Think back to when you were a kid and you brought your basketball outside to get a game going with the other neighborhood kids. The game would be fun…for a while. And then something would happen, someone would make you mad or you would otherwise become disgruntled enough that not only did you not want to play anymore, you didn’t want anyone else to play. So you’d take your ball and go home.
Everyone occasionally behaved this way as a child. We all, at one time or another, went out of our way to ruin the fun for everyone. “Thank goodness I grew up,” you might think, shaking your head. Well go ahead and keep shaking it because some people never gave up their fun-ruining ways. Instead of snatching a ball, though, these people are now armed with botnets, and one of their favorite things to do with those botnets is target online gaming platforms.
Anatomy of a botnet
A botnet is something you might also hear referred to as a zombie army. It’s a collection of internet-connected devices, such as computers, tablets, and Internet of Things devices that have been compromised, usually by a Trojan. Because they have been compromised with malware, they can be controlled by someone other than the owner, usually without the owner even realizing it. The person controlling these devices is essentially the ‘owner’ of the botnet, and he or she can use the botnet to do his or her evil bidding.
Botnets are frequently used in DDoS or distributed denial of service attacks. The botnet is used to either flood a target website with traffic or overwhelm its network infrastructure. The aim of these attacks is to either knock the target offline, or slow it down enough that it is unusable to its legitimate users. Either of these outcomes understandably cause a loss of trust and loyalty in the websites’ users and can impact traffic and revenue.
Unfortunately, it isn’t just botnet owners who are using botnets to wreak havoc across the internet. Botnet owners are able to make themselves some extra cash by offering up DDoS toolkits or DDoS for hire services, which allow anyone to pay either an hourly fee or a monthly subscription in order to use a botnet, aiming it at the website of their choosing. In the year 2016 with distributed denial of service attacks as prevalent as they are (and only getting more common with DDoS for hire services) nearly every website in existence is a potential target, but online gaming sites and platforms are some of the biggest targets of all.
The allure of the online gaming target
One of the reasons attackers are quick to aim their botnets at online gaming sites is obvious: there’s a lot of money in online gaming, and plenty of companies competing for that revenue. If an online gaming company wanted to try and gain gamers and had no scruples about their strategy, they might consider repeated distributed denial of service attacks on a competing platform, attempting to frustrate users into abandoning the platform altogether for another one.
However, the other reasons for targeting online gaming sites are perhaps even simpler and relate back to the fun-ruining impulse small children are often afflicted with. Firstly, it’s relatively easy to affect an online gaming platform with a DDoS attack. After all, online gaming platforms have to provide constant connectivity for its users, and this constant connectivity presents a big ol’ vulnerability in the form of the always available centralized gaming platform. Using a very narrow DDoS attack aimed at this platform, botnet users can get big results. Furthermore, since the nature of gaming requires instant response times, slowing a gaming site down by just a fraction of a second can utterly destroy the gaming experience.
Secondly, for the type of people who enjoy interfering with other people’s good times, DDoS-ing online gaming sites is an attractive proposition because online gamers feel a connection to their games, either to the fictional worlds, the characters, the other people they play with, or just the fun they have playing. When gamers are unable to play their games because the website isn’t available or is too slow, their complaints will be heard. Gamers frequently flock to social media and forums to air their grievances. Not only does this give attackers a satisfying result, it can also earn them internet infamy, possibly even drumming up business for their DDoS for hire services.
Taking back the ball
If an online gaming site wants to succeed, the game must go on. And in order for the game to go on, professional DDoS protection must be in place.
When leading online gaming platform Indiegala decided to bolster their online security, they opted for DDoS protection services by provider Imperva Incapsula. This option provided them with web application security for protecting user account information, a content delivery network for improved site performance, and of course DDoS protection in the form of cloud-based enterprise-grade protection that inspects traffic on a granular level in order to block malicious traffic without impacting legitimate users, allows for the creation of custom security rules, and that keeps DDoS attack attempts from ever reaching the platform and causing downtime.
For as long as online gaming sites exist, they will always be one of the biggest cyber-attack targets. Attackers aren’t going to change, so it’s the sites themselves that have to adapt with robust distributed denial of service attack protection.