Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Group 'OurMine' Claims Credit For Attack On Pokemon Go Servers (independent.co.uk)

Posted by BeauHD on from the viral-video-games dept.

An anonymous reader writes: A group of hackers known as OurMine have attacked Pokemon Go's login servers, making it all but impossible for players to get online. The group says they hacked the game in an effort for the game to be more stable. They want to show the developers behind Pokemon Go that the app can and should be made more secure. Prior to the hack, the servers have been shaky as interest in the game has spiked. But over the weekend, users faced the most extreme connectivity issues yet. "No one will be able to play this game till Pokemon Go contact us on our website to teach them how to protect it!" the group wrote on its website. A different hacking group, which claimed to be part of OurMine, said that the latest attack had been launched after the huge outage caused by a group called Poodlecorp, on Saturday. "The group makes money from charging for vulnerability assessment, where hackers attempt to break into corporate networks to check how safe they are," reports The Independent. A representative said via Twitter that the group wasn't requesting money from those behind Pokemon Go, and that OurMine "just don't want other hackers [to] attack their servers." It should come as no surprise to see that the servers have been having trouble keeping up with demand as Pokemon Go has become the biggest mobile game in U.S. history after launching just about two weeks ago.

48 comments

  1. thank you OurMine by turkeydance · · Score: 0

    from the AARP lawn

  2. Arrogance by Calydor · · Score: 4, Insightful

    The script kiddies know how to bring things down in, perhaps, ten of a hundred different ways. The remaining ninety are known by the actual experts with jobs.

    --
    -=This sig has nothing to do with my comment. Move along now=-
    1. Re:Arrogance by Anonymous Coward · · Score: 0

      I wish people would contract the term and start calling them skids. Perhaps the allusion to an underpants stain would reduce some of this douchery.

    2. Re:Arrogance by Anonymous Coward · · Score: 0

      I think you're seriously overestimating the "skills" of these grandstanding kids. They only know how to buy a DDoS attack.

      Some of them gave an interview to a douchebag YouTuber and even their voices sounded so fucking annoying that I would definitely have to punch them I ever heard them speak live. It'd be like punching spaghetti!

  3. Wow you're badass! by Anonymous Coward · · Score: 1

    So you found out how to rent a botnet, that'll teach 'em... Now give Mommy her Creditcard back!

  4. Fancy words by PraiseBob · · Score: 5, Insightful

    The group makes money from charging for vulnerability assessment,

    You say potato, I say extortion... This is simply a new generation of organized crime demanding "protection money", to keep a business safe.

    1. Re:Fancy words by Anonymous Coward · · Score: 1

      yup pretty much criminals. should be at least same as B&E charge.

    2. Re:Fancy words by LWATCDR · · Score: 1

      Kill them all.

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  5. No issues here. by Anonymous Coward · · Score: 3, Insightful

    I played all weekend and didn't have any problems.

    Also, since when is DDoSing considered "hacking" ?

    Oh, right, never.

    1. Re:No issues here. by thegarbz · · Score: 2

      I played all weekend and didn't have any problems.

      And yet the problems were so bad that some sites started generating full on outage maps showing which parts of the world are suffering the worst based on which servers are being attacked. But since you didn't have a problem it's a non-issue right?

      Also, since when is DDoSing considered "hacking" ?

      Oh, right, never.

      That depends on the attack. If it's a bunch of machines running ping, I'll agree with you. But more recently larger DDoS can be quite sophisticated relying on amplification or reflection attacks using bugs or unintended consequences of design in certain protocols. But if it doesn't fit your world view we should all adjust our language accordingly right?

    2. Re:No issues here. by Khyber · · Score: 1

      Real hacking is defined as the modification of a system in a non-obvious manner which makes it more useful or improves its function. Coined by TMRC at MIT back in the 50s, none of you fuckers have the right to assign it any other definition.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    3. Re:No issues here. by Anonymous Coward · · Score: 0

      Because words never evolve in meaning, fucktard.

    4. Re: No issues here. by Anonymous Coward · · Score: 0

      I think you're using "fucktard" incorrectly.

    5. Re:No issues here. by Anonymous Coward · · Score: 0

      Relevant XKCD

    6. Re:No issues here. by tlhIngan · · Score: 1

      That depends on the attack. If it's a bunch of machines running ping, I'll agree with you. But more recently larger DDoS can be quite sophisticated relying on amplification or reflection attacks using bugs or unintended consequences of design in certain protocols. But if it doesn't fit your world view we should all adjust our language accordingly right?

      Yeah, but a modern DDoS is almost never using neat tricks or vulnerabilities in protocols. In fact, pingflooding is almost never done because it's too simple to block.

      A modern DDoS comprises of a botnet of infected computers. Those computers are set up to imitate the service protocol and then rapidly do it. This way the servers are pegged trying to handle bogus requests while legitimate users are blocked out. And since the traffic is the same, it's really hard to filter the DDoS traffic from the legitimate traffic because they look identical.

    7. Re:No issues here. by thegarbz · · Score: 1

      So the use of a DNS reflection attack doesn't qualify? Well fuck!

    8. Re:No issues here. by Khyber · · Score: 1

      "modification of a system in a non-obvious manner which makes it more useful or improves its function"

      A DNS reflection attack does none of those, so no.

      A real hack would be using an attack as a form of defense against attacks, without impairing the function of the network in general.

      Anything else is simply called being a fucking asshole.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    9. Re:No issues here. by Anonymous Coward · · Score: 0

      This from the king of the assholes...

  6. Provide Proof by Fire_Wraith · · Score: 2

    Considering that a light breeze is all that it seems to take to bring down the Pokemon Go servers, they'd better provide some proof it was actually their doing, I'd say.

  7. I call bullshit by Anonymous Coward · · Score: 0

    Anyone who played ingress knows the amount of downtime and connectivity issues early on (and heck even later) Mantic had dealing with the load, and this game has taken off much much more than Ingress had.

    The load of the players alone are DDoS'ing it

  8. Toldja! by Tablizer · · Score: 3, Funny

    ...Team Rocket is real

    --
    Table-ized A.I.
    1. Re:Toldja! by Opportunist · · Score: 3, Informative

      Wannabe evil, mostly annoying as fuck, not really a threat and generally considered comic relief...

      You're onto something here, I'd say.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Toldja! by Tablizer · · Score: 1

      Trump?

      --
      Table-ized A.I.
  9. I just logged on so... by Anonymous Coward · · Score: 1

    Clearly they weren't successful.

    1. Re:I just logged on so... by Anonymous Coward · · Score: 0

      Yeah, but notice that your Pokemon is now BLUE! Muhahaha!

      (I have no idea if that made any sense)

  10. ainda não usei a força pra me livrar des by Anonymous Coward · · Score: 0

    Tomara que sejam os úlimos 3 meses de vida dessa otária, isso sim.

  11. Douche-baggery at it's finest. by Anonymous Coward · · Score: 1

    So, I wasn't sure if the outages were because Niantic/Google wasn't able to scale out because of demand, that didn't sound right. Sure enough, it's some assholes who think they are doing someone a favour. Fuck them.

    I'm sure I'm not the only one who is annoyed at this and being unable to play - yeah I know it's just a game, but it's fun, exercise, and good times.

  12. never attribute to malice by nimbius · · Score: 4, Insightful

    that which can be more effectively explained by stupidity. Skiddies will always claim victory for instability. Niantic likely supports GO authentication servers in shared hosting/colocation outsourced datacenters. Its far more likely Niantic is either under-resourcing their Pokemon infrastructure to control costs for a largely free game, or that their infrastructure scales poorly with the particular code used to run pokemon GO. its also possibly that hasty configurations like NAT instead of DSR or a lack of IPv6 infrastructure could be bottle-necking large amounts of authentication traffic, or if it truly is a DDoS then Niantic is just choosing to ignore it rather than escalate to things like prolexic or hiring more network staff to address the problem.

    --
    Good people go to bed earlier.
    1. Re:never attribute to malice by Anonymous Coward · · Score: 1

      Niantic is ex-Google company and they primarily use GCE. I do not know if they have some own servers as well, but I would assume bulk of the things are done in GCE.

      Of course, by using cloud they limit they limit their architecture options. Like DSR is essentially impossible in public cloud environments.

      Though, I don't think there is an issue on frontend servers and rather they likely are hitting issues on thier database layer. Probably best way to handle it would have been by architehturing the system so that there can be multiple versions of the user profile. When user logs in, whatever cluster was handling the login would broadcast (or use some gossip protocol) a request for all clusters to find the latest version of user profile and replicate it (while forcefully logging out other sessions).

      Then again, hindsight is 20/20

    2. Re: never attribute to malice by Anonymous Coward · · Score: 0

      It's easier for me to believe they convinced themselves and everyone else that ingress was already a "disruptive phenomenon" and couldn't conceive that slapping a popular brand on it could possibly make their minimum viable product so much more popular than their mature "success" at its peak.

  13. BeauHD needs to die by Anonymous Coward · · Score: 0

    I don't care if there's a related /. story (they're usually not). When I look at a story it's to look at that story.

    So stop with your traffic-driving ad-revenue-generating borderline-clickbait bullshit.

  14. Finally, a hacking group does something good. by Anonymous Coward · · Score: 0

    Title says it all.

  15. Analogy by Anonymous Coward · · Score: 2, Insightful

    Hacking is to a scripted DDOS attack as picking a lock is to putting superglue in the lock.

    The former demonstrates skill of the attacker and the weakness of the defenses. The other demonstrates the attacker's ability to be an annoying asshole.

    1. Re:Analogy by Anonymous Coward · · Score: 0

      Hacking is to a scripted DDOS attack as picking a lock is to putting superglue in the lock.

      The former demonstrates skill of the attacker and the weakness of the defenses. The other demonstrates the attacker's ability to be an annoying asshole.

      I like this analogy. Imagine you're trying to run a bar and irritating people keep putting superglue in the locks. Sure, one way to handle it is to build better doors, build more of them and hire guards, and that can work and it's not necessarily a bad idea. However, the simple solution, the cheaper fast solution is to move your bar into a big mall so that you get the protection resources of a bigger entity to protect you. The balance is between rent you can afford versus all the self protection resources you couldn't.

      Why isn't Niantic running their programs on AWS or Google App Engine? I get that they should be building better security and scaling up their own servers. However, given that they've got one of the fastest growing and highest profile systems in the world for the moment, it seems like now's the time to engineer elasticity.

  16. This is different! by Anonymous Coward · · Score: 0

    Because haxx0rz! And haxx! And haxxin! On the cyberinterwebz! Totes different!

    Well, no. But it does the computer security industry good to strew scary scare words of scaremongering about with wild abandon. And as long as that is the case, there'll be no real security. As such, expect the breathless vapid fancy wordmongering to continue.

  17. Tell the judge by Anonymous Coward · · Score: 0

    > The group says they hacked the game in an effort for the game to be more stable. They want to show the developers behind Pokemon Go that the app can and should be made more secure.

    "Your honor, we broke into that house and trashed it to show the owners people could break into the house and trash it."? Good luck with that, script kiddies. And hold on tight to your soap!

  18. More fools pretending to be hackers by Anonymous Coward · · Score: 0

    Get a life losers. Renting a bunch of computers isnt being a hacker. Its being a waste of time.

  19. Hacking kids games is like going to the playground by Anonymous Coward · · Score: 0

    I guess it is better than hackers messing with people's lives in hospitals. Or people crushing people's personal data by hacking their computer with a virus. But hacking kids' games is still what bad people do. Its like going to a little league game and stealing all their equipment so they can't play.

  20. More users = more demand by Anonymous Coward · · Score: 0

    They launched in additional countries over the weekend. These children are taking credit for that. Stop giving them attention.

  21. The end is near... by dbreeze · · Score: 1, Insightful

    I finally looked up a youtube vid to find out what all the fuss was about and I must say, the human race is definitely getting dumber. I was amazed that so many would waste so much time with Farmville and Dirty Birds, but idiots have DIED over this stupid shit...?!?! Whole world is going to hell in a handbasket and the bottom 50% of the gene pool would rather chase a pikachu than educate themselves on what can be done to head off global tyranny/the apocalypse/etc.

    Humans don't just deserve great tribulation, we need it. And get yer orb-chucking asses off my lawn...

    --
    When the king heard the words of the Book of the Law he tore his robes.2Kings22:11
    1. Re:The end is near... by dwillden · · Score: 2

      The average person can do jack shit to head off global tyranny (whatever that is) or the apocalypse. What they can do is play a game that gets them out walking around rather than sitting in front of a PC or a TV screen, or just sitting. It's a new concept and some people have neglected common sense. But how many people keel over dead from heart attacks while sitting and watching TV shows every year. If they were out walking around regularly they might have avoided it.

      Get off your high horse. And you don't own the lawn of your retirement home gramps.

      --
      I'm too lazy to compose a creative sig.
    2. Re:The end is near... by Anonymous Coward · · Score: 0

      What they need to do is kill off the app from 11pm-7am so people don't play it at night. Or perhaps just midnight to six. Second, they should allow property owners to remove pokémon from their properties if it's becoming a problem.

  22. Talentless garbage by Anonymous Coward · · Score: 0

    Any rabble can drop a few BTC.

  23. worked better by Anonymous Coward · · Score: 0

    Funny thing is, over the weekend I thought it was easier to log on and play. But what do I know, I'm an almost 30 year old living with his parents playing pokemon.

  24. SKIP ANYTHING POKEMON GO IN THE NEWS by Anonymous Coward · · Score: 0

    It is all intended distraction to get you to not pay attention to something nearby that is important.

  25. Umm, what? by omghax · · Score: 1

    I thought Poodlecorp claimed they did it, so who really did it? ðY

    1. Re:Umm, what? by Aerokii · · Score: 1

      The Canadians, their servers just went up this weekend.

  26. What style & professionalism! /s by Anonymous Coward · · Score: 0

    So attacking a server, with the goal of showing its weakness- then demanding the company 'just talk to them so we can educate them' is one helluva way to 'help'. What ever happened to contacting them in a professional way? Or reaching out in email/fb/phone/etc Or maybe just do it for one hour & that's it? I think they just wanted a shout out and acknowledgement for their 1337 ways.

    I mean this is akin to punching someone in the face and then handing them a card for your self-defense class. Your 'customer' will not be open to your advice and will consider YOU the threat. It is too fashionable these days to be a jerk.

    _