Some matches in the Call of Duty competitive scene are starting to resemble games of router roulette more than displays of skill. Players are suffering through a rash of Distributed Denial of Service (DDoS) attacks that are knocking them offline during play and hurting competitive integrity.
It’s a common scourge for many pro gamers. In Counter-Strike, DDoS attacks, which flood a person’s internet connection with incoming traffic in order to overload it and shut it down, have forced players to be discrete for years. But in Call of Duty, it’s a recent phenomenon, and one that threatens to ruin the third season of the Major League Gaming (MLG) Call of Duty: Advanced Warfare Pro League.
Today MLG stepped in, postponing this week’s matches to help educate players on how to counter these attacks.
“We’re working with pro players to provide guidance on how best to protect themselves from attack,” a league official told the Daily Dot, “as well as postponing pro league matches until Monday, July 27 as we continue to work through this issue.”
The Major League Gaming Pro League is the primary Call of Duty competition running right now, but its daily live streamed matches are played online, leaving them and their competitors vulnerable to malicious internet activity. That hurts MLG’s bottom line—it streams matches on its MLG.tv platform, but if none of the games can be completed in a fair manner due to DDoS attacks taking players out, why watch them?
All a perpetrator needs to start an attack is a player’s IP address. The most common way to acquire one is through Skype, a program that’s notorious for its promiscuous use of users’ IPs—and yet is still the most common communication tool in esports. While Call of Duty is played on the Xbox console, it’s no exception. Players often coordinate practice sessions and matches over Skype before logging on to Xbox Live.
That’s caused many players to forsake Skype in favor of other forms of communication, like Mumble. But the problem still persists.
That’s partially because, as Ian “Enable” Wyatt of FaZe implies, teams are required to use Skype to talk with league officials.
Many players still aren’t happy with MLG. The company hasn’t addressed the numerous matches affected by DDoS attacks and, according to players, put the responsibility to stop the attacks solely on the players. That is, until tonight, when it postponed games just 10 minutes before matches were about to begin.
The attacks have certainly caused an effect on the standings and league, with some matches played with uneven players and teams unable to field their full lineups. Damon “Karma” Barlow of OpTic Gaming, for example, has come under attack multiple times, forcing OpTic to bring in backup Adam “KiLLa” Sloss. But the attacker or attackers are certainly persistent—they just swapped their crosshairs to Sloss.
One of the most frustrating things about the attacks is their anonymous nature. No one knows who is doing this or why they’re doing it. No one has claimed responsibility. That’s left players and fans grasping at straws to justify why their playing careers are under assault.
One popular excuse is the rise of fantasy esports site Vulcun, which allows fans to win real cash by picking a team of the most successful players every day. Vulcun added Call of Duty to its platform about one month ago, and some believe these DDoS attacks are an attempt to win money in Vulcun by keeping certain players or teams from performing each night.
Another theory is that some rogue MLG employee is somehow involved, as this person would have access to all players’ Skype information and potentially their IP addresses.
But as any Counter-Strike fan will tell you: these attacks are here to stay. It doesn’t really matter who is doing it, if they’re trying to win a few bucks or simply doing it out of spite. If that person doesn’t, another person will, as long as there’s an opening for it. The only way to be safe is to protect yourself.
That isn’t as hard as it sounds. Steven “Destiny” Bonnell II, a former StarCraft 2 pro gamer and streamer, states it well: “At this point in time, it should be absolutely inexcusable to miss a tournament match due to DDoSing. Players who miss matches due to DDoSing should be immediately disqualified the same way someone who misses work because their car ran out of gas.”
One common way to protect yourself is redirecting internet traffic through a Virtual Private Network (VPN) or other proxy server. Those services, however, can be expensive and often increase latency, a no-go in Call of Duty where every millisecond of ping is at a premium.
Bonnell put a guide together detailing how to protect your IP address from potential attackers by routing Skype traffic through a cheap proxy server, which would leave other, more secure traffic intact, like that moving between a game and game server. Richard “R1CH” Stanway, developer for Team Liquid, went a step further and developed an automated service that protects your Skype for $5 a month.
Of course, it’s possible that Skype isn’t the only vulnerability that attackers are exploiting. There are programs that allow users to steal IP addresses over peer-to-peer connections on Xbox Live, for example, so in theory a player who played in a game with an attacker could have his data compromised. But that’s unlikely to occur every single day each of these matches occurs, unless the attacker is someone inside the community.
Whatever the case, the DDoS plague has certainly put a damper on the third season of the MLG Call of Duty Pro League. But at least MLG and the players are now taking steps to make sure it stops ruining what should be an exciting season of Call of Duty.