lady wanted to get mugged, she shouldn't have walked to the store!
You wanted your car to get broken into, you parked it in a parking lot!
You wanted to get killed by a terrorist, your an American!
Besides the fact that the game is in full release (as I understand it), how can you ignore the value of an entertainment service?
What if someone interrupted an hour of home internet service for everyone in a city? With a few exceptions, home use of the internet is still entertainment.
Even more, there's direct harm to their business. Would you sign up with an ISP that has just had a major disruption like this? What if it happens again? What are they doing to prevent it?
You can't joke around with 10,000 people and not expect to have some repercussions. I'm not saying we put the cracker to death or anything, but a fine, a month in jail and some community service is probably a good idea.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
Take a look at the posters for future reference:
- everyone who thought this was funny is a relatively healthy person with a sense of humor, probably someone you wouldn't mind sharing a beer and a pizza with.
- everyone who got upset and shouted loudly that the heathen 'criminals' should be prosecuted to the fullest extent of he law has no sense of humor, and most likely is some kind of Evercrack addict - y'know, scary geek types who spends 20 hours playing MMORPGs every day, don't shower, have no social skills, etc. Don't share a pizza with these folks, you might catch something from all the times they *didn't* wash their hands.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
My front door is quickly accessable by about 400,000 people. So I guess I had better go down to home depot. Damn my car is parked outside. Probably 20,000+ people drive by it everyday. Maybe I should install some bullet proof glass. Oh shit, when I went to the mall I walked by 1000s of people that might try to mug me, I should start to carry a sub-machine gun.
http://www.windmeadow.com/
I thought that question was: Kirk or Janeway?
Or are you making an uber-geek comparison between a role and an actor?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
What if I'm playing EQ, and I find a spot in a zone where mobs can't get to. Then I kill things from there. I'm exploiting a bug to become more powerful. Is that the same?
I remember an old article in PCGamer mag that talked about one such incident in which an entire guild did that. Verant broke the guild up and deleted the leaders accounts, most of which had months of played time on them.
If it was the bug it will be interesting to see how UBI deals with it, as it is likely the first big public relations challenge in SB. Hopefully they may respond favorably, but its so easy to go down the dark side of Veranthood.
It's kind of like...if you break into Microsoft's fileservers, changing the names of all of the files you find probably isn't illegal, but the act of hacking into the server may be. It's illegal to break into a system (crack it, whatever), but if you're already in a private space then breaking the intentions of that space is way too vague to be illegal.
Besides the fact that the game is in full release (as I understand it), how can you ignore the value of an entertainment service?
A game that releases patches like this one is beta quality software. I can call a Chevy Baretta a Corvette, doesn't make it so...
What if someone interrupted an hour of home internet service for everyone in a city? With a few exceptions, home use of the internet is still entertainment.
That shit happens all the time. My internet connection goes down a couple times a month. I bitch at Verizon, and they say it's not their fault that some ambigious made-up term is failing.
Even more, there's direct harm to their business. Would you sign up with an ISP that has just had a major disruption like this? What if it happens again? What are they doing to prevent it?
You mean like @Home, Comcast, Verizon, Mindspring? All have had major outtages. Shit happens, and unless they have a uptime guarantee, you aren't entitled to it.
You can't joke around with 10,000 people and not expect to have some repercussions. I'm not saying we put the cracker to death or anything, but a fine, a month in jail and some community service is probably a good idea.
As far as I heard, it was only on one server with like 1200 people on it. Assuming they can catch the people who are involved, what are they going to charge them with? There was no damage*, and it was obvious negligence on behalf of whoever wrote the client bug/server bug that did this.
* Damage being defined as irreperable damage, even if it was down for 12 hours the amount of money would be very small. Those who cancel their accounts are doing it for other reasons as well, not just because of one incident. From what I've read on the boards linked in the story and the comments by the users of the game, it has a lot of issues.
Dacels Jewelers can't be trusted.
"but a fine, a month in jail and some community service is probably a good idea."
I think you should spend a month and jail to think about whether that's a fair punishment.
"I thought that question was: Kirk or Janeway? "
Actually, the full question starts with "Who would be on top?"
I may be wrong, but I'm never uncertain.
Again, just because it doesn't meet your definition of cool doesn't make it right. I don't even play MMORPGs, don't have the time to put into it, but that doesn't make what was done right. If you are going to troll at least stay on topic.
Nope, just fast typing and the fact that I don't watch any Star Trek. I guess it should have been "Picard or Kirk". But to me, that question is just as relevant - it isn't.
My beliefs do not require that you agree with them.
I loved your work on PRO-MOD for JK2:D
I hope you have an INDUSTRY job for the dues you put in.
thanx
I know ur work:D
What's your hobby?
I imagine that no matter what it is there is someone around who will ridicule you for it. Does that make it less enjoyable for you? No. Does that make you less annoyed when you for some reason aren't able to engage in it? No.
So shut the fuck up with bashing other peopls hobbies. You don't have to be such a worthless git about it. Some people play an hour or two a day, some people play 12 hours a day. The people who are REALLY pissed about stuff like this are the ones who play 2 hours a day, and this shit happens during that time frame. They aren't obsessive about the game, but they like to play it. And they were unable to do so during their window of opportunity because of some little punk shit like yourself that believes other peoples time has no value.
So you just keep masturbating in your closet while you think about how much cooler you are than people who play online games. Maybe someday it will be true.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
First someone takes over a game server. Then we slashdot their forums. Ubi is probably having a wonderful day today.
Ya when you think about it Neo is just a fucking cheater and trinity is a script kiddie.
Oh well so much for enjoying the matrix now...
A game that releases patches like this one is beta quality software. I can call a Chevy Baretta a Corvette, doesn't make it so...
So... if I crash your lousy car, it was just a lousy car and deserved to crash anyway? I think we can pretty safely say that this is more than "using the magic system creatively".
ISP outages are especially poingant to this situation, as UBISoft also has outages. I think you have to agree, that any outage has a harm. UBISoft has their own outages, caused by themselves, but this is something entirely different, because UBISoft at most indirectly caused this outage. And, UBISoft owns the game, and the service. As such, they're entitled to cause outages, etc.
Since we've established that outages have harms, why should the perpetrators not be held responsible for this harm? I think that its pretty clear that UBISoft's image has been/will be tarnished from this. One piece of clear evidence of this is the posting of this news on Slashdot, when the game itself hasn't warranted any articles. This is a big deal.
"obivous negligence" doesn't cut it either. The hackers who did this had to set out with malicous intent in order to do it. Its not like they found a button that says "god mode" and pressed it.
Lastly, why would you discount the experiences of over a thousand people? Somehow your (or others*) derision for the game that they were playing at the time makes their time and rights to protection under the law invalid?
I don't understand your "Its funny, and they're unimportant" defense. Fortunately, I suspect that the judges in the case won't either.
-Zipwow
* I should clarify that you haven't specifically said any of the "get a life!" comments that have been rampant in other comments. However, given your sentiment that the perpetrators of this mess should be ignored, effectively encouraging them, I've lumped you in with them. Apologies if this isn't correct.
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
It's your fault. Does your machine suck? Maybe the server you're on sucks. Maybe it's because your team sucks and you're just an idiot. Rollbacks aren't nightly! It's just that weekly rollbacks SEEM like nightly when you suck and only play once a week.
Our patches fix some bugs! Just because more are created doesn't mean the patches don't work on what they were intended to fix. By the way, did I mention the problems you're having are because your computer sucks? I'm just going to ignore you until you go away. That's how problems are dealt with in techie world, but you wouldn't know that because you're not a programmer, ARE YOU?
With representatives like this, that company seems to have been asking for what happened....
I suppose they couldn't handle a REAL wizard afterall! Because if I was a wizard, and I was good, those are the things I'd do.
Candy-Coated Knowledge
Yea, you mean like people downloading pirated software and stealing music?
Unfortunately he needs to figure it out for himself, otherwise he won't ever quit. My freshman year in college was waisted on EQ. No friends, no women, the minimum amount of schoolwork required to get B's. I would play anywhere between 50 to 80 hours a week, sometimes more. Something really bad in game needs to happen in order for him to quit, thats what it took for me. The worst part is that it takes years to recover from an addiction like this. Though you can stop playing cold turkey the damage done to your social skills isn't quite so easy to recover from. I just graduated from college and my social life only really got up to speed a year ago. A year wasted playing the stupid game and 2 years spent trying to get my life back on track because of the stupid game.
You just need to take it a bit further...
:)
Supposed you have a game & server concept similar to this, but programmed in a way to not take game security dead-serious. In fact, as the cheats, etc. came out this would not be shunned, but instead part of the game. The people with the best cheats take the cake, can gather clanmates and share what they know. Your clan is then defined by the abilities they have aquired through manipulation of the game workings (in addition to the standard tags, skins, etc.)
I'm sure you could develop a program in a way to separate out abilities (such as speed, gravity, damage types) such that any crack wouldn't give up everything else
Which brings on two negative points:
-It sure wouldn't be appealing to newbies, who start on ground zero
-Anyone who successfully gets full access ("GOD")
may be unsurpassable and ruin the game for everyone. This can be overcome by having the game focus include things other than Power by Might (i.e. killing sprees), such as trade, etc.
If there ever was a prime canidate for an open-source friendly game, this concept would be it
- Sig
I would rather see you teleported to the bottom of the sea than to loose my TV, and my TV is a piece of shit. What does that say about me?
Hehe, if we lived in a communist country we could just take the hackers out and shoot them in the back of the head.
You're right, that would be much more efficient than a trial and lawyers and all that other nonsense.
Who taught you what communism was? Joe McCarthy?No, seriously. Who?
Read a book, or a website or something.
Maybe. But if I pay to get into a club, that doesn't mean I can steal drinks and it doesn't mean I can wreck the bathroom. I paid to go to college and couldn't disrupt classes. And it could be argued by a really clever lawyer that this sort of hacking deprives other people of their rights and property.
Anyway, I'm sure it violates some draconian EULA. Way back when I beta'd for Everquest; the EULA/NDA was 5 pages long and prevented us from manipulating bugs for "profit" or talking about them to other players outside of the game. I can't imagine the release license is much kinder
Hey freaks: now you're ju
I gotta tell you, if I were on the jury I wouldn't convict - it's just too damned funny. Law or no law, the hilarity of it excuses the action
I find it rather hilarious when a McDonalds is vandalized, due to their corporate practices.
Should I be on that Jury?
Personally I'm not so sure a jury of your peers is the right thing in EVERY situation anyways. I really wouldn't want to go to jail because Joe Sixpack thought I was a "evil hacker".
It annoys me when businesses depend on law enforcement rather than sound security practices to stop hackers.
I've heard of many incidents where honest (non-cheating) mmorpg players who reported security exploits in private were ignored for months and finally banned after going public with them. Some are banned before going public. Many of the companies focus too much on fighting the discovery and sharing of exploits rather than taking steps to reduce them.
Would suck to play a game and have all that hard work tossed. Hope they fix that problem up better then they would in EQ..
That would give some insight as to whether the players think it is "just a game", or something that they have invested a lot of their emotional well-being in.
The question seems to be, is this act akin to knocking over a chess board in the middle of somebody's game (it's just a game, after all), or is it more like breaking into their house and burning the furniture they have built as a hobby (the players invested time to create their characters, after all).
Anyone have a link to a video of the carnage?
Conan the Barbarian: ... and the next morning my sword was gone, and the gold pieces, and...
/Tor
Cross-Examining Lawyer: And, if I may ask, where did you get those gold pieces in the first place...?
Conan the Barbarian: Well, I killed this dragon and...
Cross-Examining Lawyer: Murderer!! You killed, pillaged and raped to get this money and now you have the stomach of accusing the defendant, and honor student in the other end of the kingdom...
Conan the Barbarian: But it was just a dragon...
Cross-Examining Lawyer: Racist!! There we have it, honored members of the jury, Mr Barbarian here is not only a thief and a murderer, he is also a racist. That nullifies any and all of his allegations. You must aquit.
"Companies that distribute sub-standard products deserve to have tarnished reputations. They deserve to feel some financial impact."
True but were do you draw the line? Who's standards do you use? Is the ease or difficulty of accomplishing an act the measure one should use?
Whatever happened to common-sense and respect for our fellows?
Do we really need as a society having to be told in minute detail what is ok and what isn't?
If the thickness of our laws, and the plonderous nature of our courts is any indication, apparently we do need to.
We spend far too much time pondering ways to bypass common-sense and discarding respect, and as the whirlpool grows ever wider, action, reaction, then we pine for the simpler days when a deal was done with a handshake, and a persons word was as good as a contract.
Welcome to the world that selfishness built. Now who will be strong enough to admit their part in building such?
Virtual Reality Destroyed - Lusers forced to experience Actual Reality
Thousands of unwashed virgins living in their parents basements were forced out into the real world today. Squinting in sunlight for the first time since reaching puberty, nerds contemplating actual sex, to replace their now unavailable private game chat...
--- Generation X: The first generation to have SIG lines inferior to their parents... ---
Well, In *MY* D&D game in *MY* basement if some random person wanders in and claims they are killing all of the ACTUAL players and stealing their stuff the rest of us can beat the shit out of them for being in our house without permission.
And if that's not quite what you're looking for, even if one of the players suddenly decides to reach across into the DMs stuff and grab a big pile of papers or pencil in stuff in the DMs notes or anything like that the DM can slap the shit out of him and make him stop.
Some wanker started changing the DMs notes in Shadowbane, so now they get the shit slapped out of them. Seems perfectly reasonable to me.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Complete crap.
It is possible, it just takes SOME amount of pre-thought and design and YES, looking at work that has come before and the problems others have had. And the original poster was right, virtually every MMORPG company completely ignores 90% of the lessons learned by others and they continuously repeat obvious mistakes.
I agree that it's almost impossible to believe. But it's true. I'm involved with enough of them to see the paterns of "Not Invented Here" and "It won't happen to us" and various other head-in-the-sand behaviors. They all do it to one degree or another. It really is unbelievable.
Say what you will about Sony and their MMORPGs but, they put together some serious security. This kind of thing hasn't happened yet in EQ and how long has it been up? Long fricking time. Now it's happened to Shadowbane or whatever the hell it's called, and it's been up how long?
They're just fricking sloppy. They've noone to blame but themselves.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Since we've established that outages have harms, why should the perpetrators not be held responsible for this harm? I think that its pretty clear that UBISoft's image has been/will be tarnished from this. One piece of clear evidence of this is the posting of this news on Slashdot, when the game itself hasn't warranted any articles. This is a big deal.
I'm not excusing the actions of the person who did it, I'm just clarifying the actual damages. As you said, if you crash my lousy car, I'm entitled to get another car of the same or lesser value. Just because you crash my Baretta, doesn't mean I get to buy a Corvette.
If one person causes about $100 in "damages" to a service, charging them extra is extortion.
I don't understand your "Its funny, and they're unimportant" defense. Fortunately, I suspect that the judges in the case won't either.
It is funny, but that's not part of my defense. My defense is that there is no long lasting damage done. To me this is like toilet papering an offices campus. Or delivering hundreds of thousands of AOL CDs to AOL HQ.
I should clarify that you haven't specifically said any of the "get a life!" comments that have been rampant in other comments. However, given your sentiment that the perpetrators of this mess should be ignored, effectively encouraging them, I've lumped you in with them. Apologies if this isn't correct.
If someone wants to live their life as an elven warrior casting magic missile, that's they're choice. I can laugh at them a whole lot, and enjoy doing so, but this isn't about it. I find what the perpetrators did was very funny, especially because of the stereotype of the people it effected. However, I'm not saying they should be ignored. I'm saying they should be punished in accordance with the damage of the crime, ergo not much punishment. A firm slap on the wrist, a week of community service, and a "Don't do it again" is sufficient. Just like I'd expect them to do if some people spread toilet paper outside my office.
Dacels Jewelers can't be trusted.
Again: I am using the general "I" here, I personally myself did not have any involvement with this game.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
Homer: We played Dungeons & Dragons for three hours! Then I was slain by an elf.
Seriously, though, I want to see some screenshots of the carnage!
--Just the place for a snark!
What if I exploit a remote root bug in SSH or IIS on your server, gain access to your network and delete all the files on your server? Is that against the law? YES IT IS. It makes no difference if it is a game server or not.
The main point of prosecution is that people paid real money for the privelege to play the game, and were deprived of the value of that money when some juvenile jerk decided to go on a rampage.
So, they should each be reimbursed the $.25/ea that they lost. And then they can get on with slashing dragons, looking fat, and whatever else people like that enjoy doing.
If only they had done it to Everquest. I can just see the mass suicide that would have taken place after all the Evercrack junkies find out that their accounts have to be reset.
"452 plat....definitely 452 plat" --- Rainman on Everquest
Comprehension problems much?
1) I lost no money, I wasn't there.
2) I already said I think the threats by UBI are excessive.
I think the person(s) responsible should have to pay some price for what they did which is in proportion to the actual real-world harm they have caused. Based on 2) above, it should be obvious that I don't think "ruining the future of one person" is in proportion. Speaking of people needing "Life" and "Time", perhaps you have something better to do with yours than trolling on Slashdot?
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
Shadowbane was supposed to be the MMORPG to end all MMORPGS, then it is delayed, then they sell an addon pack before the game is released. The game finally launches and it is so-so, now the servers are hacked...
I feel really bad for the suckers, err I mean players.
$.25/ea x # of users seems like an excellent punishment for the idiot(s) responsible. Seems to me that ought to add up to something approaching real money from the perspective of the assumed juvenile who did this. UBI certainly shouldn't have to come up with that money.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
...its gonna be Planeshift.
And if I like it I'm gonna pay back by helping out in developement and setting up a planeshift server.
I'll even be able to help build my own impression of a fantasy world.
Just like with them *real* pen'n'paper RPGs.
How long do you think an exploit like this would live in an OSS MMORPG? Right.
We suffer more in our imagination than in reality. - Seneca
When someone's grandma calls me up crying about how someone hacked her brand new dell p4 that's always on, hooked to a cable modem, no firewall, no antivirus, I have to hit the mute button on the phone and bust out laughing. What the hell did she think was going to happen?
And don't give me this, "Awwww, but she didn't know." crap. This stuff is a responsibility. A P4 on a high bandwidth connection is an unsecured digital gun that can be used against my servers by some stupid script kiddie. Her negligence causes me problems, and all the rest of us as well. And to blame some 12 year old who isn't SUPPOSED to have any sense for picking it up and whacking a server with it is equally stupid.
And THIS? This is a joke of the highest order. A company that opens up a box to the outside world and leaves little "god-hacks" lying around their system, and then crys about it when some kid finds them? Please. This thing was hardly a hack; there is NO WAY someone hacked into the code enough to be able to move people around inside the game. You have to be able to use the game engine itself for that, and those things only do what they're programmed to do.
I sit in my office and watch my little "Code Red counter" still clicking up as servers that are STILL infected continue to spam me with little viral messages. In any just world, I'd be able to hold them responsible for the security hassles that THEY are causing ME. But no, no no no, it's all the original creators fault, not the morons that never bothered to protect themselves, and never bothered to clean up the mess afterwards.
Grrrrrrrrrrrrrr.
Crackers and viruses happen. It's like a force of nature. Accept it and move on. And if you don't protect yourself, that's your lookout.
Just my opinion.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
However, in this particular case it sounds like the carnage was limited to newbie areas where it was unlikely that characters had much in the way of equipment or experience. In addition, they can just roll back the servers for 24 hours and get most everyone's stuff back.
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
A game server got hacked.
Back in real-life:
FCC Decision on Media Ownership Nears - rejected
"A terrorist is someone who has a bomb but doesn't have an air force." -William Blum
I could just imagine 4000 gamers ... panicking ..sweating trying to figure out how to make "it" right again . Then throwing their arms in the arms in the air and screeming bloody murder cause their chinese leprechaun character who was once happily skipping through some woods , was instantly teleported to some scottish highlands log tossing competition that was fresh out of things to throw..
$.25/ea x # of users seems like an excellent punishment for the idiot(s) responsible.
How many users were directly harmed by this?
It sounds reasonable to me, but from a monetary standpoint it seems almost pointless to try and recover damages or even claim any serious monetary loss when you pay only a fairly small fee per month anyway. That would my point. But sure, make him dish out $2-3k and give it a rest.
I have to think that this is "Captain Kirk" -- change the game so you can win. Maybe not win, but at least have more fun.
As to other players being inconvienced: part of the game is figuring out the rules. The game is as "open" as it can be. Some players get god-like powers within the confines of the game, and the game allows this, it is then part of the ruleset. Everyone who plays the game is bound by the ruleset. Changing the ruleset (that is, actually hacking the server) may be an actionable item, but probably shouldn't be. I would argue that that level is simply a meta-ruleset.
Basically, the players should simply "suck it up". From the perspective of the hack players, they have "beaten the game". Now, the hosting company may not like it, but they are at liberty to change the game, or introduce a new game (or refund). But, threatening legal action? That is COMPLETELY off-base. More appropriate would be congradulations, and a thankyou to the hack players.
It is true that I have never played one of these games (they just don't interest me, having nothing to do with my life), and the only way I would be even SLIGHTLY interested would be to have a go at hacking the servers, or writing my own client.
This story is very funny, and sad at the same time. The threat of legal action certainly takes away from the inherent humour in having someone actually "win" the unwinnable.
CUL8R
Ratboy
Just another "Cubible(sic) Joe" 2 17 3061
hell, lets just send them off to gitmo as cybe-ter'aists....
we're setting up a death camp there, we could just be efficient at it.
I'm not against slapping the shit out of these guys -- if I had my character messed up by them I'd kick their asses, too. I'm just saying they shouldn't be liable under any sort of state or federal law for messing with people's game characters.
Why the hell would you get a zero score for this comment? Its probably the most insightful of any of the other posts... I agree 100%.
I dont know if its widely known, but those guys hacking shadowbane are the same which hacked UO back in the "old" days, the same which hacked Asherons Call. If you are inside the MMO community you know who they are, but somehow this isn't known outside. Can you spell KoC?
We have but one lifetime to live. Often our punishment for the loss of property do not fit the crime.
Time is valuable. And some of these dorks spent hundreds of hours creating something (a player) that in one short night was ruined. You may not see that but others do and the jury is the one to decide. By the way, it's not like these guys will go to jail for 2-3 years. They will probably get a coulpe weeks in jail or even community service. Big Whoop!
Similarly, do you think it'd be alright for someone to destroy some artists paintings and just give them paper and paint in compensation? What about all the time to create those paintings? Is that worth nothing?
What about if some hacker erased your hard drive? Would you just say, "oh don't do anything to him", i can redownload those 10,000 mp3s and movies and all the other crap that's on my computer. It's just bits of data that can be replaced free of charge.
Taking drinks from a club, even though the club is private, is indeed clearly illegal. But we're talking about a private SPACE with its own private RULES about the world, which just can't be regulated by public law (except by a EULA, as you point out, but even then you probably can't punish the guy much).
And your example of going to college doesn't hold water. If I disrupt classes at my college, they can kick me out, but they certainly can't prosecute me in criminal court. This is because college has its own private rules about how things run, and if you break them you can be kicked out, but you can't be criminally punished. Nobody has ever gone to jail for violating a school's code of conduct (unless the behavior that violated the school's code also happens to violate the common code).
I get the feeling there will always be a certain crowd that sticks up for games like Shadowbane no matter what happens - because they haven't really played anything else like it before, and they're impressed with the basic concept enough to overlook a lot of technical problems.
(My wife certainly falls into this category. She loves Shadowbane, despite fits of screaming every few hours when something goes wrong.) Personally, I'm done with the game after only one night of trying it out - because of all the login server issues, lag problems (and I'm on a fast DSL circuit with a 1.8Ghz P4 and a dual processor 1.42Ghz Powermac G4 tower), and client bugs.
Maybe I'm jaded, but I feel like it's technically feasible to do much better - and I refuse to give my money to a half-baked project like Shadowbane. When our free trial runs out, my wife is the one who has to come up with her own money if she wants to continue the membership.
The "glue" that holds people to these games is usually the interaction with other real, live people - and you can do that for free in a chat room on IRC or in an instant messenger client. Everything else requires a well thought-out and well executed game environment (both on the client and the server end), and Ubi falls flat on their face doing both.
some little punk shit like yourself that believes other peoples time has no value.
No, I think *your* time is of no value. You, personally, Kintanon. Didn't you realize that the post was specifically directed at your hapless, Evercrack, cave-dwelling, unshowered self?
And I will *never* share a pizza with you.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
Who, obviously, knows precisely jack-shit about tact. It's condescending, holier-than-thou loudmouths like you that are the cause of most of the strife in the world. What exactly is your major fucking malfunction anyway? Mommy didn't love you enough? Daddy abused you and now you need to feel superior by stomping others? What?
What they mean by safe zones is there are 3 cities (one on each continent) where players can go and train/sell items without worrying about being pk'd by thieves while they're walking from the vendor to the bank. It's basically the 3 cities for n00bs who don't have guilds yet.
They didn't touch credit cards or the actual accounts, but this is counted as illegal because it happened to a big, rich company.
Webservers get r00ted every day, but very rarely does the FBI go after the cracker responsible.
I bet if you loaded up fsf.org tomorrow morning and saw, "windows is TEH R00LZ!!!", the government's response would be:
"too bad, so sad... guess that Linux thing isn't so great after all!"
Whatever you may think about their 'business model', the fact is that their game is what generates their income. No, the police won't care as much if your average "informational" homepage went down. But they do take it seriously if something deleted amazon.com's order books. Why? No credit cards touched, nothing stolen. But it seriously fucks up their business. So does this. And if you can't see that, it's a shame.
Kjella
Live today, because you never know what tomorrow brings
Seeing how they made it well and truly clear that there was an issue with this pay-per month game i believe that the perpurtrators nay hackers did them a masive favour. Had a lesser moral person of the cracker type had this expliot then they would have cashed in and the effect would have been more subtle as they used it to there advantage like any game cheat does ;. This in itself would have had a far more damaging effect upon players and would have cost them money. Whatt they should do now is think themselves lucky, save there legal hunt and focus on securing there product for there paying customers and offering a months compensation to all players for there incompetence in securing the product in the first place. Save you the time in calls from irate customers and would plicate the customer base and be alot cheaper in the long run.
Costs less to keep a customer than it does to loose one, as if you loose one you loose alot more though localised bad PR. Give the customers the compensation they desearve, get security guru in to secure your product and your clients interests as paying customers and live long and proser...
No! Tragedy! My world is at an end! Some useless wanker on slashdot has made a sarcastic comment at me and denied me the pleasure of enjoying a pizza with him. Alas, I perish!
So... Uh... neener neener! >:)
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Oh geekiest of geeks...
I remember when I used to play MUDs/MUSHs way back when, I found a way to get GOD powers by creating an item that chowned itself to whover picked it up (in this case a super user), then forced the holder of the item to give super user powers to the object. Upon that, it would teleport itself back to me at which point I could use the item as a puppet and have full GOD priveleges and abilities. And the best part was that because the item chowned itself to the superuser, it would always show that that super user had made the changes or was doing things.
Ok... so that was my geeky game hack tale. I feel all dirty now. Must go wash and pretend to be a normal human being now.
My New mantra: I'm normal, I'm normal, I'm normal
This is my sig. There are many like it but this one is mine.
Some guys have avatars.
Some of us have girlfriends and wives.
So you're comparing writing the great american novel with obsessively playing a cheesy online role playing game?
GO OUTSIDE IMMEDIATLY!
You desperatly need some fresh air and reality my friend.
Oh look, yet another drone who is unable to build is how opinion and who accuse everybody of being anti-American just because they don't say "sir, at your service sir, right away sir" when the government say something. Let's mod it down, this shit be mad funny yo! ...er, oups! Never mind, it's already moded rock bottom.... ;)
Yahh, hiii haaaaa! -Major Kong, from Dr. Strangelove
Its fun for the first ten months, then after that it becomes a second two full time jobs. After that its not fun anymore, and you lose things that are healthy like a balanced diet, sleep, friends, etc.
My point is, if the game isn't fun, don't play it. I played EQ, I had fun, when it wasn't fun anymore I quit. There is no reason to be really anal about it.
Are those events the third or fourth sign of the apocolyspe?
Insert Witty Remark Here ===>____________________________
http://www.darkenbane.com/screenshots/0/large21.jp g
what I think is funyn is how htis was the first submission I ever made to Slashdot that was accepted, but what is written is NOT EVEN CLOSE to what I wrote, and have since been given authorship of...
wow. I wish I saved how I originally wrote it up... seems the admins here like to be a bit creative with their editorial powers. guess maybe i should just be happy they accepted my submission? lol...
oh well, bottom line from the infocsec professional's perspective: yet another case where security was not taken into consideration during the design of their networks and software...
when will the networld learn that security is ALWAYS an issue?... oh well, atleast it keeps me employed...
"I think, therefore I get paid."
Talking Heads?
DFL
Never send a human to do a machine's job.
Because AC posts start at 0.
However, I'm not saying they should be ignored. I'm saying they should be punished in accordance with the damage of the crime, ergo not much punishment. A firm slap on the wrist, a week of community service, and a "Don't do it again" is sufficient. Just like I'd expect them to do if some people spread toilet paper outside my office.
.03 for easier math.
.15 brings us to $450 in direct service-interruption damages.
Okay, I think we basically agree, though I list the damage as the interruption of service to several thousand thousand people and the harming of a company's business a little higher than you do.
If one person causes about $100 in "damages" to a service, charging them extra is extortion.
Its a tangent I'm sure others are exploring elsewhere, but lets go anyway.
Hours:
By what I've read, they're going to reset the servers in question back "several hours", and there was actual downtime after the hack. Lets round this amount of time off to five hours for easy calculation.
People:
The boards I've read indicate that several servers were attacked, and that there are ~1200 people on a server. With the uncertainty factor (people saying "I'm not playing, my server might be next") I think we can count at least a nice round 3000 people affected.
Cost of Service:
I've read that people pay $20/mo for this game. Two minutes on shadowbane.com couldn't confirm anything, so I'll just forge ahead.
If you say there's 30 days in a month, 24 hours a day, that's 720 hours a month.
$20 / 720 = 0.027777 or just about three cents an hour. Lets round up to
The Math:
We have five hours of interruption, so that's 15 cents for each person. Doesn't sound like a big deal, but...
3000 people times
Now, if the game is, in fact $20/mo, and 0.5% (one half of one percent--a pretty darn low estimate) of the people affected cancel their account, then in the next month, 15 people will no longer subscribe. That's a direct loss of another $300 each month. Even if all those people would have quit in three months (far below the norm in MMORPGs), you're talking about $900. Add that to the $450 in damages above, and you're at nearly $1500 (1350).
All this is before trying to calculate the far more nebulous amount of loss from people who *heard* about this, and as a result, never signed up for the game. Any number I give here would be pure speculation on my part, but due to the subscription nature of the game, just a few dozen people can be rather serious.
So, yeah, I think these people did at least a couple thousand dollars worth of damage with this stunt. I think that my leniency would be to offer them a misdemeanor conviction and two weeks of jail time in return for a guilty plea. If they tried to plead not guilty, I think you've got an easy case for a felonious amount of damage.
When you're talking about popular servers, and actual businesses, things get serious in a hurry. Given the amount of damage involved, I don't think its unreasonable to treat this as a criminal action.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
I bet if you loaded up fsf.org tomorrow morning and saw, "windows is TEH R00LZ!!!", the government's response would be: "too bad, so sad... guess that Linux thing isn't so great after all!"
Not until they released an official statement condemning it as an act of terrorism, then spending hundreds of millions on a federal task force to examine the role of '133+ $p33k' in terror cells.
First of all, I'm not sure that you make the distinction clearly. If I kill off characters or steal items using hacked illegal powers, that is modifying account data. If I use my powers to draw a huge smiley face in the sky, then I have still hacked a server, but then I wouldn't be modifying the user's data.
Now assume that there is in fact no change made to the users' account data itself. That is like logging into a machine, escalating privelege, and installing trojans and key-logging mechanisms without actually changing what the other users (and superuser) perceive as they use and monitor the system. Still illegal? Yes!
--
"Extra Anus Kills Four-Legged Chick" -- Headline
Just because they are hacking into a game today and you're willing to let them get qaway with it, what will you say when they're hacking into your bank account tomorrow?
Absolutely. As long as they're making deposits and not withdrawals.
I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
Something on the net just isn't famous until it's been hacked, attacked or Sued by somebody...
:
The new business model of modern times
1. Create Killer Software / Service.
2. Get Hacked/Cracked/Attacked or Sued.
3. Profit! Cos now you're famous.
Lawyers, for the ultimate source in digital entertainment.
Now, if the game is, in fact $20/mo, and 0.5% (one half of one percent--a pretty darn low estimate) of the people affected cancel their account, then in the next month, 15 people will no longer subscribe. That's a direct loss of another $300 each month. Even if all those people would have quit in three months (far below the norm in MMORPGs), you're talking about $900. Add that to the $450 in damages above, and you're at nearly $1500 (1350).
It should be reasonable to assume that any people who cancel would not cancel purely for this reason. Did you read the threads on the board or even in here? Most of the people who say, "I'm cancelling" do so because it's just one more thing wrong with the game. The Warcraft 3 Frozen Throne beta has less bugs than this thing, from what I'm hearing. That's just plain silly.
So, yeah, I think these people did at least a couple thousand dollars worth of damage with this stunt. I think that my leniency would be to offer them a misdemeanor conviction and two weeks of jail time in return for a guilty plea. If they tried to plead not guilty, I think you've got an easy case for a felonious amount of damage.
They would only be liable for damages directly caused by their actions. This would be the $450 figure you listed above. You also can only claim damage for those who attempted to login to the server, and those who were playing in the time (Probably much less than the 3,000). If you attempt to claim (Unless in a civil court, much different) that your damages are in excess of that, you are going to get laughed at.
I think you have some confusion between civil and criminal hearings. For example, if I steal your car and you have a job that requires usage of your car, I am in no way criminally liable for you losing your job because you have no car. I am however persecuted under grand larceny (Assuming you don't drive an utter piece of shit) and the fines and penalties that go along with that. Speculative or correlative damage (I lost my job, my cat died, etc.) would take place under a civil lawsuit.
The only damages that will be tallied up for a criminal case are those actually inflicted upon the business. In this case, it would be $450. You would get laughed out of the FBI office. If they try to increase damages (Which is possible, by saying that lost wages due to on-call sysadmins, and recovery costs... but since the recovery costs were proven to be very small, as it was up and running in a matter of hours it would be hard pressed to get this number higher.) You also wouldn't be able to provide developers time fixing the bugs that caused it, because that's part of negligence.
Either way, if they do try to persecute it'll be pretty funny. If it's interstate, my guess is nothing will happen. My guess is it's interstate. I would look toward a civil case instead of a criminal case anyway, as a criminal case does ammount to someone spreading toilet paper all over. Except you have very expensive grounds keepers. But, once again, IANAL... just enjoy reading legal documents.
Dacels Jewelers can't be trusted.
http://www.quaker80.com/docs/Once%20in%20a%20Lifet ime.htm :)
.
== WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
You mean, they're defeating your point and applicable?
Shadowbane is shit. I was impressed with the basic concept enough to overlook a lot of technical problems. And a month later and things have actually gotten worse. Already had 2 500+ player guilds from my server quit the game completely. The developers can't even get the login servers to work. It's embarrassing.
Some of us have girlfriends and wives.
There's (at least) two ways to read that:
--Groucho Marx
But that brings up a hitch: Wouldn't it be slave trade to sell that avatar - marriage material - on eBay?
Irene KHAAAAAAN!
Enevts like that proof we don't live in the Matrix. Otherwise Godzilla's would be popping up in New York every time someone finds another hole in one of the servers...
Hyperom.com
Of course, the person who had to log on to the system in the middle of the night probably got paid overtime.. and if not, he needs a new contract. Waa! Watch me cry for someone who got paid $50+ an hour to give chracters back stuff. I had to listen to players complain for more than five years as staff on text-based multi-player RPGs.
...can spell 'snivelling.'
I thought it was just me! Now I have proof it wasn't, so that means I can stop taking those pills! Screw you, Dr. Beaterman!
A man who can't pronouce "nuclear arsenal" shouldn't have one -sig ends here.
...there is no spoon...
In the UK at least all banks must be insured, or have assets to cover all potential losses before they are allowed to operate as a 'bank'. If there had been numerous stories of people being given bank 'admin access' I would not bank online with that provider. The point I was trying to make was that the number of people in the Beta program reporting being given god access to this MMORPG should have been an indicator to an educated consumer that there were likely to be bugs in the final product. If your only concern was the fun of the game, then I absiolutely agree this should be your major criteria for chosing the MMORPG - however, if you are a person who values your virtual assets highly then sure you should chose your MMORPG with the same criteria you would any other serive containing valuable assets (i.e. your bank).
Basically if many people have been reporting bugs for months, don't act surprised and unaware when they affect you.
but this should depend on how secure/enjoyable they've made it. If everybody in the game could grant themselves money then the ingame currency is worthless. If the publisher hasn't made it too hard for certain people to generate money (as is the case in a number of MMORPGs then the currency id automatically devalued).
nuf said
They would only be liable for damages directly caused by their actions. This would be the $450 figure you listed above.
I think it would include at least a portion of the people who cancelled their accounts.
You also can only claim damage for those who attempted to login to the server, and those who were playing in the time (Probably much less than the 3,000).
Heh, the problem with long discussions is that sometimes the other person goes and does research:
From the Ubisoft post and elsewhere, I read that *all* the servers were taken down and reverted. This process took somewhere between two and six hours. Lets take five.
So, five hours plus the three-hour revert is eight hours of service interruption.
Now, since *all* the servers were taken down, and there are ten of them, you're talking about somewhere between 10,000 and 15,000 people. That amount of people is the number of people generally online, per server, as I understand it.
So, as before, 15 cents per hour..
15cents * 8 hours * 12,000 people = $14,400
Even if you're right that the lost registrations are indirect damages (although I disagree), you're still talking about felony-charges level of money here.
I think our disagreement is on a more fundamental level, though. Why do you feel the need to defend whatever miscreant did this? A lot of people seem to feel like its a harmless prank, but I think its pretty obviously more akin to vandalism.
For the record, if this is the person's first offense, I don't advocate a felony conviction. I don't think it should be laughed off or treated lightly, though. This person (or people) have affected thousands of people, and this action shouldn't be ignored.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
we can regard it like the credit card comnpanies - the provider of the MMORPG is responsible to it's customers and then the MMORPG provider can then try to recover from the abuser. I can't see Ubisoft coughing up several million in 'lost man-hours' to it's subscribers and I can't see them recovering the massive sum from the people that exploited the system.
I'll admit my post was a combination of moods, as seem by the massive number of contradictary mods, but I never have and never will post anonymously.
"..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."
Hell, I've seen worse on the first few levels of nethack.
Hmm. If I steal software that I find I love and advise my company to buy a 200 site license for and download a few tracks that I later buy the album from - who loses? I've done both. I've also downloaded software that I binned and music I never listened to again then tough, you create poor software and bad music? - you don't deserve my money.
I think it would include at least a portion of the people who cancelled their accounts.
Only if you could prove the sole reason each of those people cancelled was due to this bug.
From the Ubisoft post and elsewhere, I read that *all* the servers were taken down and reverted. This process took somewhere between two and six hours. Lets take five.
This would be negligence, and correlative damage though. If UbiSoft did their part (By not doing buggy software) than the software would not need to be taken down. From what I read, it only took place on one server (Kahn or something)
Correlative damage doesn't count. Actual damage is what I'm looking at.
I think our disagreement is on a more fundamental level, though. Why do you feel the need to defend whatever miscreant did this? A lot of people seem to feel like its a harmless prank, but I think its pretty obviously more akin to vandalism.
This is the fundamental difference. I view it as a prank, you view it as vandalism. There is negligable actual loss. ~$450. If someone were to cancel their account purely because of this incident, perhaps more. I doubt anybody will cancel only because of this. The updates on the other servers and patches can't be counted in either, because it is a service that has patches regularly and it was something that needed to be patched. Even if the person or persons responsible sent UbiSoft an email demonstrating the capabilities without doing anything, the same thing would happen. The only actual damage was the few hours of gameplay lost to those affected.
15cents * 8 hours * 12,000 people = $14,400
The problem with this is that regular updates then would cost $14,400 and also entitled all players to account credits while the servers are being rolled back or patched. It doesn't work that way.
You can't add that figure in, because that figure would be the same if someone posted the report to UbiSoft without actually doing anything (redundant, I know, just drilling the point home)
There is actual no damage done, because they aren't billed per hour. There is only damage done if they had to pay their customers, or credit them, for downtime. This is obviously not the case. They are billed per month, with no guarantee of availability (Just things I'm gleaning from other comments) so nobody is entitled to anything.
Therefor, the only damage done is actually the cause of UbiSoft's negligence. Had they done proper quality and security controls this would never have happened. The actual damage was slightly worse than if someone had sent a friendly email detailing the exploit. The actual damage done by their exploitation of the system was pissing off a bunch of players.
And from a lot of the Shadowbane board comments and in this thread from the Shadowbane users, worse things have happened.
Dacels Jewelers can't be trusted.
That you're normal. :)
Really, I hope he gets away with this. More gamers might go outside, meet people, or maybe, just maybe, try bathing.
There should be two sets of servers out there for these kinds of games. One where hackers are allowed to do whatever they want, and one for people who want to play by the rules. Both of them would have to be exactly the same in every detail otherwise there would be that temptation of "what am I missing out on over here?".
Do I think this will stop people from hacking the system for the "fair play" players? Heck no. But I'm reading here about how some people think hacking and cheating is part and parcel of the game, that it's not about wrecking the game for others, but pushing the system to the limit.
That's as well as may be, but if you run two identical systems like this, at least you can separate the "adventuring enterprising hackers" from the regular jerks who just enjoy wrecking other people's days.
Fuzzy Knights: New RPG Strips Tuesday and Friday!:
http://www.fuzzyknights.com
Hell yeah. You rock!
And if they trespass on my property I'd shoot 'em.
God Bless Capitalism! Yeehaw
unless your a faggot nerd who couldnt fight anyway, you shouldnt get bashed on the skull.
only on Slashdot can a point be proven by having " an intense game of chess" break into a fist fight:)
in all seriousness, I hope the little weasels roast.
they went about it all the wrong way. if you get that kinda power, you build yourself a couple of avatars and go interact with the people, pose riddles to players, rewarding them if they pass and penalizing them if they fail.maybe offer them a parfait. everyone loves a parfait.
Yes, it's still wrong and illegal and immoral, but it woulda been more entertaining to the players.
I personally would have went out looking for playerkillers and extracting a little vengence:)
on a side note, I think this hack might actually help business- before this, I had never heard of the game. anyone else in the same boat?
Looking for Book Reviews? Check out Literary Escapism.
Doesn't matter when you're discussing legality. We're not talking about the ethics of the situation (though they're still not in the right IMO). Besides, there's not any extenuating circumstances here (i.e. tresspassing to help an injured stranger, smashing the glass to get people out of a burning building, etc...) It's just pretty cut and dried intrusion onto a system that wasn't theirs without permission and doing things that were against the wishes of its owners. I don't see how you have a legal or ethical leg to stand on in this situation.
I ate my sig.
If UbiSoft did their part (By not doing buggy software) than the software would not need to be taken down.
I think this statement is at the heart of our disagreement.
This view of the world of software as the only law on the internet, and anything not explicitly denied is allowed, is pretty out of whack with the idea of property.
The fact that it seems to have taken months to find this exploit shows that it wasn't exactly simple to do. Even if it were obvious from a technical standpoint, it doesn't make it any less illegal or morally reprehensible for the attackers to disrupt the service this way.
There is actual no damage done, because they aren't billed per hour.
How else do you determine the value of the service? UBISoft isn't responsible for refunding money during outages, because its in their terms of service that there will be periodic outages.
In other systems with these kinds of provisions (like utilities), there have been cases where the service experienced excessive outages. In these cases, refunds were given based on the duration of the outages in question. If your cable is out of service for a week, you're entitled to a week's worth of compensation, even though you don't buy it by the day, minute, hour, etc.
The attackers have still denied some percentage of the service to its legitimate users. You can't call it valueless simply because UBISoft isn't responsible for refunding it.
Therefor(sic), the only damage done is actually the cause of UbiSoft's negligence.
To paraphrase your statments, any defense trying to blame this entire fiasco on UBISoft's "negligence" would be laughed out of court. This isn't something accidentaly stumbled upon, it was done intentionally, and with malice, by the attackers.
The actual damage was slightly worse than if someone had sent a friendly email detailing the exploit.
This is patently ridiculous. Ask any of the 15,000 people affected by this which option they'd prefer. I still don't understand why you assign no value to the time of the subscribers of this system.
And from a lot of the Shadowbane board comments and in this thread from the Shadowbane users, worse things have happened.
This is completely irrelevant, unless you're talking about some other breach of security.
The attackers broke the law, and disrupted the service, preventing thousands of paying users from using it. I don't see how damages aren't obvious.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
HOw much is ubi paying you i want to be a yes man too
Homer: What the hell are you talking about?
Malike Bamiyi wanted my assistance.
How do we know this is a hack??? becouse the server people say so. It could just as easly have been a carrot left by one of the developers. Player stumbles upon magic thing says the right words and presto he is a god. Anyway I withhold my judgement until I have more information. I suggest others do the same.
Meh. Stupid 'lameness filter' needs something written here. I wish it were a little bit more intelligent. E
Marxist evolution is just N generations away!
I swear.. has a sense of humor become politically incorrect ? I know its real peoples time wasted... but damn thats a funny one. If the guy had been scamming credit cards or something I'd say fry him... otherwise slap him on the wrist if he exploited an in game bug, kick him out if he actually hacked it. More importantly fix the problem.
:-) /brodacast_all: Yeeeesssss !!!!!! I AM THE ONE !!! KNEEL BEOFORE ZOD.
You know it will be interesting to see how the Matrix online deals with issus like this.. after all its the freakin story line
I don't ask you to be me. I only ask you not expect me to be you.
The servers were not hacked like some slashdotters tend to think, it's clearly an INGAME exploit that happened last night.
IMHO, in the case of an hacked servers, the result would be more like character loss, or character boost, stuff would tend to disappear/appear.
In that case yesterday, it was clear that someone was in control ingame... God, you should have seen that...
I heard rumors that some guild had produced a modified client that would allow them to do that kind of stuff...
That situation is more scary since it might take longer to fix if the problem lies in the code than it would take if the issue was an exploit of ssh or such...
This view of the world of software as the only law on the internet, and anything not explicitly denied is allowed, is pretty out of whack with the idea of property.
No, it's completely in sync with property. If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed. That's all I'm saying.
UbiSoft didn't have locks installed. They learned they needed them. They installed them. End of story.
This is patently ridiculous. Ask any of the 15,000 people affected by this which option they'd prefer. I still don't understand why you assign no value to the time of the subscribers of this system.
This is wrong, and this is why I listed my point twice. 15,000 people were affected by a bug in UbiSofts system. 1,200 people (or 3,000 as registered on that server, whatever) were affected by what the attacker did.
You understand the difference?
The attackers broke the law, and disrupted the service, preventing thousands of paying users from using it. I don't see how damages aren't obvious.
There is no damage, as I've said before. Damage doesn't mean pissed of geeks. Damage means money that is actually lost that they would have otherwise. You can't list UbiSoft having to patch their servers and services, because that would be the case even if they were notified in a friendly email. You can only list the actual damages: None.
Dacels Jewelers can't be trusted.
"Well, Your Honour, I gamed a game and now the people who own the game want to game the law."
Back in the day when I used to roll play... this is what might happen when a new DM would start playing with an existing group.
DM: - rolls dice-
"suddenly you find yourself standing in a large croud of people.
Elf: "What happened? We were all just eating lunch in a forest"
DM - rolls dice a few more times -
You see the clouds part and a large godlike face apear in the sky.
"I have declared you an axis of evil and now you will face my wrath!"
The god then launches lightning bolts at random into the croud easily killing and NPC's that are unwanted and causing some chaos.
Elf "I think I am going to call my lawyer"
DM -rolls dice-
"Your lawyer suddenly apears in mid air about ten feet above you and drops out of the sky"
THUD
Lawyer "Wha huh?"
God "MUHAHAHAHAHAHAHAHA... Wheres your little judge now!"
Oh gheese did I get off topic...?
APATHY.
If We Don't Take Care of the Customer, Maybe They'll Stop Bugging Us.
The point is, vandalism without punishment only escalates. We already have too many people thinking they can get off scott free because it's their right to be destructive assholes.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
I guess I wasn't the only one that was getting really tired of this guy's fantasy land of a perfect MMORPG that operates flawlessly for only him, all of the time, despite what anyone else might say about their personal experiences. Poor guy. He needs a life BADLY.
What a lame "Bruce Almighty" promo.
Actually..the things that were used were commands that are used during every single GM event. Special event NPCs are treated the same as PC characters. Wolfpack staff has the ability to teleport in the special event characters, and they can teleport in other people too if they had a legit reason. What the poster above is saying about leaving the god-commands in being bad is like saying police cant drive car's because someone might steal it. THINK before you post please.
So, how much does it cost to be a beta tester these days?
You are really just dense, aren't you Caustic?
Bill Hicks, is that you?
Should I be on that Jury?
Yes, please.
Slashcode mauls the actual command, it's in my acct description somewhere
There are some "less than's" which get dropped because they're assumed to be HTML tags
I think this is quite amusing. Who here can really say they wouldn't give themselves god powers if they worked out how. I would have loved to have walked around smiting anyone I see.
Die you pimple faced geek!!!
-- Karma Karma Karma Karma, Karma Chameleon - Boy George
Anyone here ever use the program Everhack back in the day? Perhaps someone was able to put together such a program for SB. Just one possiblity i thought of but most likely someone edited the files in their SB directory to get ahold of GM status. I really dont think it was an actual server hack. If it was and they get caught they are looking at some serious trouble if not jail time. On the other hand what if it was just a straight up exploit? Can we expect people go to jail because some dumbass didnt realize putting in code to enable GM status by holding down ctrl + alt + F5 was a seriously bad idea? If it was a client side exploit and UBI does sue i would love to see some law suits against them as well for such an obvious coding mistake. It makes me wanna go out and write some half-assed code then sue people for using it wrong.
"At first, we thought it was just another snake cult."
No, it's completely in sync with property. If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed. That's all I'm saying.
If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed.
Your analogy breaks down immediately. UBISoft clearly had locks on the doors. Not including the fucntionality in the client to begin with constitutes locks on the doors.
So, in your example, the building has a rather wimpy security system, say cheap locks. This is probably a stupid choice on their part, but that doesn't really affect the legality or morality of the situation. Then, someone breaks in and trashes the place. I can't think of an analogy for 15,000 people not being able to play a game that they subscribe to, but I think you can see the point from here.
Maybe the business should've invested in a night guard, but that doesn't make it legal to break the cheap locks.
This is wrong, and this is why I listed my point twice. 15,000 people were affected by a bug in UbiSofts system. 1,200 people (or 3,000 as registered on that server, whatever) were affected by what the attacker did.
You understand the difference?
No, because there isn't one.
Are you arguing that UBISoft, upon noticing this exploit, shouldn't have restarted and rolled back all their servers? If this security problem hadn't been violated in this way, the rollback (and affects on all the players) could have been avoided. Also, the outage for the servers could have been much shorter, and at a time where it would have less impact on the general player base.
The outage was a direct result of the attacker's actions. Just because the locks on the doors weren't as strong as they needed to be (in your analogy), doesn't mean that the attackers aren't responsible for having to check and clean the whole building for vandalism after they broke in.
There is no damage, as I've said before. Damage doesn't mean pissed of geeks. Damage means money that is actually lost that they would have otherwise. You can't list UbiSoft having to patch their servers and services, because that would be the case even if they were notified in a friendly email. You can only list the actual damages: None.
Again, there is clearly damage done.
The only reason that the people involved aren't getting refunds is because they haven't demanded it. And who would they demand it from? They would demand it from the attackers, as UBISoft's user agreement covers UBISoft from outages. When you're talking about damage here, you're talking about damage to anyone involved, not damage to only UBISoft.
I still don't understand why you think that disrupting several hours of the prime time of a service that serves thousands of people worldwide isn't worthy of serious punishment. It seems that you fundamentally don't believe that these people deserve to play their game unharassed.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
Your analogy breaks down immediately. UBISoft clearly had locks on the doors. Not including the fucntionality in the client to begin with constitutes locks on the doors.
Providing that functionality to begin with is the problem. The fact that any client, not just those provided by UbiSoft (Think of employee, vs someone walking in off the street) could do this given the proper knowledge (where the door is located.)
The only reason that the people involved aren't getting refunds is because they haven't demanded it. And who would they demand it from? They would demand it from the attackers, as UBISoft's user agreement covers UBISoft from outages. When you're talking about damage here, you're talking about damage to anyone involved, not damage to only UBISoft.
Give each person the thirty cents, big fucking deal. Only give those people who were affected by the malicious client refunds, because that is the only damage caused by the perpetrator.
My statement is that because this service is provided without uptime guarantee, nor do people pay per hour/minute but by month, there is no valid way to calculate actual damages.
You cannot include any damages done by UbiSoft having to patch their servers and services. Because had someone notified them via email it would still have the same outcome.
Re:ding ding! Not in beta! (Score:1)
by zipwow (1695) on 06:24 PM May 29th, 2003 (#6072833)
(http://zipwow.net/)
No, it's completely in sync with property. If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed. That's all I'm saying.
If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed.
Your analogy breaks down immediately. UBISoft clearly had locks on the doors. Not including the fucntionality in the client to begin with constitutes locks on the doors.
So, in your example, the building has a rather wimpy security system, say cheap locks. This is probably a stupid choice on their part, but that doesn't really affect the legality or morality of the situation. Then, someone breaks in and trashes the place. I can't think of an analogy for 15,000 people not being able to play a game that they subscribe to, but I think you can see the point from here.
Maybe the business should've invested in a night guard, but that doesn't make it legal to break the cheap locks.
This is wrong, and this is why I listed my point twice. 15,000 people were affected by a bug in UbiSofts system. 1,200 people (or 3,000 as registered on that server, whatever) were affected by what the attacker did.
You understand the difference?
No, because there isn't one.
Are you arguing that UBISoft, upon noticing this exploit, shouldn't have restarted and rolled back all their servers? If this security problem hadn't been violated in this way, the rollback (and affects on all the players) could have been avoided. Also, the outage for the servers could have been much shorter, and at a time where it would have less impact on the general player base.
The outage was a direct result of the attacker's actions. Just because the locks on the doors weren't as strong as they needed to be (in your analogy), doesn't mean that the attackers aren't responsible for having to check and clean the whole building for vandalism after they broke in.
There is no damage, as I've said before. Damage doesn't mean pissed of geeks. Damage means money that is actually lost that they would have otherwise. You can't list UbiSoft having to patch their servers and services, because that would be the case even if they were notified in a friendly email. You can only list the actual damages: None.
Again, there is clearly damage done.
T
Dacels Jewelers can't be trusted.
Providing that functionality to begin with is the problem. The fact that any client, not just those provided by UbiSoft (Think of employee, vs someone walking in off the street) could do this given the proper knowledge (where the door is located.)
Are you, again, arguing that the attackers didn't have to break the code to do this? Whether the code "should" or "should not" contain this ability is pretty irrelevant.
Give each person the thirty cents, big fucking deal. Only give those people who were affected by the malicious client refunds, because that is the only damage caused by the perpetrator.
15,000 people could not play the game for eight hours. That interruption was a direct result of the attack. That interruption time does *not* include time to fix the original vulnerability, but only to clean up the problems caused by the attackers.
Again with the math, but 15,000 people times even 30 cents is $4500, a felony offense worth of damages.
My statement is that because this service is provided without uptime guarantee, nor do people pay per hour/minute but by month, there is no valid way to calculate actual damages.
Just because services are provided without uptime guarantees (no refunds on rainout games, for example) doesn't mean that disrupting them for other reasons isn't damage.
Furthermore, the EULA probably states that downtime will happen for reasons like software, hardware, and network maintenence. I doubt it lists malicious attackers.
You cannot include any damages done by UbiSoft having to patch their servers and services. Because had someone notified them via email it would still have the same outcome.
Ubisoft didn't spend that eight hours coding up a fix, testing it, and installing it. They spent that eight hours rolling back servers, changing firewall settings, banning users, and dealing with support calls. None of those things would have had to have been done had the attackers taken the 'friendly email' approach. Hence, all that time, that expense and effort is a direct result of the attack.
The work to actually fix the problem probably still needs to be done. This is akin to wedging closed a door with a broken latch. The latch still needs to be fixed.
Here's a nice little point-by-point rebuttal for you:
* The only people directly affected where those on the server when the perpetrator exploited the system.
This is false. All services were interrupted. All users were affected. Interruption to all services was a direct result of the attack. All servers needed to be reset, as the extent of the attack was not verifiable.
* UbiSoft is liable for their services, including patches. Therefor, any patches or rollbacks are on the shoulders of UbiSoft. There is nothing directly correlating responsibility for UbiSoft patching it's services and servers and the exploitation. Just because they became aware of it at that time, doesn't matter.
This is false. UBISoft is not 'liable' for anything. They are responsible for their services. Had this attack not happened, no rollbacks would have been needed, no additional downtime would have occurred. The fix would have been installed during their next maintenence cycle.
The attack caused additional downtime. Additional downtime is damage to the players.
* There is minimal damage, less than $500. For the actual amount of damage caused, it would cost more to use the court space to persecute. Excluding costs of law enforcement officials.
This is false. There is significant damage, more than $4000. The crime committed affected thousands of people. The perpetrators deserve punishment.
You read these points, and read them carefully. If you actually understand them, you'll understand that the attackers committed a serious crime, affecting thousands of people worldwide. This is certainly a punishable offense.
You seem to imply th
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
Are you, again, arguing that the attackers didn't have to break the code to do this? Whether the code "should" or "should not" contain this ability is pretty irrelevant.
Show me where it's illegal to reverse engineer software. Only technological copyright protection devices have this protection.
Furthermore, the EULA probably states that downtime will happen for reasons like software, hardware, and network maintenence. I doubt it lists malicious attackers.
The malicious attacker did not cause downtime. UbiSoft caused downtime for maintenance to fix a bug that they created. The attacker merely caused havok inside the game. It was UbiSofts decision to rollback, and they didn't technically need to.
This is false. All services were interrupted. All users were affected. Interruption to all services was a direct result of the attack. All servers needed to be reset, as the extent of the attack was not verifiable.
Ok, answer this question then: Why would this be different if someone had sent them an email detailing how to do the attack and saying that it is possible other people know about it?
This is false. UBISoft is not 'liable' for anything. They are responsible for their services. Had this attack not happened, no rollbacks would have been needed, no additional downtime would have occurred. The fix would have been installed during their next maintenence cycle.
First, prove that the rollbacks were in fact necessary. It looks like UbiSoft did that to be sure that nobody used the exploit to get something they didn't win in the game. If someone sent them an email and said, "I figured this out, and it's quite likely someone else will." than UbiSoft would have done an emergency patch job. You don't wait when you know there is a gaping security hole, you fix it then. Especially if it is a trivial fix (And 8 hours to patch all the services is trivial.)
This is false. There is significant damage, more than $4000. The crime committed affected thousands of people. The perpetrators deserve punishment.
If someone steals my car, and I have a computer in that car that I use to make money with (Lets say $4K a day, doing consulting work) they are not responsible for my lost wages. If I don't get my computer back, they are responsible for the computer. If I do, they are responsible for the crime of stealing my car (stealing something of a value greater than $5,000 - Grand Larceny, a felony)
No court will ever find that this attacker is directly responsible for more than the actual damage he caused directly. You are trying to blame him for indirect damage, and life doesn't work that way. In a civil case, UbiSoft could probably be able to get awarded the damages ($4K, it costs more for their lawyer than they get back) but in a criminal case, this will be treated exactly like toilet papering someones office.
Dacels Jewelers can't be trusted.
Of course, redcode is a wierd language. I'd much rather they had based it on something closer to a "real-world" instruction set.
Of course the key to a game such as you mention is that security would be taken "very" seriously. Just as in open source, your game would be taking security to be far more important than typical commercial software because security would not be ignored.
Seems to be a reason for hackers of all generations. "I just plugged a foozle into a whatzit?" "What's it do?" "Nothing!" "Why'd you do it?" "Because I can!"
Show me where it's illegal to reverse engineer software. Only technological copyright protection devices have this protection.
...
I've never said its illegal to reverse engineer software. Its not illegal to own lockpicks, either. Breaking into buildings, though. That's illegal. With or without lockpicks. In fact, you don't even have to lock the doors. All you have to do is make it clear that it is private property, and that the general public is not invited. I think by hiding the protocols to access these features, and calling them 'admin featuers', UBISoft has fulfilled this requirement.
Why would this be different if someone had sent them an email detailing how to do the attack and saying that it is possible other people know about it?
The fix for this problem can be written with the servers still running. Access to these functions can be monitored, possibly controlled at a firewall level. The installation of the patch can occur during normal weekly maintenence cycles, which take place during periods of low usage.
FAR less disruptive than a loss of eight hours of primetime, and the cost of support overtime.
You don't wait when you know there is a gaping security hole, you fix it then.
Somewhat true. Your first fix won't be the only fix, nor will it be the ultimate fix. Typically you'll disable the feature that has the problem (specifically in this case, remote access to the admin features), and then begin working on the fix, which may take weeks.
That said, your first response to finding a gaping security hole isn't to bring down the system, either. You say to yourself, "Ah, okay. I'll watch for that then, while I work on fixing it."
If someone steals my car,
This analogy has nothing to do with this situation, because I'm not talking about damage to UBISoft for the most part, and we're talking about a service interruption, not a material theft.
No court will ever find that this attacker is directly responsible for more than the actual damage he caused directly. You are trying to blame him for indirect damage, and life doesn't work that way.
You keep saying this, but it doesn't get any more true. Explain how interruption of a service I pay for isn't clearly damage?
I've refuted every argument you've made:
The actions by the attackers were illegal (possibly we agreed on this from the beginning). There was damage done (interruption of a paid service).
The damage was a direct result of the attacker's actions (rollbacks necessary, monitoring not a viable approach, etc).
The damage was avoidable (if not by the attackers simply refusing to break the law, then by other approaches to the problem)
The time taken to fix the result of the attacks is independant of the time to fix the original bug. (reverting servers, answering support calls, etc).
A significant amount of people were harmed (more than 10,000).
You have never answered the question of why these people should not be punished (or deserve only extremely light punishment) for disrupting the service of thousands of people. Even by your own convoluted logic, the people on the attacked servers (at least a thousand of them) had their service disrupted for several hours. You have never explained why the time of these people is valueless, or why it is acceptable for the attackers to waste their time and disrupt their activities.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
I've never said its illegal to reverse engineer software. Its not illegal to own lockpicks, either. Breaking into buildings, though. That's illegal. With or without lockpicks. In fact, you don't even have to lock the doors. All you have to do is make it clear that it is private property, and that the general public is not invited. I think by hiding the protocols to access these features, and calling them 'admin featuers', UBISoft has fulfilled this requirement.
You said that they "broke into the client" which is just stupid. They did nothing of the sorts. If you honestly think that hiding the protocols to access admin features means UbiSoft has fulfilled their responsibility for security than, quite frankly, you are an idiot.
"But officer, I put my door in the back of my house so nobody could find it! It's not my fault they broke into it."
I'm not excusing the act of exploiting their services, but I'm not excusing UbiSoft for being incompotent and idiotic either. They had a very definite hand in what happened. It's like parents who keep loaded guns around children.
The time taken to fix the result of the attacks is independant of the time to fix the original bug. (reverting servers, answering support calls, etc).
Ok, repeat after me. Had it been an email notification, the same process would have likely taken place. Why do you not understand that? Oh, because you think that UbiSoft not telling people where the admin controls are at constitutes security...
You have never answered the question of why these people should not be punished (or deserve only extremely light punishment) for disrupting the service of thousands of people.
Yes, I have answered it. You just don't read what I write. You didn't answer my question that I posted last time. You tried:
The fix for this problem can be written with the servers still running. Access to these functions can be monitored, possibly controlled at a firewall level. The installation of the patch can occur during normal weekly maintenence cycles, which take place during periods of low usage.
This is where you prove without a shadow of a doubt you are absolutely clueless. You have obviously never worked in a production environment with server farms running code that could be exploited (and people try to exploit) at any given moment. Newsflash: If someone emails you and says, "By the way, your admin ports are hanging out and anybody can connect in if they figure it out" shit hits the fan.
You still think the attacker is indirectly responsible, which is bullshit from a criminal point of view.
You also think that these people have value. They are paying for entertainment, so why do they bitch if they get to live the same experience again? If it was so much fun the first time, they'll do it better the second time.
It's a fucking game. People didn't get to play their game. The person(s) who did this are going to get away, and I'm not saying that I think they should or not. I'm merely stating that they are. It's the way the law works. They only mucked around on one server. UbiSoft fixed all of them.
You know what this means? He's responsible for what happened on one server. Everything else is indirect damages, and are not his fault.
At this point, I would be amazed if you were older than 16... your lack of actually reading what other people write and understanding systems and law is astounding.
Dacels Jewelers can't be trusted.
Aside from the fact that ad hominem is the first tactic of the defeated, I'll respond to your questions...
://www.kenttrust.com/portscanning.htm
You said that they "broke into the client" which is just stupid.
I can see where you're confused. Reverse engineering the client is legal (EULA notwithstanding). Using that information (and I'm guessing, some other information as well) to wreak havok on the server, disrupting the service for thousands, is quite illegal.
If you honestly think that hiding the protocols to access admin features means UbiSoft has fulfilled their responsibility for security than, quite frankly, you are an idiot.
First, you're making some assumptions that aren't warrented by the situation. Namely, that accessing the admin feature required one only to use the right protocols. While this may be the case, I suspect that the attackers also used some novel approach to circumvent the authentication scheme.
Even if this suspicion proves to be false, UBISoft has, in a legal sense, fulfilled their security obligation. As I've said before, entering an unlocked door can still be trespassing. For reference, see 'unlocked door' mentions on these sites:
http://www.cipherwar.com/news/99/crime.htm
http
http://www. poprocks.com/journ/TA.html
Now, I'll grant that security through obscurity is stupid from a "protect your goods and data" point of view, but that's not what we're talking about. We're talking about the law, and the law says that it only has to be obvious that the area is private. They don't have to build three foot thick barriers to keep you out.
Newsflash: If someone emails you and says, "By the way, your admin ports are hanging out and anybody can connect in if they figure it out" shit hits the fan.
But the fan doesn't stop spinning. Which is my point. Every time you get a message that someone's found a new vulnerability in apache, you don't shut down the box while the fix is being coded. Heck, the security community in general doesn't even disclose the vulnerability until a fix is available, unless the company in question has just ignored it.
Had it been an email notification, the same process would have likely taken place.
You keep saying this, but haven't responded to my assertions that:
* the rollbacks would not be needed
* the update can be written without taking the servers down
* the patch can be applied during the normal update cycle, which is not during prime time
* support personnel are not inundated with requests
I think these points adequately prove that there is a large difference between the attack and a friendly email.
You also think that these people have value.
Now you've made the point that I've been alluding to in earlier questions about why you think the things you do. I absolutely think these people have value. I think all people have value. You seem to have some grudge against either this particular activity or against the notion of entertainment in general. Perhaps you are one of the sort of people who view any server connected to the internet as just another obstacle and personal playground, rather than someone else's property providing a service to a community of people. Something seems to prevent you from seeing these people as important, and the servers as private.
They are paying for entertainment, so why do they bitch if they get to live the same experience again? If it was so much fun the first time, they'll do it better the second time.
Enjoying doing something is not the same as doing it over. See software development and home improvement projects.
They only mucked around on one server.
How do you know this? How would UBISoft know this? They only caused mass devistation on one server, who knows what they did on the rest? Or were about to do? When someone breaks one system on your c
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
Aside from the fact that ad hominem is the first tactic of the defeated, I'll respond to your questions...
Well, here's what it's like "arguing with you"
Me: X, Y, and Z is this way.
You: No, because Z is more important than X!
It's kind of amusing, in a special olympics sort of way. You haven't even made a valid case against indirect damage. You just ignore it. Ignoring is the first tactic of the defeated.
* the rollbacks would not be needed
How do you know? How can you prove that nobody used this knowledge. You can't. That is why they rolled the servers back.
* the update can be written without taking the servers down
They didn't need to take the servers down.
* the patch can be applied during the normal update cycle, which is not during prime time
A patch that shouldn't have needed to be applied in the first place could have, yes. You are going purely off of circumstantial evidence and saying "Well, UbiSoft would wait until they could do it and just hope that nobody else found out about it."
This is just idiotic. You think that UbiSoft (or anybody) that is running a game service is just going to sit back with knowledge that a bug of this magnitude is sitting there? Nope, it would happen very fast. Probably just as fast, and if it didn't, I would fire some people if I worked there.
* support personnel are not inundated with requests
Ok, I'll actually grant you this one. That is still an indirect effect of the attack though.
You need to understand the difference between direct and indirect.
How do you know this? How would UBISoft know this? They only caused mass devistation on one server, who knows what they did on the rest? Or were about to do? When someone breaks one system on your cluster, you *have* to bring them all down immediately.
Hey! You can actually come around to a logical conclusion. How would UbiSoft know they didn't need to rollback their servers? You win a prize! They rolled back to be sure, end of story.
At this point I can see that you're not rational, and I'm finished with this discussion.
Good, at least you finally managed to understand that UbiSoft had no way of knowing how much damage they did to themselves. You still haven't even understood an ounce of what I was saying anyway, so when you finish your high school English courses, come back and read this. Maybe then you can understand what I'm talking about.
Dacels Jewelers can't be trusted.