Slashdot Mirror
Shadowbane Servers Hacked, Chaos Ensues
Vanguard(DC) writes "There was a major hacking incident last night on the servers of Shadowbane, a newly released MMORPG by UbiSoft/Wolfpack. The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game. There's already an official statement on the forums - 'Ubi Soft and Wolfpack Studios are now working with law enforcement, and we promise all of you that these individuals will be prosecuted to the full extent of the law.'" There's a little more information via a post on the SBCatacombs messageboard - apparently the carnage (including many less powerful players getting killed) involved "..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."
ok... this is getting ridiculous... why should anyone that found a way to compromise security for a game be prosecuted in real life?!
Why should computer game servers be exempt from the usual laws about hacking into peoples' systems? Those who break into banks are prosecuted, if caught.
This person or persons compromised security, broke in and disrupted business operations, causing damages. Seems pretty straightforward to me.
ASA
All employees must wash hands before seeking equitable relief.
Real simple, the in-game actions these people did caused real world finacial harm to the game developers. I saw at least one post stating that people canceled their subscriptions, in part, because of this.
Not to mention the tarnished reputation, which is also worth damages.
Not to mention that breaking a law is illegal, whether you hurt some one or not.
It seems like they will roll the server time back a few hours, so things will go back to the way they were before the carnage. However, I cannot recall anything like this ever happening in any other MMRPG.
Other MMRPGs have had buggy starts, but this is over the top. Is this just a natural result of the fiercely competitive guild wars in the game? In a game where player cities rise and fall, wasn't it just a matter of time before a guild went too far?
Ubisoft will have to be very careful about how they handle the aftermath of this. The game is only a few months old, and many players who stream into games like this when they open will leave just as quickly if they perceive the game to be sub-par, in a number of areas. Crashes and loss of items/progress in particular seem to be real bugbears for most players. It already happened with Anarchy Online, where players quickly left in droves due to the incredibly buggy release code. How many players are going to stick around if incidents such as this can apparently happen so easily?
ok... this is getting ridiculous... why should anyone that found a way to compromise security for a game be prosecuted in real life?!
It's not just a game, it's a service provided by a company to paying customers. The hackers disrupted a service being provided, that is a prosecutable offense right? And if US/W loses money (i.e. customers, downtime, and IT expenses) then they can claim damages right.
They don't actually want their characters to be able to die. They just want to gain levels and powers at a regular rate, so that they will be more powerful than everyone who joined the game after them.
MMORPG players today are losers of the highest calibre. They consider their wasted time an "investment" in their character. I know several who don't actually enjoy playing the game at all, but they want to get the "Deluxe Two-Handed Sword of Power" before some other loser gets one.
And woe betide the day when one of them dies in combat and loses some XP or an item. -That's- when you hear about another dorm-room suicide.
I'm not trying to be flamebait, I'm just bitter. I knew a guy at RIT who pretty-much sat in his room 24/7 playing Asheron's Call. Only left to attend class and occaisionally eat (he would bring the food back with him to keep playing). He was vacant. Away from the game, he had no way of interacting with normal people. We often considered nuking his box just to push him off the deep end.
GeekNights!
Late Night Radio for Geeks!
I think it's kind of ludicrous to make threats like the Ubi people have made, but the people who did this do deserve some comeuppance because what they did *was* in the real world--they hacked the game, destroyed a lot of people's expenditures of time, and most importantly to Ubi, trashed the hosting company's reputation. All of that is real-world, whether you think it's important or not.
That said, I think the whole thing was hilarious from descriptions, and I'd love to see the recording of the mess they made.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
They DID hack into a commercial system and disrupted business.
They DID interfere with paying customers.
Just because they are hacking into a game today and you're willing to let them get qaway with it, what will you say when they're hacking into your bank account tomorrow?
Non tam praeclarum est scire Latine, quam turpe nescire
-- Cicero
it's just a game
But imagine you're an aspiring artist who's spent several hours a day for the past two months on a painting and someone breaks into your studio and splatters paint all over it. Hey, It's just a piece of canvas after all. It's just your spare time and money down the drain, it's not like it's your job or anything.
Or, you're writing the great American novel and someone sits down at your laptop while you've stepped away to use the bathroom and someone does a search and replace and strips out all the vowels. Hey, it's just bits on a hard drive, right? It's just your time and effort wasted, it's not like it was *worth* anything.
A lot of people really get into these games and put a lot of time, effort (and money!) into building up their characters, and it absolutely sucks when through no fault of your own, all that hard work and effort (and money!) suddenly goes poof.
For those who have never played, it takes a lot of work to build up a character, collect the best equipment - usually by in-game trading which can take hours or days per item, etc.
I've played MMORPGs for years and usually when I quit playing a game it's because of something like this, I get killed by another player who steals all of my hard earned equipment, I suffer lag at the wrong moment and drop into a pit of acid causing me to die and lose all my best armor, etc. When stuff like that happens, I log out and usually never go back. I play for fun, and that stuff is not fun for me.
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
This is informative? I'm not saying that the hackers ought to be sent to a labor camp over this, but letting it go is like not prosecuting the shoplifter 'cause they're murders in the world.
No one reasonable is asking for the cops to stop chasing terrorists to do this, but we as a society prosecute any crime (even stupid ones, to even stupider lengths) as a principle.
And just because other problems exist, doesn't mean you let the little ones slide. No one's time is that hard up.
Tell that to the guys who got the pager call in the middle of the night and had to get up leave their wife and kids, go in to work and fix this. The kid should pay, not because he killed an Orc/B. He should pay because he disrupted a business, and caused them monetary damages. The kid should have least have to pay for all of the overtime he caused.
http://www.windmeadow.com/
I can understand players getting mad at this, but at the same time, it's just a game, and if individual users themselves are considering legal action, they really need to shut down the computer and go outside for a while.
Consider the reaction of thirty adults who rent a stadium to play a sport, and then have that stadium game interrupted.
Or consider the effect of disrupting the superbowl.
Or consider the result of walking up to folk playing chess in the park and overturning the board.
In each case, legal action is both warranted and acceptable. Same thing for hacking a game server which is being actively used; even moreso if it's a private server or a fee-to-play server.
That's f ing weak, just because it doesn't meet your definition of cool doesn't mean it wasn't illegal. Don't cry me a river about the "real" problems of the world. If I pay a monthly fee to play a game to (at least briefly) forget about those "real" problems, I should be safe from a "real" criminal screwing with my time and investment. Get over yourself.
You sir, are an idiot.
Do you ever complain if someone's cell phone rings in a theater? Or if they talk loudly through the whole film?
Basically, if you *ever* complain about anything that someone does to make your entertainment choices less fun, you're a hypocrite.
I bet if you were in the middle of an intense game of chess and I, a complete stranger, came by and intentionally knocked the board over, you might feel like throwing a punch in my direction. How is this any different, except that the jerks are safely far away from having their asses kicked right then and there, is beyond me.
Saying it's "just games" ignores just how important a certain amount of play is to a healthy life.
.
It's a business.
The point is that if they were your servers, and they were your customers, and it was your business model you would be screaming bloody murder.
And if you wern't then you need a serious reality check about how the real world operates. This is a company with shareholders who now has to explain why they wouldn't react the way they are to their shareholders.
On another note, does anyone else notice a trend on the games.slashdot.org stories and how many of them suffer from morre thoughtless comments than a normal Slashdot storie?
Ted Tschopp
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
Yes. You break in, you get caught, you get prosecuted. By your logic, if I have a rusty lock on my door...hell, if my front door is ajar, and you break into my house, I should be prosecuted? Bullshit. You should then hypothetically fear for your life, 'cause if I'm home, there's a shotgun pointed at your chest.
Just because there is a hole doesn't mean you have the responsibility to exploit it and break in. Indeed, it's illegal to do so. UbiSoft will no doubt come down on their admins for shoddy security. But that does NOT give you carte blanche to break in, nor does it protect you from prosecution.
Protesting 'Security Through Obscurity' is not the same as 'ooo, let's a be a script kiddy and exploit this bug and wreak havoc, because they should have known better.' If that's your attitude, you'd better get used to a felony rap sheet and a large, tattooed boyfriend named Slash.
I do have the slightest understanding of how these games work. I also know that they're extremly complex pieces of software that are very hard to throughougly QA since there are SO many things that can be done in-game.
t sequence in the client to grant table-level control of the database... at least I hope not.
I didn't see anything that led me to believe the baddies didn't do anything that someone with "god" powers in the game could do. Did you read the description of what was happening? It sounded more like they got god/admin/developer/whatever access, and not that someone was manipulating the underlying database. It didn't sound like they teleported EVERYONE, just the people they happened to come accros, the slashdot story made it seem that way tho.
Nobody's stupid enough to allow an up-up-down-down-left-right-left-right-select-star
I hope not too, but it looks like something did go wrong! It doesn't matter so much WHAT the method was, but that there was a method, and since we don't know how, it could easily have been done entirely in the game client, and that was my point. If you want a more realistic flaw... Maybe they were able to overflow a chat buffer somewhere by typing in a long message.
Welcome to Economics 101; Supply and Demand.
If there is enough Demand for Beta positions, and a limited Supply due to bandwidth, then you have to limit the Demand. One excellent way is by charging a fee to join the Beta.
As an aside, when RagnarokOnline switched to a paid beta a while back, the community improved. People who had nothing to lose because they hadn't paid were pricks; they'd steal kills, and steal your loot before you could grab it. Behaviour like this decreased when they switched to a paid beta, because they now had money invested in the game.
Class dismissed.
If it's an actual rooted server or other high-level problem
Keeping in mind the actual damage done by the crime, and actions persued (game havoc, but no malicious file deletion, record stealing, theft, etc) - I would say to slap the offender with a nice stiff fine for time involved in fixing the server and possibly reputation loss, revoke his/her account, and deal with him/her through the ISP. Fine can't be too big though, we're probably dealing with a 15-year-old, a $1000-$2000 would be more than enough to bring swift repentance from most.
If it's a game exploit
Suck it down. Track down and ban the player in question, but at least acknowledge that there was a bug in your software. Yes, players exploiting said bugs or lack of security are making online gameplay lose its lustre, but that's also the fault of the developers. You can't solve bad coding or protection with lawsuits, unless you think perhaps that you're Microsoft or the ??AA.
Why can't people simply say "oops, we screwed up, and somebody took advantage of us. It's fixed now, and we're making sure it won't happen again."