Posted on Leave a comment

Poodlecorp DDoS attack brings down Blizzard’s battle.net servers

image thumb 2

Map showing worldwide DDoS traffic during the attack - Brazil is the source and United States is the destination

I tweeted a few hours ago about a DDoS attack hammering Blizzard’s game servers.  Around 7:00 PM Central Time, players in the game began noticing severe lagging.  Within 30 minutes, the Battle.net servers were completely offline and unavailable for game play.  Blizzard posted the following message to players trying to login:

"Players are currently experiencing high latency and disconnections as a result of DDoS attacks towards certain internet service providers.  We are currently monitoring this situation and will provide updates as they become available."

The attack occurred on the ever of Blizzard’s special Summer Games Special Event in celebration of the start of the Olympic Games Rio 2016.  About an hour before the attack, hacking collective PoddleCorp tweeted the following:

"Lube has been applied @BlizzardCS"

Followed quickly by tweets indicating the servers were down.

"(EU & US Blizzard #Offline #PoodleCorp @BlizzardCS @PoodlesInBlack @Gh0stPoodle"

Around 8:30 PM Central, PoodleCorp announced,

"We’re done for now @BlizzardCS."

Oddly, after the 8:30 Tweet, Blizzard’s world servers remained down for quite some time.  Either Blizzard kept them offline hoping to wait out the attack, the server’s were bounced, or possibly PoodleCorp’s tweet was a ploy and they weren’t’ responsible for the DDoS attack at all…

Rumors of an impending attack against Blizzard servers surface a few days ago when angry gamers announced "revenge" for disconnection of their gaming accounts because of "cheating".  That the attack came from PoodleCorp was a bit of a surprise however.  Just 48 hours earlier, they announced plans to target Pokemon GO servers.  Still, PoodleCorp is known to rent their DDoS toolset (can you say, "CoreCoin"), called Poodlestresser, simliar in operation to LizardStresser (most likely, an improved version), so the attack could have been sponsored by another party.

Suggestion to rent/hire DDoS botnet servers for revenge against Blizzard

PoodleCorp is relatively new on the hacking scene but believed to include several notable members of Anonymous and remnants of the Lizard Squad hacking collective (remember, it was this time last year that several members of Lizard Squad were busted).  To date they’ve hacked several popular YouTube accounts, League of Legends, StreamMe, Pokemon Go, and now, Battle.net.

Unhappy gamers will be happy to hear that PoodleCorp’s has experienced problems of their own this week.  Rumor (with some proof)  is their servers were hacked a few days ago and details about PoodleStressers botnet control panel database leaked online.  The database leak included tables that held information on the botnet’s slaves, control panel logins, logs, payment details, payment plans, support tickets, servers, and attack gateways.  You can bet the FBI has their hands on the data and are already in the process of making sense of the database schema and trying to work backwards from the endpoints.

Check out the leaked schema below – if legit, provides interesting insight into the internal design of a DDoS botnet.

Purported database schema for the Poodlestresser botnet control panel

Leave a Reply

Your email address will not be published. Required fields are marked *