Slashdot Mirror
Shadowbane Servers Hacked, Chaos Ensues
Vanguard(DC) writes "There was a major hacking incident last night on the servers of Shadowbane, a newly released MMORPG by UbiSoft/Wolfpack. The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game. There's already an official statement on the forums - 'Ubi Soft and Wolfpack Studios are now working with law enforcement, and we promise all of you that these individuals will be prosecuted to the full extent of the law.'" There's a little more information via a post on the SBCatacombs messageboard - apparently the carnage (including many less powerful players getting killed) involved "..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."
Talk about your tarroist action. I wonder if this will increase the theat level more...
...'cause that shit is funny!!!
Just roll the game back 24 hours and play on.
ok... this is getting ridiculous... why should anyone that found a way to compromise security for a game be prosecuted in real life?!
if that will happen, then WHO will take responsibility for all the holes in Windows?!
talk about ironic...
computer security review people.. use them.
Lol Dudes!11!1!! mE am brazil!11! well after twelve years on the emuscene my dream is making real here is the first screen shot of REAS the KILL OF ALL EMULATORS ,WELL I HAVE TO CONGRATULATE THE GREAT BRAZILIAN CODER REGIS REZENDE TO AGREE JOINING THIS HARD PROJECT , he is the most experient coder in brazil, ONCE I WANT TO TELL ALL PEOPLE THAT HELP ME ABOUT THE REAS A GREAT HUGE,ACTUALLY THE EMU IS RUNNING ONLY FEW SYTEMS BUT WAIT VERY SOON GREAT PROGRESS ,IF U ARE A CODER AND WANT TO COLOBORATE WITH REGIS CONTACT ME BECAUSE HE IS VERY BUSY . THE SOURCE DONT WILL BE PUBLIC. THE EMU IS RUNNING UNDER ASM WITH SOME THINGS IN ALEGRO ,IS FOR WINDOWS , AND IS OPTIMIZED FOR A PENTIUM OR AMD 900 WITH 128 RAM AND GEOFORCE 2,BUT THIS SPEC IS ONLY TO RUN ALL SYSTEMS I WILL PUT HERE SOME ROMS TOO,I WANT DONATORS TO KEEP THE REAS ALIVE I SPENT MANY TIME AND REGIS TOO,IF U ARE AN EMULOVER DONATION SOME MONEY OR HOST THIS SITE AND GIVE BANNERS TO IT. PUT IN YOUR MINDS THAT THIS EMU ISNT FAKE,DONT BELIEVE IN SOME EMULATION SITE,TRUST ME AND WE WILL GET THE BEST EMU EVER. IF U HAVE ANY IDEA TO I MAKE CASH WITH THIS SITE TO CONTINUE SUPPORTING REAS TELL ME THE EMU LANGUAGE IS ENGLISH BUT I TOLD TO REGIS PUT A TRANSTALOR OUTPUT.THE REAS SUPPORT ZIP AND FUTURE NETPLAY VIA MODEM IP.
CPS2 ROMS
http://www.reir0m.hpg.ig.com.br/index.html
Shadowbane Servers Hacked, Hilarity Ensues
Man that rules. I would have loved to have seen that. Should be a feature in more MMORPGs.
"Now featuring WRATH OF GOD mode, where pissed off GM's show you what it would REALLY be like if god cared. Experience plagues, meteors, and lightning from a clear sky. Divine retribution like you've never seen it before! Just 20 dallars a month."
Heh.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
No, I'm not one of Jehovah's Witnesses.
This has to do with the most wonderful invention of all time: immortality rings!
The funniest thing about this site is that the inventor is absolutely SERIOUS. You have to check out this site; it's so full of rediculous claims you'll rotflyao.
According to the inventor, people once laughed at Einstein, Edison, and Tesla. It will later be confirmed that he is correct and will attain the ranking of such prominent scientists. LOL!
Boy did I have a good laugh about the chaos going on in Shadowbane. The Matrix has them.
Fear the machines!
I can see the police blotter for the individuals responsible:
"Teens arrested for acting like God in computer game"
Now that would be carnage!
ok... this is getting ridiculous... why should anyone that found a way to compromise security for a game be prosecuted in real life?!
Why should computer game servers be exempt from the usual laws about hacking into peoples' systems? Those who break into banks are prosecuted, if caught.
This person or persons compromised security, broke in and disrupted business operations, causing damages. Seems pretty straightforward to me.
ASA
All employees must wash hands before seeking equitable relief.
For those of us that have been playing this game regularly, this is only the icing on the cake for a plague of problems. This was a game that was touted for it's massive guild vs guild and player vs player capabilities. Massive warfronts and assaults utilizing seige weapons and a slew of powerful spells and powers. None of this has come to pass. The game lag is too terrible to support even the smallest of battles. PvP is almost impossible during primetime hours due to the inability of most casters to launch spells in a timely manner. (Although you -can- watch your nukes launch 45 seconds after your death)
Server downtime is extreme. Login is at times completely impossible. Rollbacks are nightly. The attrition rate among players is amazing. I've watched my guild vanish over the last few weeks as the host of problems drive out all but the most staunch of players. Ubi/Wolfpack blatantly reject petitions with no regard or consideration for the players. Every patch makes the client actually worse that it was before. This has been a nightmare for most of us. To see news like this only confirms the worst. Bad management, bad hosting, bad coding, and bad customer care have driven most from what I considered to be one of the better games to come out this spring. Just another account cancelled in a long line of departing players.
Some really powerful shadowbane players!
Armaggedon !!!
Gosh, I do Hope the poor admin had regular backups 8)
Well, the game was trashed by people that took the time to get WELL into the system before trashing the hell out of it.
Like an "Organized" Attack...
I'm not implying anything, but who gets benefits from this ? Competitors ?
From the forums it seems users are quite unhappy, but then possibly the editor will have another chance, and deply the same "anti-cheat" tech as in Counter Strike and Quake...
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
"...city at the bottom of the sea."
Homer: [fearfully] Marge? Kids? Everything's going to be just fine.
No go upstairs, and pack your bags...we're going to start a new
life...under the sea.
[calypso music starts]
[Homer dances with fish as Lisa plays a seahorse saxophone,
Marge a squid harp, and Bart the xylophone clams]
Homer: [eats a dancing fish, sings]
Under the sea, under the sea,
[eats a couple more fish]
There'll be no accusations, just friendly crustaceans
Under the sea!
[eats a line of seahorses, grabs an escaping one]
[eats a live crab as though it were a shrimp]
[eats a pair of dancing fish, then a snail who tries to escape]
[stands there with fish skeletons floating about]
Marge: Homer, that's your solution to everything: to move under the sea.
It's not going to happen!
Homer: Not with _that_ attitude!
Gibble: Descriptive of an emotional state in which one's mind is scrabbling for some purchase on reality
Wow, that sounds like fun. I mightve actually considered buying SB if I was there! I wish I could play in a city at the bottom of the sea, with special monsters... Ah well, they promoted chaos and got it.
This is the kind of thing that as a fifteen year old, I only dreamed about.
I can understand players getting mad at this, but at the same time, it's just a game, and if individual users themselves are considering legal action, they really need to shut down the computer and go outside for a while.
Do not look into laser with remaining eye.
Get a freaking life, gamers!
When people start to exhibit the ability to really fuck up your world like this... ...it's time to send in Agent Smith.
graspee
There's a law against cheating in online games?? ....oh goody....
subject line should read: chaos ensues as thousands realize they have no life...
It seems like they will roll the server time back a few hours, so things will go back to the way they were before the carnage. However, I cannot recall anything like this ever happening in any other MMRPG.
Other MMRPGs have had buggy starts, but this is over the top. Is this just a natural result of the fiercely competitive guild wars in the game? In a game where player cities rise and fall, wasn't it just a matter of time before a guild went too far?
As one of the many people who betaed this for years; I have to say this doesn't come as surprise in the least.
This is probably just an exploit from in the game, rather than someone r00ting the server or anything remotely interesting. I had many instances where the server accidently gave me dialogs with GM powers, I imagine that's just what happened here. The culprit(s) may have figured out how to gain access to the GM dialogs dilberatly, but that's about the extent of the "hack" here.
SB was so buggy in the last few weeks of beta that I was finnaly convinced it would not be a worth while game in retail. I likened it to being slightly less bug riddled than UO, and now it appears I was correct. I will say though that OSI never prosecuted (or even remotely punished) me for exploiting their game to "House Loot", because at the time they had the sense not to sue fans for their own mistakes.
SBCatacombs struck by massive DDoS attack. Shadowy band of crackers known only as "/." suspected. Law enforcement has been called in.
they should be clever about it, and turn all the offending player chars into NPC-evil-masterminds to be defeated after wreaking havoc on the entire continent...
Machine9dotNet
given that no care in MMORPG is ever given to do server rollback's when they crash or just whimsically decide to [ala OSI / UO] they should just do a rollback of 24 hours and learn from their mistakes. hopefully some screenshots will popup from it soon, that sounds hilarious!
If it was that easy and quick for someone to break into their system that is something the mgmt team needs to explore as the competency of their QA and programmers.
Fear Breeds Knowledge
It's a good thing I've got a life, otherwise I'd be pissed.
Maybe some company should start selling some type of insurance to help people in these trying times.
Now please excuse me while I begin laughing hysterically.
"..teleporting people all over the world, teleporting hostile guards into the safe-holds, ... and teleporting everyone to a city at the bottom of the sea."
Ubisoft will have to be very careful about how they handle the aftermath of this. The game is only a few months old, and many players who stream into games like this when they open will leave just as quickly if they perceive the game to be sub-par, in a number of areas. Crashes and loss of items/progress in particular seem to be real bugbears for most players. It already happened with Anarchy Online, where players quickly left in droves due to the incredibly buggy release code. How many players are going to stick around if incidents such as this can apparently happen so easily?
brilliant. thing is they must have been messing ages before in the system to work out exactly what to do without crashing the server. Which implies they knew a little too much about the inner workings.. I mean, you cannot just guess what bits of code to change on a MMPOG server to make everyone get sent to the bottom of the sea etc etc..
Sounds like exactly the sort of thing everyone encourages the DM's of my neverwinter nights server to do...
haha, that's hilarious. i bet they were pissed
--
Matt Keeler
ODP Editor - http://dmoz.org
http://elysium.org
If they only screwed around in the game world itself and left the real world alone (eg. credit cards, account data, etc) then the company should do the same. From the sound of it, they just showed that 'there is no spoon' to the rest of the game world. We love the movie and the character for doing so, but when someone does the same thing in a 'Real Life' virtual world then they get mad.
Man, this world is getting WAY too many levels to it when I have to destinguish the 'real world's' game world, and the movie world's game world and doing 'real' things in a particular game world and...Ah my brain just gave up.
Is this the end yet?...How 'bout now...how 'bout now...how 'bout now?
There is a difference between pointing out a security problem, either publicly or directly to the owner of the compromised product, and hacking a server. If I saw that the door to your apartment was ajar, I might ring the bell or call in and point it out. That would be one thing. If I went in for no reason wrecked everything in sight, that would be something completely different. And that's what been done here. Property is property (we're talking about infringement here, not copying, which is not relevant to this discussion), virtual or not.
Doesn't this make the whole gaming experience more realistic (in a fantasy sense)?
:)
Does anyone remember the days of mudding in ascii terminals? Gods, coders, wizards could be good, or bad. You just had to try not to piss them off or you would get your equipment stripped and you would be slain. I think it adds a nice dimension to the game. Especially when a "good" wizard/god comes and fights the bad one
Maybe someone should contact Steve Jackson Games...
Ita erat quando hic adveni.
Good money lost, nobody gains anything.
History shows that in other systems, like the long-dead Habitat or the - almost-as-dead - WorldsAway (http://www.vzones.com), users would always find and abuse security holes.
It was considered part of the game, the players hurt by the actions were given their old status back and noone was ever prosecuted.
This makes the hackers look bad. Prosecution makes them heroes instead.
Wont somebody think of the children???
(obligitory Simpsons reference)
-- "Man is born free, and everywhere he is in chains." Jean Jacques Rousseau
Shadowbane Servers Hacked, Brief Period of Actual Fun Ensues
Just have a damn boobies link & get it over with!
OK?
It's not news... It's slashdot!
The list of reasons for why a hacker would want to do this is pretty short.
A: The hacker has a dislike for the company because he/she/it works for a competitor, and knows that this kind of an embarassment will nearly wipe-out this game.
B: The hacker has a dislike for the company because he/she/it was fired or otherwise feels wronged by the company, and knows that this kind of an embarassment will nearly wipe-out this game.
C: The hacker is immature and just wanted to play god in the game, because that would allow him/her/it to "win" by beating people who had worked hard to attain high status in the game.
No matter which situation turns out to be true, the hacker(s) need to be delivered to law enforcement to be shown that you just don't do this to other people's systems even if you have the technical ability to do so.
... im glad I only buy non-subscription games like Warcraft III and Neverwinter Nights. Nevewinter may not be a MMORPG, but it can actually serve to that purpose with several connected servers.
:) It was a great concept... but I guess it still has alot to go yet..
Have fun in shadowbane world
And there was this time the implimentor was drunk. Turns out he's an angry drunk. This story really brought back memories. :)
--Jimmy has fancy plans; and pants to match.
Oh no! Call the national guard! Somebody's game-playing experience has been disturbed!
The tone of the headline is pretty funny IMHO. I know people take these things seriously, but it might be helpful to keep in mind that it is, after all, just a game. Turns out, it is actually not the end of the world if something should go wrong with it.
That is not to say that the people who did this shouldn't be tracked down and prosecuted. They have caused problems for players and the people who are running this thing as part of their business, but more importantly, they apparently need to someone to "explain" to them via fines and/or jail time that it's not OK to do things that negatively affect others just because it amuses you.
Roll back the game 24 hours, harden the servers, and prepare a creative press release -- problem solved.
"High level characters summoned the Cthulu mythos through misintrepreting portions of the Necronomicon. Accordingly, some of the space/time contiunuum in the game world was temporarily disrupted."
"If you see a glowing green orb, please be aware that this is the Locknar and should not be approached. Unpredictable results may occur."
"Unfortunately, in Shadowbane a character named "Sauron" acquired a randomly generated treasure named "The One Ring". We are investigating the probability factor of the random treasure generator and will patch this in release 1.01."
"Our improbability drive is malfunctioning. Please stand by."
Honestly, I'd be more willing to buy this game if I realised they had a sense of humour.
John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
No.
But it is illegal to hack company property(MMORPG servers) and disrupt a company's business. This could put some serious hurt on sales and memebership on their servers.
Think, man.
Kalen D'arrie
This guy is full of it. Nightly rollbacks? Nope.
45 seconds to launch a nuke? Dude, try out broadband. No, really. They say it's actually better than dialup.
Better call the waaaambulance. This one's a bleeder.
This is just like the killing of Lord British.
I was one of the people online last night when it happened. I've only been playing Shadowbane for a little over a week, so my character is pretty weak. However, I've played Everquest extensively, so I knew something wasn't right.
The weird events started out kind of slowly, like the hackers were testing the water at first. You'd hear of something weird happening, and just think some newbie was lost or confused. But then senior players were getting f*cked up. At that point, I just assumed the servers were crashing or something, and I just left the game. I had no idea that the game was being hacked. I should have stayed on longer to see all the wackiness unfold.
There's are reasons I pay my $10+ a month to play MMORPGs. Expanding content is one reason, but combatting cheating is another major one.
I have been amazed that in playing DAOC for over a year, I have heard of a total of two cheat programs. Unlike Diablo 2 or counter-strike, I can log in and play the game without obvious exploits on the part of my competition. I hope that SB will be the same in this respect.
"why should anyone that found a way to compromise security for a game be prosecuted in real life?!"
This is a dispute between a company and people who gained unauthorized access to their servers and used it to the harassment of other users. The law exists to settle disputes between people and maintain the peace. Seems to me that it's "working as intended."
Prosecute away!
Dude, it's just like Matrix! Why didn't he teleport those Australian whitey dreadlox to the bottom of the sea?
(-1, Raw and Uncut is the only way to read)
It seems as if The Continuum has let another one of its members run amok.
Terrorism in virtual societies has a similar impact to that in flesh & blood ones. One would think it's hard to get emotional about some bits moving around the Internet, but people do. We can laugh about how it's just a dumb game, but if one looks at the wording of the statements, the players' reactions, it is reminiscent of the 9/11 aftermath.
I work with a guy who plays Everquest. His guild broke up, and it really affected him. He had even traveled (in the "real" world) to San Francisco (from Texas) and even to Australia to hang out with these people.
I guess the message is that human beings will find a way to develop a culture based on whatever idioms are available. Whether based on a game, religion, sports, pr0n, people evaluate themselves using the metrics whatever culture(s) they belong to value. I agree that losing some hitpoints (or whatever) doesn't compare to starving to death in Somalia, but I do feel sorry for the people who lost something important to them.
"Stop throwing the Constitution in my face, it's just a goddamned piece of paper!" - George W. Bush Nov. 2005
From his Speech, on the Conferance Call-
"Last year we had 7 callers for our earnings, this year we have over.. 240 callers on the line"
Behold the Power of Slashdot.
-Colin
Colin Davis
The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game.
Gee, that Jim Carrey sure gets around...
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
...why the hell are you playing?!?!
Stop paying $20 a month, I'm sure that you can easily go out and find someone that will abuse you for free.
"No Comm, No Bomb"
It's like Neo is trapped inside the game...
He is the one who will bring balence to Shadowbane.
Aw hell, now Sony's gonna go and nerf the monks again. And you know the troublemaker was just a damn dr00d...
. . . ummm, wait a sec.
---
Jedimom.com, picking out a thermos for you.
StrategyTalk.com, PC Game Forums
Now if they had interrupted the network feed of the final American Idol or something I could see where we might need to get the full force of the Government involved...
By the way, why do these gamers need a 'Safe Zone'? Is that to rest? Do you get those in real life when you want to take a break from the action?
Keep passing the open windows...
W_Bombs
(Registered)
Posts : 33
As I write this, the Mega Guild R30's has HACKED the server on SCORN. 12:25 AM
And taken over Khar. its amazing.
Rolling Thirties (r30's as we fondly call them) some how, hacked or otherwize took over the safehold we know as Khar.
They wiped out everyone in the city, all you see is massive grave sites of young r1's - r5's who thought they were going to a safehold to sell trade etc...
When I arived at the ToL in Khar all I saw was a field of tombstones, and some guys kyting the guards around. Next thing i see (as i make my way to the Runemaster) is a R30 Mino barb beating the piss out of some r1 who went there to train (like i did), i mean beating him like a red headed step child. Just as the runemaster was telling me that i'd successfully repledged to Wainthorp(I was dancing around waiting on that response like a child in a long bathroom line at Disney Land), i saw the barb headed my way, wiping the r1 newbe blood off of his probably godly 2h axe. I checked my shorts when I arived at Wainthorp, and was pleased to find no hershey squirts.
People back at the newbe island didnt believe me, so i did what any rational person would do, dared them to go to Khar. Of course the suckers took me up on it and sent me tells of how very right I was, you could practically hear the axe swings hitting the r1's in the ass over the tells.
And thus I escaped to tell the tail of the day that a MEGA GUILD HACKED and conquered the major safehold on Scorn. My only regret is that could have captured it all on film for the rest of you.
Wonder what UBI/WP will have to say about it. I'd love to see their post, I hope they deny it or something. Anyone who was playing tonight on Scorn will tell you. Shadowbane's safeholds wernt safe this night.
Hacked the server. hmmmmmm.
Well, I'm out. I sincerely hope this doesnt happen to your server.
Whirln Bombs
TopDawg
(Registered)
Posts : 10
RE: As I write this, the Mega Guild R30's has HACKED the server on SCORN. 1:11 AM
I can confirm this as you'll find my grave there a few times (die and respawn to Kahr). Hope Wolfpack and UBI get their act together soon or they will lose another customer. These bugs should have been worked out in BETA.
TopDawg
W_Bombs
(Registered)
Posts: 33
This is from the UBI website 1:42 AM
Found this on the UBI website:
"We are beginning a massive investigation into the incidents surrounding the Scorn server tonight immeadiately. The Scorn server will most likely be rolled back several hours tonight to a time before these events started occuring. We will be taking the server offline until more information can be gathered. I will update everyone about the server status as more information comes available.
PSiKoTiC
:)
(Registered)
Posts : 52
RE: As I write this, the Mega Guild R30's has HACKED the server on SCORN. 4:28 AM
Lolz TopDawg. this game IS beta
I am a Base-defender.
What's mine is mine, and I make sure everyone knows it. Nobody invades my space without permission - I'd destroy everything I own before letting someone take it from me. I tend to be forward-facing, which is both a strength and a weakness. What Video Game Character Are You?
Sinisterr
(Registered)
Posts : 5
RE: As I write this, the Mega Guild R30's has HACKED the server on SCORN. 9:03 AM
Just another example of how poorly this game was done, and a waste of time and money. But it is fun to read posts like this lol.
Trol
(Planetside Mascot)
Posts: 1254
RE: As I write this, the Mega Guild R30's has HACKED the server on SCORN. 9:13 AM
How the hell could an MMOG have one of their servers hacked? I have never heard of any compan
Oh wait isn't .hack about this, I'd better leave work and check my PS2 just to be sure.
7 registered and 721 anonymous users are browsing this forum.
:)
Maybe that should read 'slashdot users'
Dude...he's "the one". He got into the core, figure out how to change the world. Saved us all from the slavery and bondage of the Ubisoft programmers.
I find the following comments relevant and funny...
-teleporting hostile guards into the safe-holds
-teleporting everyone to a city at the bottom of the sea
(from another post)
Homer Simpson: There'll be no accusations, just friendly crustaceans [under the sea]
I really like that! I hate the directed ordinarity of MMORPGs in which you "have to know your place in the world". In most MMORPGs you are like Dilbert at a desk: everything is forecastable and stable. This event can bring real life to the stinky mud of MUDs.
heh, those features are just par for the course in Ragnarok Online.. teleporting people to weird places , and summoning huge monsters in the middle of towns among a pile of AFK'ers with messages like "AFK SLEEP" "AFK DINNER" and "AFK BEST FRIEND JUST DIED" and once "AFK GETTING MARRIED" XD
I was a Guide (volunteer CS rep, like an Advisor in Anarchy Online or a Counselor in Ultima Online) for two years in EverQuest, and during that time, one of the other Guides on one of the other servers decided that it would be cool to go out with a bang.
/summoning them to her location, and then binding them to that location when they appeared.
/played time were affected.
So, she zoned into the Temple of Veeshan (at that time, the highest level zone in the game) and went right in front of Veeshan herself (the uber dragon.)
And then she did a "/who all 50-60" to get all of the high level players on the server.
Then she started
Well, when they appeared, Veeshan struck them down with about 2 or 3 blows. And since they were just bound there, they respawned, naked, right in front of Veeshan.
Whack, boom, dead. Reappear, whack, boom, dead.
In EverQuest, when you die, you lose experience. And in EverQuest, you can lose levels if your experience dips down too low.
Some people got deleveled from level 58 to level 53 before the GM staff came in to clear the carnage, and ban the Guide. I know they were considering persecution against this Guide, but I'm not sure if they really went through with it or not.
I believe about 25-30 high-level characters with months of
I thought it was funny, but it sure made my job as a Guide harder because the playerbase no longer trusted us to keep our cool, and they were calling for the entire Guide program to be disbanded since we were now "too powerful" all of a sudden.
Not the same as hacking the server, but it had the same effect of destroying the games of a segment of the playerbase.
beta testing does work!
shouldnt law enforcement be secondary to fixing the problem? for law enforcement doesnt solve the problem.
I know you are psychotic, but please make an effort.
Keep passing the open windows...
sadistic and omnipotent deities should be a selling point for any fantasy MMORPG? If yours doesn't have them then it's not worth playing, try the real world.
Looks like a lot of fun to me..... Damn.... I just hate "gamers" that do take all those game stuff(even the mmorpg's) too seriously.... finally if it's not for the fun of it - why bother playing????????
As I see things.... those guys have done everything with some sense of humour;oP....
Oh, wait... but that's forbidden => they're definitely some high-ranked, evil-bitching crackers group, fighting for world domination(and it looks that they actually got it on some worlds;oP)....
Sue them to death....let them all feel "the chair!!!!.....
1. No sig. 2. ???? 3. Profit!!!
I almost died laughing when I, years later, saw The Wrath of Khan.
Plenty of hacked moby ships too.
One line blog. I hear that they're called Twitters now.
If you genuinely believe some poor kid deserves to be banged up and have his life wrecked because he dropped your Orc in the sea then Get A Life. There's plenty of serious REAL problems on this planet if you feel like crusading for something worthwhile.
This news actually makes me smile after wasting 8 months beta testing this garbage. Waiting and waiting and waiting for the game to get a even hint of some content. Waiting and waiting and waiting for the lag to stop, for no mem leaks, and server stability. Until finally it was released I am so utterly disappointed with its total lack of any original ideas, gameplay that blows, classes and races that are completely unbalanced for pvp, I could go on forever. Looks like some others got as bored and fed up as me. I love it. I just wish i could have seen the look on all the losers faces that still play this crap when they got smacked around.
"At first, we thought it was just another snake cult."
>However, I cannot recall anything like this ever happening in any other MMRPG
I guess you haven't played Diablo II then.
Never trust anything a client gives the server.
Isolate the backend servers from the Internet.
Never trust anything a client gives the server.
Patch management isn't as trivial as one would think.
Never trust anything a client gives the server.
Lag isn't under your control so design around it.
Don't rely on a client hiding anything from the user.
Lag isn't under your control so design around it.
Never trust anything a client gives the server.
Don't include "God" tools in every client, nor accept God logins from untrusted addresses.
And most of all, never trust anything a client gives the server.
The server must be the adjudicator of everything, the data master, the sole arbiter of discrepancies. Assume the client is fully hacked or written from scratch to do anything the user wants. Assume the client sees no walls, sees all invisible objects, sees every spawn point, and can filter on anything your server tells your client.
[
Any screenshots of these happenings? Like when Lord British got killed in UO.
You'd think that with the large troll population (people who are just self-hating geeks) on Slashdot, there would be a lot of people trying to hack Slashdot's servers and try to do similar things. (Imagine if all troll posts suddenly got +5!, or troll stories were posted). Kudos to the server admins for keeping everything so secure.
They don't actually want their characters to be able to die. They just want to gain levels and powers at a regular rate, so that they will be more powerful than everyone who joined the game after them.
MMORPG players today are losers of the highest calibre. They consider their wasted time an "investment" in their character. I know several who don't actually enjoy playing the game at all, but they want to get the "Deluxe Two-Handed Sword of Power" before some other loser gets one.
And woe betide the day when one of them dies in combat and loses some XP or an item. -That's- when you hear about another dorm-room suicide.
I'm not trying to be flamebait, I'm just bitter. I knew a guy at RIT who pretty-much sat in his room 24/7 playing Asheron's Call. Only left to attend class and occaisionally eat (he would bring the food back with him to keep playing). He was vacant. Away from the game, he had no way of interacting with normal people. We often considered nuking his box just to push him off the deep end.
GeekNights!
Late Night Radio for Geeks!
The computer game industry has been earning a reputation for releasing buggy code these past few years, and now it has come to a situation where what should be an internal release now costs money. Unlike retail games where occasionally Beta testers are charged, but given the full retail game later, Beta testers on MMPORPG's are not given additional months of play for the priviledge of paying to be guinea pigs. They are not compensated with reduced pay rates or additional in-game powers. In short, they pay to fill a necessary position in the production cycle, then they pay again for the retail product. Many, of course, don't pay for the retail product, and go on diatribes about how unplayable and unbalanced the game (they paid for) is.
How has it gotten so bad that we now release not only buggy games and expect to patch them later, but charge for development releases in addition to charging for final retail releases? We're giving ourselves a bad name here.
If your game is unfinished but in need of stress testing, don't charge for it or you will alienate your potential best customers. If you *must* charge for bandwidth because your manager didn't budget for such costs (and should be rightly as fired as if s/he forgot to budget for artists), then charge a bare minimum until the game is ready for prime time. Don't develop the game on the dime of your testers, or you will find that once you are ready to ship you don't have any customers.
10 dollars a month for our volunteers to do our jobs? We should be ashamed.
The ______ Agenda
Every serious post here is about the breach of security and if they should be prosecuted. Well, Ubisoft/Wolfpack I'm sure just got the attention they didn't want by the /. story, but the result is likely to increase their sales. Hell, I'm not into games so much, but I wish I could see the results of the hack. It sounds absolutely hilarious. This sounds like what the game needed to be propelled back into a top spot.
And you better secure your other online games out there. They have just become a MAJOR target. These hackers are instant celebrities, not just criminals.
Actually, this post above discusses the terrible shape UBI was in because of poor management. Perhaps it was an inside job to be able to blame this incident for when it goes down the shitter. An idea that is completely unfounded, but interesting...
This is my digital signature. 10011011001
... on a mud where I was an administrator. How is something like this big news now? Is it the fact since money is involved or is it that possible laws exist to prosecute the offenders? Or something else...?
Speak truth to power.
Someone found the Key of the Twilight eh?
He IS the one...
There are two kinds of people in the world: Those with good memory.
- the hacker has a dislike for the game
- ...
- (No) Profit! (for Ubisoft)
For those folks who actually enjoy Shadowbane (all four of you including Mr Wolfpack's mama) you have my condolences.My own experience with the game was very bad (lag, etc on broadband).I am surprised the game server was hacked. Yes the folks at Ubisoft/Wolfpack did sell a product that was very inferior to other offerings in their niche market (Diablo 1 on cheaternet). So there would be no shortage of people with motives to wreak a little mayhem. But I am surprised that the game survived long enough to give anyone the opportunity to hack it.
You either believe in rational thought or you don't
You can imagine how many man hours it takes to keep an MMORPG going smoothly, and this might hurt the game's reputation so much for cheating that it may hurt future sales and subscriptions. Not to mention the cost of PR with angry customers, angry stockholders, and, oh yeah, fixing this shit while having customers flood your inbox with the same complaints over and over and investers wondering if their money is safe.
Yes....erm....compensation normally covers you for things that you don't like doing - "If I hadn't been in the car wreck my boss would have paid me a months salary for being at work". These people PAID to potter around building up their orcs - they enjoyed it. Now they get the opportunity to do it all over again, lucky lucky people - double the fun.
Even if they get one subscriber out of 500 people who read that article on /. it's still better than no press and no new subscribers.
I haven't heard of SB until today and I was still playing RPGs like everquest, I would definitely check it out.
Agent Smith writes "There was a major hacking incident last night on the servers of the Matrix. The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game. There's already an official statement on the forums - 'The Machine Overlords are now working with law enforcement, and we promise all of you that these individuals will be prosecuted to the full extent of the law.'" There's a little more information via a post on the Matrix messageboard - apparently the carnage (including many less powerful players getting killed) involved "..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."
www.eFax.com are spammers
Haven't the law enforcement agencies got something better to do, like chasing down bullies who knock down sandcastles or something?
The hackers may have pissed off a few geeks and suits, but they've given them relatively painless object lessons in what really matters in life (i.e. "not your role playing characters", and "having decent security if you do business on the internet", respectively).
Imagine if they had gone after credit card numbers instead, for example?
And that's without even considering the benefit to mankind in increased happiness, by giving a load of other folks a good laugh.
... for the Slashdotting?
I have a friend who plays Shadowbane with his son, and they're really into it. They pay a monthly fee for the privelege. If someone ruins the game, then why *shouldn't* they be punished? It was a commercial enterprise, making money for the game host company, and now it's ruined.
People may quit, they lose revenue while they clean up the mess, so therefore they can and probably should prosecute. Hell, why not even pursue civil damages for the people responsible? There is a tangible loss in revenue when the server(s) are down.
I say, throw the book at 'em. If the crackers knew it was wrong, knew that people who were paying to play the game would be screwed, then they deserve criminal punishment.
Joe G.
Bishop, CA
Don't Die Wondering
the manufacturer got massively sued over it - following your logic this wouldn't have happened as it'd have been all the fault of people who crashed into you. There has to be some duty of care placed on the MMORPG provider, otherwise you could just produce a game with no security, wait until somebody hacked it and then sue them for the entire lost revenue your game would have had. Hackers should be treated like a force of nature, they're always going to be there and you should take all reasonable precautions to protect yourself from them.
You spoony bard!
This is informative? I'm not saying that the hackers ought to be sent to a labor camp over this, but letting it go is like not prosecuting the shoplifter 'cause they're murders in the world.
No one reasonable is asking for the cops to stop chasing terrorists to do this, but we as a society prosecute any crime (even stupid ones, to even stupider lengths) as a principle.
And just because other problems exist, doesn't mean you let the little ones slide. No one's time is that hard up.
merely agreeing to the above comment
don't mind me
SIGERR: laziness exceeds quota
The "hackers" just obviously found the Key of the Twilight!
As several replies have pointed out, I got the wrong zone and the wrong dragon.
The zone was Veeshan's Peak (the Luclin expansion with ToV was not out) and the dragon was whoever the end of it was.
People can still believe I'm full of shit, but I did find this:
Former Guide Tweety mentioning the incident
My bank has reasonably good protection from hackers. If they didn't I wouldn't bank with them, perhaps people should have applied that to their choice of MMORPG (if you look there are enough reports of similar happening on this game before).
Answering your point though, if they did hack into a bank then yes, there should be repercussions, but they didn't. Spitting in the street doesn't lead to homicide, it's not a long slippery slope that needs to be nipped in the bud. Just apply some perspective.
SB Catacombs is my site. :/
"People" using "unnecessary" quotes should be "shot".
It's a business.
The point is that if they were your servers, and they were your customers, and it was your business model you would be screaming bloody murder.
And if you wern't then you need a serious reality check about how the real world operates. This is a company with shareholders who now has to explain why they wouldn't react the way they are to their shareholders.
On another note, does anyone else notice a trend on the games.slashdot.org stories and how many of them suffer from morre thoughtless comments than a normal Slashdot storie?
Ted Tschopp
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
before i ream your shitty ass
It's not an investment. You pay them money every month and you walk away when the game finally shuts down with absolutely nothing. You pay because you enjoy playing it.
I've coded a couple of things that are currently exposed to the real world, both for work and in my own time. When somebody (as always happens) finds a bug in say my community board and happily starts running amok they usually go wild for a bit, somebody points me in their direction, I tell them to please stop it - which they do. Usually I ask them what they did (if I haven't figured it out), fix the bug and mod them up. I've played about with other people's stuff with much the same response.
The world needs people who look up and wonder how it all works and have a play with it. Rules in the real world can be broken, and occasionally it does good for those in this etheral domain to be given a good shake as well. Keeps stuff interesting.
The difference between your car exploding tale and this is that the people who "crashed into you" (ie hacked the server) knew what was going to happen.
If I were to spot one of the cars you mentioned, and blatantly crash into it only because I knew the gas tank would explode, I would have some liability in what I have done. Likewise, the hackers knew what was going to happen when they hacked the server and (comically, I might add - hackers tend to have a sense of humor) teleport everybody to the sea.
There's a difference in accidentally causing someone's "car" to "explode" and purposely causing it.
I would just like to say that a successful mmorpg company makes huge amounts of money. I think Mythic takes in like 10million a month ( or something like that ). Regardless, you screw with that much money, it doesn't matter what the product is, you are going to be pursued. If you are cought, they are going to file criminal charges.
a/c
Not only is it funny, it sounds like it might have actually been fun in a weird warped way to have been playing at the time...
After all, it is a fantasy game, why couldn't this have happened within the normal confines of the game?
"What, how the hell did I get at the bottom of the ocean? Oh, great. Now I'm in the middle of my worst enemy's keep...This is not my beautiful castle?! This is not my beautiful wench?! How did I get here?"
Well, fun to me, at least. I don't take fantasy computer games that serious
---"What did I say that sounded like 'Tell me about your day?'"---
I ATTACK THE DARKNESS!
"Stuff... In my home!? NEVER!" - Zim on Invader Zim
"I want the toilet seat!" - Little Dog on Two Stupid Dogs
LOL u KNOW one of those hackers was just sitting there at his computer summoning squads and uttering with glee:
"Get me Everyone"
"EVVVVEEERRRRYYYYOOOONNNNNEEEEE!!!!!"
3-Server OC-3 Linux Counter-Strike Cluster
www.rnp.ca
Totally offtopic, but I just wanted to say I appreciate the logo of the bard and wizard characters from FFII (US). FFII is among the best games I've played on any system, even with a crappy translation.
Memories swarm in, a tear comes to the eyes, oh poor Tellah, what you gave to save the world!
If I create a game with crappy security then it's going to get hacked. Doesn't matter by who - but it's going to happen - I dare you to deny this! If I release said game and charge people for it, then surely I must take some responsibility?
Every time a MS patch is released for an exploit the Slashdot response is to slate MS - you don't get them petitioning to track down and prosecute every person who used the exploit.
In fact why patch software at all? Why should we waste our time writing code to fix the gaping flaws we left on a nicotine fuelled all nighter.
They're not paid, however, to watch those characters be destroyed by hackers.
In your car wreck example, the guy was paid to drive the car - not to get in a wreck.
Say what you will about these guys, but I think its better they did this in a game, rather than going out and shooting up a school or something.
The next ponient question: Someone knows something, and gets prosocuted. Someone else releases bug riden software, and gets anaward, and sometimes a cult like following, am I missing something here?
Bah, this is just a PR stunt. What a way to get your game in the news. LOL freaks!
Are you Blackwulf the Dragon Master from the Triumph/Star Wars video?
The fact that it happened to more than 14 people. And the fact that these people are paying and the company is paying to fix the crap that went on.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
PLAYER 2: It devoured my avatar. It was a really good avatar. Then I had to play it all again to get the skills back and I had to do it fast, and it wasn't as good. It was kind of a ...bummer.
Irene KHAAAAAAN!
Imagine if they had gone after credit card numbers instead, for example?
Yes. Imagine if they had.
Now imagine what they (or some other group) might think if they can do this and get away with it free and clear?
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
or perhaps it was a poor analogy on my part. Basically you pay them for the experience of playing the game. If you're character loses some stats over this then it's not taken away the last month's worth of fun - nor will it prevent you spending the next month enjoying building up the character. You're not financially any worse off, you've not suddenly lost days from your life you'd have spent working productively.
Look at it like Slashdot karma, I'd not be too bothered if mine all vanished. I write as I enjoy posting, not to obtain some mythical level of superiority.
They didn't touch credit cards or the actual accounts, but this is counted as illegal because it happened to a big, rich company.
Webservers get r00ted every day, but very rarely does the FBI go after the cracker responsible.
I bet if you loaded up fsf.org tomorrow morning and saw, "windows is TEH R00LZ!!!", the government's response would be:
"too bad, so sad... guess that Linux thing isn't so great after all!"
It's not about players being inconvenienced, it's about someone with a lot of money losing face.
The US Army: promoting democracy through unquestioned obedience
I used to help run a BBS run on an Atari ST (can you believe it?), and the system was so obscure, that we developed a "DOS simulator" for those who tried to hack our BBS and its (limited) games. We faked things like "dir" and "erase" and even "edlin." It was a multiline, so if the hacker tried to "IM" himself (back then software called it "teleport"), he got through, but if he tried it to others, it went to /dev/null. When people did a "who," they got the job :
Hacker: Port 3: [Thinks he's hacking the BBS, tell his mommy!]
_________________________________________________
www.punkwalrus.com - Shift to the left, shift to the right! Stand up, sit down, byte byte byte!
The perp has to write a script that ups the stats of everybody in the game. Yep - I'd force them to write a sql statement. It'd completely right their wrong and still leave me with the wonderful mental image of several thousand lockins bouncing up and down on their chairs at the indiginity of losing their hammer of asnogamore and sword of schithering.
What would a jury think? That people who spent 500 hours building up an imaginary character need to be compensated for their loss? I can just see some uber-gamer breaking down and crying on the stand because their elf now has to start from level 50 when it took him 3 straight months of playing 5 hours a day to get to level 55. (or whatever the terminology is) More than that, how are you going to get a jury of this person's peers to try them in court? How do you interview a jury like that? OK, what is your favorite magic spell? Have you ever spent more that 12 hours straight playing a game? Is your BMI over 40? Picard or Shatner?
My beliefs do not require that you agree with them.
That was the Velious expansion with ToV, not Luclin. Obviously, taking both your posts together, you know precisely jack shit about the game and its CS history.
Corruption and preying on players for amusement is rampant in the EQ guide program. For most people, it's a slack way to get yourself a free account. You can sneak onto the server at 3am when nobody else is there, and do whatever the hell you want. You don't even have to answer a single petition, the guide reports are on the honor system. I and many others simply made up reports and bullshit petitions to fill in for the manditory 6-hours per week. Bingo: Free account, no work, and endless hours power-tripping across the game world.
For example, a guide friend of mine would sit outside the North Freeport bank, and open the locked door at the back of the bank. This door is never opened by players, because the lock level on the door is some absurdly high level. Invariably, someone curious would wander into this back "closet" behind the door to have a look around. This is when the guide would close the door, locking the player inside. If the player was a caster, they could just gate out, but a melee-type character was stuck more-or-less forever. The guide would wait for this player to petition after a few minutes, then delete the petition, and
Don't pretend this doesn't happen to GMs also. The GM of Mithaniel Marr back in 2001, "Chaolash", was fired for doing favors for friends on his server. Making them free items, spawning mobs for his friends, and so on. Occaisionally these GMs turn abusive, Chao did it, and I'm sure other GMs have also. He wasn't the only GM "quietly" let go for abuses, and he won't be the last.
I don't know if you really were a guide, but I suspect not. If you were, You must have been one of those dumbass Apprentice guides we'd flunk out of the program within their first trial week. You know, the ones who couldn't answer a petition for free GM lewt inside of 10 minutes, and without escalating it two times for the GM to smack you down like the idiot you were for wasting his time.
The one invariable fact of MMORPGs is, in that they are just artificial social ladders to climb, there will always be people who base their entire lives on trying to climb them. They define their self-esteem from these ladders, because these games are the world to them. Generally they have no social lives, and/or are young, or are disabled/sedentary. THESE are the people who are capable of doing the things mentioned in the Shadowbane article. Coincidentally, these are also the prime market targets for the gaming companies. It's inevitable that someone would take advantage of a bug granting GM abilities, and the game companies have only themselves to blame for leaving the back door wide open.
As for the EQ Guide Program, I quit after about 16 months of service. In general, they treat(ed) their guides like small mushrooms: kept in the dark, and eating shit all day. The guide liason at the time was about as friendly and responsive as an IRS Tax clerk, and the system itself was biased to mistrust guides (perhaps justifiably) to such an extent that we couldn't do anything significant for the players besides get them unstuck from a wall. Anything of note had to be handled by a GM. It is this atmosphere that breeds reactions like the Veeshan's Peak incident (for which the person was banned from Everquest permanently, BTW). And this atmosphere, according to friends of mine still in the program, shows no signs of changing anytime soon.
Lastly. I wrote a long article about Everquest and its flaws for Slashdot. You can read it here:
http://slashdot.org/articles/02/12/27/1748252.sht
occultae nullus est respectus musicae - originally a Greek proverb
If a bank has crappy security, does that mean the bank is responsible if someone robs the bank? I dare you to deny this!
Just because you can rob the bank, just because you can hack the server, doesn't mean it is the fault of the bank, or fault of the server-provider, if you do.
I'd pick the pieces up and put them back on the board and wonder wtf was running the security at my grand-master event. I believe there is also a difference, between the crude act of knocking over a board and being a member of a party of invading gods. One is stupid, one is reasonably skillful and made me laugh out loud in the office.
You drive to the local movie theater to catch "Matrix: Reloaded". You paid for the ticket, get your seat, and the movie starts. Ten minutes into the film, I sneak into the projectionists booth, bonk the projectionist on the head with a mallet, and steal the film.
Question: Will goldcd be the first in line screaming for his/her/its money back?
If it's an actual rooted server or other high-level problem
Keeping in mind the actual damage done by the crime, and actions persued (game havoc, but no malicious file deletion, record stealing, theft, etc) - I would say to slap the offender with a nice stiff fine for time involved in fixing the server and possibly reputation loss, revoke his/her account, and deal with him/her through the ISP. Fine can't be too big though, we're probably dealing with a 15-year-old, a $1000-$2000 would be more than enough to bring swift repentance from most.
If it's a game exploit
Suck it down. Track down and ban the player in question, but at least acknowledge that there was a bug in your software. Yes, players exploiting said bugs or lack of security are making online gameplay lose its lustre, but that's also the fault of the developers. You can't solve bad coding or protection with lawsuits, unless you think perhaps that you're Microsoft or the ??AA.
Why can't people simply say "oops, we screwed up, and somebody took advantage of us. It's fixed now, and we're making sure it won't happen again."
then they wouldn't be able to be insured, and fortunately without insurance they would be prevented from operating. I always find the insurance industry has a good view on the world as they have to put a financial value to practically everything. Maybe MMORPGs should have hacker insurance - I suspect if the insurance company had had a look at their code it would have told them where to go.
in "A Taste of Armageddon".
Sorry, Professor Chaos.
So here a bunch of real guys kill a mess of virtual people and they'll be sent to a real prison for their virtual deed.
I knew this week was making too much sense.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
I'd thank them for sparing me the rest of it (or is that an unpopular view around here)?
Seriously, the submitter needs a life... a REAL life where big worries don't involved having your magic skills docked 3 levels whilst you're trapped in an undersea with a level 4 dwarf from Dayton.
I've tested everything from Asheron's Call to the new Everquest Online PS2 edition (and some now I can't talk about yet), getting into most of them at the closed beta stage. I've never paid. I just sign up when I hear about them, and they often let me in.
On the other hand, I've also never volunteered to be a game guide, or whatever, after a game starts. I have no idea why any of them would voluntarily pay to provide what amounts to a company's in-game customer service department, but some do.
Get off my launchpad!
And them my computer went beep beep beep and I was teleported to the bottom of the sea... it was a really good elf too.
Ellen
.... Is because they have learned that lesson, given that they know well that a good percentage of the population runs an application called Decal which allows you to plug in various user built modules. Everything from ungamerelated things like Media player consoles, to in game utilities providing various information, to up to nearly complete automation systems. (And yes, it's also funny to imagine fantasy characters with more cyberwear then most SF characters.)
And while some applications may be questionable, on the whole, it was nice to have people instead of complaining about UI issues, being able to consider and create their own fixes. It certainly kept me playing for extra months.
I would have bought the damn game and played it, sounds like a wickedly funny wheeze, rather than the usual hummel figurine collector style attitude to such games :P
GO play EQ...we have been through this...betas suck.
EQ > ALL --- the thousands who play are the proof.
NO ONE CAN STOP EQ !!!! muuuhhahhha
What if a MMORPG did this every April Fool's day? Then, on April 2nd, the admins could restore the March 31st backup and the game would continue as normal. The people who wanted to be part of WRATH OF GOD day could log on and those who didn't like the idea would stay away.
It would be like being on the receiving end of a SimCity disaster.
You don't honestly think the lock on your door and the deadbolt is going to keep out a determined theif, do you?
You don't think that "anti-theft" or "electronic key" system is going to keep away the most determined and skilled car theif?
You can't honestly think that ANY box out there is %100 explot-free.
That said, this hack is the same thing as if a gang of theives broke into a large company, and moved every office in the building to a different location.
Nothing is stolen, and yet it costs the company money. The employees are visibly upset and distracted. Computers have been moved to different domains, and documents have been shuffled to who knows where.
Would the above be written off as a childish prank? Certainly not. It doesn't matter WHAT the target was, so long as it has value in someone's eyes.
Man is the animal that laughs.
And occasionally whores for Karma.
For further information on events as they happen, check The Shadowbane Scorn Server Board and Shadowbane Main Boards on IGN.
I think this will remind a lot of people of the last time a player had a truly drastic and unpredictable effect on an MMORPG gameworld, when Rainz, an Ultima Online Player, killed Lord British, character of Richard Garriott, when this was supposed to be impossible.
Rainz threw a firewall scroll at Lord British. Seemingly, Lord British's invulnverability flag was not on, and Rainz killed him.
If we ever figure out exactly who did this, he'll be in the running with Rainz for most notorious MMORPGer of all time.
Personally, I think he's a person who has the capacity for empathy, and some degree of objectivity. By this I mean that he can put himself in anothers' shoes and understand the story both from the viewpoint of the perpetrator and the victim.
Empathy of this kind is simply a part of what we call maturity. This, in turn, is the capacity to realize one's goals as a part of society, or any social group of human beings, while not hindering the pursuits of others unnecessarily.
.. they write this happening into the history of the game world.
Massive slaughter and carnage is always good for the history of fantasy worlds, and it having really happened is just a plus.
Those players are lucky. If they'd been on synthiotics they'd actually be under the sea right now.
that's why most of us found the whole incident so funny. People getting so so irrate about losing something so completely and utterly meaningless. Basis of half the comedy you experience, the juxtapositioning of different peoples perception of value.
...who doesn't care about the breathless reporting of a GAME SERVER HACK that did nothing more than allow some players "power overwhelming"? Am I the only slashdot reader who just doesn't see this as news? How many informative, worthwhile stories were shot down to make room for this?
Maybe I just don't understand, but unless people are riding money on this game, this strikes me as marginally less important than a "where's ESR?" update.
B
"I'm payin' taxes, but what am I buyin'?" -- James Brown
Zzzeeeeeennnnnng
"Great! The judge had me sent to Bermuda!"
Zzzeeeeeennnnnng
"D'oh!"
"When I arived at the ToL in Khar all I saw was a field of tombstones, and some guys kyting the guards around. Next thing i see (as i make my way to the Runemaster) is a R30 Mino barb beating the piss out of some r1 who went there to train (like i did), i mean beating him like a red headed step child."
I mean, isn't this the way that video games were MEANT to be played?
The Death Penalty: Killing people to show others that killing people is wrong.
No offense, but I say lets not hop on every idiot who decides to crack into a system. This is the cracking equivalent of showing your little brother a double headed quarter.
MMORPG's get hacked all the time. Its happened a number of times on mir, hell even WEMADE Entertainment left the server software on their public ftp for weeks while a number of coders downloaded it to find new ways into it. I think i even submitted a story about that, and i think it would have been a bit more.. interesting..
I've left to find myself. If you happen to see me, please, keep me there until I return.
Disconnected the harddrive, and then dragged him out when the computer just didn't work. Keep him away for a few days and hope the detox isn't so bad.
Honestly there's healthy hobbies and unhealthy obsessions/addictions. I'm not one to say how anyone should spend their time, but this is way up there with being as useless as smoking crack.
Play for a bit, enjoy it, go read a book, go on a date, build a model, look at the clouds, make some money, play a D&D type game with some friends, do anything but level up a character that won't exist in 5-10 years.
-- taking over the world, we are.
The crash command was not added so that people wouldn't have to figure out how to crash it. Rather, it was so that a system administrator or developer could get a chance to debug the system by working with the core dump of the OS (!). It crashed the system in a very specific way. Why not allow a random person to futz with the system? Because the hackers will already know that any "anomolies" will be detected and the system rolled back. Plus, how will one determine who is hacking and who isn't? Moreover, if the effects of the hack are far reaching, it may also be prohibitively difficult to roll back the damage and not roll back the entire game and all players (who may not have even been involved, and thus get pissed when their time is wasted).
Fuck Beta. Fuck Dice
Heh. Back where I came from we called this finding the "gauntlet of DM power"
we should launch real world insurance for your MMORPG seeing as people care so much and attribute real money to their virtual assets? Would naturally involve a security audit of the hosting code to allow the underwriters to calculate premiums - which would incidentally make interested reading for those planning which game to sign up with.
Now go play .hack//INFECTION and watch .hack//sign :)
no
at 3030 trans all; force all quit
:)
Oh.. Never played DIKU MUD?
Do you really think that you have any more insight into MMORPG design than everyone else? Your list is exactly like the 50-item lists that people propose to completely secure their non-gaming servers, i.e. pedantically correct but COMPLETELY UNFEASIBLE. Do you have any idea how computationally intensive modern MMORPG's are, in terms of bandwidth, database hits, and CPU cycles? To do what you are proposing, the monthly fee would have to be raised to $50/month, and development costs would skyrocket. MMORPGs are already absurdly risky to finance given their huge development costs; to make a "completely secure" MMORPG would be prohibitively expensive.
Besides the fact that the game is in full release (as I understand it), how can you ignore the value of an entertainment service?
What if someone interrupted an hour of home internet service for everyone in a city? With a few exceptions, home use of the internet is still entertainment.
Even more, there's direct harm to their business. Would you sign up with an ISP that has just had a major disruption like this? What if it happens again? What are they doing to prevent it?
You can't joke around with 10,000 people and not expect to have some repercussions. I'm not saying we put the cracker to death or anything, but a fine, a month in jail and some community service is probably a good idea.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
Take a look at the posters for future reference:
- everyone who thought this was funny is a relatively healthy person with a sense of humor, probably someone you wouldn't mind sharing a beer and a pizza with.
- everyone who got upset and shouted loudly that the heathen 'criminals' should be prosecuted to the fullest extent of he law has no sense of humor, and most likely is some kind of Evercrack addict - y'know, scary geek types who spends 20 hours playing MMORPGs every day, don't shower, have no social skills, etc. Don't share a pizza with these folks, you might catch something from all the times they *didn't* wash their hands.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
I thought that question was: Kirk or Janeway?
Or are you making an uber-geek comparison between a role and an actor?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Besides the fact that the game is in full release (as I understand it), how can you ignore the value of an entertainment service?
A game that releases patches like this one is beta quality software. I can call a Chevy Baretta a Corvette, doesn't make it so...
What if someone interrupted an hour of home internet service for everyone in a city? With a few exceptions, home use of the internet is still entertainment.
That shit happens all the time. My internet connection goes down a couple times a month. I bitch at Verizon, and they say it's not their fault that some ambigious made-up term is failing.
Even more, there's direct harm to their business. Would you sign up with an ISP that has just had a major disruption like this? What if it happens again? What are they doing to prevent it?
You mean like @Home, Comcast, Verizon, Mindspring? All have had major outtages. Shit happens, and unless they have a uptime guarantee, you aren't entitled to it.
You can't joke around with 10,000 people and not expect to have some repercussions. I'm not saying we put the cracker to death or anything, but a fine, a month in jail and some community service is probably a good idea.
As far as I heard, it was only on one server with like 1200 people on it. Assuming they can catch the people who are involved, what are they going to charge them with? There was no damage*, and it was obvious negligence on behalf of whoever wrote the client bug/server bug that did this.
* Damage being defined as irreperable damage, even if it was down for 12 hours the amount of money would be very small. Those who cancel their accounts are doing it for other reasons as well, not just because of one incident. From what I've read on the boards linked in the story and the comments by the users of the game, it has a lot of issues.
Dacels Jewelers can't be trusted.
"but a fine, a month in jail and some community service is probably a good idea."
I think you should spend a month and jail to think about whether that's a fair punishment.
"I thought that question was: Kirk or Janeway? "
Actually, the full question starts with "Who would be on top?"
I may be wrong, but I'm never uncertain.
Nope, just fast typing and the fact that I don't watch any Star Trek. I guess it should have been "Picard or Kirk". But to me, that question is just as relevant - it isn't.
My beliefs do not require that you agree with them.
I loved your work on PRO-MOD for JK2:D
I hope you have an INDUSTRY job for the dues you put in.
thanx
I know ur work:D
First someone takes over a game server. Then we slashdot their forums. Ubi is probably having a wonderful day today.
Ya when you think about it Neo is just a fucking cheater and trinity is a script kiddie.
Oh well so much for enjoying the matrix now...
A game that releases patches like this one is beta quality software. I can call a Chevy Baretta a Corvette, doesn't make it so...
So... if I crash your lousy car, it was just a lousy car and deserved to crash anyway? I think we can pretty safely say that this is more than "using the magic system creatively".
ISP outages are especially poingant to this situation, as UBISoft also has outages. I think you have to agree, that any outage has a harm. UBISoft has their own outages, caused by themselves, but this is something entirely different, because UBISoft at most indirectly caused this outage. And, UBISoft owns the game, and the service. As such, they're entitled to cause outages, etc.
Since we've established that outages have harms, why should the perpetrators not be held responsible for this harm? I think that its pretty clear that UBISoft's image has been/will be tarnished from this. One piece of clear evidence of this is the posting of this news on Slashdot, when the game itself hasn't warranted any articles. This is a big deal.
"obivous negligence" doesn't cut it either. The hackers who did this had to set out with malicous intent in order to do it. Its not like they found a button that says "god mode" and pressed it.
Lastly, why would you discount the experiences of over a thousand people? Somehow your (or others*) derision for the game that they were playing at the time makes their time and rights to protection under the law invalid?
I don't understand your "Its funny, and they're unimportant" defense. Fortunately, I suspect that the judges in the case won't either.
-Zipwow
* I should clarify that you haven't specifically said any of the "get a life!" comments that have been rampant in other comments. However, given your sentiment that the perpetrators of this mess should be ignored, effectively encouraging them, I've lumped you in with them. Apologies if this isn't correct.
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
It's your fault. Does your machine suck? Maybe the server you're on sucks. Maybe it's because your team sucks and you're just an idiot. Rollbacks aren't nightly! It's just that weekly rollbacks SEEM like nightly when you suck and only play once a week.
Our patches fix some bugs! Just because more are created doesn't mean the patches don't work on what they were intended to fix. By the way, did I mention the problems you're having are because your computer sucks? I'm just going to ignore you until you go away. That's how problems are dealt with in techie world, but you wouldn't know that because you're not a programmer, ARE YOU?
With representatives like this, that company seems to have been asking for what happened....
I suppose they couldn't handle a REAL wizard afterall! Because if I was a wizard, and I was good, those are the things I'd do.
Candy-Coated Knowledge
Unfortunately he needs to figure it out for himself, otherwise he won't ever quit. My freshman year in college was waisted on EQ. No friends, no women, the minimum amount of schoolwork required to get B's. I would play anywhere between 50 to 80 hours a week, sometimes more. Something really bad in game needs to happen in order for him to quit, thats what it took for me. The worst part is that it takes years to recover from an addiction like this. Though you can stop playing cold turkey the damage done to your social skills isn't quite so easy to recover from. I just graduated from college and my social life only really got up to speed a year ago. A year wasted playing the stupid game and 2 years spent trying to get my life back on track because of the stupid game.
You just need to take it a bit further...
:)
Supposed you have a game & server concept similar to this, but programmed in a way to not take game security dead-serious. In fact, as the cheats, etc. came out this would not be shunned, but instead part of the game. The people with the best cheats take the cake, can gather clanmates and share what they know. Your clan is then defined by the abilities they have aquired through manipulation of the game workings (in addition to the standard tags, skins, etc.)
I'm sure you could develop a program in a way to separate out abilities (such as speed, gravity, damage types) such that any crack wouldn't give up everything else
Which brings on two negative points:
-It sure wouldn't be appealing to newbies, who start on ground zero
-Anyone who successfully gets full access ("GOD")
may be unsurpassable and ruin the game for everyone. This can be overcome by having the game focus include things other than Power by Might (i.e. killing sprees), such as trade, etc.
If there ever was a prime canidate for an open-source friendly game, this concept would be it
- Sig
It annoys me when businesses depend on law enforcement rather than sound security practices to stop hackers.
I've heard of many incidents where honest (non-cheating) mmorpg players who reported security exploits in private were ignored for months and finally banned after going public with them. Some are banned before going public. Many of the companies focus too much on fighting the discovery and sharing of exploits rather than taking steps to reduce them.
Would suck to play a game and have all that hard work tossed. Hope they fix that problem up better then they would in EQ..
That would give some insight as to whether the players think it is "just a game", or something that they have invested a lot of their emotional well-being in.
The question seems to be, is this act akin to knocking over a chess board in the middle of somebody's game (it's just a game, after all), or is it more like breaking into their house and burning the furniture they have built as a hobby (the players invested time to create their characters, after all).
Anyone have a link to a video of the carnage?
Conan the Barbarian: ... and the next morning my sword was gone, and the gold pieces, and...
/Tor
Cross-Examining Lawyer: And, if I may ask, where did you get those gold pieces in the first place...?
Conan the Barbarian: Well, I killed this dragon and...
Cross-Examining Lawyer: Murderer!! You killed, pillaged and raped to get this money and now you have the stomach of accusing the defendant, and honor student in the other end of the kingdom...
Conan the Barbarian: But it was just a dragon...
Cross-Examining Lawyer: Racist!! There we have it, honored members of the jury, Mr Barbarian here is not only a thief and a murderer, he is also a racist. That nullifies any and all of his allegations. You must aquit.
"Companies that distribute sub-standard products deserve to have tarnished reputations. They deserve to feel some financial impact."
True but were do you draw the line? Who's standards do you use? Is the ease or difficulty of accomplishing an act the measure one should use?
Whatever happened to common-sense and respect for our fellows?
Do we really need as a society having to be told in minute detail what is ok and what isn't?
If the thickness of our laws, and the plonderous nature of our courts is any indication, apparently we do need to.
We spend far too much time pondering ways to bypass common-sense and discarding respect, and as the whirlpool grows ever wider, action, reaction, then we pine for the simpler days when a deal was done with a handshake, and a persons word was as good as a contract.
Welcome to the world that selfishness built. Now who will be strong enough to admit their part in building such?
Virtual Reality Destroyed - Lusers forced to experience Actual Reality
Thousands of unwashed virgins living in their parents basements were forced out into the real world today. Squinting in sunlight for the first time since reaching puberty, nerds contemplating actual sex, to replace their now unavailable private game chat...
--- Generation X: The first generation to have SIG lines inferior to their parents... ---
Complete crap.
It is possible, it just takes SOME amount of pre-thought and design and YES, looking at work that has come before and the problems others have had. And the original poster was right, virtually every MMORPG company completely ignores 90% of the lessons learned by others and they continuously repeat obvious mistakes.
I agree that it's almost impossible to believe. But it's true. I'm involved with enough of them to see the paterns of "Not Invented Here" and "It won't happen to us" and various other head-in-the-sand behaviors. They all do it to one degree or another. It really is unbelievable.
Say what you will about Sony and their MMORPGs but, they put together some serious security. This kind of thing hasn't happened yet in EQ and how long has it been up? Long fricking time. Now it's happened to Shadowbane or whatever the hell it's called, and it's been up how long?
They're just fricking sloppy. They've noone to blame but themselves.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Since we've established that outages have harms, why should the perpetrators not be held responsible for this harm? I think that its pretty clear that UBISoft's image has been/will be tarnished from this. One piece of clear evidence of this is the posting of this news on Slashdot, when the game itself hasn't warranted any articles. This is a big deal.
I'm not excusing the actions of the person who did it, I'm just clarifying the actual damages. As you said, if you crash my lousy car, I'm entitled to get another car of the same or lesser value. Just because you crash my Baretta, doesn't mean I get to buy a Corvette.
If one person causes about $100 in "damages" to a service, charging them extra is extortion.
I don't understand your "Its funny, and they're unimportant" defense. Fortunately, I suspect that the judges in the case won't either.
It is funny, but that's not part of my defense. My defense is that there is no long lasting damage done. To me this is like toilet papering an offices campus. Or delivering hundreds of thousands of AOL CDs to AOL HQ.
I should clarify that you haven't specifically said any of the "get a life!" comments that have been rampant in other comments. However, given your sentiment that the perpetrators of this mess should be ignored, effectively encouraging them, I've lumped you in with them. Apologies if this isn't correct.
If someone wants to live their life as an elven warrior casting magic missile, that's they're choice. I can laugh at them a whole lot, and enjoy doing so, but this isn't about it. I find what the perpetrators did was very funny, especially because of the stereotype of the people it effected. However, I'm not saying they should be ignored. I'm saying they should be punished in accordance with the damage of the crime, ergo not much punishment. A firm slap on the wrist, a week of community service, and a "Don't do it again" is sufficient. Just like I'd expect them to do if some people spread toilet paper outside my office.
Dacels Jewelers can't be trusted.
Homer: We played Dungeons & Dragons for three hours! Then I was slain by an elf.
Seriously, though, I want to see some screenshots of the carnage!
--Just the place for a snark!
What if I exploit a remote root bug in SSH or IIS on your server, gain access to your network and delete all the files on your server? Is that against the law? YES IT IS. It makes no difference if it is a game server or not.
If only they had done it to Everquest. I can just see the mass suicide that would have taken place after all the Evercrack junkies find out that their accounts have to be reset.
"452 plat....definitely 452 plat" --- Rainman on Everquest
Shadowbane was supposed to be the MMORPG to end all MMORPGS, then it is delayed, then they sell an addon pack before the game is released. The game finally launches and it is so-so, now the servers are hacked...
I feel really bad for the suckers, err I mean players.
...its gonna be Planeshift.
And if I like it I'm gonna pay back by helping out in developement and setting up a planeshift server.
I'll even be able to help build my own impression of a fantasy world.
Just like with them *real* pen'n'paper RPGs.
How long do you think an exploit like this would live in an OSS MMORPG? Right.
We suffer more in our imagination than in reality. - Seneca
When someone's grandma calls me up crying about how someone hacked her brand new dell p4 that's always on, hooked to a cable modem, no firewall, no antivirus, I have to hit the mute button on the phone and bust out laughing. What the hell did she think was going to happen?
And don't give me this, "Awwww, but she didn't know." crap. This stuff is a responsibility. A P4 on a high bandwidth connection is an unsecured digital gun that can be used against my servers by some stupid script kiddie. Her negligence causes me problems, and all the rest of us as well. And to blame some 12 year old who isn't SUPPOSED to have any sense for picking it up and whacking a server with it is equally stupid.
And THIS? This is a joke of the highest order. A company that opens up a box to the outside world and leaves little "god-hacks" lying around their system, and then crys about it when some kid finds them? Please. This thing was hardly a hack; there is NO WAY someone hacked into the code enough to be able to move people around inside the game. You have to be able to use the game engine itself for that, and those things only do what they're programmed to do.
I sit in my office and watch my little "Code Red counter" still clicking up as servers that are STILL infected continue to spam me with little viral messages. In any just world, I'd be able to hold them responsible for the security hassles that THEY are causing ME. But no, no no no, it's all the original creators fault, not the morons that never bothered to protect themselves, and never bothered to clean up the mess afterwards.
Grrrrrrrrrrrrrr.
Crackers and viruses happen. It's like a force of nature. Accept it and move on. And if you don't protect yourself, that's your lookout.
Just my opinion.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
However, in this particular case it sounds like the carnage was limited to newbie areas where it was unlikely that characters had much in the way of equipment or experience. In addition, they can just roll back the servers for 24 hours and get most everyone's stuff back.
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
A game server got hacked.
Back in real-life:
FCC Decision on Media Ownership Nears - rejected
"A terrorist is someone who has a bomb but doesn't have an air force." -William Blum
I could just imagine 4000 gamers ... panicking ..sweating trying to figure out how to make "it" right again . Then throwing their arms in the arms in the air and screeming bloody murder cause their chinese leprechaun character who was once happily skipping through some woods , was instantly teleported to some scottish highlands log tossing competition that was fresh out of things to throw..
I have to think that this is "Captain Kirk" -- change the game so you can win. Maybe not win, but at least have more fun.
As to other players being inconvienced: part of the game is figuring out the rules. The game is as "open" as it can be. Some players get god-like powers within the confines of the game, and the game allows this, it is then part of the ruleset. Everyone who plays the game is bound by the ruleset. Changing the ruleset (that is, actually hacking the server) may be an actionable item, but probably shouldn't be. I would argue that that level is simply a meta-ruleset.
Basically, the players should simply "suck it up". From the perspective of the hack players, they have "beaten the game". Now, the hosting company may not like it, but they are at liberty to change the game, or introduce a new game (or refund). But, threatening legal action? That is COMPLETELY off-base. More appropriate would be congradulations, and a thankyou to the hack players.
It is true that I have never played one of these games (they just don't interest me, having nothing to do with my life), and the only way I would be even SLIGHTLY interested would be to have a go at hacking the servers, or writing my own client.
This story is very funny, and sad at the same time. The threat of legal action certainly takes away from the inherent humour in having someone actually "win" the unwinnable.
CUL8R
Ratboy
Just another "Cubible(sic) Joe" 2 17 3061
I dont know if its widely known, but those guys hacking shadowbane are the same which hacked UO back in the "old" days, the same which hacked Asherons Call. If you are inside the MMO community you know who they are, but somehow this isn't known outside. Can you spell KoC?
I get the feeling there will always be a certain crowd that sticks up for games like Shadowbane no matter what happens - because they haven't really played anything else like it before, and they're impressed with the basic concept enough to overlook a lot of technical problems.
(My wife certainly falls into this category. She loves Shadowbane, despite fits of screaming every few hours when something goes wrong.) Personally, I'm done with the game after only one night of trying it out - because of all the login server issues, lag problems (and I'm on a fast DSL circuit with a 1.8Ghz P4 and a dual processor 1.42Ghz Powermac G4 tower), and client bugs.
Maybe I'm jaded, but I feel like it's technically feasible to do much better - and I refuse to give my money to a half-baked project like Shadowbane. When our free trial runs out, my wife is the one who has to come up with her own money if she wants to continue the membership.
The "glue" that holds people to these games is usually the interaction with other real, live people - and you can do that for free in a chat room on IRC or in an instant messenger client. Everything else requires a well thought-out and well executed game environment (both on the client and the server end), and Ubi falls flat on their face doing both.
Who, obviously, knows precisely jack-shit about tact. It's condescending, holier-than-thou loudmouths like you that are the cause of most of the strife in the world. What exactly is your major fucking malfunction anyway? Mommy didn't love you enough? Daddy abused you and now you need to feel superior by stomping others? What?
What they mean by safe zones is there are 3 cities (one on each continent) where players can go and train/sell items without worrying about being pk'd by thieves while they're walking from the vendor to the bank. It's basically the 3 cities for n00bs who don't have guilds yet.
They didn't touch credit cards or the actual accounts, but this is counted as illegal because it happened to a big, rich company.
Webservers get r00ted every day, but very rarely does the FBI go after the cracker responsible.
I bet if you loaded up fsf.org tomorrow morning and saw, "windows is TEH R00LZ!!!", the government's response would be:
"too bad, so sad... guess that Linux thing isn't so great after all!"
Whatever you may think about their 'business model', the fact is that their game is what generates their income. No, the police won't care as much if your average "informational" homepage went down. But they do take it seriously if something deleted amazon.com's order books. Why? No credit cards touched, nothing stolen. But it seriously fucks up their business. So does this. And if you can't see that, it's a shame.
Kjella
Live today, because you never know what tomorrow brings
Seeing how they made it well and truly clear that there was an issue with this pay-per month game i believe that the perpurtrators nay hackers did them a masive favour. Had a lesser moral person of the cracker type had this expliot then they would have cashed in and the effect would have been more subtle as they used it to there advantage like any game cheat does ;. This in itself would have had a far more damaging effect upon players and would have cost them money. Whatt they should do now is think themselves lucky, save there legal hunt and focus on securing there product for there paying customers and offering a months compensation to all players for there incompetence in securing the product in the first place. Save you the time in calls from irate customers and would plicate the customer base and be alot cheaper in the long run.
Costs less to keep a customer than it does to loose one, as if you loose one you loose alot more though localised bad PR. Give the customers the compensation they desearve, get security guru in to secure your product and your clients interests as paying customers and live long and proser...
Oh geekiest of geeks...
I remember when I used to play MUDs/MUSHs way back when, I found a way to get GOD powers by creating an item that chowned itself to whover picked it up (in this case a super user), then forced the holder of the item to give super user powers to the object. Upon that, it would teleport itself back to me at which point I could use the item as a puppet and have full GOD priveleges and abilities. And the best part was that because the item chowned itself to the superuser, it would always show that that super user had made the changes or was doing things.
Ok... so that was my geeky game hack tale. I feel all dirty now. Must go wash and pretend to be a normal human being now.
My New mantra: I'm normal, I'm normal, I'm normal
This is my sig. There are many like it but this one is mine.
Some guys have avatars.
Some of us have girlfriends and wives.
So you're comparing writing the great american novel with obsessively playing a cheesy online role playing game?
GO OUTSIDE IMMEDIATLY!
You desperatly need some fresh air and reality my friend.
Oh look, yet another drone who is unable to build is how opinion and who accuse everybody of being anti-American just because they don't say "sir, at your service sir, right away sir" when the government say something. Let's mod it down, this shit be mad funny yo! ...er, oups! Never mind, it's already moded rock bottom.... ;)
Yahh, hiii haaaaa! -Major Kong, from Dr. Strangelove
Its fun for the first ten months, then after that it becomes a second two full time jobs. After that its not fun anymore, and you lose things that are healthy like a balanced diet, sleep, friends, etc.
My point is, if the game isn't fun, don't play it. I played EQ, I had fun, when it wasn't fun anymore I quit. There is no reason to be really anal about it.
Are those events the third or fourth sign of the apocolyspe?
Insert Witty Remark Here ===>____________________________
http://www.darkenbane.com/screenshots/0/large21.jp g
what I think is funyn is how htis was the first submission I ever made to Slashdot that was accepted, but what is written is NOT EVEN CLOSE to what I wrote, and have since been given authorship of...
wow. I wish I saved how I originally wrote it up... seems the admins here like to be a bit creative with their editorial powers. guess maybe i should just be happy they accepted my submission? lol...
oh well, bottom line from the infocsec professional's perspective: yet another case where security was not taken into consideration during the design of their networks and software...
when will the networld learn that security is ALWAYS an issue?... oh well, atleast it keeps me employed...
"I think, therefore I get paid."
Talking Heads?
DFL
Never send a human to do a machine's job.
However, I'm not saying they should be ignored. I'm saying they should be punished in accordance with the damage of the crime, ergo not much punishment. A firm slap on the wrist, a week of community service, and a "Don't do it again" is sufficient. Just like I'd expect them to do if some people spread toilet paper outside my office.
.03 for easier math.
.15 brings us to $450 in direct service-interruption damages.
Okay, I think we basically agree, though I list the damage as the interruption of service to several thousand thousand people and the harming of a company's business a little higher than you do.
If one person causes about $100 in "damages" to a service, charging them extra is extortion.
Its a tangent I'm sure others are exploring elsewhere, but lets go anyway.
Hours:
By what I've read, they're going to reset the servers in question back "several hours", and there was actual downtime after the hack. Lets round this amount of time off to five hours for easy calculation.
People:
The boards I've read indicate that several servers were attacked, and that there are ~1200 people on a server. With the uncertainty factor (people saying "I'm not playing, my server might be next") I think we can count at least a nice round 3000 people affected.
Cost of Service:
I've read that people pay $20/mo for this game. Two minutes on shadowbane.com couldn't confirm anything, so I'll just forge ahead.
If you say there's 30 days in a month, 24 hours a day, that's 720 hours a month.
$20 / 720 = 0.027777 or just about three cents an hour. Lets round up to
The Math:
We have five hours of interruption, so that's 15 cents for each person. Doesn't sound like a big deal, but...
3000 people times
Now, if the game is, in fact $20/mo, and 0.5% (one half of one percent--a pretty darn low estimate) of the people affected cancel their account, then in the next month, 15 people will no longer subscribe. That's a direct loss of another $300 each month. Even if all those people would have quit in three months (far below the norm in MMORPGs), you're talking about $900. Add that to the $450 in damages above, and you're at nearly $1500 (1350).
All this is before trying to calculate the far more nebulous amount of loss from people who *heard* about this, and as a result, never signed up for the game. Any number I give here would be pure speculation on my part, but due to the subscription nature of the game, just a few dozen people can be rather serious.
So, yeah, I think these people did at least a couple thousand dollars worth of damage with this stunt. I think that my leniency would be to offer them a misdemeanor conviction and two weeks of jail time in return for a guilty plea. If they tried to plead not guilty, I think you've got an easy case for a felonious amount of damage.
When you're talking about popular servers, and actual businesses, things get serious in a hurry. Given the amount of damage involved, I don't think its unreasonable to treat this as a criminal action.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
I bet if you loaded up fsf.org tomorrow morning and saw, "windows is TEH R00LZ!!!", the government's response would be: "too bad, so sad... guess that Linux thing isn't so great after all!"
Not until they released an official statement condemning it as an act of terrorism, then spending hundreds of millions on a federal task force to examine the role of '133+ $p33k' in terror cells.
First of all, I'm not sure that you make the distinction clearly. If I kill off characters or steal items using hacked illegal powers, that is modifying account data. If I use my powers to draw a huge smiley face in the sky, then I have still hacked a server, but then I wouldn't be modifying the user's data.
Now assume that there is in fact no change made to the users' account data itself. That is like logging into a machine, escalating privelege, and installing trojans and key-logging mechanisms without actually changing what the other users (and superuser) perceive as they use and monitor the system. Still illegal? Yes!
--
"Extra Anus Kills Four-Legged Chick" -- Headline
Something on the net just isn't famous until it's been hacked, attacked or Sued by somebody...
:
The new business model of modern times
1. Create Killer Software / Service.
2. Get Hacked/Cracked/Attacked or Sued.
3. Profit! Cos now you're famous.
Lawyers, for the ultimate source in digital entertainment.
Now, if the game is, in fact $20/mo, and 0.5% (one half of one percent--a pretty darn low estimate) of the people affected cancel their account, then in the next month, 15 people will no longer subscribe. That's a direct loss of another $300 each month. Even if all those people would have quit in three months (far below the norm in MMORPGs), you're talking about $900. Add that to the $450 in damages above, and you're at nearly $1500 (1350).
It should be reasonable to assume that any people who cancel would not cancel purely for this reason. Did you read the threads on the board or even in here? Most of the people who say, "I'm cancelling" do so because it's just one more thing wrong with the game. The Warcraft 3 Frozen Throne beta has less bugs than this thing, from what I'm hearing. That's just plain silly.
So, yeah, I think these people did at least a couple thousand dollars worth of damage with this stunt. I think that my leniency would be to offer them a misdemeanor conviction and two weeks of jail time in return for a guilty plea. If they tried to plead not guilty, I think you've got an easy case for a felonious amount of damage.
They would only be liable for damages directly caused by their actions. This would be the $450 figure you listed above. You also can only claim damage for those who attempted to login to the server, and those who were playing in the time (Probably much less than the 3,000). If you attempt to claim (Unless in a civil court, much different) that your damages are in excess of that, you are going to get laughed at.
I think you have some confusion between civil and criminal hearings. For example, if I steal your car and you have a job that requires usage of your car, I am in no way criminally liable for you losing your job because you have no car. I am however persecuted under grand larceny (Assuming you don't drive an utter piece of shit) and the fines and penalties that go along with that. Speculative or correlative damage (I lost my job, my cat died, etc.) would take place under a civil lawsuit.
The only damages that will be tallied up for a criminal case are those actually inflicted upon the business. In this case, it would be $450. You would get laughed out of the FBI office. If they try to increase damages (Which is possible, by saying that lost wages due to on-call sysadmins, and recovery costs... but since the recovery costs were proven to be very small, as it was up and running in a matter of hours it would be hard pressed to get this number higher.) You also wouldn't be able to provide developers time fixing the bugs that caused it, because that's part of negligence.
Either way, if they do try to persecute it'll be pretty funny. If it's interstate, my guess is nothing will happen. My guess is it's interstate. I would look toward a civil case instead of a criminal case anyway, as a criminal case does ammount to someone spreading toilet paper all over. Except you have very expensive grounds keepers. But, once again, IANAL... just enjoy reading legal documents.
Dacels Jewelers can't be trusted.
http://www.quaker80.com/docs/Once%20in%20a%20Lifet ime.htm :)
.
== WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
Shadowbane is shit. I was impressed with the basic concept enough to overlook a lot of technical problems. And a month later and things have actually gotten worse. Already had 2 500+ player guilds from my server quit the game completely. The developers can't even get the login servers to work. It's embarrassing.
Some of us have girlfriends and wives.
There's (at least) two ways to read that:
--Groucho Marx
But that brings up a hitch: Wouldn't it be slave trade to sell that avatar - marriage material - on eBay?
Irene KHAAAAAAN!
Enevts like that proof we don't live in the Matrix. Otherwise Godzilla's would be popping up in New York every time someone finds another hole in one of the servers...
Hyperom.com
Just a publicity stunt! I heard a story about Brittiney Spears getting some tatoos, and then discovering that the chinese language characters actually said something other than what she was told by the tatoo parlor! Stuff like this is just designed to get attention from people who want to know all about someone else's misfortune. Imagine, game players that have nothing better to do, the cyber-space equal of skateboarders, getting their game screwed up! This is the stuff of Supermarket tabloids! And, caters to the same crowd!
...can spell 'snivelling.'
I thought it was just me! Now I have proof it wasn't, so that means I can stop taking those pills! Screw you, Dr. Beaterman!
A man who can't pronouce "nuclear arsenal" shouldn't have one -sig ends here.
...there is no spoon...
In the UK at least all banks must be insured, or have assets to cover all potential losses before they are allowed to operate as a 'bank'. If there had been numerous stories of people being given bank 'admin access' I would not bank online with that provider. The point I was trying to make was that the number of people in the Beta program reporting being given god access to this MMORPG should have been an indicator to an educated consumer that there were likely to be bugs in the final product. If your only concern was the fun of the game, then I absiolutely agree this should be your major criteria for chosing the MMORPG - however, if you are a person who values your virtual assets highly then sure you should chose your MMORPG with the same criteria you would any other serive containing valuable assets (i.e. your bank).
Basically if many people have been reporting bugs for months, don't act surprised and unaware when they affect you.
but this should depend on how secure/enjoyable they've made it. If everybody in the game could grant themselves money then the ingame currency is worthless. If the publisher hasn't made it too hard for certain people to generate money (as is the case in a number of MMORPGs then the currency id automatically devalued).
nuf said
They would only be liable for damages directly caused by their actions. This would be the $450 figure you listed above.
I think it would include at least a portion of the people who cancelled their accounts.
You also can only claim damage for those who attempted to login to the server, and those who were playing in the time (Probably much less than the 3,000).
Heh, the problem with long discussions is that sometimes the other person goes and does research:
From the Ubisoft post and elsewhere, I read that *all* the servers were taken down and reverted. This process took somewhere between two and six hours. Lets take five.
So, five hours plus the three-hour revert is eight hours of service interruption.
Now, since *all* the servers were taken down, and there are ten of them, you're talking about somewhere between 10,000 and 15,000 people. That amount of people is the number of people generally online, per server, as I understand it.
So, as before, 15 cents per hour..
15cents * 8 hours * 12,000 people = $14,400
Even if you're right that the lost registrations are indirect damages (although I disagree), you're still talking about felony-charges level of money here.
I think our disagreement is on a more fundamental level, though. Why do you feel the need to defend whatever miscreant did this? A lot of people seem to feel like its a harmless prank, but I think its pretty obviously more akin to vandalism.
For the record, if this is the person's first offense, I don't advocate a felony conviction. I don't think it should be laughed off or treated lightly, though. This person (or people) have affected thousands of people, and this action shouldn't be ignored.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
we can regard it like the credit card comnpanies - the provider of the MMORPG is responsible to it's customers and then the MMORPG provider can then try to recover from the abuser. I can't see Ubisoft coughing up several million in 'lost man-hours' to it's subscribers and I can't see them recovering the massive sum from the people that exploited the system.
I'll admit my post was a combination of moods, as seem by the massive number of contradictary mods, but I never have and never will post anonymously.
"..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."
Hell, I've seen worse on the first few levels of nethack.
I think it would include at least a portion of the people who cancelled their accounts.
Only if you could prove the sole reason each of those people cancelled was due to this bug.
From the Ubisoft post and elsewhere, I read that *all* the servers were taken down and reverted. This process took somewhere between two and six hours. Lets take five.
This would be negligence, and correlative damage though. If UbiSoft did their part (By not doing buggy software) than the software would not need to be taken down. From what I read, it only took place on one server (Kahn or something)
Correlative damage doesn't count. Actual damage is what I'm looking at.
I think our disagreement is on a more fundamental level, though. Why do you feel the need to defend whatever miscreant did this? A lot of people seem to feel like its a harmless prank, but I think its pretty obviously more akin to vandalism.
This is the fundamental difference. I view it as a prank, you view it as vandalism. There is negligable actual loss. ~$450. If someone were to cancel their account purely because of this incident, perhaps more. I doubt anybody will cancel only because of this. The updates on the other servers and patches can't be counted in either, because it is a service that has patches regularly and it was something that needed to be patched. Even if the person or persons responsible sent UbiSoft an email demonstrating the capabilities without doing anything, the same thing would happen. The only actual damage was the few hours of gameplay lost to those affected.
15cents * 8 hours * 12,000 people = $14,400
The problem with this is that regular updates then would cost $14,400 and also entitled all players to account credits while the servers are being rolled back or patched. It doesn't work that way.
You can't add that figure in, because that figure would be the same if someone posted the report to UbiSoft without actually doing anything (redundant, I know, just drilling the point home)
There is actual no damage done, because they aren't billed per hour. There is only damage done if they had to pay their customers, or credit them, for downtime. This is obviously not the case. They are billed per month, with no guarantee of availability (Just things I'm gleaning from other comments) so nobody is entitled to anything.
Therefor, the only damage done is actually the cause of UbiSoft's negligence. Had they done proper quality and security controls this would never have happened. The actual damage was slightly worse than if someone had sent a friendly email detailing the exploit. The actual damage done by their exploitation of the system was pissing off a bunch of players.
And from a lot of the Shadowbane board comments and in this thread from the Shadowbane users, worse things have happened.
Dacels Jewelers can't be trusted.
Really, I hope he gets away with this. More gamers might go outside, meet people, or maybe, just maybe, try bathing.
There should be two sets of servers out there for these kinds of games. One where hackers are allowed to do whatever they want, and one for people who want to play by the rules. Both of them would have to be exactly the same in every detail otherwise there would be that temptation of "what am I missing out on over here?".
Do I think this will stop people from hacking the system for the "fair play" players? Heck no. But I'm reading here about how some people think hacking and cheating is part and parcel of the game, that it's not about wrecking the game for others, but pushing the system to the limit.
That's as well as may be, but if you run two identical systems like this, at least you can separate the "adventuring enterprising hackers" from the regular jerks who just enjoy wrecking other people's days.
Fuzzy Knights: New RPG Strips Tuesday and Friday!:
http://www.fuzzyknights.com
unless your a faggot nerd who couldnt fight anyway, you shouldnt get bashed on the skull.
only on Slashdot can a point be proven by having " an intense game of chess" break into a fist fight:)
in all seriousness, I hope the little weasels roast.
they went about it all the wrong way. if you get that kinda power, you build yourself a couple of avatars and go interact with the people, pose riddles to players, rewarding them if they pass and penalizing them if they fail.maybe offer them a parfait. everyone loves a parfait.
Yes, it's still wrong and illegal and immoral, but it woulda been more entertaining to the players.
I personally would have went out looking for playerkillers and extracting a little vengence:)
on a side note, I think this hack might actually help business- before this, I had never heard of the game. anyone else in the same boat?
Looking for Book Reviews? Check out Literary Escapism.
If UbiSoft did their part (By not doing buggy software) than the software would not need to be taken down.
I think this statement is at the heart of our disagreement.
This view of the world of software as the only law on the internet, and anything not explicitly denied is allowed, is pretty out of whack with the idea of property.
The fact that it seems to have taken months to find this exploit shows that it wasn't exactly simple to do. Even if it were obvious from a technical standpoint, it doesn't make it any less illegal or morally reprehensible for the attackers to disrupt the service this way.
There is actual no damage done, because they aren't billed per hour.
How else do you determine the value of the service? UBISoft isn't responsible for refunding money during outages, because its in their terms of service that there will be periodic outages.
In other systems with these kinds of provisions (like utilities), there have been cases where the service experienced excessive outages. In these cases, refunds were given based on the duration of the outages in question. If your cable is out of service for a week, you're entitled to a week's worth of compensation, even though you don't buy it by the day, minute, hour, etc.
The attackers have still denied some percentage of the service to its legitimate users. You can't call it valueless simply because UBISoft isn't responsible for refunding it.
Therefor(sic), the only damage done is actually the cause of UbiSoft's negligence.
To paraphrase your statments, any defense trying to blame this entire fiasco on UBISoft's "negligence" would be laughed out of court. This isn't something accidentaly stumbled upon, it was done intentionally, and with malice, by the attackers.
The actual damage was slightly worse than if someone had sent a friendly email detailing the exploit.
This is patently ridiculous. Ask any of the 15,000 people affected by this which option they'd prefer. I still don't understand why you assign no value to the time of the subscribers of this system.
And from a lot of the Shadowbane board comments and in this thread from the Shadowbane users, worse things have happened.
This is completely irrelevant, unless you're talking about some other breach of security.
The attackers broke the law, and disrupted the service, preventing thousands of paying users from using it. I don't see how damages aren't obvious.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
HOw much is ubi paying you i want to be a yes man too
Homer: What the hell are you talking about?
Malike Bamiyi wanted my assistance.
How do we know this is a hack??? becouse the server people say so. It could just as easly have been a carrot left by one of the developers. Player stumbles upon magic thing says the right words and presto he is a god. Anyway I withhold my judgement until I have more information. I suggest others do the same.
Meh. Stupid 'lameness filter' needs something written here. I wish it were a little bit more intelligent. E
Marxist evolution is just N generations away!
I swear.. has a sense of humor become politically incorrect ? I know its real peoples time wasted... but damn thats a funny one. If the guy had been scamming credit cards or something I'd say fry him... otherwise slap him on the wrist if he exploited an in game bug, kick him out if he actually hacked it. More importantly fix the problem.
:-) /brodacast_all: Yeeeesssss !!!!!! I AM THE ONE !!! KNEEL BEOFORE ZOD.
You know it will be interesting to see how the Matrix online deals with issus like this.. after all its the freakin story line
I don't ask you to be me. I only ask you not expect me to be you.
The servers were not hacked like some slashdotters tend to think, it's clearly an INGAME exploit that happened last night.
IMHO, in the case of an hacked servers, the result would be more like character loss, or character boost, stuff would tend to disappear/appear.
In that case yesterday, it was clear that someone was in control ingame... God, you should have seen that...
I heard rumors that some guild had produced a modified client that would allow them to do that kind of stuff...
That situation is more scary since it might take longer to fix if the problem lies in the code than it would take if the issue was an exploit of ssh or such...
This view of the world of software as the only law on the internet, and anything not explicitly denied is allowed, is pretty out of whack with the idea of property.
No, it's completely in sync with property. If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed. That's all I'm saying.
UbiSoft didn't have locks installed. They learned they needed them. They installed them. End of story.
This is patently ridiculous. Ask any of the 15,000 people affected by this which option they'd prefer. I still don't understand why you assign no value to the time of the subscribers of this system.
This is wrong, and this is why I listed my point twice. 15,000 people were affected by a bug in UbiSofts system. 1,200 people (or 3,000 as registered on that server, whatever) were affected by what the attacker did.
You understand the difference?
The attackers broke the law, and disrupted the service, preventing thousands of paying users from using it. I don't see how damages aren't obvious.
There is no damage, as I've said before. Damage doesn't mean pissed of geeks. Damage means money that is actually lost that they would have otherwise. You can't list UbiSoft having to patch their servers and services, because that would be the case even if they were notified in a friendly email. You can only list the actual damages: None.
Dacels Jewelers can't be trusted.
"Well, Your Honour, I gamed a game and now the people who own the game want to game the law."
Back in the day when I used to roll play... this is what might happen when a new DM would start playing with an existing group.
DM: - rolls dice-
"suddenly you find yourself standing in a large croud of people.
Elf: "What happened? We were all just eating lunch in a forest"
DM - rolls dice a few more times -
You see the clouds part and a large godlike face apear in the sky.
"I have declared you an axis of evil and now you will face my wrath!"
The god then launches lightning bolts at random into the croud easily killing and NPC's that are unwanted and causing some chaos.
Elf "I think I am going to call my lawyer"
DM -rolls dice-
"Your lawyer suddenly apears in mid air about ten feet above you and drops out of the sky"
THUD
Lawyer "Wha huh?"
God "MUHAHAHAHAHAHAHAHA... Wheres your little judge now!"
Oh gheese did I get off topic...?
APATHY.
If We Don't Take Care of the Customer, Maybe They'll Stop Bugging Us.
I guess I wasn't the only one that was getting really tired of this guy's fantasy land of a perfect MMORPG that operates flawlessly for only him, all of the time, despite what anyone else might say about their personal experiences. Poor guy. He needs a life BADLY.
What a lame "Bruce Almighty" promo.
So, how much does it cost to be a beta tester these days?
Slashcode mauls the actual command, it's in my acct description somewhere
There are some "less than's" which get dropped because they're assumed to be HTML tags
I think this is quite amusing. Who here can really say they wouldn't give themselves god powers if they worked out how. I would have loved to have walked around smiting anyone I see.
Die you pimple faced geek!!!
-- Karma Karma Karma Karma, Karma Chameleon - Boy George
Anyone here ever use the program Everhack back in the day? Perhaps someone was able to put together such a program for SB. Just one possiblity i thought of but most likely someone edited the files in their SB directory to get ahold of GM status. I really dont think it was an actual server hack. If it was and they get caught they are looking at some serious trouble if not jail time. On the other hand what if it was just a straight up exploit? Can we expect people go to jail because some dumbass didnt realize putting in code to enable GM status by holding down ctrl + alt + F5 was a seriously bad idea? If it was a client side exploit and UBI does sue i would love to see some law suits against them as well for such an obvious coding mistake. It makes me wanna go out and write some half-assed code then sue people for using it wrong.
"At first, we thought it was just another snake cult."
No, it's completely in sync with property. If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed. That's all I'm saying.
If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed.
Your analogy breaks down immediately. UBISoft clearly had locks on the doors. Not including the fucntionality in the client to begin with constitutes locks on the doors.
So, in your example, the building has a rather wimpy security system, say cheap locks. This is probably a stupid choice on their part, but that doesn't really affect the legality or morality of the situation. Then, someone breaks in and trashes the place. I can't think of an analogy for 15,000 people not being able to play a game that they subscribe to, but I think you can see the point from here.
Maybe the business should've invested in a night guard, but that doesn't make it legal to break the cheap locks.
This is wrong, and this is why I listed my point twice. 15,000 people were affected by a bug in UbiSofts system. 1,200 people (or 3,000 as registered on that server, whatever) were affected by what the attacker did.
You understand the difference?
No, because there isn't one.
Are you arguing that UBISoft, upon noticing this exploit, shouldn't have restarted and rolled back all their servers? If this security problem hadn't been violated in this way, the rollback (and affects on all the players) could have been avoided. Also, the outage for the servers could have been much shorter, and at a time where it would have less impact on the general player base.
The outage was a direct result of the attacker's actions. Just because the locks on the doors weren't as strong as they needed to be (in your analogy), doesn't mean that the attackers aren't responsible for having to check and clean the whole building for vandalism after they broke in.
There is no damage, as I've said before. Damage doesn't mean pissed of geeks. Damage means money that is actually lost that they would have otherwise. You can't list UbiSoft having to patch their servers and services, because that would be the case even if they were notified in a friendly email. You can only list the actual damages: None.
Again, there is clearly damage done.
The only reason that the people involved aren't getting refunds is because they haven't demanded it. And who would they demand it from? They would demand it from the attackers, as UBISoft's user agreement covers UBISoft from outages. When you're talking about damage here, you're talking about damage to anyone involved, not damage to only UBISoft.
I still don't understand why you think that disrupting several hours of the prime time of a service that serves thousands of people worldwide isn't worthy of serious punishment. It seems that you fundamentally don't believe that these people deserve to play their game unharassed.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
Your analogy breaks down immediately. UBISoft clearly had locks on the doors. Not including the fucntionality in the client to begin with constitutes locks on the doors.
Providing that functionality to begin with is the problem. The fact that any client, not just those provided by UbiSoft (Think of employee, vs someone walking in off the street) could do this given the proper knowledge (where the door is located.)
The only reason that the people involved aren't getting refunds is because they haven't demanded it. And who would they demand it from? They would demand it from the attackers, as UBISoft's user agreement covers UBISoft from outages. When you're talking about damage here, you're talking about damage to anyone involved, not damage to only UBISoft.
Give each person the thirty cents, big fucking deal. Only give those people who were affected by the malicious client refunds, because that is the only damage caused by the perpetrator.
My statement is that because this service is provided without uptime guarantee, nor do people pay per hour/minute but by month, there is no valid way to calculate actual damages.
You cannot include any damages done by UbiSoft having to patch their servers and services. Because had someone notified them via email it would still have the same outcome.
Re:ding ding! Not in beta! (Score:1)
by zipwow (1695) on 06:24 PM May 29th, 2003 (#6072833)
(http://zipwow.net/)
No, it's completely in sync with property. If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed. That's all I'm saying.
If a business doesn't have any locks on it's doors, and someone breaks in (by merely opening the door and walking in) and spreads toilet paper all over the place, the doors would then have locks installed.
Your analogy breaks down immediately. UBISoft clearly had locks on the doors. Not including the fucntionality in the client to begin with constitutes locks on the doors.
So, in your example, the building has a rather wimpy security system, say cheap locks. This is probably a stupid choice on their part, but that doesn't really affect the legality or morality of the situation. Then, someone breaks in and trashes the place. I can't think of an analogy for 15,000 people not being able to play a game that they subscribe to, but I think you can see the point from here.
Maybe the business should've invested in a night guard, but that doesn't make it legal to break the cheap locks.
This is wrong, and this is why I listed my point twice. 15,000 people were affected by a bug in UbiSofts system. 1,200 people (or 3,000 as registered on that server, whatever) were affected by what the attacker did.
You understand the difference?
No, because there isn't one.
Are you arguing that UBISoft, upon noticing this exploit, shouldn't have restarted and rolled back all their servers? If this security problem hadn't been violated in this way, the rollback (and affects on all the players) could have been avoided. Also, the outage for the servers could have been much shorter, and at a time where it would have less impact on the general player base.
The outage was a direct result of the attacker's actions. Just because the locks on the doors weren't as strong as they needed to be (in your analogy), doesn't mean that the attackers aren't responsible for having to check and clean the whole building for vandalism after they broke in.
There is no damage, as I've said before. Damage doesn't mean pissed of geeks. Damage means money that is actually lost that they would have otherwise. You can't list UbiSoft having to patch their servers and services, because that would be the case even if they were notified in a friendly email. You can only list the actual damages: None.
Again, there is clearly damage done.
T
Dacels Jewelers can't be trusted.
Providing that functionality to begin with is the problem. The fact that any client, not just those provided by UbiSoft (Think of employee, vs someone walking in off the street) could do this given the proper knowledge (where the door is located.)
Are you, again, arguing that the attackers didn't have to break the code to do this? Whether the code "should" or "should not" contain this ability is pretty irrelevant.
Give each person the thirty cents, big fucking deal. Only give those people who were affected by the malicious client refunds, because that is the only damage caused by the perpetrator.
15,000 people could not play the game for eight hours. That interruption was a direct result of the attack. That interruption time does *not* include time to fix the original vulnerability, but only to clean up the problems caused by the attackers.
Again with the math, but 15,000 people times even 30 cents is $4500, a felony offense worth of damages.
My statement is that because this service is provided without uptime guarantee, nor do people pay per hour/minute but by month, there is no valid way to calculate actual damages.
Just because services are provided without uptime guarantees (no refunds on rainout games, for example) doesn't mean that disrupting them for other reasons isn't damage.
Furthermore, the EULA probably states that downtime will happen for reasons like software, hardware, and network maintenence. I doubt it lists malicious attackers.
You cannot include any damages done by UbiSoft having to patch their servers and services. Because had someone notified them via email it would still have the same outcome.
Ubisoft didn't spend that eight hours coding up a fix, testing it, and installing it. They spent that eight hours rolling back servers, changing firewall settings, banning users, and dealing with support calls. None of those things would have had to have been done had the attackers taken the 'friendly email' approach. Hence, all that time, that expense and effort is a direct result of the attack.
The work to actually fix the problem probably still needs to be done. This is akin to wedging closed a door with a broken latch. The latch still needs to be fixed.
Here's a nice little point-by-point rebuttal for you:
* The only people directly affected where those on the server when the perpetrator exploited the system.
This is false. All services were interrupted. All users were affected. Interruption to all services was a direct result of the attack. All servers needed to be reset, as the extent of the attack was not verifiable.
* UbiSoft is liable for their services, including patches. Therefor, any patches or rollbacks are on the shoulders of UbiSoft. There is nothing directly correlating responsibility for UbiSoft patching it's services and servers and the exploitation. Just because they became aware of it at that time, doesn't matter.
This is false. UBISoft is not 'liable' for anything. They are responsible for their services. Had this attack not happened, no rollbacks would have been needed, no additional downtime would have occurred. The fix would have been installed during their next maintenence cycle.
The attack caused additional downtime. Additional downtime is damage to the players.
* There is minimal damage, less than $500. For the actual amount of damage caused, it would cost more to use the court space to persecute. Excluding costs of law enforcement officials.
This is false. There is significant damage, more than $4000. The crime committed affected thousands of people. The perpetrators deserve punishment.
You read these points, and read them carefully. If you actually understand them, you'll understand that the attackers committed a serious crime, affecting thousands of people worldwide. This is certainly a punishable offense.
You seem to imply th
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
Are you, again, arguing that the attackers didn't have to break the code to do this? Whether the code "should" or "should not" contain this ability is pretty irrelevant.
Show me where it's illegal to reverse engineer software. Only technological copyright protection devices have this protection.
Furthermore, the EULA probably states that downtime will happen for reasons like software, hardware, and network maintenence. I doubt it lists malicious attackers.
The malicious attacker did not cause downtime. UbiSoft caused downtime for maintenance to fix a bug that they created. The attacker merely caused havok inside the game. It was UbiSofts decision to rollback, and they didn't technically need to.
This is false. All services were interrupted. All users were affected. Interruption to all services was a direct result of the attack. All servers needed to be reset, as the extent of the attack was not verifiable.
Ok, answer this question then: Why would this be different if someone had sent them an email detailing how to do the attack and saying that it is possible other people know about it?
This is false. UBISoft is not 'liable' for anything. They are responsible for their services. Had this attack not happened, no rollbacks would have been needed, no additional downtime would have occurred. The fix would have been installed during their next maintenence cycle.
First, prove that the rollbacks were in fact necessary. It looks like UbiSoft did that to be sure that nobody used the exploit to get something they didn't win in the game. If someone sent them an email and said, "I figured this out, and it's quite likely someone else will." than UbiSoft would have done an emergency patch job. You don't wait when you know there is a gaping security hole, you fix it then. Especially if it is a trivial fix (And 8 hours to patch all the services is trivial.)
This is false. There is significant damage, more than $4000. The crime committed affected thousands of people. The perpetrators deserve punishment.
If someone steals my car, and I have a computer in that car that I use to make money with (Lets say $4K a day, doing consulting work) they are not responsible for my lost wages. If I don't get my computer back, they are responsible for the computer. If I do, they are responsible for the crime of stealing my car (stealing something of a value greater than $5,000 - Grand Larceny, a felony)
No court will ever find that this attacker is directly responsible for more than the actual damage he caused directly. You are trying to blame him for indirect damage, and life doesn't work that way. In a civil case, UbiSoft could probably be able to get awarded the damages ($4K, it costs more for their lawyer than they get back) but in a criminal case, this will be treated exactly like toilet papering someones office.
Dacels Jewelers can't be trusted.
Of course, redcode is a wierd language. I'd much rather they had based it on something closer to a "real-world" instruction set.
Of course the key to a game such as you mention is that security would be taken "very" seriously. Just as in open source, your game would be taking security to be far more important than typical commercial software because security would not be ignored.
Seems to be a reason for hackers of all generations. "I just plugged a foozle into a whatzit?" "What's it do?" "Nothing!" "Why'd you do it?" "Because I can!"
Show me where it's illegal to reverse engineer software. Only technological copyright protection devices have this protection.
...
I've never said its illegal to reverse engineer software. Its not illegal to own lockpicks, either. Breaking into buildings, though. That's illegal. With or without lockpicks. In fact, you don't even have to lock the doors. All you have to do is make it clear that it is private property, and that the general public is not invited. I think by hiding the protocols to access these features, and calling them 'admin featuers', UBISoft has fulfilled this requirement.
Why would this be different if someone had sent them an email detailing how to do the attack and saying that it is possible other people know about it?
The fix for this problem can be written with the servers still running. Access to these functions can be monitored, possibly controlled at a firewall level. The installation of the patch can occur during normal weekly maintenence cycles, which take place during periods of low usage.
FAR less disruptive than a loss of eight hours of primetime, and the cost of support overtime.
You don't wait when you know there is a gaping security hole, you fix it then.
Somewhat true. Your first fix won't be the only fix, nor will it be the ultimate fix. Typically you'll disable the feature that has the problem (specifically in this case, remote access to the admin features), and then begin working on the fix, which may take weeks.
That said, your first response to finding a gaping security hole isn't to bring down the system, either. You say to yourself, "Ah, okay. I'll watch for that then, while I work on fixing it."
If someone steals my car,
This analogy has nothing to do with this situation, because I'm not talking about damage to UBISoft for the most part, and we're talking about a service interruption, not a material theft.
No court will ever find that this attacker is directly responsible for more than the actual damage he caused directly. You are trying to blame him for indirect damage, and life doesn't work that way.
You keep saying this, but it doesn't get any more true. Explain how interruption of a service I pay for isn't clearly damage?
I've refuted every argument you've made:
The actions by the attackers were illegal (possibly we agreed on this from the beginning). There was damage done (interruption of a paid service).
The damage was a direct result of the attacker's actions (rollbacks necessary, monitoring not a viable approach, etc).
The damage was avoidable (if not by the attackers simply refusing to break the law, then by other approaches to the problem)
The time taken to fix the result of the attacks is independant of the time to fix the original bug. (reverting servers, answering support calls, etc).
A significant amount of people were harmed (more than 10,000).
You have never answered the question of why these people should not be punished (or deserve only extremely light punishment) for disrupting the service of thousands of people. Even by your own convoluted logic, the people on the attacked servers (at least a thousand of them) had their service disrupted for several hours. You have never explained why the time of these people is valueless, or why it is acceptable for the attackers to waste their time and disrupt their activities.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
I've never said its illegal to reverse engineer software. Its not illegal to own lockpicks, either. Breaking into buildings, though. That's illegal. With or without lockpicks. In fact, you don't even have to lock the doors. All you have to do is make it clear that it is private property, and that the general public is not invited. I think by hiding the protocols to access these features, and calling them 'admin featuers', UBISoft has fulfilled this requirement.
You said that they "broke into the client" which is just stupid. They did nothing of the sorts. If you honestly think that hiding the protocols to access admin features means UbiSoft has fulfilled their responsibility for security than, quite frankly, you are an idiot.
"But officer, I put my door in the back of my house so nobody could find it! It's not my fault they broke into it."
I'm not excusing the act of exploiting their services, but I'm not excusing UbiSoft for being incompotent and idiotic either. They had a very definite hand in what happened. It's like parents who keep loaded guns around children.
The time taken to fix the result of the attacks is independant of the time to fix the original bug. (reverting servers, answering support calls, etc).
Ok, repeat after me. Had it been an email notification, the same process would have likely taken place. Why do you not understand that? Oh, because you think that UbiSoft not telling people where the admin controls are at constitutes security...
You have never answered the question of why these people should not be punished (or deserve only extremely light punishment) for disrupting the service of thousands of people.
Yes, I have answered it. You just don't read what I write. You didn't answer my question that I posted last time. You tried:
The fix for this problem can be written with the servers still running. Access to these functions can be monitored, possibly controlled at a firewall level. The installation of the patch can occur during normal weekly maintenence cycles, which take place during periods of low usage.
This is where you prove without a shadow of a doubt you are absolutely clueless. You have obviously never worked in a production environment with server farms running code that could be exploited (and people try to exploit) at any given moment. Newsflash: If someone emails you and says, "By the way, your admin ports are hanging out and anybody can connect in if they figure it out" shit hits the fan.
You still think the attacker is indirectly responsible, which is bullshit from a criminal point of view.
You also think that these people have value. They are paying for entertainment, so why do they bitch if they get to live the same experience again? If it was so much fun the first time, they'll do it better the second time.
It's a fucking game. People didn't get to play their game. The person(s) who did this are going to get away, and I'm not saying that I think they should or not. I'm merely stating that they are. It's the way the law works. They only mucked around on one server. UbiSoft fixed all of them.
You know what this means? He's responsible for what happened on one server. Everything else is indirect damages, and are not his fault.
At this point, I would be amazed if you were older than 16... your lack of actually reading what other people write and understanding systems and law is astounding.
Dacels Jewelers can't be trusted.
Aside from the fact that ad hominem is the first tactic of the defeated, I'll respond to your questions...
://www.kenttrust.com/portscanning.htm
You said that they "broke into the client" which is just stupid.
I can see where you're confused. Reverse engineering the client is legal (EULA notwithstanding). Using that information (and I'm guessing, some other information as well) to wreak havok on the server, disrupting the service for thousands, is quite illegal.
If you honestly think that hiding the protocols to access admin features means UbiSoft has fulfilled their responsibility for security than, quite frankly, you are an idiot.
First, you're making some assumptions that aren't warrented by the situation. Namely, that accessing the admin feature required one only to use the right protocols. While this may be the case, I suspect that the attackers also used some novel approach to circumvent the authentication scheme.
Even if this suspicion proves to be false, UBISoft has, in a legal sense, fulfilled their security obligation. As I've said before, entering an unlocked door can still be trespassing. For reference, see 'unlocked door' mentions on these sites:
http://www.cipherwar.com/news/99/crime.htm
http
http://www. poprocks.com/journ/TA.html
Now, I'll grant that security through obscurity is stupid from a "protect your goods and data" point of view, but that's not what we're talking about. We're talking about the law, and the law says that it only has to be obvious that the area is private. They don't have to build three foot thick barriers to keep you out.
Newsflash: If someone emails you and says, "By the way, your admin ports are hanging out and anybody can connect in if they figure it out" shit hits the fan.
But the fan doesn't stop spinning. Which is my point. Every time you get a message that someone's found a new vulnerability in apache, you don't shut down the box while the fix is being coded. Heck, the security community in general doesn't even disclose the vulnerability until a fix is available, unless the company in question has just ignored it.
Had it been an email notification, the same process would have likely taken place.
You keep saying this, but haven't responded to my assertions that:
* the rollbacks would not be needed
* the update can be written without taking the servers down
* the patch can be applied during the normal update cycle, which is not during prime time
* support personnel are not inundated with requests
I think these points adequately prove that there is a large difference between the attack and a friendly email.
You also think that these people have value.
Now you've made the point that I've been alluding to in earlier questions about why you think the things you do. I absolutely think these people have value. I think all people have value. You seem to have some grudge against either this particular activity or against the notion of entertainment in general. Perhaps you are one of the sort of people who view any server connected to the internet as just another obstacle and personal playground, rather than someone else's property providing a service to a community of people. Something seems to prevent you from seeing these people as important, and the servers as private.
They are paying for entertainment, so why do they bitch if they get to live the same experience again? If it was so much fun the first time, they'll do it better the second time.
Enjoying doing something is not the same as doing it over. See software development and home improvement projects.
They only mucked around on one server.
How do you know this? How would UBISoft know this? They only caused mass devistation on one server, who knows what they did on the rest? Or were about to do? When someone breaks one system on your c
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
Aside from the fact that ad hominem is the first tactic of the defeated, I'll respond to your questions...
Well, here's what it's like "arguing with you"
Me: X, Y, and Z is this way.
You: No, because Z is more important than X!
It's kind of amusing, in a special olympics sort of way. You haven't even made a valid case against indirect damage. You just ignore it. Ignoring is the first tactic of the defeated.
* the rollbacks would not be needed
How do you know? How can you prove that nobody used this knowledge. You can't. That is why they rolled the servers back.
* the update can be written without taking the servers down
They didn't need to take the servers down.
* the patch can be applied during the normal update cycle, which is not during prime time
A patch that shouldn't have needed to be applied in the first place could have, yes. You are going purely off of circumstantial evidence and saying "Well, UbiSoft would wait until they could do it and just hope that nobody else found out about it."
This is just idiotic. You think that UbiSoft (or anybody) that is running a game service is just going to sit back with knowledge that a bug of this magnitude is sitting there? Nope, it would happen very fast. Probably just as fast, and if it didn't, I would fire some people if I worked there.
* support personnel are not inundated with requests
Ok, I'll actually grant you this one. That is still an indirect effect of the attack though.
You need to understand the difference between direct and indirect.
How do you know this? How would UBISoft know this? They only caused mass devistation on one server, who knows what they did on the rest? Or were about to do? When someone breaks one system on your cluster, you *have* to bring them all down immediately.
Hey! You can actually come around to a logical conclusion. How would UbiSoft know they didn't need to rollback their servers? You win a prize! They rolled back to be sure, end of story.
At this point I can see that you're not rational, and I'm finished with this discussion.
Good, at least you finally managed to understand that UbiSoft had no way of knowing how much damage they did to themselves. You still haven't even understood an ounce of what I was saying anyway, so when you finish your high school English courses, come back and read this. Maybe then you can understand what I'm talking about.
Dacels Jewelers can't be trusted.