06-03-2013 08:41 AM
Jun 03 Reported by CCP Spielmann
At 02:05 UTC June 2nd, CCP became aware of a significant and sustained distributed denial-of-service attack (DDoS) against the Tranquility cluster (which houses EVE Online and DUST 514) and web servers.
Our policy in such cases is to mobilize a taskforce of internal and external experts to evaluate the situation. At 03:07 UTC, that group concluded that our best course of action was to go completely offline while we put in place mitigation plans.
While we initially reopened EVE Online and DUST 514, at 14:51 UTC we became aware of additional information that led us to re-evaluate our decision. With the highest sense of precaution we took the decision to take Tranquility and associated websites back down for further investigation and an exhaustive scan of our entire infrastructure.
What we can now confirm is that a person was able to utilize a vulnerability in one of the back-end services that support the operation of the Tranquility server. This vulnerability has now been secured and thoroughly tested.
We would like to stress that at no time was customer data compromised or accessible in any way.
The effort of returning the complex server structure of the EVE Universe and associated websites to service in a methodical and highly-scrutinized fashion began hours ago and Tranquility has now been brought online (at 10:13 UTC). Our teams will monitor the situation carefully in the coming hours to ensure that our services are accessible and that all customer data remains secure.
We will be looking at ways to compensate players in both EVE and DUST for the outage and expect to announce what that compensation will be very soon.
We would also like to take this opportunity to thank all of our players on EVE Online and DUST 514 for their patience and understanding during this unexpected downtime and the investigation. We are grateful for your support, as always.
06-03-2013 12:19 PM - edited 06-03-2013 12:21 PM
....This is a situation that we as human beings must eventually evolve out of before we can call outselves an advanced species.
With all the so called "social" things people can do with the internet, computer gaming is one of the few things that was truly intended to be "just a game", for social fun and relaxation. There's no glorious profit, no privacy access, no personal financial data that you can steal from hacking a video game....that you can't get with better, wider or more profitable success if you go hack bank sites, business sites, or shopping networks. I imagine the physical rewards for hacking THOSE entities will almost always pay off big....so WHY be a dork who wants to hack what is in effect just a recreation GAME?
That is why every time I read something like this, I put my flag up and CHEER the game developer for anything emergency procedure he has to resort to in order to stay alive and get past this "DORK EVENT",... I will happily patiently wait for CCP to reappear on the other side and beam us all back to New Eden.
...As for my opinion of the mystery culprit who authors every "DORK EVENT"... I don't mind him anymore than I mind the little monkey sitting around in a tree, picking dried *bleep* out of his *bleep*. Until he ables to evolve interlectually and become a truly "SOCIAL" human being, he's always gonna be swinging from that tree and picking at his rectum.
It's just his nature. It's what monkeys do.
Plymco, thanks for helping spread the details! And hurray for Tranquility (such a cool name for a sever, too).