Cyber Incident Victim: Blizzard Entertainment
Date:
Jan 2014
Location:
United States of America
Summary
A distributed denial-of-service (DDoS) attack disrupted multiple gaming platforms, including Blizzard Entertainment's Battle.net, temporarily taking servers offline. The hacker group DERP Trolling claimed responsibility, citing use of a tool dubbed the "Gaben Laser Beam," while other attackers targeted services linked to a YouTube streamer subjected to swatting and harassment. These coordinated attacks stemmed from an online vendetta against the content creator, escalating from game service disruptions to personal threats involving law enforcement. All affected platforms resumed normal operations following the incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 6 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On January 3, 2014, Blizzard Entertainment’s Battle.net service experienced temporary downtime alongside other major gaming platforms—including Steam, Origin, and League of Legends—due to apparent distributed denial-of-service (DDoS) attacks. The attacks were claimed by a hacker group identifying itself as DERP Trolling, which publicly took responsibility via Twitter for targeting Battle.net, Origin, League of Legends, World of Tanks, and EA.com in a series of disruptions earlier that week. For the Battle.net attack, DERP Trolling stated it utilized a DDoS tool dubbed the "Ion Cannon," which it humorously referred to as the "Gaben Laser Beam" in reference to Valve founder Gabe Newell. Concurrently, separate Twitter users unrelated to DERP claimed responsibility for the Steam outage during the same incident window. The attacks caused widespread service interruptions, rendering the platforms inaccessible to users during the overnight period, though all affected services—including Battle.net—resumed normal operations by the time the incident was publicly reported later that day.
The DDoS campaigns were linked to a broader harassment campaign against James "PhantomL0rd" Varga, a prominent YouTube streamer. According to a reddit thread cited in reports, attackers initially targeted games PhantomL0rd was actively streaming and monetizing, escalating to direct personal harassment after his private information, including his home address, was leaked online. This culminated in a swatting attack where law enforcement was falsely dispatched to PhantomL0rd’s residence, resulting in his temporary detainment in handcuffs during a live stream. DERP Trolling denied involvement in the swatting incident or the personal harassment, asserting that their actions were limited to DDoS attacks on gaming infrastructure. The group’s Twitter account included a phone number allowing third parties to submit requests for targets, suggesting their attacks may have been directed by external actors seeking retaliation against PhantomL0rd. The incident highlighted the vulnerability of online gaming platforms to coordinated DDoS attacks motivated by personal vendettas, disrupting services for millions of users globally.