As anyone who plays EVE would know, Tranquility has been under regular Distributed Denial of Service attack (DDoS) for the last couple of weeks. This is where the game’s internet facing services have been flooded with traffic to try and overwhelm them.
This traffic generally comes from networks of compromised devices connected to the Internet. Each of those devices will have had hidden software loaded through security holes or virus payloads, that can be remotely directed to perform actions such as sending traffic to targeted addresses. Large numbers of these devices that are grouped together are called Botnet’s. While the traffic each individual device can send is inconsequential, the sum of all the traffic from all the devices can be overwhelming.
The owners of these devices are generally unaware of what they are quietly doing in the background. Even if you do the right thing and keep your PC or laptop updated with the latest security software, you could have a modem, or router, or TV, or gaming console, or Fridge, or Smart Home system compromised, particularly if they are a little older and no longer get firmware updates.
DDoS attacks could be triggered for a laugh, boredom, to cause inconvenience, for revenge, to inflict reputational or financial damage, to extort, to spread a message, and so on. These Botnets can be used by Military, Political and Criminal groups. They can also be rented out by individuals for very little money. Forgo buying lunch for a day and you could cover the cost a DDoS attack on some random organisation you are grumpy at. Paying for a two week long, somewhat sustained attack on Tranquility would be more costly, but likely surprisingly affordable.
EVE Players have been experiencing login issues to the game, forums and chat channels, lag and disconnections. For many the game is unplayable.
CCP will be using internal resources and engaging one or more external partners to try and mitigate these attacks. After this amount of time, they will probably have also involved law enforcement. Simplistically CCP will be trying to upscale the resources available to handle all the incoming traffic, and as precisely as possible, disregard all the traffic that is invalid. In the longer term they may also be looking at ways to change their system design to make it more robust or to more easily identify valid traffic.
The precision of some of their attack mitigation efforts is not perfect, and it is apparent valid players are at times being negatively impacted by them.
There is a “Mega” Forum thread about it here.
It is also being discussed just about everywhere EVE is talked about.
There are a lot of people very angry at CCP and demanding to know what compensation they will get. They are paying money to access a game that they cannot play properly.
I don’t personally have that view. I am sure CCP are spending a lot of time and money on trying to get on top of the situation. If I thought it was plausible, I would want crime compensation from the perpetrator/s, not the victim.
Trying to play EVE earlier today
Having said that – my care factor is pretty low. I am currently in a rut with EVE. There is nothing on my To Do List, nothing I am particularly keen to investigate, and nothing in the pipeline I am looking forward too (what pipeline? I’m looking at you https://updates.eveonline.com/). Not being able to play EVE for the last fortnight hasn’t been much of a bother.
The whole thing does however concern me. Ignoring the immediate costs to CCP, it will be impacting new players trying to join the game, it will be angering lots of already unhappy players, it will be training bitter vets not to log in, and it will be distracting CCP from working on the game. I would not underestimate how much damage is being done to EVE each day that the attack manages to remain impactful.