Online Gaming and the Growing Impact of China DDoS - David Liebenberg

David Liebenberg CiscoTalos

Online Gaming and the Growing Impact of China

Agenda

1. OnlinegaminginChina

2. TheDDoSa5ackindustryanditsconnec<ontoonlinegaming

3. Casestudy:SSHPsychosandChinaZ

4.  IndicatorsthatDDoSa5acker/malwareisconnectedtoonlinegaming

5. ConclusionsandQ&A

Online Gaming Industry

Top10OnlineGamesinChina

Pirated Game Industry

•  Piratedgameserver=sifu，私服

•  Profitabilityandcrowdedmarketplacecreatefiercecompe<<on

•  Bo5omline:bigbusinesswithli5leethicalrestraint

DDoS AAacks Take out Rivals

How It Works:

ToolDevelopers

A5ackerRepresenta<vesGamerA GamerB

BotnetOwners

Tool Developers

•  ManyChineseDDoStoolscanbedownloadedforfree

•  Specializedtoolscostmoneyandareproducedbydedicatedgroups

PlaHorm Rentals

RepresentaIves/AAackers

Case Study Conclusions

Collateral Damage

•  AWen’sPu5yDebacle

•  Takedownof.cn

•  KnightsA5ackingGroup(骑士攻击小组)

Domain Indicators

•  Domainnameswiththefollowingle5ercombina<onsfollowedorprecededbyaseriesofnumbersindicateaconnec<ontoonlinegaming:•  “gm”–Gamemaster•  “my”–Moyu•  “sf”–Sifu•  “45”–Sifu•  “xa”–Xiaoao•  “pk”–Playerkill•  “cf”–Crossfire•  999–999brand•  3322.org–ChineseDDNSthathostspiratedgames•  F3322.org–ChineseDDNSthathostspiratedgames

Chinese Characters

•  私服–Piratedgameserver•  游戏–Games•  接c单–AcceptCCa5acks(Layer7a5acks)•  接d单–AcceptDDoSa5acks•  登录器–Registra<onsoeware•  在线充值 –Replenishyouraccountonline•  抓鸡–Buildabotnet•  鸡肉–Botnet•  传奇–Legendgames•  魔域–Moyu•  火线–Crossfire•  流量 –Traffic•  攻击 –A5ack

Images to Watch:

Gamename Dateposted Wherehosted

Servername

Conclusions

•  TheonlinegamingindustryinChinaisconnectedtoDDoSa5acks

•  ThereareavarietyofDDoSgroups,offeringa5ackingservicesorsoeware

•  Hackerforumsandsocialmediacanbeleveragedforinforma<ononDDoSac<vity

•  Language-capableanalystsaddvaluetoinves<ga<ons

QuesIons: dliebenb@cisco.com

Online Gaming and the Growing Impact of China DDoS - David Liebenberg

Technology

IBM Security Strategy · 2/6/2014 · Party Software DDoS Consulting SecureID Gaming Trojan Software Unknown Online

DDoS Handbook

Scalable DDoS mitigation · •Scalable DDoS Mitigation –BGP FlowSpec •Cloud DDoS Protection –F5 Silverline. DDoS Overview • Distributed denial-of‐service (DDoS) attacks

DDoS Testing Services - zencurity.com · DDoS Testing Services DOES YOUR BUSINESS HAVE AN OPTIMISED DDOS PROTECTION STRATEGY Our DDoS testing service exercises your infrastructure

Krizhanovsky Ddos

DDoS 방어에 9가지 - Akamai · 2021. 1. 20. · DDoS 방어전문 대신지식을 클라우드개발하는 기반 플랫폼으로 DDoS 방어솔루션을 아웃소싱하고 있습니다

s Liebenberg

CURRICULUM VITAE Ian Liebenberg · 3 8. Zegeye A, Dixon T, Liebenberg I 1999 Images: the Seesaw Haunting keeps Killing the Living.Social Identities: Journal for the Study of Race,

A Taxonomy of DDoS Attack and DDoS Defense Mechanisms

Liebenberg and Van Deventer-1997

DDoS Protection

DDoS Protection Protecting Against The DDoS Attacks Since 2007

(D)DOS DEMYSTIFIED - OARnet...DDoS Attack Customers DDoS Attack Volumetric Protection Cloud ISPa ISPb L3-4 DDoS mitigation DDoS Platform DDoS Platform L7 DDoS mitigation SSL Termination

DDoS Mitigation Support on CGSE - Cisco...DDoS Mitigation Support on CGSE Distributeddenial-of-service(DDoS)attackstargetnetworkinfrastructuresorcomputerservicesresources

Presentation ddos

cloudfale ddos

Datasheet: DDoS Protection - Grayhats Datasheet DDoS...or OpenBSD vulnerabilities ... Datasheet: DDoS Protection DNS DDoS Protection ... DNS server. This protects your

DDoS Threat Landscape - CHI-NOGchinog.org/.../2016/05/10.-DDoS-Threat-Landscape.pdf · DDoS Threat Landscape . DDoS Handbook • A history and overview of DDoS • Review of attack

Worm DDos Spam - SecurityCN.net · CNCERT/CC CNCERT/CC CNCERTCC_TR_2005-001(Draft) Worm DDos Spam Phishing Spyware Botnet [1] Bot DDos DDos Bot: ±Robo Bot

Curriculum Vitae of Prof Leon Liebenberg, Pr Eng€¦ · 1. Liebenberg L, Christians M, Van Rooyen E. State-of-the-art in vehicle propulsion systems. Report prepared for Eskom R&D,