The recent wave of attacks to nullify the functionality of the servers of games such as Battlefield 4, League of Legends, and services of Blizzard’s Battlenet and EA’s Origins have utilized a relatively new DDoS technique.
The distributed denial of services attack, more commonly known as the DDoS attack, is a method of sending packets of meaningless data to a server until it becomes unresponsive.
The conventional methods of performing such an attack are well-known and easily countered by most gaming services providing companies, but the method used by this new team of hackers, terming themselves as “DERP Trolling” is relatively unheard of.
Their “Gaben Laser Beam” tool used to carry out the attacks utilizes Network Time Protocol (NTP), as explained by Arstechnica.
NTP is used to synchronize computers and devices to the local-area time in normal operation. DERP Trolling utilized the system to inflate the severity of the DDoS attacks by sending out a volley of NTP requests to the servers while pretending to be one of the gaming services.
The result was an exponential response from a victim compared to the amount of packets sent; the requests would contain eight bytes but have a typical response of 468 bytes.
The average size of each NTP attack was 7.3 gigabits per second, and according to Black Lotus monitoring the attacks, the estimate capacity that the attacking team possessed was 28 Gbps.
NTP amplification attacks are generally easy to repel, since the entire NTP traffic can be blocked with minimal consequences, allowing engineers to filter out the packets affecting the servers. However, the method itself has rarely been used, and the amplification through the NTP increased the severity of the DoS attack on the services.
Black Lotus and other researchers are unsure of the motives of the attacks, and ultimately of DERP Trolling. The name suggests that it may be actions carried for disturbance and self-amusement, but the scale of the attacks and their targets indicate that there could be another motive.