Cyber Incident Victim: Valve Corporation
Date:
Jan 2014
Location:
United States of America
Summary
Multiple gaming platforms, including Steam, Origin, Battle.net, and League of Legends, experienced temporary server disruptions due to distributed denial-of-service (DDoS) attacks linked to harassment against a streamer. The hacker group DERP Trolling claimed responsibility for targeting several services using a tool dubbed the "Gaben Laser Beam," while other individuals claimed involvement in the Steam attack. These incidents were connected to a swatting event where law enforcement was falsely dispatched to the streamer's residence following online harassment and doxxing. DERP denied direct participation in the swatting but solicited attack targets via a public phone number. All affected services resumed normal operations following the disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 3, 2014, multiple online gaming platforms—including Steam, Origin, Battle.net, and League of Legends—experienced temporary server outages caused by apparent distributed denial-of-service (DDoS) attacks. The disruptions occurred overnight, with all services reportedly restored to normal functionality by the time of reporting. A hacker group identifying itself as DERP Trolling publicly claimed responsibility for the attack on Origin via Twitter, referencing their use of a DDoS tool they dubbed the "Gaben Laser Beam," a satirical reference to Valve founder Gabe Newell. DERP had previously claimed involvement in similar attacks earlier that week targeting Battle.net, League of Legends, World of Tanks, and EA.com. Separate Twitter users unrelated to DERP claimed responsibility for the simultaneous attack on Steam’s infrastructure. The group promoted a phone number allowing individuals to submit requests for future DDoS targets, indicating a crowdsourced approach to selecting victims.
The attacks were linked to an escalating harassment campaign against YouTube streamer PhantomL0rd, who had been monetizing gameplay through advertising. According to a Reddit thread cited in reports, the initial disruptions targeted games PhantomL0rd was actively streaming, before escalating to direct personal harassment after his private information, including his home address, was leaked online. This culminated in a swatting incident where law enforcement responded to a false emergency report at PhantomL0rd’s residence, resulting in his temporary detainment in handcuffs during a live stream. DERP Trolling explicitly denied involvement in the swatting or personal harassment, framing their actions as limited to DDoS attacks on gaming services. The incident highlighted the broader consequences of online vendettas, marking one of the first documented cases where gaming platforms became collateral damage in a targeted campaign against an individual. Service disruptions remained confined to temporary outages, with no reported data breaches or long-term operational impacts on the affected platforms.