Last weekend, a massive-scale tournament was hosted on the popular PC game Minecraft in which 150 competitors vied for the grand prize of $100,000.[2] The tournament in question was inspired by the hit Netflix show Squid Game and was set to take place on the mega streaming platform Twitch.[1]
However, things quickly went awry when the tourney was subjected to a cyberattack[2] that proved to be more fatal than expected.
The Extent of the Attack
This attack in particular took the form of a distributed denial of service, or more commonly known, a DDoS. The target? A small country on the Iberian peninsula named Andorra. As a result, at least a dozen Andorran competitors were forced to pull out of the tournament.[1] However, the scale of this attack was not limited to just a few households. The damage in question extended to the entire country, having taken down Andorra Telecom, the country’s only internet service provider and leaving thousands cut off from the internet. It is said that the attack took place over the course of four days.[1]
The link between the attack and the Minecraft tournament was further solidified after an internet outage tracker NetBlocks[3], tweeted out a statement confirming the connection. One can see that at the height of the attack, there was less than 50% connectivity.
Fortunately, the attack was swiftly dealt with and the country recuperated only after a short time.[2] The identity of the attackers is still unknown[3], but it said that the source of the DDoS could be traced back to a known DDoS-for-hire service.[1]
What exactly is a DDoS?
A Distributed Denial of Service (DDoS) attack is a type of attack that targets the specific capacity limits of a network’s resources.[4] How it works is these network resources in question can only process a finite number of requests at a time. Exceeding these limits will have the effect of preventing the targeted server, service or network[5] from functioning properly. A DDoS attack will exploit this vulnerability by sending requests at an extremely high rate and quantity. As as a result, users experience connectivity issues as the network traffic becomes congested. Usually, this is made achievable by remotely-controlling multiple computers that have been compromised by malware. This collective of devices is called a botnet.
It is clear how this type of attack has the capability of affecting a network on a national level. With that being said, being a victim of a DDoS attack is not to be taken lightly. Especially with the rise of employees having to work remotely due to COVID-19, companies are at high risk of losing out on major revenue in the event of an attack. Made worse is the fact that being at the mercy of the attacker means your computer or network system may be held for an unreasonable ransom. This is why it is important to have defenses and contingency plans in the case of a potential DDoS.
References
- https://threatpost.com/cyberattacks-squid-game-minecraft-andorra-internet/177981/
- https://today.in-24.com/News/903725.html
- https://www.ign.com/articles/minecraft-tournament-cyberattack-internet-outage
- https://www.kaspersky.com/resource-center/threats/ddos-attacks
- https://www.cloudflare.com/en-ca/learning/ddos/what-is-a-ddos-attack/
Wow! A DDOS attack shutting down a whole country’s internet over Minecraft. It’s definitely not fun being DDosed especially when there are people who are working remotely, companies that can lose revenue, and a small country that has only one internet provider. I think these attacks are getting bigger in magnitude and danger and the entire world is at risk of these attacks. We’re seeing top U.S. pipelines get shutdown for ransom to entire countries being targeted, it’s crazy.
Here are two articles that I thought are interesting regarding these attacks and how to potentially stop them:
https://www.nytimes.com/2021/05/08/us/politics/cyberattack-colonial-pipeline.html
https://www.weforum.org/agenda/2018/06/how-organizations-should-prepare-for-cyber-attacks-noam-erez/
That’s a interesting topic. I mean this explains even gaming tournaments are not secure if events organizer does not follow up and maintain it’s privacy and security, which is also thread for participators. Also i didn’t know about DDOS, it;s good to know about it. The way they attack and the device they use for example botnet it’s kinda interesting to know about.
This is quite thought provoking, as it’s hard to imagine that the organizers of this event had any way to prevent this! It seems like the only option for them would be to make a contingency plan in the case of a DDoS attack, but that would likely be extremely difficult considering that there are 150 competitors in countries all over the world that need to find a time that works for all of them. Planning things like this takes months, so it just doesn’t seem practical to try re-scheduling. It’s quite unfortunate that this happened, and I genuinely think there was almost no way for them to prevent this. Andorra’s internet service was just too vulnerable to resist an attack like that.
I had heard the term DDoS attack all across pop culture, but now I know what the term actually means. These attacks are just as destructive and horrifying as the movies make them seem. The idea that your access to the internet, which for many people right now including us in this class, could be held hostage by someone is truly a threat not to be taken lightly. What’s worse, to me at least, is the idea that you can hire a digital hit-man to attack someone. Just the idea is scary as anyone with the money can just completely debilitate anyone they please, if they can get the needed software loaded onto the target’s device.
How did NetBlocks decide that the attack was related to the Minecraft competition? Targetting Team Andorra seems like a low-reward task, I can’t imagine that there were that many Andorran competitors. I guess it was probably a low-effort task as well. The fact that Andorra only has one internet service provider ensures that all competitors would be affected by taking out one provider. Does anybody know if other, larger internet service providers have defenses against DDoS attacks?
I was wondering why attackers would DDOS an ISP of a small country of 77,000 people, but it looks like that DDoS attack was due to the large prize at stake ($100,000) and the tournament was open to Spanish speaking only users in Europe & South America. A lot of twitch streamers who participated in the tournament were based in Andorra for tax reasons. I’m assuming that Andorra telecom made an easy target since it is a small ISP that may not have the resources to defend against a DDoS at this scale and could have been orchestrated by another competitor to reduce the competition, or the ease of getting publicity could have been enticing as well.
My initial thoughts after reading this blog post are about the fundamental inequality of internet in regards to the globe. Andorra ranks 191 out of 211 countries in terms of GDP (https://worldpopulationreview.com/countries/countries-by-gdp). Due to the smaller economy and poverty levels in Andorra, it’s not surprising that it only have a single telecom company and that it’s vulnerable to attacks like this. While this attack did not last long, and did not seem to result in lasting damage, its not hard to imagine an attack that could. The greatest advantage of the internet is the large-scale communication and collaboration it allows. It may be in the best interests of higher GDP nations to help invest in the internet infrastructure of poorer nations, to ensure that they are more stable and secure in their networking capabilities.
This post does a nice job in explaining what exactly a DDoS attack is and how such attacks have the capability of crippling an entire country. This post does an excellent job of highlighting the very clear inequality with regards to cybersecurity across the globe, particularly in smaller countries that may have a smaller presence on the world stage. While Andorra is not considered to be a developing nation, but rather a developed country with a strong GDP, it doesn’t surprise me that such an attack could have taken place and crippled the country for the short period of time that it did. Smaller countries, poorer countries and developing countries are more vulnerable to cybersecurity attacks, due to weaker national infrastructure. This post really brings this issue to the forefront and forces us to reevaluate our understanding of the disparities with regards to cybersecurity.
This is so crazy to me! When I’m online gaming I’ve heard people threaten to DDoS others when they are mad but never thought it could happen on such a large scale like this. One person or team decided to DDoS an entire country so that there would be less competition in a Minecraft tournament shows us that the internet is not very secure for everyone and, with many people working at home due to the pandemic, shows us how these large scale attacks could affect businesses in smaller countries and lead to a significant loss in revenue.
I wonder how netblocks fully determined that the attack was related to the Minecraft twitch tournament. I also think that analogy and picture of an unexpected traffic jam congesting a highway is the best analogy I have seen when it comes to explaining what a DDoS is. It’s also scary just how internet reliant everyone and the whole world is and not having internet for a bit is basically a natural disaster, even more so in times like the pandemic with increased people working or studying from home. Also side note this reminds me of all the other squid games contests in other games and even the real life squid game and the fervor the show called.
Great explanation! I had never heard of DDOS attacks before this, but the fact a Minecraft tournament was linked to an entire country’s internet service being taken down puts into perspective the damage these types of attacks can do. It is unfortunate that an attack targeted towards a specific group and event could create such a large impact, and only solidifies the need for better measures in place in the case of these attacks.
Super interesting article! Your explanation of DDoSing was very insightful, and its strange to thing something as innocent as a minecraft tournament could become so detrimental. With only one internet service provider its easy to see how the impact was so large, but it is good that they were able to deal with the attack quickly.
Crazy to me that a simple DDoS could deny an entire country their service. I honestly did not think this was possible as we see companies of much larger scale than an entire country’s telecom system handle larger scale attacks with much better results. I personally think this is a valuable lesson for the ISP and the provider will hopefully address their security holes and prevent more detrimental attacks from happening in the future. It’s great that no significant troubles were caused (aside from 4 days of inability to access the internet) as this could have been much more dangerous depending on how the countries systems are linked digitally (including safety systems, medical, trade transactions, etc).
This whole situation has shown me tampering with one’s equipment to prevent them from entering a competition still works in the digital age as it did with things like cutting a car’s breaks so your opponent can’t reach the competition or setting someone’s alarm to the wrong time so they miss the competition.
I think it’s kind of worrying seeing things like this going forward because it could set a bad precedent. Assuming there are other countries that also have single ISP like Andorra Telecom does that mean that a viable way to win any large online competition with competitors in small countries is to just eliminate the competition via a DDoS attack?
With DDoS becoming more prevalent in today’s age, it interesting to see how effective some of these attacks can be and how much damage they can cause. Normally you see smaller businesses or some internet event being attacked with the headlines catching on to some of the larger attacks on big companies but an attack that shuts down and entire nation is something you do not normally see. Observing the amount of damage done, considering that the targeted nation only had one service provider, it shows that such an attack can deal huge amounts of damage, even though the amount of damage was not quite detail in this article. Furthermore, to have these attacks readily available by simply hiring such services definitely calls for an alarm should several of these DDoS for hire services launch a full scale attack against a more developed nation.
That was quite a fascinating read and the reason the article caught my eye was that I had always heard about DDoS attacks and had gotten intrigued by the concept. I even remember quite a few incidents in recent years where major DDoS attacks were carried out by hackers to disrupt the services of major companies, for example, the 2017 attack on Google where traffic reached about 2.4 terabits per second (Tbps) and this was the largest in history. Here’s a link to an article regarding the incident. https://www.pcmag.com/news/google-says-biggest-ddos-attack-on-record-hit-the-company-in-2017
However, I would like to make a controversial opinion by saying that DDoS attacks are not always meant to be malicious. Anyone who is familiar with the term hacktivism or online activism would know that DDoS attacks are also an act of civil unrest from people who might be protesting against something or fighting for a cause. An example of such an event is the DDoS attack that disrupted the Minnesota state senate website carried out by the infamous hacker group Anonymous as they joined the ‘Black Lives Matter protest following the murder of George Floyd. All in all, DDoS attacks are used for a variety of causes and it is not always malicious is what I am trying to point out. It was really interesting to read this article though as I had not heard about the incident until now.
Wow this is crazy that a whole country’s internet could be shut down like that. Especially in today’s digital age, such attacks can really be devastating. Thanks for the explanation of DDOS, I have heard the term before but I have never really understood what it means. The fact that a group of people would do this to an entire country over a Minecraft tournament absolutely blows my mind. Very interesting read!
Wow, reading the comments make me feel like many people know about this. I have never heard of DDoS before, but you explained it quite well. Since it attacks limited network resources, small countries may be vulnerable to them. This makes me think of the urgency for boosting national cyber system in small or developing countries.
Really good post showing the potential effects of DDOS effects on internet traffic, and how even large botnets have the power to completely cripple an entire countries internet. This is one of the good features of having multiple independent ISP’s in your country in order to mitigate the extensive outreach of these sorts of attacks, although for a country as small as Andorra this may have been impossible to avoid. DDOS attacks are incredibly simple to execute, and large botnets can usually be rented out (illegally of course) in order to stage an effective attack, while staging a proper defense is usually a highly complicated and expensive balance between letting legitimate users through to the service and keeping bots out.
It’s kind of funny that a Minecraft tournament out of anything is what spurred the actor. My guess is that he either was paid by one of the other teams and Andorra was staging a really good fight, or it was some troll looking for a quick laugh saying “hurr i ddosed andorra xd”. Whatever it was, this seems like a really dumb reason to me to literally cripple a countries internet and potentially getting yourself caught as a cybercriminal.
Great post, thanks for sharing.