How DERP Was Able to Take Down Origin, League of Legends

Ars Technica offers some interesting insights into why the recent distributed denial-of-service (DDoS) attacks that took out EA's Origin service, Blizzard's, and League of Legends were particularly potent. According to the report the DDoS attacks used an unheard of method to amplify the amount of data being sent in order to grind many popular online games to a halt.

The hacking group calling itself DERP used the Network Time Protocol (NTP) in its attack; NTP is generally used to synchronize computers and other devices to the correct local time, but DERP amplified the power of its DDoS attacks by sending out requests to these servers while pretending to be the gaming service they were targeting. The Ars Technica article goes on to say that this method increased the amount of requests by 5800 percent.

"Prior to December [2013], an NTP attack was almost unheard of because if there was one it wasn't worth talking about," said Shawn Marck, CEO of security firm Black Lotus to Ars Technica. "It was so tiny it never showed up in the major reports. What we're witnessing is a shift in methodology," Marck added.

DERP has jumped off the grid as of late. It's latest post on Twitter simply says "Goodbye for now."

We'll have more on this story as it develops. For a more technical explanation of how DERP used NTP to its benefit, check out this excellent Ars Technica article.

Tweet about this on TwitterShare on FacebookShare on Google+Share on RedditEmail this to someone

Comments are closed.