Network Attacks iLab: Week 1

Chandra Beasley
Keller Graduate School of Management
SEC 572
Professor George Mikulski
October 29, 2016

Name of the attack: DDoS

Attack discovery and resolution dates: November 16, 2014, November 24, 2014
Synopsis of the attack: During the release of Blizzards WoW 5th expansion Warlords of Draenor,
a group of hackers decided to DDoS the servers on release date. During this time, Blizzard
already had a rash of new users or returning users getting ready to ramp up for the new
expansion pack. When the hackers hit the system it caused hour long wait times, huge latency
spikes within the game, nearly leaving the game unbearable to play, and creating a huge rift with
the gaming community. To combat the DDoS attack reduced the number of players per realm,
which then boosted the wait times even longer. Making some players wait to get into the server
nearly 3-10 hours. After nearly a week Blizzard was able to recover from the DDoS attack and
patch multiple issues which included servers timing out, disconnecting issues and the garrison
server issues.
Vulnerable target(s) for the attack and likely victims: The vulnerable targets for this attack is the
servers that Blizzard has their realms on. A Distributed Denial of Service (DDoS) attack is an
attempt to make an online service unavailable by overwhelming it with traffic from multiple
sources. They target a wide variety of important resources, from banks to news websites, and
present a major challenge to making sure people can publish and access important information
(Digitalattackmap.com). The likely victims of the attack is not only the crew that works for
Blizzard but, the more important end users. This type of attack and hinder users from being able
to access the game or resource they are trying to acquire. In this turn Blizzard had an estimated

10 million subscribers. Due to the attack and lack of foresight from Blizzard they dropped 2.9
million users from last year.
Probable motivation(s) and Creators of the attack: The Lizard Squad was the one who carried out
the attack. The motivation seems to be corporate greed, claimed the excesses of the video game
industry as justification for its attacks: things like how they believed Sony was charging too
much for Playstation Network without investing that money back into server infrastructure. But
at times, it feels like the reasons hardly matter. Malicious digital attacks dog video game culture
in much the same way as harassment and misogyny: the darker side of courting an inevitably
tech-savvy audience (Makuch).
Deployment, propagation, or release strategy of the attack: I have been looking all over the
website and am not finding how the hacker group Lizard Squad did their DDoS attack. But I am
going to guess that it was created by using a botnet armies of zombie on Windows PCs. The
whole point is to cause havoc on the corporations end making them scramble and pay the price.
With this I would think it would just be as easy as a couple of chats through IRC or some forums,
get a synchronized time-frame (Release date of an expansion that is open to public), once that
time-frame shows up, release the hounds.
Published countermeasures against the attack and regaining normality: So during the initial
attack, Blizzards response was to just lower the limit of players per realm to try to counter
balance the DDoS attack. This helped somewhat, but the issue remained until they did a four
hour maintenance. All NA realms will undergo a 4 hour maintenance window beginning at 5:00
a.m. PST to address issues with realm stability (Blizzard, 2014). Within this time frame
Blizzard started to patch multiple issues at once. The interesting part about this is during the

attack they used this as a catalyst to fix their issues within the game itself. Besides the attack,
Blizzard told users its largest issue was the concentration of players in specific areas and
zones. The developer has been working on maintenance issues since 5 a.m. PST on Friday,
anticipating that the process will last around four hours (Elise).
Recommended incident reporting measures: What happened? Why did it happen? How did we
respond and recover? How might we prevent similar issues from occurring again? This way they
can get a better understanding on how to better prevent this in the future and also have that
transparency when it comes to their consumers.

References
Digitalattackmap.com,. 'Digital Attack Map'. N.p., 2015. Web. 29 Nov. 2016.
Elise, Abigail. ''World Of Warcraft: Warlords Of Draenor' Hit By Serious Ddos Attack, Blizzard
Scrambles To Fix Damage'. International Business Times. N.p., 2014. Web. 29 Nov. 2016.
IGN,. 'Warlords Of Draenor Recovering From Launch Day Ddos Attack - IGN'. N.p., 2015. Web.
29 Nov. 2016.
Makuch, Eddie. 'World Of Warcraft Loses Nearly 3 Million Subscribers In Three Months'.
GameSpot. N.p., 2015. Web. 29 Nov. 2016.
Starr, Michelle. 'World Of Warcraft Servers Taken Down By Ddos - CNET'. CNET. N.p., 2014.
Web. 29 Nov. 2016.