game
[단독] Who is ‘Swiss Knife’ behind LoL DDoS attack?
Daily Digital Publication Date 2024-03-08 22:23:53
The homepage you have to go through to join the Swiss Army Knife Discord channel. You can also see the prices of illegal programs that are being sold.
[디지털데일리 문대찬기자] The gaming industry is struggling with DDos (Distributed Denial of Service) attacks that started from an anonymous group in December last year. In particular, the damage to the main target game ‘League of Legends (LoL)’ is serious. The related esports Korea Championship (LCK) is having difficulty in normalizing the situation even after two weeks since the incident took place, despite various measures taken by the organizer Riot Games.
◆ Secretly hiding in Discord… Look into the ‘Swiss Knife’ channel
Until the 9th <디지털데일리> Summarizing the coverage, it is known that ‘SwissKnife’ is likely behind this DDoS attack against influencers and LCK. They sell various illegal programs to a limited number of people through ‘Discord’, the game’s voice chat channel.
Currently, the channel is operated in secret. You can only enter the channel after going through a thorough verification process, including background and income checks. The verification process is much more complicated for new subscribers.
The sales method is also very detailed. This method does not provide a program, but instead performs an attack on request. This is interpreted as a measure to reduce the risk of detection and prevent program loopholes from being leaked.
Looking at the channel, it is confirmed that quite a few users buy and use illegal programs. You can often find reviews of the program, such as “It’s a shame that stock is out of stock” and “It doesn’t stop working even if you use it in the main world of LoL. ” There are even resellers.
A review of the use of an illegal program on the Swiss Knife channel.
Swiss Knife currently sells various online game-related programs such as ‘Helper’, the representative illegal program for LoL, as well as ‘Eternal Return’ and ‘Overwatch’. Prices vary widely, from a minimum of $10 (about 13,000 won) to $800 (1,054,000 won).
Among these, the program used in the influencer and LCK DDoS attacks is ‘SwissKnifeLeaguePluller’. Swiss Knife describes the program as ‘a special utility that can retrieve the IP of a League of Legends player.’ It is strongly associated with DDoS attacks, which cause network failure by generating abnormal traffic through IP addresses.
The League Fuller is confirmed to be so popular that it was once traded by resellers for up to 2 million won. However, as attention was focused on the Swiss Army Knife due to the suspension of the LCK, they suddenly stopped selling the Puller Top Swiss Army Knife. According to the administrator’s notice, the program will be integrated and sold into ‘LeagueByPass’, which is believed to be an assistant, in accordance with the introduction of Riot’s security system ‘Vanguard’.
“League Puller will no longer function as a Discord bot,” the admin said. “It will be integrated into League Bypass to retrieve player IPs from game sessions.”
An illegal program is believed to be used in DDoS attacks.
◆ Where did the IP leak come from? Korean server client problem?
Some cite the lax security issues of the Korean LoL server client as the reason why they are able to steal IP regardless of influencers or competition locations. A representative example is that a streamer suffering from a DDoS attack had disappearing symptoms when he used a Chinese server.
However, a security expert who requested anonymity said it was difficult to conclude that Chinese server clients were safe based on limited cases. He said, “The fact that China is not attacked does not mean that its security is strong.” He added, “We don’t know how IPs were leaked from Korean servers, but attack tools have not yet been developed for China, and China could also be a target at any time.” “You can,” he explained.
In fact, Swiss Knife said in the introduction to the League Fuller program, “Currently, we only support the KR (Korea) server, but we plan to add global servers soon.”
Some have discussed the possibility of a leak due to ‘source code’ or ‘signal code’, but it has been confirmed that this is also unlikely due to various circumstances. An official familiar with Riot’s internal situation said, “The source code was leaked last year, but we know that the source code affecting services in the Korean region will not be leaked. It is true that the sign code also active in Korea and Japan, but there are several internal “Based on the experiment, I understand that Riot believes that this is unlikely,” he said.
Channel admin notification. Vanguard is mentioned.
◆Multiple security experts say, “We should have built an internal network”… Riot: “We are exploring various options”
Multiple security experts believe that if manpower and resources are invested in preparing a separate internal network, at least DDoS attacks against the LCK will be resolved quickly.
There are ways to temporarily block related traffic or increase bandwidth, but they are of the opinion that this is difficult considering various conditions such as convenience and the time required. The explanation is that Vanguard, which is proposed to be introduced, is also an anti-cheat tool like LoL’s ‘Demacia’, so it is far from DDoS protection.
One expert pointed to Riot’s actions of not building a separate internal network, but said, “The reason why foreign countries use an internal network is not because of security, but because the local Internet infrastructure is not good,” and added , “Korea has a very good infrastructure, so many companies use data, and he also expressed his support by saying, “The center is located outside.”
Meanwhile, Riot is trying to solve the problem using different methods. When the incident first happened, he struggled with random attacks of different patterns, but clues are known to be gained bit by bit. Among these, there is also a plan to place the competition server on LoL Park’s internal network.
In relation to this, Riot officials refused to comment, saying, “We have been investigating in several ways,” and “We are checking the stability of various countermeasures, including the plan to place the competition server on LoL Park’s internal network. “
Copyright ⓒ Digital Daily. Reproduction and redistribution prohibited.
#단독 #Swiss #Knife #LoL #DDoS #attack
