How hackers turned online gaming into a real-life fiasco

Jan 10, 2014 by Claire Smith, The Conversation
Popular online games such as League of Legends were brought down, one by one, as a hacker group trolled a single gamer in December. Credit: rafaelgames

A spate of internet hacking during the New Year period – including an attack on Skype by hacker group the Syrian Electronic Army, and another on social media photo sharing app Snapchat by website SnapchatDB – demonstrates the emergence of a new phase in hacking wars: corporate greed and hubris as the target, with a dose of social disruption.

One such incident occurred on December 30, when hacker group DERP targeted games played by Twitch live streamer James Varga, who goes by the handle PhantomL0rd.

(Twitch allows the gaming community to broadcast live video of games they are playing, to watch others play and to chat in real time. Watching the streaming of games is not so different from watching sport on television.)

DERP targeted PhantomL0rd, the most popular gamer streaming at that moment in time, so they could gain instant public exposure.

In a display of technological prowess, they serially brought down the online servers of games that he was playing, including League of Legends, Battle.net, EA.Com and Disney's Club Penguin.

Creating a game within a game

PhantomL0rd engaged in the play, acting as a conduit between the hackers and the gaming community. As he changed games he participated in a contest with the hackers, in a sense egging them on, while impacting hundreds of thousands of other players.

He passed on questions from his audience about DERP's intentions and capacity to shut down big companies such as Google and Facebook. The reply from DERP indicated they wanted to frustrate "money-hungry" companies such as Electronic Arts (better known as EA Games).

In a modern-day technological twist, the streaming audience became participants in a game within a game when the hackers challenged PhantomL0rd to win the multiplayer online Defense of the Ancients (DOTA 2) match he was playing at that time, or they would bring down the server.

Eventually, DERP took down the Defense of the Ancients server by distributed denial of server (DDOS) attack (bombarding the server with information and eventually disabling it), while tweeting to PhantomL0rd:

Credit: Twitter

This was a win-win situation for the hackers and PhantomL0rd. The hackers had direct access to an international audience and their presence grew this audience exponentially. In three hours, PhantomL0rd's personal stream increased from his usual numbers of between 5,000 to 15,000 viewers to a record 155,000 – the largest personal streaming audience recorded.

For PhantomL0rd there was financial reward as well as recognition. As the audience grew, so did the US$4.99 monthly subscriptions for PhantomL0rd's stream.

Capitalising on the situation, PhantomL0rd turned on the subscriber-only mode, which meant that the only way to participate in the conversation via chat was to pay the subscription fee. This enraged someone in the audience, who retaliated by hacking and releasing PhantomL0rd's personal information, leaving him vulnerable to payback from disgruntled would-be players.

And then …

Less than an hour later, PhantomL0rd was erroneously denounced as abducting five people and subsequently arrested at gunpoint during a police raid on his home. See PhantomL0rd's video about his arrest below:

This video is not supported by your browser at this time.

From DERP's point of view PhantomL0rd's experience was collateral damage – DERP's targets were game companies with millions of subscribers. The comraderie between DERP and PhantomL0rd is revealed the following tweet:

Credit: Twitter

Both PhantomL0rd and DERP benefited through increased public exposure. According to the metric monitoring site SocialBlade PhantomL0rd's followers increased by 50,000 since this event, and is now approaching 400,000.

PhantomL0rd on the rise after Dec 30. Credit: Socialblade.com

In contrast, DERP is treated with more caution. Though some 450,000 people have watched PhantomL0rd's video describing the hacking by DERP and his arrest by police, only 60,000 people follow DERP on Twitter. Clearly, the online community sees an element of danger in being linked to DERP or in attracting DERP's attention.

At the moment, groups such as DERP are simply demonstrating their power. In the process they are attracting new members with IT and hacking abilities and broadening their skills base. The question that arises is: what targets will attract the attention of these new, strengthened organisations?

Explore further: Netflix of video games: Twitch coming to PS4

add to favorites email to friend print save as pdf

Related Stories

Videogame play becomes a spectator sport

Jun 07, 2012

Videogame play is becoming a spectator sport. "It is the next evolution in gaming," said Matthew DiPietro of TwitchTV, an online platform that enables people to stream play live online.

Recommended for you

Connected devices have huge security holes: study

8 hours ago

The surge Web-connected devices—TVs, refrigerators, thermostats, door locks and more—has opened up huge opportunities for cyberattacks because of weak security, researchers said Thursday.

Share button may share your browsing history, too

Jul 22, 2014

One in 18 of the world's top 100,000 websites track users without their consent using a previously undetected cookie-like tracking mechanism embedded in 'share' buttons. A new study by researchers at KU Leuven ...

User comments : 0