In the news today...

[Lyinginbedmon]

Every vaccination is a tiny bit of disease.

[Crimson Chin]

As long as Steam stays safe, I shall remain sane. However I am very much fiddling with my passwords.

Also [those hackers], among others, aren't afraid to make the stolen information; emails and passwords, etc, publicly known. Which is naturally still very much unwanted; a group that was only identifying weaknesses, would be expected to destroy any delicate information gained.

[Arius]

http://www.windowsecurity.com/articles/different-shades-hackers.html

[psychopez]

Now Minecraft is down...wow...

[theDreamer]

[those hackers]: more anti geek than fox news.

[Wolfenbarg]

Is the image of The Escapist really that bad? It seems like every off-site mention of it is about the users being a bunch of elitist pricks who deserve every bit of anguish they can find on the net. Better yet, these people might have my password and credit card information due to my pub club status. Seeing the tweet on it and their general attitude about the site, I think this was done out of malice. I guess we'll have to wait and see about account hacking though.

Not cool. Not cool at all.

EDIT: Mincraft, EVE, and Bethesda too? Do these people realize that if they keep doing this, there could be major security responses that harm the privacy of consumers? God forbid if they attack something high profile enough for the government to step in.

[kodra]

This is very different type of hack from the Sony PSN/SOE hack. This appears to just be focused on knocking the site off of the net. It's pretty unlikely that this group managed to breach the databases in order to gain account/CC information.

[Matt]

Is the image of The Escapist really that bad? It seems like every off-site mention of it is about the users being a bunch of elitist pricks who deserve every bit of anguish they can find on the net.

The reputation of the userbase isn't really THAT bad, to my knowledge, though they do tend to put themselves on a pedestal, and that tends to make other communities want to knock them off it.


-m

[psychopez]

God forbid if they attack something high profile enough for the government to step in.

Like the FBI? Or an affiliate of the FBI?

Link

[sdhonda]

So Matt, if I were to say, smash your car windshield, I'm sure you would be perfectly fine with that. Afterall, I'd make no personal gain from it. I'd just be doing it because I felt you were a dick.

In fact, you, and society, should have been glad that I'd smashed it. It would reveal a glaring weakness in the security system of the cars parked out on the road. That would be a much better alternative than some hooligans going about, smashing windows and stealing money from cars.

What I said was they're not our friends, but they're better than the alternative.

If I have to choose between one or the other, I'd rather you smash my car window, than smash my car window and steal my stereo.

I'd rather have hackers out breaking shit, than breaking shit AND buying new computers with my stolen credit card info. A less malicious attack helps us better prepare for a more serious one.

-m

Is there a third option?

[ecks]

The Escapist almost certainly doesn't have your credit card info. Far as I know they outsource all that to Amazon/Paypal who should be fairly secure at this point. This was probably just a DDOS attack, whether just for the sake of knocking them offline for a bit or to try and hide actual hacking attempts, your guess is as good as mine.

[Matt]

Is there a third option?

Probably not.

Hackers gonna hack.

So, given the choice, I'd rather it's these hackers than someone worse.

-m

[kodra]

I never quite got that concept. How can you use DDoS to mask a hacking attempt? Doesn't the DDoS by definition cause network gear to go into "deny all" mode?

[Wolfenbarg]

God forbid if they attack something high profile enough for the government to step in.

Like the FBI? Or an affiliate of the FBI?

Link

No, I mean something possibly populated by lots of casual gamers or users who don't have the faintest clue how this stuff works. When they're reduced to a point of helplessness, who are they going to demand to take action? When the government itself is hacked, most people just scoff and say that they of all people need better security.

[Mowinckel]

[those hackers]
I will now use the most powerful weapon in my arsenal, shake in fear as I roll It forward
ATTTAAAACK: /ignore

[njsykora]

If they've taken down Minecraft and EVE, they're going to run out of defenders very soon.

[sdhonda]

Indeed. This hacker philosophy (and I use the term very broadly) is mostly garbage. From Wikileaks to the PSN incidents to this spree, many people are taking a very unfavorable view of hackers and their ideas.

And when politicans go about on legislation that could curtail internet "rights", opposition will have a very hard time rallying popular support against it.

[Varya]

What bothers me is, they attacked the Escapist because of their reception at the forums. Basically they are now hacking people to shut them up. That's not smashing a windshield for the lulz, that's smashing it so that people don't talk down on them.
I didn't particularly like them before, but hackers gonna hack. But now I feel they are infringing on the free speech. Ok, so maybe I'm being paranoid, but this is the point when I feel some sort of line has been crossed. I can't help but feel only bad things will follow

[EnglishMQ]

Well I for one welcome are new hacking over-lords of the Internet.

And anyway, they struck on a Tuesday, I can live without MovieBob and DailyDrop isn't on anymore.

[Wolfenbarg]

But Pro Gamer Gauntlet has a full length episode this week! :O

[Kathleen]

As long as it's fixed by tomorrow for feed dump!

[kodra]

I will be somewhat upset if I can not have feed dumped upon me.

[ecks]

I never quite got that concept. How can you use DDoS to mask a hacking attempt? Doesn't the DDoS by definition cause network gear to go into "deny all" mode?

DDos is just a lot of people doing something at the same time. You can overload the 'pipe' so to speak by attempting to jam 1000 mbit of traffic down a 100mbit connection(lots of large packets), you can overload switches/routers by sending a large number of packets per second (tons of tiny packets) or you can attack the server by giving it tons of requests to process. The latter can easily knock over a server long before you hit any bandwidth or pps limits that networking gear would care about, and is the one that would make any logs harder to go through via sheer volume of entries.
You can buy stuff that sits on in your network to attempt to detect/block attacks, but plain old networking gear usually just drops anything beyond it's capacity, rather than shutting off.
Datacenters will typically nullroute anyone thats impacting their gear by being attacked though. This is getting way off topic though; there's plenty of stuff elsewhere on the internet to help understand and how to mitigate these sorts of things if your still curious, hacking is nothing new I'm afraid.

As long as it's fixed by tomorrow for feed dump!

This. It was working a little earlier for me, but it's down again. As long as people don't give them lots of attention on twitter I'd expect they'd have wandered off somewhere else by tomorrow. Although the escapist often gets bogged down with regular wednesday traffic anyways, so ...

[tamaness]

Yay. dickwads gonna be dickwads.

I'm not going to parrot all of the good points made so far in this thread, or in the Extra Credits video on Anonymous. I'm just piping up to say, "what flaming cocks!"

Seriously.

[kodra]

DDos is just a lot of people doing something at the same time. You can overload the 'pipe' so to speak by attempting to jam 1000 mbit of traffic down a 100mbit connection(lots of large packets), you can overload switches/routers by sending a large number of packets per second (tons of tiny packets) or you can attack the server by giving it tons of requests to process. The latter can easily knock over a server long before you hit any bandwidth or pps limits that networking gear would care about, and is the one that would make any logs harder to go through via sheer volume of entries.
You can buy stuff that sits on in your network to attempt to detect/block attacks, but plain old networking gear usually just drops anything beyond it's capacity, rather than shutting off.
Datacenters will typically nullroute anyone thats impacting their gear by being attacked though. This is getting way off topic though; there's plenty of stuff elsewhere on the internet to help understand and how to mitigate these sorts of things if your still curious, hacking is nothing new I'm afraid.

See I understand that but my issue is the idea that I hear often is "They launched a DDoS attack in order to mask a much more subtle hack job".

This seems counterintuitive because DDoS is an attack designed to prevent the edge network equipment from processing requests in a timely manner. They then launch a more subtle attack which requires them to establish a stable connection with the edge network gear. How exactly does that work?