The Elephant in the Room

As anyone who plays EVE would know, Tranquility has been under regular Distributed Denial of Service attack (DDoS) for the last couple of weeks. This is where the game’s internet facing services have been flooded with traffic to try and overwhelm them.

This traffic generally comes from networks of compromised devices connected to the Internet. Each of those devices will have had hidden software loaded through security holes or virus payloads, that can be remotely directed to perform actions such as sending traffic to targeted addresses. Large numbers of these devices that are grouped together are called Botnet’s. While the traffic each individual device can send is inconsequential, the sum of all the traffic from all the devices can be overwhelming.

The owners of these devices are generally unaware of what they are quietly doing in the background. Even if you do the right thing and keep your PC or laptop updated with the latest security software, you could have a modem, or router, or TV, or gaming console, or Fridge, or Smart Home system compromised, particularly if they are a little older and no longer get firmware updates.

DDoS attacks could be triggered for a laugh, boredom, to cause inconvenience, for revenge, to inflict reputational or financial damage, to extort, to spread a message, and so on. These Botnets can be used by Military, Political and Criminal groups. They can also be rented out by individuals for very little money. Forgo buying lunch for a day and you could cover the cost a DDoS attack on some random organisation you are grumpy at. Paying for a two week long, somewhat sustained attack on Tranquility would be more costly, but likely surprisingly affordable.

EVE Players have been experiencing login issues to the game, forums and chat channels, lag and disconnections. For many the game is unplayable.

CCP will be using internal resources and engaging one or more external partners to try and mitigate these attacks. After this amount of time, they will probably have also involved law enforcement. Simplistically CCP will be trying to upscale the resources available to handle all the incoming traffic, and as precisely as possible, disregard all the traffic that is invalid. In the longer term they may also be looking at ways to change their system design to make it more robust or to more easily identify valid traffic.

The precision of some of their attack mitigation efforts is not perfect, and it is apparent valid players are at times being negatively impacted by them.

There is a “Mega” Forum thread about it here.

https://forums.eveonline.com/t/tranquility-connectivity-issues-megathread/216227

It is also being discussed just about everywhere EVE is talked about.

There are a lot of people very angry at CCP and demanding to know what compensation they will get. They are paying money to access a game that they cannot play properly.

I don’t personally have that view. I am sure CCP are spending a lot of time and money on trying to get on top of the situation. If I thought it was plausible, I would want crime compensation from the perpetrator/s, not the victim.

Trying to play EVE earlier today

Having said that – my care factor is pretty low. I am currently in a rut with EVE. There is nothing on my To Do List, nothing I am particularly keen to investigate, and nothing in the pipeline I am looking forward too (what pipeline?  I’m looking at you https://updates.eveonline.com/). Not being able to play EVE for the last fortnight hasn’t been much of a bother.

The whole thing does however concern me.  Ignoring the immediate costs to CCP, it will be impacting new players trying to join the game, it will be angering lots of already unhappy players, it will be training bitter vets not to log in, and it will be distracting CCP from working on the game.  I would not underestimate how much damage is being done to EVE each day that the attack manages to remain impactful.

7 thoughts on “The Elephant in the Room

  1. Yupp, and yes and Da! I am sorry to sat though, but truth. And yes, considering the price you can cause an entity or person to pay, the cost of a 2 wee long sustained attack is ridiculously cheap.

    As an aside, VPN worked for me. Played for many hours today and basically as long as I have desired to from the evening of the 31st to today… just sayin. In other newz I’m Not Dead… (you can move me from you deadpool…) =]

    • Thanks for the reminder – your blog has been moved out of quiet. 🙂

      I did notice your post about using a VPN. Other’s on the forums had suggested the same. If I had something pressing to do in game I would go down that path.

      • I’m just curious but why would it take “something pressing”? I wanted to play, was very irritated (at the people responsible for this) and heard of a simple way to possibly get back on… and it worked. I had corpmates who;s attitude was, “I should not have to install another piece of software just to play EVE.”… keep in mind he said this on TS3… irony if I ever heard it. There are actually free VPNs (the one I used worked like a charm and never once asked for a CC) out there and you could use it, then uninstall after everything is back to normal but… you’d rather not login??

        I’m not sayin’ itsa panacea, but it got me, my son and evidently a bunch of other players logged in and playing during the height of the DDoS.Friday 31st till today… just sayin’.

  2. So far so good. I haven’t had any issues other than the launcher failing and flinging me off to the old connect screen – which works. Due to Alpha state I only have one client running which might help. Hopefully I haven’t spoken too soon…

    • I think you are on to something with regards only having one account logged in. I initially didn’t seem to have the issues others were complaining about – but they all started (immediately) after I logged two accounts in at the same time, and have continued since.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s