Slashdot Mirror
Shadowbane Servers Hacked, Chaos Ensues
Vanguard(DC) writes "There was a major hacking incident last night on the servers of Shadowbane, a newly released MMORPG by UbiSoft/Wolfpack. The attackers wreaked havoc on at least one game server, with apparent god-like capabilities in-game. There's already an official statement on the forums - 'Ubi Soft and Wolfpack Studios are now working with law enforcement, and we promise all of you that these individuals will be prosecuted to the full extent of the law.'" There's a little more information via a post on the SBCatacombs messageboard - apparently the carnage (including many less powerful players getting killed) involved "..teleporting people all over the world, teleporting hostile guards into the safe-holds, bringing in hordes of special event monsters, and teleporting everyone to a city at the bottom of the sea."
...'cause that shit is funny!!!
Just roll the game back 24 hours and play on.
Shadowbane Servers Hacked, Hilarity Ensues
Man that rules. I would have loved to have seen that. Should be a feature in more MMORPGs.
"Now featuring WRATH OF GOD mode, where pissed off GM's show you what it would REALLY be like if god cared. Experience plagues, meteors, and lightning from a clear sky. Divine retribution like you've never seen it before! Just 20 dallars a month."
Heh.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
ok... this is getting ridiculous... why should anyone that found a way to compromise security for a game be prosecuted in real life?!
Why should computer game servers be exempt from the usual laws about hacking into peoples' systems? Those who break into banks are prosecuted, if caught.
This person or persons compromised security, broke in and disrupted business operations, causing damages. Seems pretty straightforward to me.
ASA
All employees must wash hands before seeking equitable relief.
why should anyone that found a way to compromise security for a game be prosecuted in real life?!
if that will happen, then WHO will take responsibility for all the holes in Windows?!
well, not exactly. they're not going after the people for breaking into a game, but for breaking into a server. Nor are they going after the people responsible for the lousy security on their servers (as your windows comment might suggest), but rather the ones responsible for exploiting that lousy security. This is pretty much standard in the real world. I break into a system, I get caught, I get prosecuted.
my pet machine
For those of us that have been playing this game regularly, this is only the icing on the cake for a plague of problems. This was a game that was touted for it's massive guild vs guild and player vs player capabilities. Massive warfronts and assaults utilizing seige weapons and a slew of powerful spells and powers. None of this has come to pass. The game lag is too terrible to support even the smallest of battles. PvP is almost impossible during primetime hours due to the inability of most casters to launch spells in a timely manner. (Although you -can- watch your nukes launch 45 seconds after your death)
Server downtime is extreme. Login is at times completely impossible. Rollbacks are nightly. The attrition rate among players is amazing. I've watched my guild vanish over the last few weeks as the host of problems drive out all but the most staunch of players. Ubi/Wolfpack blatantly reject petitions with no regard or consideration for the players. Every patch makes the client actually worse that it was before. This has been a nightmare for most of us. To see news like this only confirms the worst. Bad management, bad hosting, bad coding, and bad customer care have driven most from what I considered to be one of the better games to come out this spring. Just another account cancelled in a long line of departing players.
"...city at the bottom of the sea."
Homer: [fearfully] Marge? Kids? Everything's going to be just fine.
No go upstairs, and pack your bags...we're going to start a new
life...under the sea.
[calypso music starts]
[Homer dances with fish as Lisa plays a seahorse saxophone,
Marge a squid harp, and Bart the xylophone clams]
Homer: [eats a dancing fish, sings]
Under the sea, under the sea,
[eats a couple more fish]
There'll be no accusations, just friendly crustaceans
Under the sea!
[eats a line of seahorses, grabs an escaping one]
[eats a live crab as though it were a shrimp]
[eats a pair of dancing fish, then a snail who tries to escape]
[stands there with fish skeletons floating about]
Marge: Homer, that's your solution to everything: to move under the sea.
It's not going to happen!
Homer: Not with _that_ attitude!
Gibble: Descriptive of an emotional state in which one's mind is scrabbling for some purchase on reality
Real simple, the in-game actions these people did caused real world finacial harm to the game developers. I saw at least one post stating that people canceled their subscriptions, in part, because of this.
Not to mention the tarnished reputation, which is also worth damages.
Not to mention that breaking a law is illegal, whether you hurt some one or not.
As one of the many people who betaed this for years; I have to say this doesn't come as surprise in the least.
This is probably just an exploit from in the game, rather than someone r00ting the server or anything remotely interesting. I had many instances where the server accidently gave me dialogs with GM powers, I imagine that's just what happened here. The culprit(s) may have figured out how to gain access to the GM dialogs dilberatly, but that's about the extent of the "hack" here.
SB was so buggy in the last few weeks of beta that I was finnaly convinced it would not be a worth while game in retail. I likened it to being slightly less bug riddled than UO, and now it appears I was correct. I will say though that OSI never prosecuted (or even remotely punished) me for exploiting their game to "House Loot", because at the time they had the sense not to sue fans for their own mistakes.
It's a good thing I've got a life, otherwise I'd be pissed.
Maybe some company should start selling some type of insurance to help people in these trying times.
Now please excuse me while I begin laughing hysterically.
Shadowbane Servers Hacked, Brief Period of Actual Fun Ensues
Roll back the game 24 hours, harden the servers, and prepare a creative press release -- problem solved.
"High level characters summoned the Cthulu mythos through misintrepreting portions of the Necronomicon. Accordingly, some of the space/time contiunuum in the game world was temporarily disrupted."
"If you see a glowing green orb, please be aware that this is the Locknar and should not be approached. Unpredictable results may occur."
"Unfortunately, in Shadowbane a character named "Sauron" acquired a randomly generated treasure named "The One Ring". We are investigating the probability factor of the random treasure generator and will patch this in release 1.01."
"Our improbability drive is malfunctioning. Please stand by."
Honestly, I'd be more willing to buy this game if I realised they had a sense of humour.
John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
Acutally... that's kind of insightful.
Ubisoft is calling it a hack, of course they will to save face... but what if it's just a bug or flaw in the game. What if they did all this through the game client? Is exploiting one of these flaws in a game against the law?
What if I'm playing EQ, and I find a spot in a zone where mobs can't get to. Then I kill things from there. I'm exploiting a bug to become more powerful. Is that the same?
What if I'm playing, and find out if I crouch and jump at the same time I can kill anyone I want? It's obviously cheating, but is it ILLEGAL for me to exploit that?
What if these guys found out if you hit the Ctrl-alt-f3-f4 keys while running north gave them these powers? Then is what they did illegal?
What if these guys used a special piece of software that ran the game in a special mode? Is that illegal? I mean, EVERYONE uses software (your OS) to run the game in a "special" mode (namely, a mode that works properly). Is this worse than exploiting the bug through the normal game interface?
Is this only a problem because is affected other people?
(Remember... big difference between illegal, immoral, and just plain annoying)
D. Hacker thought it would be funny as shit to send a boatload of users to the bottom of the ocean.
(I pick "D").
I almost died laughing when I, years later, saw The Wrath of Khan.
Plenty of hacked moby ships too.
One line blog. I hear that they're called Twitters now.
Never trust anything a client gives the server.
Isolate the backend servers from the Internet.
Never trust anything a client gives the server.
Patch management isn't as trivial as one would think.
Never trust anything a client gives the server.
Lag isn't under your control so design around it.
Don't rely on a client hiding anything from the user.
Lag isn't under your control so design around it.
Never trust anything a client gives the server.
Don't include "God" tools in every client, nor accept God logins from untrusted addresses.
And most of all, never trust anything a client gives the server.
The server must be the adjudicator of everything, the data master, the sole arbiter of discrepancies. Assume the client is fully hacked or written from scratch to do anything the user wants. Assume the client sees no walls, sees all invisible objects, sees every spawn point, and can filter on anything your server tells your client.
[
The computer game industry has been earning a reputation for releasing buggy code these past few years, and now it has come to a situation where what should be an internal release now costs money. Unlike retail games where occasionally Beta testers are charged, but given the full retail game later, Beta testers on MMPORPG's are not given additional months of play for the priviledge of paying to be guinea pigs. They are not compensated with reduced pay rates or additional in-game powers. In short, they pay to fill a necessary position in the production cycle, then they pay again for the retail product. Many, of course, don't pay for the retail product, and go on diatribes about how unplayable and unbalanced the game (they paid for) is.
How has it gotten so bad that we now release not only buggy games and expect to patch them later, but charge for development releases in addition to charging for final retail releases? We're giving ourselves a bad name here.
If your game is unfinished but in need of stress testing, don't charge for it or you will alienate your potential best customers. If you *must* charge for bandwidth because your manager didn't budget for such costs (and should be rightly as fired as if s/he forgot to budget for artists), then charge a bare minimum until the game is ready for prime time. Don't develop the game on the dime of your testers, or you will find that once you are ready to ship you don't have any customers.
10 dollars a month for our volunteers to do our jobs? We should be ashamed.
The ______ Agenda
I think it's kind of ludicrous to make threats like the Ubi people have made, but the people who did this do deserve some comeuppance because what they did *was* in the real world--they hacked the game, destroyed a lot of people's expenditures of time, and most importantly to Ubi, trashed the hosting company's reputation. All of that is real-world, whether you think it's important or not.
That said, I think the whole thing was hilarious from descriptions, and I'd love to see the recording of the mess they made.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
They DID hack into a commercial system and disrupted business.
They DID interfere with paying customers.
Just because they are hacking into a game today and you're willing to let them get qaway with it, what will you say when they're hacking into your bank account tomorrow?
Non tam praeclarum est scire Latine, quam turpe nescire
-- Cicero
it's just a game
But imagine you're an aspiring artist who's spent several hours a day for the past two months on a painting and someone breaks into your studio and splatters paint all over it. Hey, It's just a piece of canvas after all. It's just your spare time and money down the drain, it's not like it's your job or anything.
Or, you're writing the great American novel and someone sits down at your laptop while you've stepped away to use the bathroom and someone does a search and replace and strips out all the vowels. Hey, it's just bits on a hard drive, right? It's just your time and effort wasted, it's not like it was *worth* anything.
A lot of people really get into these games and put a lot of time, effort (and money!) into building up their characters, and it absolutely sucks when through no fault of your own, all that hard work and effort (and money!) suddenly goes poof.
For those who have never played, it takes a lot of work to build up a character, collect the best equipment - usually by in-game trading which can take hours or days per item, etc.
I've played MMORPGs for years and usually when I quit playing a game it's because of something like this, I get killed by another player who steals all of my hard earned equipment, I suffer lag at the wrong moment and drop into a pit of acid causing me to die and lose all my best armor, etc. When stuff like that happens, I log out and usually never go back. I play for fun, and that stuff is not fun for me.
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
This is informative? I'm not saying that the hackers ought to be sent to a labor camp over this, but letting it go is like not prosecuting the shoplifter 'cause they're murders in the world.
No one reasonable is asking for the cops to stop chasing terrorists to do this, but we as a society prosecute any crime (even stupid ones, to even stupider lengths) as a principle.
And just because other problems exist, doesn't mean you let the little ones slide. No one's time is that hard up.
I can understand players getting mad at this, but at the same time, it's just a game, and if individual users themselves are considering legal action, they really need to shut down the computer and go outside for a while.
Consider the reaction of thirty adults who rent a stadium to play a sport, and then have that stadium game interrupted.
Or consider the effect of disrupting the superbowl.
Or consider the result of walking up to folk playing chess in the park and overturning the board.
In each case, legal action is both warranted and acceptable. Same thing for hacking a game server which is being actively used; even moreso if it's a private server or a fee-to-play server.
You sir, are an idiot.
Do you ever complain if someone's cell phone rings in a theater? Or if they talk loudly through the whole film?
Basically, if you *ever* complain about anything that someone does to make your entertainment choices less fun, you're a hypocrite.
I bet if you were in the middle of an intense game of chess and I, a complete stranger, came by and intentionally knocked the board over, you might feel like throwing a punch in my direction. How is this any different, except that the jerks are safely far away from having their asses kicked right then and there, is beyond me.
Saying it's "just games" ignores just how important a certain amount of play is to a healthy life.
.
PLAYER 2: It devoured my avatar. It was a really good avatar. Then I had to play it all again to get the skills back and I had to do it fast, and it wasn't as good. It was kind of a ...bummer.
Irene KHAAAAAAN!
I used to help run a BBS run on an Atari ST (can you believe it?), and the system was so obscure, that we developed a "DOS simulator" for those who tried to hack our BBS and its (limited) games. We faked things like "dir" and "erase" and even "edlin." It was a multiline, so if the hacker tried to "IM" himself (back then software called it "teleport"), he got through, but if he tried it to others, it went to /dev/null. When people did a "who," they got the job :
Hacker: Port 3: [Thinks he's hacking the BBS, tell his mommy!]
_________________________________________________
www.punkwalrus.com - Shift to the left, shift to the right! Stand up, sit down, byte byte byte!
What would a jury think? That people who spent 500 hours building up an imaginary character need to be compensated for their loss? I can just see some uber-gamer breaking down and crying on the stand because their elf now has to start from level 50 when it took him 3 straight months of playing 5 hours a day to get to level 55. (or whatever the terminology is) More than that, how are you going to get a jury of this person's peers to try them in court? How do you interview a jury like that? OK, what is your favorite magic spell? Have you ever spent more that 12 hours straight playing a game? Is your BMI over 40? Picard or Shatner?
My beliefs do not require that you agree with them.
Conan the Barbarian: ... and the next morning my sword was gone, and the gold pieces, and...
/Tor
Cross-Examining Lawyer: And, if I may ask, where did you get those gold pieces in the first place...?
Conan the Barbarian: Well, I killed this dragon and...
Cross-Examining Lawyer: Murderer!! You killed, pillaged and raped to get this money and now you have the stomach of accusing the defendant, and honor student in the other end of the kingdom...
Conan the Barbarian: But it was just a dragon...
Cross-Examining Lawyer: Racist!! There we have it, honored members of the jury, Mr Barbarian here is not only a thief and a murderer, he is also a racist. That nullifies any and all of his allegations. You must aquit.