Slashdot Mirror
Shadowbane Servers Hacked, Chaos Ensues
Vanguard(DC) writes "There was a major hacking incident last night on the servers of Shadowbane, a newly released MMORPG by UbiSoft/Wolfpack. The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game. There's already an official statement on the forums - 'Ubi Soft and Wolfpack Studios are now working with law enforcement, and we promise all of you that these individuals will be prosecuted to the full extent of the law.'" There's a little more information via a post on the SBCatacombs messageboard - apparently the carnage (including many less powerful players getting killed) involved "..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."
ok... this is getting ridiculous... why should anyone that found a way to compromise security for a game be prosecuted in real life?!
if that will happen, then WHO will take responsibility for all the holes in Windows?!
talk about ironic...
computer security review people.. use them.
ok... this is getting ridiculous... why should anyone that found a way to compromise security for a game be prosecuted in real life?!
Why should computer game servers be exempt from the usual laws about hacking into peoples' systems? Those who break into banks are prosecuted, if caught.
This person or persons compromised security, broke in and disrupted business operations, causing damages. Seems pretty straightforward to me.
ASA
All employees must wash hands before seeking equitable relief.
This is the kind of thing that as a fifteen year old, I only dreamed about.
I can understand players getting mad at this, but at the same time, it's just a game, and if individual users themselves are considering legal action, they really need to shut down the computer and go outside for a while.
Do not look into laser with remaining eye.
It seems like they will roll the server time back a few hours, so things will go back to the way they were before the carnage. However, I cannot recall anything like this ever happening in any other MMRPG.
Other MMRPGs have had buggy starts, but this is over the top. Is this just a natural result of the fiercely competitive guild wars in the game? In a game where player cities rise and fall, wasn't it just a matter of time before a guild went too far?
Ubisoft will have to be very careful about how they handle the aftermath of this. The game is only a few months old, and many players who stream into games like this when they open will leave just as quickly if they perceive the game to be sub-par, in a number of areas. Crashes and loss of items/progress in particular seem to be real bugbears for most players. It already happened with Anarchy Online, where players quickly left in droves due to the incredibly buggy release code. How many players are going to stick around if incidents such as this can apparently happen so easily?
No.
But it is illegal to hack company property(MMORPG servers) and disrupt a company's business. This could put some serious hurt on sales and memebership on their servers.
Think, man.
Kalen D'arrie
...why the hell are you playing?!?!
Stop paying $20 a month, I'm sure that you can easily go out and find someone that will abuse you for free.
"No Comm, No Bomb"
beta testing does work!
shouldnt law enforcement be secondary to fixing the problem? for law enforcement doesnt solve the problem.
I know you are psychotic, but please make an effort.
The problem with this idea is that some people suffer from a delusional existence known as 'real life syndrome' where for whatever reason, their brain is confused and they can only find a couple hours per week to play their favorite online game.
Imagine how many times you would have to log in during those few brief hours to find that "oops, it's 'fake' time, nothing you can do know will matter" before you would move on and look for a different game.
This was tried in one of the first graphical 3D MORPGs (only one M because it wasn't Massive), Meridian 59, and it sucked... pretty much made me quit playing it.
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
They don't actually want their characters to be able to die. They just want to gain levels and powers at a regular rate, so that they will be more powerful than everyone who joined the game after them.
MMORPG players today are losers of the highest calibre. They consider their wasted time an "investment" in their character. I know several who don't actually enjoy playing the game at all, but they want to get the "Deluxe Two-Handed Sword of Power" before some other loser gets one.
And woe betide the day when one of them dies in combat and loses some XP or an item. -That's- when you hear about another dorm-room suicide.
I'm not trying to be flamebait, I'm just bitter. I knew a guy at RIT who pretty-much sat in his room 24/7 playing Asheron's Call. Only left to attend class and occaisionally eat (he would bring the food back with him to keep playing). He was vacant. Away from the game, he had no way of interacting with normal people. We often considered nuking his box just to push him off the deep end.
GeekNights!
Late Night Radio for Geeks!
I think it's kind of ludicrous to make threats like the Ubi people have made, but the people who did this do deserve some comeuppance because what they did *was* in the real world--they hacked the game, destroyed a lot of people's expenditures of time, and most importantly to Ubi, trashed the hosting company's reputation. All of that is real-world, whether you think it's important or not.
That said, I think the whole thing was hilarious from descriptions, and I'd love to see the recording of the mess they made.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
Haven't the law enforcement agencies got something better to do, like chasing down bullies who knock down sandcastles or something?
The hackers may have pissed off a few geeks and suits, but they've given them relatively painless object lessons in what really matters in life (i.e. "not your role playing characters", and "having decent security if you do business on the internet", respectively).
Imagine if they had gone after credit card numbers instead, for example?
And that's without even considering the benefit to mankind in increased happiness, by giving a load of other folks a good laugh.
They DID hack into a commercial system and disrupted business.
They DID interfere with paying customers.
Just because they are hacking into a game today and you're willing to let them get qaway with it, what will you say when they're hacking into your bank account tomorrow?
Non tam praeclarum est scire Latine, quam turpe nescire
-- Cicero
This is informative? I'm not saying that the hackers ought to be sent to a labor camp over this, but letting it go is like not prosecuting the shoplifter 'cause they're murders in the world.
No one reasonable is asking for the cops to stop chasing terrorists to do this, but we as a society prosecute any crime (even stupid ones, to even stupider lengths) as a principle.
And just because other problems exist, doesn't mean you let the little ones slide. No one's time is that hard up.
Tell that to the guys who got the pager call in the middle of the night and had to get up leave their wife and kids, go in to work and fix this. The kid should pay, not because he killed an Orc/B. He should pay because he disrupted a business, and caused them monetary damages. The kid should have least have to pay for all of the overtime he caused.
http://www.windmeadow.com/
That's f ing weak, just because it doesn't meet your definition of cool doesn't mean it wasn't illegal. Don't cry me a river about the "real" problems of the world. If I pay a monthly fee to play a game to (at least briefly) forget about those "real" problems, I should be safe from a "real" criminal screwing with my time and investment. Get over yourself.
You sir, are an idiot.
Do you ever complain if someone's cell phone rings in a theater? Or if they talk loudly through the whole film?
Basically, if you *ever* complain about anything that someone does to make your entertainment choices less fun, you're a hypocrite.
I bet if you were in the middle of an intense game of chess and I, a complete stranger, came by and intentionally knocked the board over, you might feel like throwing a punch in my direction. How is this any different, except that the jerks are safely far away from having their asses kicked right then and there, is beyond me.
Saying it's "just games" ignores just how important a certain amount of play is to a healthy life.
.
SB Catacombs is my site. :/
"People" using "unnecessary" quotes should be "shot".
Hackers should be treated like a force of nature, they're always going to be there and you should take all reasonable precautions to protect yourself from them. So all criminals should be treated like a force of nature and not prosecuted if caught? Seriously, laws are laws. Just because you broke a law using a computer doesn't mean it's acceptable.
It's a business.
The point is that if they were your servers, and they were your customers, and it was your business model you would be screaming bloody murder.
And if you wern't then you need a serious reality check about how the real world operates. This is a company with shareholders who now has to explain why they wouldn't react the way they are to their shareholders.
On another note, does anyone else notice a trend on the games.slashdot.org stories and how many of them suffer from morre thoughtless comments than a normal Slashdot storie?
Ted Tschopp
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
I do have the slightest understanding of how these games work. I also know that they're extremly complex pieces of software that are very hard to throughougly QA since there are SO many things that can be done in-game.
t sequence in the client to grant table-level control of the database... at least I hope not.
I didn't see anything that led me to believe the baddies didn't do anything that someone with "god" powers in the game could do. Did you read the description of what was happening? It sounded more like they got god/admin/developer/whatever access, and not that someone was manipulating the underlying database. It didn't sound like they teleported EVERYONE, just the people they happened to come accros, the slashdot story made it seem that way tho.
Nobody's stupid enough to allow an up-up-down-down-left-right-left-right-select-star
I hope not too, but it looks like something did go wrong! It doesn't matter so much WHAT the method was, but that there was a method, and since we don't know how, it could easily have been done entirely in the game client, and that was my point. If you want a more realistic flaw... Maybe they were able to overflow a chat buffer somewhere by typing in a long message.
Welcome to Economics 101; Supply and Demand.
If there is enough Demand for Beta positions, and a limited Supply due to bandwidth, then you have to limit the Demand. One excellent way is by charging a fee to join the Beta.
As an aside, when RagnarokOnline switched to a paid beta a while back, the community improved. People who had nothing to lose because they hadn't paid were pricks; they'd steal kills, and steal your loot before you could grab it. Behaviour like this decreased when they switched to a paid beta, because they now had money invested in the game.
Class dismissed.
The main point of prosecution is that people paid real money for the privelege to play the game, and were deprived of the value of that money when some juvenile jerk decided to go on a rampage.
Ubisoft would disagree with you. So would Sony/Funcom/whoever else.
No one wants a direct connection between time spent in the game and money. If this jerk is liable for causing you to lose items/experience in a game, then so are the big boys. Liability is bad.
This is why Sony fights selling in game items for real life money (ebay, etc). It's not so much that they want to stop it, but they want to make sure that it is perfectly clear this is not condoned. They don't want to show any sign of having a dollar amount on a cyber persona.
You also can't put this off as, "Well they should of had tighter security". Do you blame someone whose house was broken into because they didn't have a state of the art security system? No, and neither should a company be blamed if a small subset of computer users who posses special skills are able to break into their systems.
They didn't touch credit cards or the actual accounts, but this is counted as illegal because it happened to a big, rich company.
Webservers get r00ted every day, but very rarely does the FBI go after the cracker responsible.
I bet if you loaded up fsf.org tomorrow morning and saw, "windows is TEH R00LZ!!!", the government's response would be:
"too bad, so sad... guess that Linux thing isn't so great after all!"
It's not about players being inconvenienced, it's about someone with a lot of money losing face.
The US Army: promoting democracy through unquestioned obedience
If it's an actual rooted server or other high-level problem
Keeping in mind the actual damage done by the crime, and actions persued (game havoc, but no malicious file deletion, record stealing, theft, etc) - I would say to slap the offender with a nice stiff fine for time involved in fixing the server and possibly reputation loss, revoke his/her account, and deal with him/her through the ISP. Fine can't be too big though, we're probably dealing with a 15-year-old, a $1000-$2000 would be more than enough to bring swift repentance from most.
If it's a game exploit
Suck it down. Track down and ban the player in question, but at least acknowledge that there was a bug in your software. Yes, players exploiting said bugs or lack of security are making online gameplay lose its lustre, but that's also the fault of the developers. You can't solve bad coding or protection with lawsuits, unless you think perhaps that you're Microsoft or the ??AA.
Why can't people simply say "oops, we screwed up, and somebody took advantage of us. It's fixed now, and we're making sure it won't happen again."
Personally, I think he's a person who has the capacity for empathy, and some degree of objectivity. By this I mean that he can put himself in anothers' shoes and understand the story both from the viewpoint of the perpetrator and the victim.
Empathy of this kind is simply a part of what we call maturity. This, in turn, is the capacity to realize one's goals as a part of society, or any social group of human beings, while not hindering the pursuits of others unnecessarily.
So hacking related to 'games' is just fine?
If someone were to hack into the computers running a NBA or NFL game, crash the scoring system and the video system... made the game get cancelled for the night - you'd just dismiss the hacker and say 'it was just a game... no real harm done...' ????
I don't think so.
/sig
I enjoy martial arts. I pay for the priveladge of being instructed. I LOVE performing the techniques and sparring. But at the same time I seek a greater level of profficiency in my art. Were I to be bashed in the skull and somehow lose the last 2 years of my knowledge regarding martial arts I would NOT be happy. Yeah, I get to learn it all again. That's great and all. But in my attempt to attain a greater level of profficiency I've just been set back by 2 years. The idea is the same, just because I enjoy doing something doesn't mean there is no greater goal behind it. The striving for improvement is part of what makes competition and games fun and if my improvement was suddenly whiped out then a fundamental part of the experience has been removed and must be regained.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
First of all, I don't play online games. I don't even have a working computer. It's remarkably freeing.
Second, the key here is that somebody created a lot of trouble in a public venue. It's not like somebody cheating at a D&D game; it's more like going into a gaming store and knocking all the shit to the ground and harassing the patrons. It's freaking illegal.
Just because it was on a computer screen doesn't make it less real. This is the Mitnick mentality that people have to dump.
Hey freaks: now you're ju
Unfortunately he needs to figure it out for himself, otherwise he won't ever quit. My freshman year in college was waisted on EQ. No friends, no women, the minimum amount of schoolwork required to get B's. I would play anywhere between 50 to 80 hours a week, sometimes more. Something really bad in game needs to happen in order for him to quit, thats what it took for me. The worst part is that it takes years to recover from an addiction like this. Though you can stop playing cold turkey the damage done to your social skills isn't quite so easy to recover from. I just graduated from college and my social life only really got up to speed a year ago. A year wasted playing the stupid game and 2 years spent trying to get my life back on track because of the stupid game.
It annoys me when businesses depend on law enforcement rather than sound security practices to stop hackers.
I've heard of many incidents where honest (non-cheating) mmorpg players who reported security exploits in private were ignored for months and finally banned after going public with them. Some are banned before going public. Many of the companies focus too much on fighting the discovery and sharing of exploits rather than taking steps to reduce them.
However, in this particular case it sounds like the carnage was limited to newbie areas where it was unlikely that characters had much in the way of equipment or experience. In addition, they can just roll back the servers for 24 hours and get most everyone's stuff back.
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
A game server got hacked.
Back in real-life:
FCC Decision on Media Ownership Nears - rejected
"A terrorist is someone who has a bomb but doesn't have an air force." -William Blum