Valve

This is why we can’t have nice things: eSports face persistent hacks designed to disrupt competition

This is why we can’t have nice things: eSports face persistent hacks designed to disrupt competition

eSports is about friendly competition in some of the greatest games ever made, and bringing people together from around the world to share in a mutual interest. It's a very nice, warm-fuzzy thought, but the reality is a little darker.

There is always someone online that is angry about any given thing, and in 2013, that person has relatively simple tools at their disposal to try to shut that thing down.

Companies in the eSports world are forced to take elaborate precautions to ensure they're not completely shut down by Distributed Denial of Service (DDoS) attacks, and in some cases they're not successful.

Under attack

“DDoS is a common occurence in eSports,” said David Hiltscher, VP of Gaming Communities at the ESL, one of the largest pro gaming leagues in the world. “We have stepped up our security over the years, so we are rarely if ever affected by DDoS.”

It's not a new problem, but it's an ongoing threat to any event organizer that might make even a small mistake.

“You can only get DDoS'ed if the attacker knows your physical IP [address],” said Hiltscher. Your IP address is essentially your coordinates, or your house address, on the internet. If someone knows your IP, they know exactly where to find you.

“Whenever people inside our event networks use peer-to-peer internet services, all the potential attackers see is the VPN IP,” said Hiltscher. A VPN (Virtual Private Network) makes these attacks much less effective. “As they don't have our IP, all they can do is attack the physical IPs of some of the biggest data centers in Europe. It's still possible to DDoS them, but it's prohibitively expensive.”

DDoS attackers use “botnets” to flood a particular internet user with traffic. Botnets are usually large swaths of everyday computers infected with viruses which send small amounts of web traffic to a specific location. If thousands or millions of them do it at the same time, you can clog the target's net connection.

“If you have 100 MBit [download speed], and some one floods you with 100MBit, you are down,” said Hiltscher. “Nothing you could ever do, no matter how much money you spend. So it's about having a higher bandwidth capacity than the attacking botnets, and that's something that only the big data centers in Europe can provide.”

Companies like the ESL and other major tournament organizers will route their web traffic through a large data center that is harder to DDoS to protect themselves.

Not fail proof

While this is a very good solution for protecting themselves in most circumstances, it's not a perfect shield that will deflect every possible attack.

Hiltscher said that in 2009 the ESL was hit with a big attack at the tech conference CeBIT Hannover which shut them down for an entire day.

“The problem is, once your IP is known through any tiny mistake, you're screwed and need to change the IP with the [internet service provider],” he said.

As much as they can do to ensure the protection of their players and services when they're on-site, not every tournament takes place in a single location. Many tournaments still take place online, which can leave players exposed.

“What still happens in regards to DDoS is that the players are attacked directly,” said Hiltscher. “When they play from home, like they do in the [first round of the StarCraft 2 World Championship Series] Europe, they are not protected by our infrastructure. There is nothing we can easily do to prevent this. Some games are better at protecting the players' IP than others.”

Lately, there have been rumors of DDoS attacks affecting players in the early rounds of the StarCraft 2 WCS and Intel Extreme Masters tournaments, but nothing confirmed. In April, the Chinese Dota 2 league G1 was suspended following a series of attacks. In late 2012, Riot Games was forced to take action to further protect League of Legends players from persistent DDoS attacks.

“There is one more DDoS thing that is happening, and that's attacking dedicated servers for games that use them, so e.g. high-level Counter-Strike matches can come under attack,” Hiltscher said. “Game servers are usually hosted in smaller data centers, so when a bigger attack happens, it sometimes shuts down the whole data center, affecting our matches even if we were not the target.

It represents a key struggle for the eSports world as the scene moves forward into the big time. As eSports continue to get more and more professional and organized, it becomes less and less acceptable for competition to be shut down by one malicious individual with some money to spare to rent a botnet. With few games supporting LAN connections the idea of simply running self-contained network doesn't exist for the most popular titles.

This is a uniquely modern problem. Security at most physical sporting events is a mostly solved problem, and we're used to bag searches and physical security when we go to the local stadium. The problem is that competitive video games are played online, where it's much harder to create a perfectly secure connection between two players, much less an entire roster of matches. As these events grow bigger and more elaborate, they only become more attractive targets to those looking for online notoriety.