The War On T1

Ryscu

23 Apr 202413:11

Summary

TLDRA major issue has emerged in the Korean League of Legends server, where targeted Denial of Service (DoS) attacks have disrupted professional matches and solo queue gameplay. The root cause appears to be linked to the exploitation of Riot Korea’s anti-cheat system, which has been compromised following a major data breach. This breach allowed hackers to access player IP addresses, leading to widespread attacks, particularly affecting top teams like T1. Despite efforts to mitigate the damage, the attacks continue, leaving Riot Games under scrutiny for its lack of transparency and response to the ongoing issue.

Takeaways

😀 The recent surge in DDoS attacks in the Korean League of Legends servers is affecting both professional players and regular players, with high-profile teams like T1 being heavily targeted.
⚠️ These DDoS attacks are overwhelming players' internet connections, causing them to be disconnected from the game and severely impacting their gameplay and practice.
🔒 Riot Games has been slow to respond to the issue, with limited communication and a lack of effective measures to prevent these attacks despite being aware of the problem since late 2022.
💻 The cause of the DDoS attacks appears to be linked to a security exploit involving Riot's anti-cheat system, ZigCode 3, which was specifically implemented on the Korean servers.
🔍 Hackers gained access to Riot’s source code after a breach in early 2023, potentially allowing them to reverse-engineer the ZigCode 3 anti-cheat system and exploit it to pull players' personal information, including IP addresses.
🌐 The exploit has allowed attackers to repeatedly target players' IP addresses through DDoS attacks, making it difficult for affected players to play or stream games without disruptions.
💣 The DDoS attacks have disrupted professional games in the Korean Pro League (LCK), leading to a temporary shift to offline servers, though the issue persists for individual players.
👾 Tools like 'Swiss knife' are being sold to hack IPs, with users able to extract player IP addresses by inputting in-game names, furthering the scale of the issue in the Korean gaming community.
💰 The black market for these hacking tools is thriving, with subscriptions for tools like 'Swiss knife' being sold for large sums (up to $800 USD for a 30-day pass), showing the financial incentive behind these attacks.
📉 Despite efforts by teams like T1 to mitigate the impact by reducing streaming hours and adjusting schedules, the attacks continue to disrupt player practice and performance, affecting both solo queue and professional play.

Q & A

What are Denial-of-Service (DoS) attacks, and how do they affect esports players?
-Denial-of-Service (DoS) attacks involve overwhelming a server or player's internet connection with excessive data packets, causing lag, disconnections, or complete crashes. In esports, such attacks disrupt gameplay, hinder practice, and can affect tournament results, as seen in the Korean League of Legends scene.
Why were Korean players and teams particularly targeted by DoS attacks?
-Korean players and teams, including top stars like Faker and T1, were specifically targeted due to the region's prominence in competitive esports, particularly League of Legends. The high-profile nature of these players made them prime targets for attackers aiming to disrupt matches and influence outcomes.
How did Riot Games initially respond to the rise in DoS attacks?
-Riot Games initially ignored the rising issue of DoS attacks affecting Korean players and teams, despite repeated reports from the community. Only after the attacks affected the LCK (League of Legends Champions Korea) did Riot take steps, moving the league to offline servers temporarily.
What is Riot's anti-cheat software, Zig Code 3, and how did it contribute to the issue?
-Zig Code 3, developed by Riot in partnership with Wella, was an anti-cheat system introduced to combat scripting in Korean solo queue. However, the software's invasive nature, which collected player data including IP addresses, became a vulnerability. Hackers exploited this data to target players with DoS attacks.
How did the Riot Games data breach impact the security of player data?
-The Riot Games data breach in early 2023 exposed the company's source code, including the Zig Code 3 anti-cheat software. This breach allowed hackers to access sensitive player data, such as IP addresses, which were then exploited in DoS attacks against professional players and teams.
What is the Swiss Knife tool, and how does it work in targeting players?
-The Swiss Knife tool is a hacking program that can retrieve a player's IP address by simply entering their in-game name. It exploits vulnerabilities in Riot's systems, allowing hackers to target players with DoS attacks. The tool was sold through exclusive online channels, and it facilitated attacks on both solo queue players and professional esports matches.
Why did T1 have trouble playing solo queue, and how did it relate to the DoS attacks?
-T1 experienced persistent DoS attacks that prevented them from playing solo queue. These attacks targeted their IP addresses, causing frequent disconnections during games. The issue was so severe that T1 had to adjust their practice schedules and streaming hours to mitigate the impact on their players.
What actions did T1 take in response to the ongoing DoS attacks?
-T1 responded by reducing streaming hours and altering their practice schedules to minimize the damage caused by the DoS attacks. They also announced that their players would refrain from streaming until the situation was resolved, despite potential contractual obligations.
How did Riot Games attempt to address the DoS attacks during the LCK broadcasts?
-In response to DoS attacks affecting LCK broadcasts, Riot temporarily moved the league to offline servers. This shift helped prevent further disruptions during live games but did not resolve the underlying issue for solo queue players and other teams still affected by the attacks.
What potential financial motivations could explain the DoS attacks on esports players and teams?
-The DoS attacks may have been motivated by financial gain, as players' performance in solo queue and professional matches can influence betting markets and sponsorship opportunities. Some speculated that hackers targeted high-profile players to manipulate match outcomes or to gain recognition in the esports community.