ACCN has been a disaster for many years, but it is just a link in the black industry of DDoS. Its simple and crude attack method, no matter who uses it, is difficult for small and medium-sized game manufacturers to resist.
August 7, 2021, the 29th day of the sixth lunar month, avoid digging ground and burial.
It was this day that "Yi Jian Xing" chose to become his own gravedigger.
Faced with the blackmail of hackers, they not only fully refunded all the recharges since the online service was launched, but also gave up the online battle function that has been optimized for a long time and changed the game to a stand-alone version.
Just two days ago, Song Jiubian, one of the main creators of "Yi Jianxing", was still immersed in the complex emotions that the game was about to be launched.
in his announcement released on August 5, in a calm tone with a bit of sigh, telling us the birth of this game and the twists and turns in the development process.
In Song Jiubian's description, we can see how many times the game has changed
As the game is improved day by day, the players' positive feedback and gradually implemented ideas have given him a lot of confidence.
We can also read out our expectations and joy for the future from his writing. In his random and casual vision, there should be a battle between good and evil in the future "Yi Jian Xing" that will influence the player's pattern.
However, the sudden hacking attack made these complex thoughts turn into rain, dew, photoelectric, and dreams.
The sentence "It is better to be broken than to be complete" is a sonorous place, but it cannot cover up the helplessness of working hard for many years.
Although this determination and tragic, it successfully pushed a hacker organization called ACCN to the forefront and completely exposed it to the sun.
But the perpetrator never cared about the surging emotions, and ACCN did not stop because of those angry accusations.
On August 19, the upcoming "Half Retro Travel" was attacked by DDoS from ACCN. They also issued an announcement on TapTap. Unlike "Yi Jianxing", they explained in detail the situation of resisting hackers in the announcement.
The whole process seems to be playing with plants vs. zombies. A large wave of zombies is coming, and we can only fight through plant partners.
However, the enemies in the game will eventually be eliminated. When will the hacker's attack end depend on the will of the people.
even if we are beaten up and the cart is exhausted in the game, as long as we keep our brains, we will be the well-deserved winner.
In reality, after the hacker attack, there are only players who are broken walls, disappointed players, and game manufacturers who have lost all their money.
"Half Retro Tour" is resisting the tide of hackers' attacks, and what he thinks more is whether he can open the server as soon as possible. Because players can't afford to wait, they can't afford to wait either.
lost the biggest exposure opportunity of launching the server online, which is a heavy blow for these small and medium-sized manufacturers.
was forced to resist the hacker's attacks and forced the server to open. The result was that there were many problems, and even a special announcement was needed to answer the causes and solutions of various bugs. Things like
are no different from what has happened to many game manufacturers in the past two years.
By tracing the posts on TapTap, we can see that since March 2020, ACCN has gradually begun to attack small and medium-sized manufacturers on TapTap.
Throughout 2020, more than ten games including "Super Phantom Cat 2", "Ji Demon Love", "Cute General", and "Elastic Jelly" were invaded.
By 2021, ACCN has become more and more serious. By August, more than 17 games have been attacked. In addition to the above mentioned "Yi Jian Xing" and "Half Retro Xing", there are also games such as " Knights of the Knights ", "Shadow Blade 3", and "Jianghu Youyou".
However, this is just the tip of the iceberg we can see. We don’t know how many silent game manufacturers are, whether they pay, or confront, or disappear.
The initiator of this incident, ACCN, actually started to attack domestic game manufacturers earlier. Moreover, its method of attacking the manufacturer's servers through DDoS and thus demanding ransom has almost no change.
Zhihu article "DDoS Attack, the Cancer of the Game Industry" released in September 2018 clearly pointed out that in 2018, ACCN attacked many times and used the game manufacturers that used Tencent Cloud service.
shows that at that time, the rampant ACCN was already a matter widely recognized in the industry.
followed in May and June 2019, all records proved this fact.
May 17, 2019, a scientific and interesting article "Game Company's "Shock 24 Hours": Hackers extort "protection fees", Alibaba Cloud Helps", which records in detail the entire process of a domestic game manufacturer who was attacked and extorted by ACCN, and then seeks help from the Alibaba Cloud team to resolve the incident. The record of
posted a screenshot of the chat between this manufacturer and ACCN personnel. From it, we can see that the ACCN team has been established for two years and has had many attacks, so that manufacturers can verify their "integrity" from their peers.
On June 5, 2019, Tencent Cloud also published an article in the community titled "The Crisis Moment of the Product Online in 9 Hours", which also recorded in detail the process of Dayu's team helping game manufacturers to resist ACCN's DDoS attack. In the record of
, we can see that Tencent ’s Dayu team is not the first time that it has fought with ACCN.
They can not only refer to ACCN's past historical attack methods to specify protection plans for manufacturers, but also clearly judge that compared with 2018, ACCN's attack methods are more advanced and fierce.
It can be seen that ACCN had already started to operate as early as around 2017 and did not choose objects at the beginning.
But later, perhaps the price of attacking large game manufacturers is too high, which is far less convenient and quick than attacking small and medium-sized manufacturers. ACCN turned to manufacturers with a certain popularity but could not pay higher network security fees to attack.
Since 2020, those who have been hit by those "soft persimmons" with insufficient protection capabilities. This pattern and behavior are really no different from street hooligans.
But this is actually a very strange thing.
In the early ACCN ransomware emails, they claimed that most of the members came from the Invincible Fleet.
·The widely circulated ACCN ransomware
Armada Collective is an infamous hacker organization internationally. It uses the name of the legendary Spanish navy to do the Pirates of the Caribbean.
This organization has been very active since 2015. One of the most famous things they have ever done is to attack a Swiss confidential email service provider called ProtonMail.
This email company has a very high security level, and their services and even ISIS are very trusted.
However, it is such a company. After rejecting the extortion of the Invincible Fleet, within one day, the server was completely captured by the Invincible Fleet, and their two data centers were exploded, and their core business was almost paralyzed.
Finally, after consulting with many professionals, ProtonMail had to pay the 20 Bitcoin ransom requested by the Invincible Fleet.
In 2017, the Invincible Armada attacked at one time, including the South Korean National Bank . It was mentioned in the relevant reports that the amount of the Invincible Armada extorted from major companies around the world had accumulated hundreds of thousands of dollars.
The strange thing is here. From the perspective of pattern, technique, attitude, etc., it is difficult to connect ACCN with the Invincible Fleet.
·The ransomware email from the Invincible Fleet roughly means that I will attack your company's projects soon.
Your company can pay 20 bitcoins to disable the attack. They will launch a 15-minute attack on
to prove what they say. If the overdue is not paid, the attack will not stop and the
ransom is increased by 20 bitcoins every day. Among the companies extorted by the Invincible Armada are large companies such as ProtonMail, Hushmail, and Neomailbox. They have huge business, excellent technology, and strong attitude. They extort through emails, refuse communication, and raise prices and attack after the deadline.
, but ACCN is extorting a small team and asking for a small amount of money.
Their attitude is not as tough as the Invincible Fleet. They will send people to communicate with manufacturers in QQ and keep proclaiming their "integrity".
What's even more strange is that the technical strength of ACCN seems to be far from the original Invincible Fleet.
Invincible Fleet was able to launch a 1TB-level attack in 2015. According to the "DDoS Threat Report for the First Half of 2019" released by Tencent Dayu, attacks of this level did not appear in China until 2018.
and ACCN attacks reach the highest level of 100 GB.
After 2017, the Invincible Armada gradually disappeared.
As a result, ACCN's ransomware information rarely claims that its members are from the Invincible Fleet.
picture is from the announcement of "Cute General Fengyun"
This seems to indicate that ACCN may just be the cyber hooligan who made trouble by posing as the name of the Invincible Armada.
For black hat hackers who do not pay attention to technical ethics, it is not very rare for them to add some deterrent power to their blackmail as long as the money is in place and use the more outstanding team name to add some deterrence to their blackmail.
After ProtonMail paid the ransom for the Invincible Fleet, although the Invincible Fleet stopped the attack, other organizations then continued to attack in the same way.
In February 2017, an organization that pretended to be an Invincible Fleet carried out DDoS attacks on the online platforms of Taiwanese securities companies.
Perhaps behind all the incidents caused by ACCN, there are not the same group of people at all. They just use the same method and the same name to commit the same crime.
The fundamental reason why they can do this is that DDoS attack method is too simple, rough and effective.
DDoS, the full name is Distributed Denial of Service, that is, distributed denial of service.
attacks break through the manufacturer's server threshold through a large amount of data, making the server unable to determine which is junk data and which are the real users. The end result is that the server crashes and keeps all data out. The most intuitive phenomenon in the game is that players cannot log in, and the game server is blown up. The attack method of
is not difficult to use. Just get the manufacturer's port and then manipulate a large number of broilers (device held hostage by hackers) and rush in. Even if a person without any technical foundation is able to use it skillfully for a few days.
And with the great development of cloud computing , more and more connected devices are being added, and the cost of hackers to obtain broilers has dropped sharply, and the threat of this attack is still rising sharply.
Because as long as the amount is large enough, ordinary defense may not be able to withstand it.
"The Legend of Chasing the Demon" has purchased services, but it was still broken by hackers.
We can see that since 2020, those game manufacturers that were attacked may not have purchased server security services, but they cannot hold back too much data, breaking the upper limit of defense.
In the announcement of "Half Retro Travel" against hackers, it can be seen that even after Tencent Cloud's security team joined, the stability of the server is still worrying.What’s more dangerous is that this attack method is simple and crude, even a complete industrial chain, from broiler chicken sales to Trojan positioning, and even a complete fool-style one-click service, are all sold publicly on the Internet.
Last June, a teenager tried to retaliate against the airline because he could not buy a plane ticket to return home. Relying solely on the DDoS attack package purchased online directly paralyzes the entire airline's service network.
On Taobao and Xianyu, there are many services sold under the name of "DDoS offensive and Defense Teaching" and "DDoS Stress Testing". Behind it, perhaps the hackers selling attack services. Some of them don’t even beat the guise. There are currently people on Salt Fish that are blatantly selling “DDoS attack scripts”.
is omnipresent, simple and easy to use, and has significant effects. DDoS is the "Sword of Damocles" hanging over the heads of all game manufacturers today.
According to Tencent's "2020 DDoS Threat Report", DDoS attacks suffered by the gaming industry account for 79% of all attacks, which has a huge increase compared with 42% in the first half of 2019 and has become the main target of DDoS attacks.
is such a group of attacks, allowing the game that does not have the ability to support a sufficiently effective defense system, and is always walking on thin ice.
Relying on these game manufacturers themselves alone, it is absolutely unsolvable to deal with this tide. To ensure that they have some protection, they must join forces to share resources, jointly establish a reliable defense system, and an effective support system when attacked. A large-scale alliance like
must have sufficient resource injection to be effective.
Therefore, TapTap, which realized that it had no choice, took the initiative to join hands with six game companies, including Xindong, Giant, Lilith, Mihayou , and Yingjiao, to jointly establish the "Anti-network Black and Gray Industry Alliance". One of the main purposes of the
alliance is to help more game manufacturers fight against DDoS such unintentional disasters.
After the "Yi Jianxing" incident, the heart-warming CEO Huang Yimeng also answered the current work situation of the alliance. In his answer, there is an embarrassing thing, that is, the working members of the alliance also need to report sellers who provide DDoS services on different platforms into the work log.
Picture from Huang Yimeng’s Q&A on Zhihu
·
It can be seen that the road is long and obstructed. The simplicity and low cost of
DDoS makes it almost grow with the Internet. It is not a simple matter to form a complete prevention ecosystem.
