Statement on OCG Attack
Hello Gamers,
Over the last hour we've been experiencing a decently large DDOS/Botnet attack. The attack unfortunately came minutes before matches were starting for our league. We tried to hold off on making an announcement as long as we could, but the attacker(s) were persistent. After several minutes we figured out that we were getting hit by both a DDOS and a BOTNET attack that was large enough to knock down our DDOS protection.
With the attack on the site, it shutdown our AC completely and is still currently down. We were forced to allow alternative methods of insuring legitimate gameplay. Thus, you'll have to wait until Friday for the brackets to be fully updated.
We'd like to send our sincerest apologies to all the players who are competing in our league and using our Anti-Cheat. We will be prosecuting the attacker(s) to the full extent of the United States and International law.
More information will be released at a later time/date about the situation and what we'll be doing to make up for the downtime.
Regards,
Nick
Community Manager
Online Competitive Gaming, LLC.
Over the last hour we've been experiencing a decently large DDOS/Botnet attack. The attack unfortunately came minutes before matches were starting for our league. We tried to hold off on making an announcement as long as we could, but the attacker(s) were persistent. After several minutes we figured out that we were getting hit by both a DDOS and a BOTNET attack that was large enough to knock down our DDOS protection.
With the attack on the site, it shutdown our AC completely and is still currently down. We were forced to allow alternative methods of insuring legitimate gameplay. Thus, you'll have to wait until Friday for the brackets to be fully updated.
We'd like to send our sincerest apologies to all the players who are competing in our league and using our Anti-Cheat. We will be prosecuting the attacker(s) to the full extent of the United States and International law.
More information will be released at a later time/date about the situation and what we'll be doing to make up for the downtime.
Regards,
Nick
Community Manager
Online Competitive Gaming, LLC.
Comments
-
lionheartban wrote: »"We will be prosecuting the attacker(s) to the full extend of the United States and International law."
^
Since the attacker has been this persistent, he probably knows what he's doing. Might take a while until you actually find them. -
lionheartban wrote: »"We will be prosecuting the attacker(s) to the full extend of the United States and International law."
Out of curiosity... I wonder what sort of laws are we talking about here?
Criminal? Civil? Corporate? Common? Tort? What kind of law here? And how large the jurisdiction... Municipal? State? Federal? Does OCG even have a legal... department?
I wonder if OCG even comprehends the statement they have made. No offense... I'm only trying to help conversation here. I don't want them to look bad.
edit:
Can you cite the exact text?I thought DDoSing was a 5 year minimum penalty (in federal prison) in the United States of America. -
Out of curiosity... I wonder what sort of laws are we talking about here?
Criminal? Civil? Corporate? Common? Tort? What kind of law here? And how large the jurisdiction... Municipal? State? Federal? Does OCG even have a legal... department?
I wonder if OCG even comprehends the statement they have made. No offense... I'm only trying to help conversation here. I don't want them to look bad.
edit:
Can you cite the exact text?
How're you gonna make us look bad? Do you even know what it's like to run a league? A company? Anything? And at that, one that's constantly attacked? And no, I can't quote the exact text as I only heard it. I'll look around though.
edit:
UK - In the Police and Justice Act 2006, the United Kingdom specifically outlawed denial-of-service attacks and set a maximum penalty of 10 years in prison.[33]
US - In the US, denial-of-service attacks may be considered a federal crime under the Computer Fraud and Abuse Act with penalties that include years of imprisonment. Many other countries have similar laws.[34][non-primary source needed] -
'pope wrote:aL[;3653834']Implying you can charge them for anything
The person is using a botnet, which alone, is illegal as he/she's accessing people's computers without authorization, and using them in his/her attacks.
Just an outline of the penalties of computer hacking from Connecticut laws because Google is awesome:
http://www.cga.ct.gov/2012/rpt/2012-R-0254.htm
What he/she has done applies to many of the listed acts. -
How're you gonna make us look bad? Do you even know what it's like to run a league? A company? Anything? And at that, one that's constantly attacked?
No I have never ran a league or a company. That's why I'm asking questions. I'm very curious on what's going to be done on the legal side of things since they've declared that. Are they even prepared to litigate?
And to refer myself again... in what scope can the litigation be done?
edit: You may think I'm trying to make you guys look bad... but that is NOT my intention at all. -
-
edit:
UK - In the Police and Justice Act 2006, the United Kingdom specifically outlawed denial-of-service attacks and set a maximum penalty of 10 years in prison.[33]
US - In the US, denial-of-service attacks may be considered a federal crime under the Computer Fraud and Abuse Act with penalties that include years of imprisonment. Many other countries have similar laws.[34][non-primary source needed]
Wow trace... you really don't know how to use Wikipedia....
edit: And yes I could have done that myself... I was just wondering on the OCG side of things what they know on what they can do. Law is complex. There's no need for you to start throwing around different Wiki paragraphs and sentences w/o comprehending it. I thank you though for your attempt. I was just hoping OCG would bring out their big guns to explain further. But more than likely I'd be redirected to their forums which I have no idea on how to move around in xD.
I hope OCG was able to trace (no pun intended) the attack to their origin. I'm a little hazy atm on how it goes... but I'm assuming that the jurisdiction lies with the place of where the attack targeted and NOT where it originated? -
No I have never ran a league or a company. That's why I'm asking questions. I'm very curious on what's going to be done on the legal side of things since they've declared that. Are they even prepared to litigate?
And to refer myself again... in what scope can the litigation be done?
edit: You may think I'm trying to make you guys look bad... but that is NOT my intention at all.
At this point we are making sure user's personal data is secure as much as possible. We cannot tell how much data this person has accessed until the mitigation is complete.
Some of the ways we'll be pursuing legal action is found here. -
Wow trace... you really don't know how to use Wikipedia....
edit: And yes I could have done that myself... I was just wondering on the OCG side of things what they know on what they can do. Law is complex. There's no need for you to start throwing around different Wiki paragraphs and sentences w/o comprehending it. I thank you though for your attempt.
I hope OCG was able to trace (no pun intended) the attack to their origin. I'm a little hazy atm on how it goes... but I'm assuming that the jurisdiction lies with the place of where the attack targeted and NOT where it originated?
Not to be rude by why're you so interested in the subject? This was to inform those that we are working to catch the predator(s) and we do have intentions to prosecute. -
Wow trace... you really don't know how to use Wikipedia....
edit: And yes I could have done that myself... I was just wondering on the OCG side of things what they know on what they can do. Law is complex. There's no need for you to start throwing around different Wiki paragraphs and sentences w/o comprehending it. I thank you though for your attempt. I was just hoping OCG would bring out their big guns to explain further. But more than likely I'd be redirected to their forums which I have no idea on how to move around in xD.
I hope OCG was able to trace (no pun intended) the attack to their origin. I'm a little hazy atm on how it goes... but I'm assuming that the jurisdiction lies with the place of where the attack targeted and NOT where it originated?
Uh.. do you not know what a botnet is? If they try to trace it, with basic attempts, it'll show it coming from many locations. -
http://denialofservice.uw.hu/ch08lev1sec2.html
there are criminal and civic alternatives, criminal being a federal offense.
Malwarebytes has successfully blocked access to a potentially malicious website: 212.40.120.230
Type: outgoing
Port: 63118, Process: chrome.exe -
So you're saying you're going to higher a lawyer, and try to bring this person to court?
Well it isn't uncommon for companies and such to have an in-house legal department. I'm curious to that as well on how large OCG is really.
Yes I do know what a botnet is. Thanks though for the information. I wonder if on the other side they have ways to impede the trace or even throw it off the scent completely. And then if that happened what would this side do and so on and so forth. xDUh.. do you not know what a botnet is? If they try to trace it, with basic attempts, it'll show it coming from many locations.
So exciting.Not to be rude by why're you so interested in the subject? This was to inform those that we are working to catch the predator(s) and we do have intentions to prosecute.
Because I am interested? Am I suddenly not allowed to create discussion over the legal avenues OCG could take regarding this? These sorts of attacks are a relatively new concept to prosecute.At this point we are making sure user's personal data is secure as much as possible. We cannot tell how much data this person has accessed until the mitigation is complete.
Some of the ways we'll be pursuing legal action is found here.
Thank you for the IC3 link. It's a good start I suppose.
Good luck guys. -
At this point we are making sure user's personal data is secure as much as possible. We cannot tell how much data this person has accessed until the mitigation is complete.
Some of the ways we'll be pursuing legal action is found here.
So you're saying you're going to hire a lawyer, and try to bring this person to court? -
DDoS/DoS falls under cyber crimes. At least in international law it does, not sure about US laws.Out of curiosity... I wonder what sort of laws are we talking about here?The person is using a botnet, which alone, is illegal as he/she's accessing people's computers without authorization, and using them in his/her attacks.
I'm pretty sure the person attacking OCG isn't stupid enough to use a botnet. -
lionheartban wrote: »DDoS/DoS falls under cyber crimes. At least in international law it does, not sure about US laws.
I'm pretty sure the person attacking OCG isn't stupid enough to use a botnet.we were getting hit by both a DDOS and a BOTNET attack
So.. yeah. We were hit by a combination of both a DDOS and BOTNET attack. -
So you're saying you're going to hire a lawyer, and try to bring this person to court?
We don't have 100% plans on what we're going to do as we're taking steps to secure user data. In the coming days after the mitigation and such is complete we will be looking more into our options. -
lionheartban wrote: »DDoS/DoS falls under cyber crimes. At least in international law it does, not sure about US laws.
Thank you for that. I wonder now which specific international treaties/agreements and such that do cover cyber crimes xD.
Oh well. The law is pretty messy sometimes.
I'm assuming that Evan has been notified?We don't have 100% plans on what we're going to do as we're taking steps to secure user data. In the coming days after the mitigation and such is complete we will be looking more into our options. -
Thank you for that. I wonder now which specific international treaties/agreements and such that do cover cyber crimes xD.
Oh well. The law is pretty messy sometimes.
I'm assuming that Evan has been notified?
Evan was working at stopping the attacker but gave up after some time because he/she was persistent and it was useless with the size attack being sent. As for covering up cyber crimes, look up "Ghost IP." -
lionheartban wrote: »Not sure why this thread is still up, you'll never catch the person doing it nor will you ever acquire the proof to make a case. You don't have the money to hire a legal team or even one single lawyer.
This thread was purely to give an update and such until certain players brought one sentence up for 3 pages of debate. -
2fastSTREAK wrote: »Well that's not good.
It's very, very difficult to stop an attack like that, and even harder of it's size. There was no point in him wasting his time, we just wait it out until the attacker stops and then take the necessary steps toward DDoS prevention. -
It's very, very difficult to stop an attack like that, and even harder of it's size. There was no point in him wasting his time, we just wait it out until the attacker stops and then take the necessary steps toward DDoS prevention.
if the government can not defend against it, i don't think you really stand a chance, just best hope this person doesn't know what they're doing
![[dot]](https://forum.z8games.com/uploads/customavatars/27/navatar_2942827.gif){kind=avatar}
This discussion has been closed.
Categories
- All Categories
- Z8Games
- 1 Z8 Forum Discussion & Suggestions
- 15 Z8Games Announcements
- Rules & Conduct
- 2.5K CrossFire
- 715 CrossFire Announcements
- 714 Previous Announcements
- 2 Previous Patch Notes
- 322 Community
- 12 Modes
- 393 Suggestions
- 16 Clan Discussion and Recruitment
- 73 CF Competitive Forum
- 1 CFCL
- 16 Looking for a Team?
- 524 CrossFire Support
- 7 Suggestion
- 15 CrossFire Guides
- 37 CrossFire Off Topic