James Varga, a 25-year-old professional gamer who goes by the screenname of PhantomLOrd, had quite an interesting day on Monday. What started out as a normal day (normal for a pro-gamer) would take a sudden turn into a dramatic cat-and-mouse game with the Derp hacker group and end with police and pizza delivery men swarming his L.A. area home.
James “PhantomL0rd” Varga gets paid to play video games — and apparently he’s quite good at them, including League of Legends, one of the most popular games on the internet. He often plays on Twitch.tv, a streaming service that allows gamers to share their experience live with others. According to Varga, he was achieving an unusually high score in League of Legends (LoL) on Monday when the server went down. He switched to another game with the same result. And then another. Eventually he figured out that the Derp hacking group was following him from game to game and not only knocking him off the sites, but also shutting down the games for all other players worldwide.
David Birti, a computer science student a Cedarville University, explained what happened:
Derp is a hacking collective that started out taking down small private game servers, but has recently moved on to much bigger targets. Starting on Monday, they claim to have taken down League of Legends and EVE Online (the two most-played games in the world), along with EA.com, Club Penguin, KCNA (a North Korean news agency), World of Tanks, Guild Wars 2, a private high school’s website, Runescape, and a Westboro Baptist Church site; all of this was done “for the lulz” (just for fun).
They accomplished this using a distributed denial of service attack (DDOS), which can take down servers for short periods of time by flooding them with nonsense traffic. This is usually accomplished with a botnet, which is a group of normal computers that are under the attacker’s control (usually via a virus). Since there are so many computers contributing to the flood, blocking all of them is infeasible. The larger a target is, the larger a botnet needs to be to take it down. And judging from the high-profile targets they’ve taken out, their botnet is undoubtedly very large.
Throughout the DDOS attacks Varga made several attempts to contact Derp representatives through online chat rooms. At one point Varga said, “The whole server is depending on us winning this game.” Reddit documented the entire drama, including screenshots of the chats. At one point Varga’s personal information was posted on the gaming sites — called DOXing — and pizzas started to arrive at his house.
And then Varga was “swatted.” He claims someone called the police to report a hostage situation at his house. (Derp has denied responsibility for the swatting via Twitter.) Varga took to his Twitch.tv site to live stream his account of the day’s events and remarkably, over 100,000 were watching the rambling story time at one point. During the broadcast he claimed that his brother alerted him to the police report and he went outside “in p.j.s and socks” to find a half dozen police cars watching his house. He posted on Facebook, “Just had an automatic pointed at me, put in hand cuffs, and sat in the back of a cop car as I watched as 6 policemen go through my whole house.”
During the hour-long live stream Varga, a gamer with an R-rated vocabulary, described every detail of his day and even went out of his way to hold his sponsors harmless for the attacks. (A gamer’s gotta eat, after all, and those pizzas that continued to show up at his door were going to begin to add up very quickly.)
According to Derp’s Twitter account, the attacks are ongoing and they have more in store.
Birti advises caution:
Fortunately for the civilized internet, DDOSing seems to be their only tool. They have yet to pull off a more difficult attack, such as a password leak, but there’s still plenty of time for them to do so. Though their Twitter feed indicates that the government has seized several of their servers, they appear unfazed.
Well, they appeared unfazed until around 7:00 p.m. EST:
feds seized the last few machines and now we're on the run
— DERP (@DerpTrolling) December 31, 2013
— DERP (@DerpTrolling) December 31, 2013