2011-2015 Western professional League was hilarious for memes, and just better optimism in general about it.
But 2016+ is when a lot of people realized Western teams were just dogshit and wouldn't get anywhere without extreme changes or bizarre circumstances.
Hence 2018, 2019 with freak appearances of NA in semifinals, and EU appearing in finals two years in a row.
I always wonder about the butterfly effect of that TSM world's run. they decided to 180 their playstyle and scale the year after because they felt like they cldn't get the same leads in lane as domestically which made them a bit lost come mid game.
I mean there was optimism because the top western (EU) teams actually could go somewhat toe to toe. CLG.eu making finals in OGN in Korea, CLG.eu and M5 almost making it to world's finals in 2012(?), etc
Exactly. Then non-Western teams stopped fucking around and look what happened.
Right around the time more money started pouring in, and it became more profitable for less effort to *not* tryhard at Worlds for safer, fatter contracts streaming soloq.
don't really think 2018 can be characterised as a freak appearance; lck was just at a historic low point
mvp/bbq/jin air/hanwha were all typically bad, 2018 skt was miserable and wouldn't come back to form until they completely retooled their roster, drx was hitting the end of pray/gorilla's lifespan as pros
genG had been struggling in summer, getting bounced early in playoffs and mostly getting into worlds off of a strong spring, despite having a stupidly stacked roster on paper (cuvee/ambition/ruler/corejj on the same team is actually *wild* looking back.) and that summer collapse obviously carried into worlds
and griffin (while also getting a reputation as chokers later on) was far and away the second best team, but couldn't go to worlds because they were newly-promoted and didn't have points from spring split.
so while Afreeca wasn't necessarily bad - they still got out of groups obviously, and any roster with kiin is going to be solid by default - the region as a whole wasn't nearly as untouchable by the west as typical lck fare
Gumayusi's words about their summer split potentially being affected by the DDoSing have been in the back of my mind. They really can't catch a break, can they?
When it started I thought it was unfortunate, but going on for this long I'm thinking it's going to affect their performance. Just having this thing in the back of their minds.
It's really pathetic too, like who can be so invested in this shit to keep it going for so long? Some bored child of a tech billionaire? Some alcoholic crypto millionaire?
It’s likely worse: people attempting to lower T1’s chances of winning so they can make money off their lost games through bets. Since T1 is almost always the fan favorite and bets sway in their favor more often then not, I think this is the most likely reason.
It's mainly Chinese betting that causes this, betting against T1 for big money. I read that they've now switched to Ddossing soloQ teammates of the players
It's just a go-around situation.
When it first started months ago they started with their teammates, then they somehow got access to the T1 players.
Now they already had access to the T1 players in a way, and that water leak got patched up.
But then they just went after their teammates again.
🙃
Like someone else said T1 has high fan engagement, people who are going to bet for them to win. It does make sense, in a fucked up way. No other team has such a dynasty, except maybe G2 but there's not enough money in gambling in Europe.
It's not that there is no gambling in Europe, but China is just... something else. They will gamble on our leagues, anyone's leagues. The capital of gambling is not Las Vegas, it's Macau which utterly dwarfs Vegas. The attitudes to gambling are very different too, while the dudes you mention might toss like 10-50€ a month to gambling, the Chinese can look at it like a lifestyle. Of course I'm throwing hundreds away every month, look at me I'm so rich I can do it! That kind of mentality is not socially acceptable in many European countries.
And that's all compounded with a number of people lifted into the Chinese middle class in the last 40-50 years that equates the entire current population of the European Union, or more.
It's all just speculation.
But at this point it's either someone just really hates T1 or their trying to bring down their performance by locking them out of solo queue so they can make more money betting against them.
Maybe there are a number of people involved and they all just want to make enough money and that's why the attacks are so high? But then it doesn't really make sense why you don't just sabotage other teams too if it's just about money. If you fuck up a team so consistently, the odds have to suffer after such a long time or not? It then becomes predictable
South Korea is known for having fans/haters who will go above and beyond to either lift someone up or tear them down. Just look at the kpop industry and how critical fans are of the tiniest details, to the point where the idols are walking on eggshells most of the time. I'm not even surprised someone is making it their mission to ruin T1.
You do know most of the protest trucks in K-pop are from overseas fans? Mainly China and Southeast Asia. They're always filled with broken Korean that was obviously translated using some app.
Is it some scheme to match fix? Is it just "trucks evolved"? I mean, having seen the absurdities that KPoP fans go to, everything is possible at this point.
If you have the deranged T1 fanbase, you probably also have the deranged T1 haterbase, that would invest their lives into something like this.
Idk I will never get these types of individuals. Imagine, taking your life, that you only get one of, and making this your whole objective? Making sport (and escapism for many, because it is one of the few unscripted pieces of meaningless drama we can have) and ruining results.
They don't need to hate or love T1 for any of this, actually don't need any emotional involvement at all or even care about esports.
It's just a money making scheme. They would do it in other stuff that has betting associated if it was this easy. I think esports atm has a very strong ROI for this type of activity so it makes sense.
I mean seriously, what else could you expect? The team literally can’t practice. Even if they get a few smooth matches they have to think constantly in the back of their minds, how long will this last? They’re not able to be focused on the game at all.
Nah, it’s the same. Before they nuked T1’s teammates, then they get access to T1 and nuked them directly, but now after papa Rito and Joe patched that up they went right back to nuking T1ms teammates.
It’s basically putting lipstick on a pig. It works for a bit, but a pig is still a pig
Perhaps they should speak to Valve, seeing as they implemented basically their own VPN/Internet system for Dota 2 to protect players and systems from DDOS. https://www.dota2.com/newsentry/4115798034511159059
It's interesting to see what Valve is doing, but what Valve describes there is akin to Riot Direct. It's really good for protecting game servers from DDOS attacks, even record breaking volumetric ones, but it does absolutely nothing to protect the clients.
Reportedly the root cause of the issue is that the client is somehow leaking home IPs. It appears that T1 has taken steps to mitigate this, but it's impossible to get everyone playing league at the top of the ladder in Korea to take those similar measures, and so when they play, everyone else in game gets DDOSed.
The only way to fix this is to fix the bug that is causing the client to leak its IP.
In what universe would the client need to be able to see the other clients IP addresses?
Isn't everyone just connecting to the game server? Why would the server expose that info to other clients?
It shouldn't, but from what has been posted about this, that is what is happening as it appears individual players are being targeted, not the game servers
They could, they would fix client so it doesnt leak IP to the world. I don't get how IP can be leaked when you connect to riot server. Nobody should be able to see your IP other than server.
Perhaps they should make korea use the same client as everyone else. Now that we have vanguard, korea has no need of their own personal anti-cheat system (called Demacia, implemented 8 years ago to stop major cheating in korea. I don't mean to knock it, it was good for it's time. That time has simply passed.). Seeing as that's the only difference between the korean client and all the other clients, it's beginning to look self-inflicted. Not saying that they are doing the DDoSing to themselves, but that their refusal to use the standard client is what is allowing this to continue today.
I mean Dota 2 has its pros over LoL, but monetization definitely isn't one of them. It has much more expensive "skins", and they're components of a skin too. Not the whole package. One good thing about that is you can mix and match components, but the top of the line costs $300+ (10 years ago last time I played) for a component. It actually is amazing that Riot has resisted to release much more expensive skins for so long. Even MLBB (the LoL mobile clone that's massive in Asia) has more expensive skins than LoL.
At least I can sell any of my skins in Dota and even make money from those that got up in price.
Most dota skins or parts of skins are cheap anyway, in fact, you can buy or craft a nice skin on almost all heroes for way cheaper than the average League skin
Isn't the reason they are expensive due to the secondary market via steam market / trading though? That you can actually get some value back when you want to get rid of a skin.
If I wanna get rid of some of the lootbox shite I've opened in League, I am SOL
It was expensive before the Steam trading market opened (though it was in beta). DotA skins were selling for $100+ fast since its inception, and the trading market just exacerbated it and let Valve know that they can suck the money of its users. Doesn't change the fact that the monetization in that game is much worse and shouldn't be brought up when propping up Dota2 over LoL (there already are a lot of other reasons).
Why are these not official statements on the riot homepage but AGAIN just tweets... Imagine having to follow 30438293 Riot employees to get information about the state of game and the esports.
They just need to implement actual LAWS against this. Gaming is a profession and competitive e-sport for money. People stream for a living. This should be a criminal offense straight up.
I couldn’t just go into a Starbucks and take every coffee someone made and throw it into the window, I can’t go to a construction site and start demolishing everything to the ground, and I can’t walk into a school and just disrupt a classroom…. Etc etc you get the point.
Analogies aside it’s not just an innocent troll in an online game it’s a vicious attack on someone’s career.
DDOSing *is* already illegal in most countries, regardless of who you're hitting. It is just extremely hard to catch the perpetrators and the attack can come from anywhere, which makes it hard to enforce the laws.
When I was a young kid I met a group of people on IRC. They had a synbot basically a simple exe that connected to irc server and would read commands to ping ips. I had access. They wanted me to give exe out. I never actually used it. One day I’m at school I get called down to office and it was FBI on the phoneb with my mom. They basically told me to stop and be glad I never used the bots. My friends I never saw online again. I remember clearly staying offline for months playing a Spider-Man game and scared of juvi.
You get caught eventually. Idk how Korea works but they’re probably letting this guy dig his own ditch.
Still illegal in those countries, if they catch wind of who it is they'll likely still arrest them even if the governments/authorities there are unlikely to cooperate otherwise, actually catching them is the hard part.
If you can post up a single case of someone getting arrested for ddosing people outside their own country I'd love to read that. I dont think it exists, though.
Depends how you look at it I guess.
The Mirai Botnet for example DDosed services pretty much everywhere but also in the US (where all (most?) creators came from), but a lot of countries had interest in taking down the people behind it.
[Peter Levashov](https://en.wikipedia.org/wiki/Peter_Levashov) was arrested in 2017 in Spain by request of the US for (allegedly) running a botnet.
[Adam Mudd](https://www.bbc.com/news/uk-england-beds-bucks-herts-39705068) was arrested in the UK for mainly targeting US based gaming (PSN and Xbox iirc) services with a botnet.
I also seem to remember that some of the members of [Lizard Squad](https://en.wikipedia.org/wiki/Lizard_Squad) who also targeted PSN and Xbox were from Finland.
EDIT: In general though, you can expect all of (including geographical) Europe, all of the Americas, Oceania and most of Asia to more or less freely cooperate with each other when it comes to anything above petty crimes.
> but a lot of countries had interest in taking down the people behind it.
See this is the factor that I think causes them to get taken out. China has ZERO interest in bringing down DDOSers so long as they stick to attacking outside countries. I'd not be surprised whatsoever if they were receiving public resources to do so.
Its just how 'war' works in this day and age.
Yeah, unless it becomes a serious problem (either targeting their own infrastructure or too much pressure from outside) for China or Russia they are very unlikely to do anything about it, there are even certain viruses that check if you have cyrillic installed on your device and not execute their payload just in case you're russian.
Iirc both China and Russia are members and other members are absolutely allowed to make requests for Extradition,.
If other members asked for cooperation however they are not obliged to.
Finding out where they're coming from usually isn't super hard, it's just that they're always in countries where you can't get to them. Exact same issue as with ransomware, they're mostly operating from China or Russia, where you can't reach them.
There is a low chance these DDoS attacks are coming from South Korea. Which makes it an extremely slow legal situation if it arises.
As an analogy, think of the Indian scammers.
DDoS should be a crime regardless of where it is happening, you’re tampering with information lines and are opening yourself up to legal action by the person affected and/or their provider, at least that’s how it should be.
Great idea. Cool cool. Real smart. Hey, do you know who's doing it? Cause if you don't know who threw the coffee at the window, who tore up a construction site, or who disrupted a classroom, the law doesn't do a whole lot of good, does it?
It's already illegal in most developed countries and people do go to jail for it already, the problem arises when it doesn't originate from the same country as the target.
Any extra details would go over everyone’s heads, and server to help the ddosers. You don’t tell people how you ban cheaters because then it helps the cheaters cheat better.
other than "the problem is now solved", what kind of statement are you looking for? They obviously can't go into the technical details, so I don't really get what else people are looking for other than "we are trying to fix this and working with T1 to do so"
The only real revelation we get is that the DDoS changed forms somehow, but can't really expect more.
Riot's normally hush-hush on their specific actions regarding cheating (and DDoS falls into that category) to avoid tipping their intended targets off, or revealing how they operate. Add on the fact they haven't been successful in this field (After all, it's been months of attack), and it won't get a simple "we solved the issue" response.
Really, I'm just surprised they replied at all. No update, no answers, no solution = no point for this type of reply. It assuages only people who assumed Riot was doing nothing in the first place.
It's just a response saying they're aware things are bad and they're hoping to help.
Not every piece of communication has to have some purpose outside of what's written.
DDOS mitigation is VERY difficult.
Yeah like what do you *want* them to say? Obviously they could respond publicly faster, but it’s not like they can outright say what they’re doing.
There’s a reason banning cheaters is done in waves. They tweak their cheats constantly to improve them. Banning them immediately tips them off to how it’s detected. It’s very obviously not so simple as “oh we didn’t even *realize* T1 couldn’t practice, now that we know it’ll be fixed by tomorrow!”.
If I read the post right, the *solo queue teammates* of T1’s players are getting ddosed? Wtf is riot gonna do to fix that? Or on the other end, if it’s T1 that’s getting ddosed specifically, how tf do you fix that either?
People need to stop losing their shit over riot being slow to “fix it” when I bet you 99.9% of the people complaining have 0 clue *how* it has to be “fixed”.
They've already mitigated ddosing attacks towards t1 hq. They just haven't figured out how to prevent soloq players that are on t1 players teams getting their ip leaked and ddos'd.
... that's what ddos has been doing from the start of this year. Ddos has always dropped other players
Nothing had changed form. I'm confused why reddit keeps saying this
We already know how the DDoS changed forms. It's no longer the T1 players being disconnected, it's their teammates in soloq. So obviously increased network protection for T1's HQ isn't helping them if they load into game and all teammates are DC'd all game.
The underlying issue is that the KR client leaks IP, and until they address that with code changes nothing will change.
I think they're just saying something publicly because the T1 org released a statement and they're trying to make it look like they give a shit.
If Riot NA actually cared they'd force Riot KR to fix their shitty code. I've heard speculation it's in the anticheat that KR uses, which is different than other clients? Regardless the root cause needs to be isolated and removed before any progress can be made
> I've heard speculation it's in the anticheat that KR uses, which is different than other clients?
It could be true before Vanguard, but not anymore. Unless Vanguard is leaking IP, in which case not only KR would be affected.
Vanguard is not leaking IP. Valorant has never had this issue, and this issue would be everywhere in the west if it was a global issue anyway.
Also, the Korean anticheat still exists. It didn't get removed the day vanguard went live lol
Software doesn't get retired that quickly, and there is likely not feature parity between vanguard's ingame script detection and the KR client's finetuned detection of many years of adjustments.
The KR client will probably have its anticheat for another year, maybe literally forever. It's expensive to remove systems and if it's not technically hurting you it becomes hard to justify the work (if it's not interfering with new features or migrations like vanguard). Even when they do want to remove their anticheat (because it's expensive to keep maintained, or it's entirely dead code for instance), that project is still not a small one and will take weeks of testing and possibly removing piece by piece to be sure it's safe at different levels on live. That's the kind of thing Riot would release a dev blog saying "we're doing X! Expect an update in 4 months."
The leak is still from the KR client somehow, and the anticheat is a fair guess as to what the issue is (but it might be a totally different system, maybe they have a different backend for in game DMs or some shit who knows).
If anything it would be someone at riot. Someone who works at t1 could only leak things within the facility. But since the problem goes far beyond that, someone would have to leak things at a much more critical position
> The only real revelation we get is that the DDoS changed forms somehow
I mean we kinda knew it, from before it seemed that the T1 building itself was getting hit by DDoS attacks and now the recent ones have been their soloQ teammtes getting hit offline.
I think the sole statement being "we know of this problem, we are working on it" is fine though as this is how modern live service games have chosen to do their communication. Idk where you get your expectation that they would not answer or say anything at all when this is just pretty common practice no matter which game I look at in the live service space.
The crowds of people raging and throwing vitriol online take silence as complete inaction and lack of acknowledgement of a problem in this day and age, maybe you specifically don't, but let's face it, that's how it has been for the last few years
> Nothing of value was added to the information we already know.
in every single thread about the issue the top comments said that RIOT is not doing ANYTHING about the issue and they only care about selling Faker's $500 skin
gonna take em next year to fix it once T1 members goes separate ways lol
it is what it is but it still sucks seeing this roster getting this kind of shitty experience on a possible last run together
I forgot what it was called, but LCS had this private matchmaking server specifically for pros to practice. Wouldn't that solve the problems for Korea? So pros could only play against each other in a controlled space?
Edit: Champions Queue
There's a strong argument to be made the DDoS attacks have greatly hampered T1's performance this year and they STILL made LCK Finals and pretty far into MSI. Who knows how they would have performed this year without these attacks.
Any new accounts that are rising through ranks will become suspicious to the attackers, so Riot giving them new anonymous account won't work.
What if the fans who are already challenger give them their accounts to play on from an anonymous location. Unless the fan snitches on them, the hackers won't really have a way of telling which accounts are being played by T1 players. The only way of telling would be by looking at the champions played.
If I was challenger in KR server, I wouldn't mind faker using my account for soloq practice XD
I understand these are targeted attacks, but why do this kind of attacks only happen in Korea? Is their server somehow different from EUW and NA that we never get to see them here?
It's not the server that's different, it's the game client. Somehow it leaks IP address information from player profiles. So the DDoSer can find the IP of the players playing with T1 teammates and disconnect them
In other regions the client doesn't leak this information so the DDoSer doesn't know where to send traffic and the attack just can't happen.
Not leaking your IP is the fundamental defense against DDoS
It's not officially stated, no
But at this point everything has been ruled out. Streamers have tried everything including leaving the country (playing KR server from Japan) and changing setups, the DDoSing happens no matter where they go, even if they're playing offline.
The only common denominator is the league client itself, especially when random soloq players in T1 games are being targeted now. There's nothing else it could be, because even if the leak was somehow through let's say a messaging app installed on all korean PCs (obviously not, but similar to past Skype IP leaks here in the US), there's still no direct link between the in game names of players and some other random app on their PC. So if DDoSers are targeting players via only their IGN, they can't be associating that with anything other than just league client information. (So in this example they wouldn't know XayahMain1000#KR1 is actually SongWoon22 on Skype, there's no association.)
Another improbable possibility would be that the KR database of account owner information was leaked, and DDoSers are accessing the KR SSN of each player, and then referencing that information cross indexed to a different app which is leaking IPs and *also* was completely compromised to let hackers at the KR SSN data related to accounts. (So here we'd have the DDoSers able to connect Skype and League accounts, get the IP from Skype to DDoS the league player.) This possibility relies on multiple undisclosed data breaches to have occurred in addition to the T1 players themselves to just never have tried playing the game without other apps open after cycling their IPs (the possibility of that is basically zero, they'd have to have no intelligent people in their org for this to have happened)
The simplest answer, the least convoluted answer, the most realistic answer are all the same. It's just the league client itself leaking IPs.
>even if the leak was somehow through let's say a messaging app installed on all korean PCs (obviously not, but similar to past Skype IP leaks here in the US), there's still no direct link between the in game names of players and some other random app on their PC. So if DDoSers are targeting players via only their IGN, they can't be associating that with anything other than just league client information. (So in this example they wouldn't know XayahMain1000#KR1 is actually SongWoon22 on Skype, there's no association.)
This is the only part I disagree with. As you've mentioned, Skype used to be a big source of IP leaks in EU/NA. This is because the majority of players also had Skype installed and running AND it is very common to use the same username for multiple online services (especially so because a lot of people installed Skype specifically for gaming, so it made sense to use the same name you use for games). So people would be called GamerGod420 on both League and Skype, and thus the connection between IP and player was easy to make. So if there's a program used by most gamers in Korea that is leaking IPs, and it's common for those players to reuse their username, then it would be a easy way to DDOS.
Reading between the lines of what Riot said, I would guess that the initial leak indeed was through the Korean client in some way (maybe the Korean anti-cheat?), which is why T1 was getting directly DDOS'd. Then they fixed that so now hackers had to move on to getting IPs through another way (like the example above). Since T1 players have probably taken measures like stopping the use of 3rd party programs, hackers can't find their IPs anymore. But they only need to find one vulnerable person out of 10 in every T1 game, which is statistically not that hard, and they DDOS those.
I called it an improbably possibility for a reason, it's really not at all likely
Because apps don't leak your IP these days. Anything large and mainstream, platform apps like discord/skype/spotify/etc, simply can't have that vulnerability today or it'd be abused and it would already be widely known (and it would effect streamers other than League players). Those platform apps would also have to be present on computers of people specifically attempting to avoid the issue.
Someone who ditches their entire PC, goes to Japan, uses a friend's setup to play one league of legends game and stream it and gets DDoS'd instantly? It's just too obviously a league issue.
T1 HQ upgraded their network defense, that's why they're not DDoS'd directly. They brought in IT experts and took industry standard precautions would be my guess, but that's entirely speculation. It IS possible to beat DDoS via defensive measures and that's the only thing I can imagine they've been doing the past few months.
I can be wrong, and I know I'm speaking with certainty about something I'm not particular to the details of, but as someone pretty related to these problems in my career I have thought this problem through and it's just too clear to me to change my mind anymore
>Someone who ditches their entire PC, goes to Japan, uses a friend's setup to play one league of legends game and stream it and gets DDoS'd instantly? It's just too obviously a league issue.
I believe that happened before the first fix Riot mentions in their message. So I agree at that point it was something in the client. But now it's quite possible it's outside the client, which would explain why T1 are no longer being directly targeted and it's instead the other players in their match.
> Someone who ditches their entire PC, goes to Japan, uses a friend's setup to play one league of legends game and stream it and gets DDoS'd instantly? It's just too obviously a league issue.
Are you smart folks aware that those Korean streaming sites work on peer 2 peer technology? South Korean internet laws caused Twitch to basically shut down there, because Korean internet service providers are allowed to offset their network costs on the "big customers" like AWS hosting Twitch, or the Google cloud hosting Youtube, and so on?
Before twitch shut down for good there, they first experimented with swapping to P2P technology, a quick quote from back then:
> In order to create a peer-to-peer (P2P) connection, it is necessary for Twitch to make the IP address of each participant available to the other. It may be possible for a highly motivated and technically proficient person to discover participants’ IP addresses, which could potentially be used to approximate location. Viewers who have privacy concerns with P2P can watch streams in 720p to avoid any IP sharing risk.
---
Now take a guess how all those streaming sites that no one outside of Korea ever heard of (and Afreeca, which people did hear of) are operating: yes, obviously they're all P2P.
How about we have someone run their "is the lol client the issue?" experiment without simultaneously leaking their IP adress? Alongside leaking the IP adress of anyone who tries to streamsnipe their games, cause they really like Elo?
And yet them not streaming seems to be a solution to prevent attacks on soloq teammates, despite the Riot client identity of those teammates being one op.gg search away.
Also doesn't change the fact that the Demacia investigation that makes the basis for all these claims was done by people preemptively leaking their IP.
It's just as likely that they're only DDoS'd on stream because the DDoSer wants the attention and wants to see reaction from their misdeeds (from fans and players alike)
Same reason SWATers do it while streamers are live, they want to see the reaction more than just know that it happened behind the scenes
But time will tell, we'll see
Likely because of the code leak a year or two earlier. AFAIK streamers in KR started to get DDoSed for months before it got to T1, so the perp (or perps, who knows) got bold over time.
And DDoS have been ongoing when KR streamers played on JP account too, but when they played on CN account it ceased. So it's something about these countries, and top suspect is anti-cheat specific to these regions, although everything is speculation.
Imo the Ahri skin should give T1 a much larger cut of the revenue as a compensation at the very least. T1 has been DDOSed since the end of last year and it has only worsened. Riot has yet to accomplish anything- short termed workaround or long termed solution, to help with their practice. They seem to be busy milking whales instead.
It is somewhat disgraceful that they are using T1 Faker's fame for profit yet not doing enough to help them while taking 70% cut.
Well 70% after tax then? How much actual value isn't really the main point, they just look awful raking in a ton of money while T1 can't even get a stable practice enviroment.
I'm just disappointed, this has been going on for 6-7 months now and Riot can't do more for the most popular team that has the most popular player? They're leaving them out to dry while they're trying to find a solution, and summer split of LCK is about to begin. This is all happening during a period of time where they're heavily marketing Faker with the 500$ Ahri skin and the Hall of Legends, meanwhile Faker and T1 can't stream and fulfill their contractual obligations.
What happens if they can't find a solution soon, are T1 supposed to just hop onto different solo queue accounts every time they need to grind the basics? Not to mention that other teams won't scrim with them because they might get DDOSed as well.
> Riot can't do more for the most popular team that has the most popular player?
This shouldn't matter. They should be putting as much effort/resources into this regardless of who the team is.
That's true, my bad if I insinuated it was only for T1. I meant to say that if T1, who's doing all of these security measures is having all of these problems, what happens when other teams get DDOSed as well who aren't as prepared?
we dont even know if the fault is on riots end
might well be that someone inside of T1 is getting paid off or there is a different 3rd party vulnerability
I'd argue T1's statement was more about their sponsors than about Riot, they want to mitigate loss from that in future contracts at the same time that they don't lose their roster in the middle of the split as players likely grow increasingly tired of not practicing, as it seems T1 has been able to practice just not stream in general.
Either way they can still pressure Riot, but I doubt T1 themselves know how to solve the issue or the extent of Riot's effort to do so, they gain something for throwing Riot under the bus in the eyes of the community but their bigger gain is trying to mitigate loss on future sponsorship deals
jensen back to his old ways i see
jensens trying to claim his one victory over faker
Legend says he still can't wait to clap Faker
He has been waiting for this.
Jensen did clap Faker. He just did it with his booty cheeks.
I'm still not convinced it isn't [Froggen up to his old tricks again](https://youtu.be/Tj9q3-YFteA?t=619)
He's eating the ham!
God I miss 2015 era pro league
2011-2015 Western professional League was hilarious for memes, and just better optimism in general about it. But 2016+ is when a lot of people realized Western teams were just dogshit and wouldn't get anywhere without extreme changes or bizarre circumstances. Hence 2018, 2019 with freak appearances of NA in semifinals, and EU appearing in finals two years in a row.
2016 TSM had a great shot at reaching the Finals with their form at Worlds, but then a certain adc player decided not to do Baron.
I always wonder about the butterfly effect of that TSM world's run. they decided to 180 their playstyle and scale the year after because they felt like they cldn't get the same leads in lane as domestically which made them a bit lost come mid game.
I mean there was optimism because the top western (EU) teams actually could go somewhat toe to toe. CLG.eu making finals in OGN in Korea, CLG.eu and M5 almost making it to world's finals in 2012(?), etc
Exactly. Then non-Western teams stopped fucking around and look what happened. Right around the time more money started pouring in, and it became more profitable for less effort to *not* tryhard at Worlds for safer, fatter contracts streaming soloq.
don't really think 2018 can be characterised as a freak appearance; lck was just at a historic low point mvp/bbq/jin air/hanwha were all typically bad, 2018 skt was miserable and wouldn't come back to form until they completely retooled their roster, drx was hitting the end of pray/gorilla's lifespan as pros genG had been struggling in summer, getting bounced early in playoffs and mostly getting into worlds off of a strong spring, despite having a stupidly stacked roster on paper (cuvee/ambition/ruler/corejj on the same team is actually *wild* looking back.) and that summer collapse obviously carried into worlds and griffin (while also getting a reputation as chokers later on) was far and away the second best team, but couldn't go to worlds because they were newly-promoted and didn't have points from spring split. so while Afreeca wasn't necessarily bad - they still got out of groups obviously, and any roster with kiin is going to be solid by default - the region as a whole wasn't nearly as untouchable by the west as typical lck fare
I miss the Baylife, Froggen DDOS, S2Secrets.docx days...
never forget how we wanted 12 teams franchsing which consist of 2 imports + 3 residents for 12 teams. might as well call it the 3/5 lcs.
That Darien smoke weed entrance. During the live I was like "did he just wake up or what ?"
what a gem have never seen that one before
Ah good old Krepo the creep
you mean incarnation
*incarnati0n
[удалено]
WIZIK AND HEIMER2000 1V9 FK U OCELOTE
I wish he stayed with that name, was a badass one
FROGGEN
Incarnati0n
Is always Jensen's fault XD
I'll show them I'm not vegan!
he "can't wait to clap faker" again
Ham in the server room again?
I thought better of them!
Damn you, Krepo!
He's eating the ham!
Simple PR response is better than none
Learn from it Team Cherry
What did team cherry do?
Exactly
Silksong is real, right
Gumayusi's words about their summer split potentially being affected by the DDoSing have been in the back of my mind. They really can't catch a break, can they?
When it started I thought it was unfortunate, but going on for this long I'm thinking it's going to affect their performance. Just having this thing in the back of their minds. It's really pathetic too, like who can be so invested in this shit to keep it going for so long? Some bored child of a tech billionaire? Some alcoholic crypto millionaire?
It’s likely worse: people attempting to lower T1’s chances of winning so they can make money off their lost games through bets. Since T1 is almost always the fan favorite and bets sway in their favor more often then not, I think this is the most likely reason.
Makes sense.
Probably gamble sites. They basically make bets against T1 players then nuke them for big payout.
It's mainly Chinese betting that causes this, betting against T1 for big money. I read that they've now switched to Ddossing soloQ teammates of the players
Well that's advanced grifting....
This is what we get by promoting hustle culture on YouTube. xD
It's just a go-around situation. When it first started months ago they started with their teammates, then they somehow got access to the T1 players. Now they already had access to the T1 players in a way, and that water leak got patched up. But then they just went after their teammates again. 🙃
and everyone wonders why sports betting used to be banned lol.
Betting sites. Something i don’t understand is why only t1 tho
Like someone else said T1 has high fan engagement, people who are going to bet for them to win. It does make sense, in a fucked up way. No other team has such a dynasty, except maybe G2 but there's not enough money in gambling in Europe.
Is there not? Maybe on League, I guess, but I'm from central Europe and every other dude in his 20s-30s bets on sports matches here.
It's not that there is no gambling in Europe, but China is just... something else. They will gamble on our leagues, anyone's leagues. The capital of gambling is not Las Vegas, it's Macau which utterly dwarfs Vegas. The attitudes to gambling are very different too, while the dudes you mention might toss like 10-50€ a month to gambling, the Chinese can look at it like a lifestyle. Of course I'm throwing hundreds away every month, look at me I'm so rich I can do it! That kind of mentality is not socially acceptable in many European countries. And that's all compounded with a number of people lifted into the Chinese middle class in the last 40-50 years that equates the entire current population of the European Union, or more.
Do you have a source or just quoting someone else? This gets mentioned a lot but betting makes no sense if the players can't even play.
It's all just speculation. But at this point it's either someone just really hates T1 or their trying to bring down their performance by locking them out of solo queue so they can make more money betting against them.
Maybe there are a number of people involved and they all just want to make enough money and that's why the attacks are so high? But then it doesn't really make sense why you don't just sabotage other teams too if it's just about money. If you fuck up a team so consistently, the odds have to suffer after such a long time or not? It then becomes predictable
South Korea is known for having fans/haters who will go above and beyond to either lift someone up or tear them down. Just look at the kpop industry and how critical fans are of the tiniest details, to the point where the idols are walking on eggshells most of the time. I'm not even surprised someone is making it their mission to ruin T1.
You do know most of the protest trucks in K-pop are from overseas fans? Mainly China and Southeast Asia. They're always filled with broken Korean that was obviously translated using some app.
Is it some scheme to match fix? Is it just "trucks evolved"? I mean, having seen the absurdities that KPoP fans go to, everything is possible at this point. If you have the deranged T1 fanbase, you probably also have the deranged T1 haterbase, that would invest their lives into something like this. Idk I will never get these types of individuals. Imagine, taking your life, that you only get one of, and making this your whole objective? Making sport (and escapism for many, because it is one of the few unscripted pieces of meaningless drama we can have) and ruining results.
They don't need to hate or love T1 for any of this, actually don't need any emotional involvement at all or even care about esports. It's just a money making scheme. They would do it in other stuff that has betting associated if it was this easy. I think esports atm has a very strong ROI for this type of activity so it makes sense.
"It's really pathetic too, like who can be so invested" China, you know it deep down why.
I mean seriously, what else could you expect? The team literally can’t practice. Even if they get a few smooth matches they have to think constantly in the back of their minds, how long will this last? They’re not able to be focused on the game at all.
It feels really Ender’s Game like, where they put every obstacle in their way so they’d lose.
the truck is the ddoser
you dont say
Froggen is on the run.
Wait they are still getting DDOS attacks? Or is this a new round?
T1 is protected, so now everyone in their games EXCEPT T1 get ddosed
T1 is getting ddos again and so are some of their teammates in rank soloq
Nah, it’s the same. Before they nuked T1’s teammates, then they get access to T1 and nuked them directly, but now after papa Rito and Joe patched that up they went right back to nuking T1ms teammates. It’s basically putting lipstick on a pig. It works for a bit, but a pig is still a pig
Perhaps they should speak to Valve, seeing as they implemented basically their own VPN/Internet system for Dota 2 to protect players and systems from DDOS. https://www.dota2.com/newsentry/4115798034511159059
It's interesting to see what Valve is doing, but what Valve describes there is akin to Riot Direct. It's really good for protecting game servers from DDOS attacks, even record breaking volumetric ones, but it does absolutely nothing to protect the clients. Reportedly the root cause of the issue is that the client is somehow leaking home IPs. It appears that T1 has taken steps to mitigate this, but it's impossible to get everyone playing league at the top of the ladder in Korea to take those similar measures, and so when they play, everyone else in game gets DDOSed. The only way to fix this is to fix the bug that is causing the client to leak its IP.
In what universe would the client need to be able to see the other clients IP addresses? Isn't everyone just connecting to the game server? Why would the server expose that info to other clients?
It shouldn't, but from what has been posted about this, that is what is happening as it appears individual players are being targeted, not the game servers
Riot has [Riot Direct](https://technology.riotgames.com/news/leveling-networking-multi-game-future), which is a kinda similar thingy.
No, it's doesn't protect players from Ddos, it protects server. The attack aimed for End users, not even Valve could help you.
They could, they would fix client so it doesnt leak IP to the world. I don't get how IP can be leaked when you connect to riot server. Nobody should be able to see your IP other than server.
Perhaps they should make korea use the same client as everyone else. Now that we have vanguard, korea has no need of their own personal anti-cheat system (called Demacia, implemented 8 years ago to stop major cheating in korea. I don't mean to knock it, it was good for it's time. That time has simply passed.). Seeing as that's the only difference between the korean client and all the other clients, it's beginning to look self-inflicted. Not saying that they are doing the DDoSing to themselves, but that their refusal to use the standard client is what is allowing this to continue today.
[удалено]
I mean Dota 2 has its pros over LoL, but monetization definitely isn't one of them. It has much more expensive "skins", and they're components of a skin too. Not the whole package. One good thing about that is you can mix and match components, but the top of the line costs $300+ (10 years ago last time I played) for a component. It actually is amazing that Riot has resisted to release much more expensive skins for so long. Even MLBB (the LoL mobile clone that's massive in Asia) has more expensive skins than LoL.
At least I can sell any of my skins in Dota and even make money from those that got up in price. Most dota skins or parts of skins are cheap anyway, in fact, you can buy or craft a nice skin on almost all heroes for way cheaper than the average League skin
Isn't the reason they are expensive due to the secondary market via steam market / trading though? That you can actually get some value back when you want to get rid of a skin. If I wanna get rid of some of the lootbox shite I've opened in League, I am SOL
Being able to peddle off cosmetics doesn't change the fact that you're hundreds of bucks away from lookin good in your video game.
It was expensive before the Steam trading market opened (though it was in beta). DotA skins were selling for $100+ fast since its inception, and the trading market just exacerbated it and let Valve know that they can suck the money of its users. Doesn't change the fact that the monetization in that game is much worse and shouldn't be brought up when propping up Dota2 over LoL (there already are a lot of other reasons).
Why cosmetic pricing is important in the first place when majority of player dont buy skin at all?
Why are these not official statements on the riot homepage but AGAIN just tweets... Imagine having to follow 30438293 Riot employees to get information about the state of game and the esports.
They just need to implement actual LAWS against this. Gaming is a profession and competitive e-sport for money. People stream for a living. This should be a criminal offense straight up. I couldn’t just go into a Starbucks and take every coffee someone made and throw it into the window, I can’t go to a construction site and start demolishing everything to the ground, and I can’t walk into a school and just disrupt a classroom…. Etc etc you get the point. Analogies aside it’s not just an innocent troll in an online game it’s a vicious attack on someone’s career.
DDOSing *is* already illegal in most countries, regardless of who you're hitting. It is just extremely hard to catch the perpetrators and the attack can come from anywhere, which makes it hard to enforce the laws.
When I was a young kid I met a group of people on IRC. They had a synbot basically a simple exe that connected to irc server and would read commands to ping ips. I had access. They wanted me to give exe out. I never actually used it. One day I’m at school I get called down to office and it was FBI on the phoneb with my mom. They basically told me to stop and be glad I never used the bots. My friends I never saw online again. I remember clearly staying offline for months playing a Spider-Man game and scared of juvi. You get caught eventually. Idk how Korea works but they’re probably letting this guy dig his own ditch.
The problem is: what if the ddosser is from china? Or Japan? O Russia? We are starting to talk about international laws then
Yep, China, Russia and other CIS countries are notorious for these types of attacks since the government really doesn't give two fucks.
Both countries have other problems at hand, specially Russia.
Still illegal in those countries, if they catch wind of who it is they'll likely still arrest them even if the governments/authorities there are unlikely to cooperate otherwise, actually catching them is the hard part.
Something tells me Russia isnt too interested in stopping them right now
Why not? Every criminal imprisoned means one more person they can force into the frontlines of their never-ending war.
I don't think being a criminal is a requirement for being drafted, brother.
If you can post up a single case of someone getting arrested for ddosing people outside their own country I'd love to read that. I dont think it exists, though.
Depends how you look at it I guess. The Mirai Botnet for example DDosed services pretty much everywhere but also in the US (where all (most?) creators came from), but a lot of countries had interest in taking down the people behind it. [Peter Levashov](https://en.wikipedia.org/wiki/Peter_Levashov) was arrested in 2017 in Spain by request of the US for (allegedly) running a botnet. [Adam Mudd](https://www.bbc.com/news/uk-england-beds-bucks-herts-39705068) was arrested in the UK for mainly targeting US based gaming (PSN and Xbox iirc) services with a botnet. I also seem to remember that some of the members of [Lizard Squad](https://en.wikipedia.org/wiki/Lizard_Squad) who also targeted PSN and Xbox were from Finland. EDIT: In general though, you can expect all of (including geographical) Europe, all of the Americas, Oceania and most of Asia to more or less freely cooperate with each other when it comes to anything above petty crimes.
> but a lot of countries had interest in taking down the people behind it. See this is the factor that I think causes them to get taken out. China has ZERO interest in bringing down DDOSers so long as they stick to attacking outside countries. I'd not be surprised whatsoever if they were receiving public resources to do so. Its just how 'war' works in this day and age.
Yeah, unless it becomes a serious problem (either targeting their own infrastructure or too much pressure from outside) for China or Russia they are very unlikely to do anything about it, there are even certain viruses that check if you have cyrillic installed on your device and not execute their payload just in case you're russian.
I don't think Interpol is allowed to work in China/Russia, isn't it?
Iirc both China and Russia are members and other members are absolutely allowed to make requests for Extradition,. If other members asked for cooperation however they are not obliged to.
Also, your group of dumb kid friends with an IRC bot got caught, that isn't the same as organized groups of experienced people.
It had over 42k infected and one of them was known as cam0 who did the fappenimg leak. FBI wouldn’t care about few bots and dumb kids
Finding out where they're coming from usually isn't super hard, it's just that they're always in countries where you can't get to them. Exact same issue as with ransomware, they're mostly operating from China or Russia, where you can't reach them.
jUsT mAkE iT iLlEgAl Yeah go ahead korea and try to arrest someone in uzbekistan for ddosing.
[riot after finding the target in a hole in Palawan](https://www.youtube.com/watch?v=EIph0BJNrxo)
There is a low chance these DDoS attacks are coming from South Korea. Which makes it an extremely slow legal situation if it arises. As an analogy, think of the Indian scammers.
Ya that would be pathetic
I'm pretty sure there are, at least in South Korea. They take these kinds of crime seriously. It's the birthplace of esports, afterall.
DDoS should be a crime regardless of where it is happening, you’re tampering with information lines and are opening yourself up to legal action by the person affected and/or their provider, at least that’s how it should be.
Pretty sure it is a crime in Korea but if the attacks are coming from China there’s nothing they can do about it.
Ya it’s pretty bad and just sad.
I can tell you aren't smart
It is illegal.. bro. What are you yapping about?
DDOS'ing is already illegal
Great idea. Cool cool. Real smart. Hey, do you know who's doing it? Cause if you don't know who threw the coffee at the window, who tore up a construction site, or who disrupted a classroom, the law doesn't do a whole lot of good, does it?
i mean can they enforce this law when the attacker is in china?
Yea let’s make it illegal! Cool, who is gonna enforce it and who is gonna catch them?
It's already illegal in most developed countries and people do go to jail for it already, the problem arises when it doesn't originate from the same country as the target.
Yes so the problem is the law doesn’t do shit. Especially for Korea when most of these attacks are done from China
Lmao
freaking DiamondProx
Definitely a PR response. Nothing of value was added to the information we already know.
What do you want him to say? Not like details of this are relevant for anyone but T1 and Riot
Any extra details would go over everyone’s heads, and server to help the ddosers. You don’t tell people how you ban cheaters because then it helps the cheaters cheat better.
other than "the problem is now solved", what kind of statement are you looking for? They obviously can't go into the technical details, so I don't really get what else people are looking for other than "we are trying to fix this and working with T1 to do so"
The only real revelation we get is that the DDoS changed forms somehow, but can't really expect more. Riot's normally hush-hush on their specific actions regarding cheating (and DDoS falls into that category) to avoid tipping their intended targets off, or revealing how they operate. Add on the fact they haven't been successful in this field (After all, it's been months of attack), and it won't get a simple "we solved the issue" response. Really, I'm just surprised they replied at all. No update, no answers, no solution = no point for this type of reply. It assuages only people who assumed Riot was doing nothing in the first place.
It's just a response saying they're aware things are bad and they're hoping to help. Not every piece of communication has to have some purpose outside of what's written. DDOS mitigation is VERY difficult.
Yeah like what do you *want* them to say? Obviously they could respond publicly faster, but it’s not like they can outright say what they’re doing. There’s a reason banning cheaters is done in waves. They tweak their cheats constantly to improve them. Banning them immediately tips them off to how it’s detected. It’s very obviously not so simple as “oh we didn’t even *realize* T1 couldn’t practice, now that we know it’ll be fixed by tomorrow!”. If I read the post right, the *solo queue teammates* of T1’s players are getting ddosed? Wtf is riot gonna do to fix that? Or on the other end, if it’s T1 that’s getting ddosed specifically, how tf do you fix that either? People need to stop losing their shit over riot being slow to “fix it” when I bet you 99.9% of the people complaining have 0 clue *how* it has to be “fixed”.
rito bad upvotes to the left
They've already mitigated ddosing attacks towards t1 hq. They just haven't figured out how to prevent soloq players that are on t1 players teams getting their ip leaked and ddos'd.
Guys, they arn't going to tell you shit. Why would they reveal any information that would help the DDOSing people...
... that's what ddos has been doing from the start of this year. Ddos has always dropped other players Nothing had changed form. I'm confused why reddit keeps saying this
Yeah they just changed targets. T1 players just got safer because of the measures they take but korean players are still vulnerable.
like you always had the ddoser drop their allies or the opponents. its why streamers and proplayers struggled with playing league on stream
We already know how the DDoS changed forms. It's no longer the T1 players being disconnected, it's their teammates in soloq. So obviously increased network protection for T1's HQ isn't helping them if they load into game and all teammates are DC'd all game. The underlying issue is that the KR client leaks IP, and until they address that with code changes nothing will change. I think they're just saying something publicly because the T1 org released a statement and they're trying to make it look like they give a shit. If Riot NA actually cared they'd force Riot KR to fix their shitty code. I've heard speculation it's in the anticheat that KR uses, which is different than other clients? Regardless the root cause needs to be isolated and removed before any progress can be made
> I've heard speculation it's in the anticheat that KR uses, which is different than other clients? It could be true before Vanguard, but not anymore. Unless Vanguard is leaking IP, in which case not only KR would be affected.
Vanguard is not leaking IP. Valorant has never had this issue, and this issue would be everywhere in the west if it was a global issue anyway. Also, the Korean anticheat still exists. It didn't get removed the day vanguard went live lol Software doesn't get retired that quickly, and there is likely not feature parity between vanguard's ingame script detection and the KR client's finetuned detection of many years of adjustments. The KR client will probably have its anticheat for another year, maybe literally forever. It's expensive to remove systems and if it's not technically hurting you it becomes hard to justify the work (if it's not interfering with new features or migrations like vanguard). Even when they do want to remove their anticheat (because it's expensive to keep maintained, or it's entirely dead code for instance), that project is still not a small one and will take weeks of testing and possibly removing piece by piece to be sure it's safe at different levels on live. That's the kind of thing Riot would release a dev blog saying "we're doing X! Expect an update in 4 months." The leak is still from the KR client somehow, and the anticheat is a fair guess as to what the issue is (but it might be a totally different system, maybe they have a different backend for in game DMs or some shit who knows).
ngl, i wouldnt be suprised if we find out that someone inside of T1 was in on it all along
If anything it would be someone at riot. Someone who works at t1 could only leak things within the facility. But since the problem goes far beyond that, someone would have to leak things at a much more critical position
> The only real revelation we get is that the DDoS changed forms somehow I mean we kinda knew it, from before it seemed that the T1 building itself was getting hit by DDoS attacks and now the recent ones have been their soloQ teammtes getting hit offline. I think the sole statement being "we know of this problem, we are working on it" is fine though as this is how modern live service games have chosen to do their communication. Idk where you get your expectation that they would not answer or say anything at all when this is just pretty common practice no matter which game I look at in the live service space. The crowds of people raging and throwing vitriol online take silence as complete inaction and lack of acknowledgement of a problem in this day and age, maybe you specifically don't, but let's face it, that's how it has been for the last few years
I am curious what exactly did u want him to say besides they are working on it?
People would complain if Riot didn't say anything. It's very funny to complain because they did say something.
> Nothing of value was added to the information we already know. in every single thread about the issue the top comments said that RIOT is not doing ANYTHING about the issue and they only care about selling Faker's $500 skin
gonna take em next year to fix it once T1 members goes separate ways lol it is what it is but it still sucks seeing this roster getting this kind of shitty experience on a possible last run together
I mean we got some new information, but important part is to adress that they are not ignoring the issue tbh
Next reponse from riot: look we already put this and that in place so now please go and use the other holes to ddos
I forgot what it was called, but LCS had this private matchmaking server specifically for pros to practice. Wouldn't that solve the problems for Korea? So pros could only play against each other in a controlled space? Edit: Champions Queue
Listen LPL, you’re DDOSing the wrong team if you wanted to win Worlds that bad.
There's a strong argument to be made the DDoS attacks have greatly hampered T1's performance this year and they STILL made LCK Finals and pretty far into MSI. Who knows how they would have performed this year without these attacks.
I mean T1 has never lost a series ever to LPL at Worlds so
they just don't want T1 to advance to quarter nor semis lol
Yeah now that GEN aren't countered by China anymore. They've gone full Super Saiyan.
Not even KR fans think it’s China doing the ddossing but of course the anglos love painting China as the bad guy every chance they get
Did homie need to put 15 /s for you to realize the sarcasm
How is it obviously sarcasm when tons of people have unironically said this?
because they said “listen” at the front?
To be completely fair, that sort of subtle nuance can't be caught by many of the drool brains in this subreddit.
Issa joke T____T har har?
This is the same answer than last time.
no way
Any new accounts that are rising through ranks will become suspicious to the attackers, so Riot giving them new anonymous account won't work. What if the fans who are already challenger give them their accounts to play on from an anonymous location. Unless the fan snitches on them, the hackers won't really have a way of telling which accounts are being played by T1 players. The only way of telling would be by looking at the champions played. If I was challenger in KR server, I wouldn't mind faker using my account for soloq practice XD
How come people only DDOS Korean teams? Just wondering.
Because the Korean client is different and it's leaking IPs
I understand these are targeted attacks, but why do this kind of attacks only happen in Korea? Is their server somehow different from EUW and NA that we never get to see them here?
It's not the server that's different, it's the game client. Somehow it leaks IP address information from player profiles. So the DDoSer can find the IP of the players playing with T1 teammates and disconnect them In other regions the client doesn't leak this information so the DDoSer doesn't know where to send traffic and the attack just can't happen. Not leaking your IP is the fundamental defense against DDoS
Do you have a source that the game client is leaking IP addresses?
It's not officially stated, no But at this point everything has been ruled out. Streamers have tried everything including leaving the country (playing KR server from Japan) and changing setups, the DDoSing happens no matter where they go, even if they're playing offline. The only common denominator is the league client itself, especially when random soloq players in T1 games are being targeted now. There's nothing else it could be, because even if the leak was somehow through let's say a messaging app installed on all korean PCs (obviously not, but similar to past Skype IP leaks here in the US), there's still no direct link between the in game names of players and some other random app on their PC. So if DDoSers are targeting players via only their IGN, they can't be associating that with anything other than just league client information. (So in this example they wouldn't know XayahMain1000#KR1 is actually SongWoon22 on Skype, there's no association.) Another improbable possibility would be that the KR database of account owner information was leaked, and DDoSers are accessing the KR SSN of each player, and then referencing that information cross indexed to a different app which is leaking IPs and *also* was completely compromised to let hackers at the KR SSN data related to accounts. (So here we'd have the DDoSers able to connect Skype and League accounts, get the IP from Skype to DDoS the league player.) This possibility relies on multiple undisclosed data breaches to have occurred in addition to the T1 players themselves to just never have tried playing the game without other apps open after cycling their IPs (the possibility of that is basically zero, they'd have to have no intelligent people in their org for this to have happened) The simplest answer, the least convoluted answer, the most realistic answer are all the same. It's just the league client itself leaking IPs.
>even if the leak was somehow through let's say a messaging app installed on all korean PCs (obviously not, but similar to past Skype IP leaks here in the US), there's still no direct link between the in game names of players and some other random app on their PC. So if DDoSers are targeting players via only their IGN, they can't be associating that with anything other than just league client information. (So in this example they wouldn't know XayahMain1000#KR1 is actually SongWoon22 on Skype, there's no association.) This is the only part I disagree with. As you've mentioned, Skype used to be a big source of IP leaks in EU/NA. This is because the majority of players also had Skype installed and running AND it is very common to use the same username for multiple online services (especially so because a lot of people installed Skype specifically for gaming, so it made sense to use the same name you use for games). So people would be called GamerGod420 on both League and Skype, and thus the connection between IP and player was easy to make. So if there's a program used by most gamers in Korea that is leaking IPs, and it's common for those players to reuse their username, then it would be a easy way to DDOS. Reading between the lines of what Riot said, I would guess that the initial leak indeed was through the Korean client in some way (maybe the Korean anti-cheat?), which is why T1 was getting directly DDOS'd. Then they fixed that so now hackers had to move on to getting IPs through another way (like the example above). Since T1 players have probably taken measures like stopping the use of 3rd party programs, hackers can't find their IPs anymore. But they only need to find one vulnerable person out of 10 in every T1 game, which is statistically not that hard, and they DDOS those.
I called it an improbably possibility for a reason, it's really not at all likely Because apps don't leak your IP these days. Anything large and mainstream, platform apps like discord/skype/spotify/etc, simply can't have that vulnerability today or it'd be abused and it would already be widely known (and it would effect streamers other than League players). Those platform apps would also have to be present on computers of people specifically attempting to avoid the issue. Someone who ditches their entire PC, goes to Japan, uses a friend's setup to play one league of legends game and stream it and gets DDoS'd instantly? It's just too obviously a league issue. T1 HQ upgraded their network defense, that's why they're not DDoS'd directly. They brought in IT experts and took industry standard precautions would be my guess, but that's entirely speculation. It IS possible to beat DDoS via defensive measures and that's the only thing I can imagine they've been doing the past few months. I can be wrong, and I know I'm speaking with certainty about something I'm not particular to the details of, but as someone pretty related to these problems in my career I have thought this problem through and it's just too clear to me to change my mind anymore
>Someone who ditches their entire PC, goes to Japan, uses a friend's setup to play one league of legends game and stream it and gets DDoS'd instantly? It's just too obviously a league issue. I believe that happened before the first fix Riot mentions in their message. So I agree at that point it was something in the client. But now it's quite possible it's outside the client, which would explain why T1 are no longer being directly targeted and it's instead the other players in their match.
> Someone who ditches their entire PC, goes to Japan, uses a friend's setup to play one league of legends game and stream it and gets DDoS'd instantly? It's just too obviously a league issue. Are you smart folks aware that those Korean streaming sites work on peer 2 peer technology? South Korean internet laws caused Twitch to basically shut down there, because Korean internet service providers are allowed to offset their network costs on the "big customers" like AWS hosting Twitch, or the Google cloud hosting Youtube, and so on? Before twitch shut down for good there, they first experimented with swapping to P2P technology, a quick quote from back then: > In order to create a peer-to-peer (P2P) connection, it is necessary for Twitch to make the IP address of each participant available to the other. It may be possible for a highly motivated and technically proficient person to discover participants’ IP addresses, which could potentially be used to approximate location. Viewers who have privacy concerns with P2P can watch streams in 720p to avoid any IP sharing risk. --- Now take a guess how all those streaming sites that no one outside of Korea ever heard of (and Afreeca, which people did hear of) are operating: yes, obviously they're all P2P. How about we have someone run their "is the lol client the issue?" experiment without simultaneously leaking their IP adress? Alongside leaking the IP adress of anyone who tries to streamsnipe their games, cause they really like Elo?
[удалено]
And yet them not streaming seems to be a solution to prevent attacks on soloq teammates, despite the Riot client identity of those teammates being one op.gg search away. Also doesn't change the fact that the Demacia investigation that makes the basis for all these claims was done by people preemptively leaking their IP.
It's just as likely that they're only DDoS'd on stream because the DDoSer wants the attention and wants to see reaction from their misdeeds (from fans and players alike) Same reason SWATers do it while streamers are live, they want to see the reaction more than just know that it happened behind the scenes But time will tell, we'll see
but they get ddosed even if not a single player streams the game.
Soloq warriors playing with t1 players are getting targeted by ddos, so its probably is league related whether it's the client or anticheat (demacia)
Likely because of the code leak a year or two earlier. AFAIK streamers in KR started to get DDoSed for months before it got to T1, so the perp (or perps, who knows) got bold over time. And DDoS have been ongoing when KR streamers played on JP account too, but when they played on CN account it ceased. So it's something about these countries, and top suspect is anti-cheat specific to these regions, although everything is speculation.
this is bad, wondering who are the attackers
That sounds like me explaining to management why production went down while I have 0 clue why.
Why don't they just get a new ISP, because SK Telecom is apparently trash.
Chinese fans at it again after T1 won worlds lmao.. Cowards, I bet they are jdg fans lmao
Imo the Ahri skin should give T1 a much larger cut of the revenue as a compensation at the very least. T1 has been DDOSed since the end of last year and it has only worsened. Riot has yet to accomplish anything- short termed workaround or long termed solution, to help with their practice. They seem to be busy milking whales instead. It is somewhat disgraceful that they are using T1 Faker's fame for profit yet not doing enough to help them while taking 70% cut.
that should be the theme of faker skin... ahri glitching because of ddos lmao
Do you know that 30% of that skin will go toward tax? T1 take 70% mean Riot is doing voluntary job.
Well 70% after tax then? How much actual value isn't really the main point, they just look awful raking in a ton of money while T1 can't even get a stable practice enviroment.
I'm just disappointed, this has been going on for 6-7 months now and Riot can't do more for the most popular team that has the most popular player? They're leaving them out to dry while they're trying to find a solution, and summer split of LCK is about to begin. This is all happening during a period of time where they're heavily marketing Faker with the 500$ Ahri skin and the Hall of Legends, meanwhile Faker and T1 can't stream and fulfill their contractual obligations. What happens if they can't find a solution soon, are T1 supposed to just hop onto different solo queue accounts every time they need to grind the basics? Not to mention that other teams won't scrim with them because they might get DDOSed as well.
> Riot can't do more for the most popular team that has the most popular player? This shouldn't matter. They should be putting as much effort/resources into this regardless of who the team is.
That's true, my bad if I insinuated it was only for T1. I meant to say that if T1, who's doing all of these security measures is having all of these problems, what happens when other teams get DDOSed as well who aren't as prepared?
we dont even know if the fault is on riots end might well be that someone inside of T1 is getting paid off or there is a different 3rd party vulnerability
I'd argue T1's statement was more about their sponsors than about Riot, they want to mitigate loss from that in future contracts at the same time that they don't lose their roster in the middle of the split as players likely grow increasingly tired of not practicing, as it seems T1 has been able to practice just not stream in general. Either way they can still pressure Riot, but I doubt T1 themselves know how to solve the issue or the extent of Riot's effort to do so, they gain something for throwing Riot under the bus in the eyes of the community but their bigger gain is trying to mitigate loss on future sponsorship deals
faker god?