Video game maker Ubisoft gas filed a lawsuit against the alleged operators of a DDoS-for-hire website, claiming they are “well aware of the harm” the service has caused for the company.
As Polygon reports, the publisher of such popular games as Assassin’s Creed, Far Cry, and Tom Clancy’s Rainbow Six: Siege has been targeted by distributed-denial-of-service attacks that “create lag in multiplayer matches and can crash servers.”
The SNG.ONE website named in the lawsuit sells a service which allows anyone to anonymously “test [their] services against (D)DoS attacks.”
A disclaimer on the website reminds users that the DDoS-for-hire service (sometimes known as a “booter” or “stresser” service) should only be used against customers’ own sites, to see how well they would withstand a criminal attack.
“By using this website, you agree that you only use it for your own servers/services”
However, in its lawsuit Ubisoft claims that SNG.ONE staff are prepared to facilitate their clients’ requests to launch DDoS attacks against the servers of video games such as Rainbow Six: Siege (R6S):
Optionally, purchasers also may pay to have members of the SNG.ONE “team”(i.e., Defendants or one of their agents or employees) “set up” their computer (such as by configuring the customer’s computer with the proper IP addresses and settings), so that they may immediately use the DDoS Service to attack the R6S Servers. Once the customer’s computer is properly configured, the purchaser may launch a DDoS Attack on the R6S Server at-will, subject only to the limitations of the license that the purchaser has paid for.
The lawsuit contains a screenshot of the r6s.support website which appears to show a list of potential targets including Fortnite, FIFA 20, Call of Duty: Modern Warfare 4, as well as Rainbow Six: Siege.
Bizarrely, according to Ubisoft’s lawsuit, the r6s.support website was later replaced by phony notice that falsely claimed the website had been seized as part of a co-ordinated operation between Europol, Microsoft, and Ubisoft dubbed “DDoS OFF”.
DDoS attacks have long plagued the makers of video games – whether it be for the purposes of extortion, juvenile mischief-making or petty rivalries between gamers.
For instance, in 2011, Minecraft, League of Legends, and EVE Online were struck by a DDoS attack instigated by the notorious Lulzsec gang. More recently, in October 2018, the launch of Ubisoft’s Assassin’s Creed Odyssey video game was disrupted by a DDoS attack that swamped its servers.
The lawsuit filed against the alleged operators of SNG.ONE follows other steps taken by Ubisoft in recent months. Back in September 2019 it announced that it was sending cease-and-desist letters to various DDoS-for-hire services which had targeted Rainbox Six: Siege. As ZDNet reported subsequently, Ubisoft claimed that resulted in an impressive 93% drop in the frequency of DDoS attacks against R6S servers.