Ubisoft Is Taking a DDoS Attack Subscription Service to Court

(Image credit: Shutterstock)

Lag spikes can ruin competitive matches. Sometimes those performance issues result from technical errors, but according to Ubisoft, sometimes they're caused by distributed-denial of service (DDoS) attacks that intentionally target certain games. 

Polygon reported on Friday that the company filed a lawsuit against the operators of a site, SNG.ONE, that conducts these DDoS attacks for its members. There are multiple ways to sign up: a $30 monthly pass and a one-time charge of $300 for lifetime access to the server. (The server's lifetime, of course, not the user's.)

SNG.ONE reportedly conducts DDoS attacks on popular titles like Fortnite, Call of Duty: Modern Warfare and FIFA 20 for its members. Those attacks could potentially be used to gain a competitive advantage, depending on how well-targeted they are, or they could simply be used to disrupt the multiplayer aspects of these games.

The website also let people target Tom Clancy's Rainbow Six Siege, which is why Ubisoft got involved. The company said in September 2019 that it was taking steps to prevent DDoS attacks from affecting as many Siege players; in October 2019 it revealed that it had already reduced the frequency of those attacks by 93%.

Polygon said that SNG.ONE's operators taunted Ubisoft's efforts to combat DDoS attacks, then faked a takeover notification claiming that Ubisoft and Microsoft had gained control of the site in an effort to "get Ubisoft to admit that they have a problem," according to the lawsuit Ubisoft filed in a U.S. district court in California.

Ubisoft is reportedly asking the court to shut down SNG.ONE's websites and award it damages and fees to cover the costs associated with its DDoS attacks. That would likely include the direct costs--including equipment fees and work hours--as well as damage to Siege's reputation that resulted from DDoS-related performance issues.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • bit_user
    Okay, so where is the website even based?

    I'm just wondering why it wouldn't be hosted somewhere like Russia or maybe even Iceland, given the obvious illegality of their trade.
    Reply
  • King_V
    Which ties to my first question: how are such sites, or the offerin of such services, even legal at all?

    Or the solicitation of such services, for that matter?
    Reply
  • bit_user
    King_V said:
    Which ties to my first question: how are such sites, or the offerin of such services, even legal at all?

    Or the solicitation of such services, for that matter?
    Of course they're not, which would be grounds for the lawsuit.
    Reply
  • pudubat
    I don't see why it would be illegal. Technically, this website is designed to test your own network agaisnt security flaws. Which would be the same as hiring ethical hacker to test your security.

    The only real issue is that they only accept bitcoin, which mean that it is (almost) impossible to know who is behind the attack. I think that is the issue. The service they offer is totally legit, but the way they sell it makes it way too hard to know who is commanding the attack. Therefore, I think that the company should be responsible for the use of their software.

    Kind of like if a gun seller refuse to give the police a list of his customer after a shooting...
    Reply
  • hotaru251
    pudubat said:
    Which would be the same as hiring ethical hacker to test your security.
    but the places ddos'd arent being hired by owner.

    ergo it is illegal. (same reason guy who was doing it to blizzard got a visit from FBI)
    Reply
  • King_V
    @pudubat - Exactly as @hotaru251 said. They're NOT in the ethical hacker business, because they'll attack anyone you ask them to. That they also only accept bitcoin , likely to hide who's hiring them, simply makes it more obvious.

    Where do you get the idea they're a security-testing company? What at all gave you any indication that their policy is "we'll only hack websites that you own"?

    There isn't any such indication. That is obvious from this article.
    Reply
  • USAFRet
    King_V said:
    Which ties to my first question: how are such sites, or the offerin of such services, even legal at all?

    Or the solicitation of such services, for that matter?
    Of course they're not legal.

    Their thing is to operate under the radar long enough, gain some money, wait for the inevitable legal action, let some second level flunkies take the fall.

    Move on, repeat.

    It has always been thus.
    Long long before the interwebs.
    Reply
  • DSzymborski
    Yeah, the legal argument is odd.

    A doctor can legally remove a patient's appendix, with the approval of the patient for the medical procedure. That doesn't mean that the doctor can legally start up his own service where you send money and he just goes perform appendectomies from people you request.
    Reply