Home » Sport » Who is ‘Swiss Knife’ behind the LoL DDoS attack? Exclusive Investigation Reveals Shocking Details

Who is ‘Swiss Knife’ behind the LoL DDoS attack? Exclusive Investigation Reveals Shocking Details

game

[단독] Who is ‘Swiss Knife’ behind the LoL DDoS attack?

Digital Daily Publication Date 2024-03-08 22:23:53

The homepage you must go through to join the Swiss Knife Discord channel. You can also see the prices of illegal programs being sold.

[디지털데일리 문대찬기자] The gaming industry is struggling with DDos (Distributed Denial of Service) attacks that began from an anonymous group in December last year. In particular, the damage to the main target game ‘League of Legends (LoL)’ is severe. The related esports Korea Championship (LCK) is having difficulty normalizing the situation even after two weeks since the incident occurred, despite various measures taken by organizer Riot Games.

◆Secretly hiding in Discord… Looking into the ‘Swiss Knife’ channel

Until the 9th <디지털데일리> Summarizing the coverage, it is known that ‘SwissKnife’ is likely behind this DDoS attack against influencers and LCK. They are selling various illegal programs to a limited number of people through ‘Discord’, a game voice chat channel.

Currently, the channel is operated secretly. You can enter the channel only after going through a rigorous authentication process, including background and income checks. The authentication process is much more complicated for new subscribers.

The sales method is also meticulous. This method does not provide a program, but instead performs an attack upon request. This is interpreted as a measure to reduce the risk of detection and prevent program loopholes from being leaked.

Looking at the channel, it is confirmed that quite a few users are purchasing and using illegal programs. You can often find reviews of the program, such as “It’s a shame that stock is out of stock” and “It doesn’t stop working even if you use it in the main LoL world.” There are even resellers.

A review of using an illegal program on the Swiss Knife Channel.

Swiss Knife is currently selling various online game-related programs such as ‘Helper’, the representative illegal program for LoL, as well as ‘Eternal Return’ and ‘Overwatch’. Prices vary widely, from at least $10 (approximately 13,000 won) to $800 (1,054,000 won).

Among these, the program used in the influencer and LCK DDoS attacks is ‘SwissKnifeLeaguePluller’. Swiss Knife describes the program as ‘a special utility that can retrieve the IP of a League of Legends player.’ It is strongly related to DDoS attacks that cause network failure by generating abnormal traffic through IP addresses.

It is confirmed that the League Fuller was so popular that it was once traded by resellers for up to 2 million won. However, as attention was focused on Swiss Knife due to the suspension of the LCK, they suddenly stopped selling the Swiss Knife Frig Puller. According to the administrator’s notice, the program will be integrated and sold into ‘LeagueByPass’, which is believed to be a helper, in line with the introduction of Riot’s security system ‘Vanguard’.

“League Puller will no longer operate as a Discord bot,” the administrator said. “It will be integrated into League Bypass to retrieve player IPs from game sessions.”

Illegal program believed to be used in DDoS attacks.

◆Where did the IP leak come from? Korean server client problem?

Some cite the lax security issues of the Korean LoL server client as the reason why they were able to steal IP regardless of influencers or competition venues. A representative example is that a streamer who was suffering from a DDoS attack had symptoms disappear when he used a Chinese server.

However, a security expert who requested anonymity said that it is difficult to conclude that Chinese server clients are safe based on limited cases. He said, “Just because China is not attacked does not mean that its security is strong,” and “The route through which IPs were leaked from Korean servers is unknown, but attack tools have not yet been developed for China, and China could also be a target at any time.” “You can,” he explained.

In fact, Swiss Knife stated in the introduction to the League Fuller program, “Currently, we only support the KR (Korea) server, but we plan to add global servers soon.”

Some have discussed the possibility of a leak due to ‘source code’ or ‘sign code’, but it has been confirmed that this is also unlikely due to various circumstances. An official familiar with Riot’s internal situation said, “The source code was leaked last year, but we know that the source code that affects services in the Korean region will not be leaked. It is true that the sign code is also active in Korea and Japan, but there are several internal “Based on the experiment, I understand that Riot believes this is unlikely,” he said.

Channel admin notice. Vanguard is mentioned.

◆Multiple security experts say, “We should have built an internal network”… Riot: “We are exploring various options”

Multiple security experts believe that if manpower and resources are invested to prepare a separate internal network, at least DDoS attacks against the LCK will be resolved quickly.

There are ways to temporarily block related traffic or increase bandwidth, but they are of the opinion that this is difficult considering various conditions such as convenience and time required. The explanation is that Vanguard, which is scheduled to be introduced, is also an anti-cheat tool like LoL’s ‘Demacia’, so it is far from DDoS protection.

One expert pointed out Riot’s actions of not building a separate internal network, but said, “The reason why overseas countries use an internal network is not because of security, but because the local Internet infrastructure is not good,” and added, “Korea has a very good infrastructure, so many companies use data. He also expressed his support by saying, “The center is located outside.”

Meanwhile, Riot is trying to solve the problem using various methods. At the time of his first incident, he was struggling with random attacks of various patterns, but it is known that he is gradually gaining a clue. Among these, there is also a plan to place the competition server on LoL Park’s internal network.

In relation to this, Riot officials declined to comment, saying, “We have been investigating in various ways,” and “We are checking the stability of various countermeasures, including the plan to place the competition server on LoL Park’s internal network.”

Copyright ⓒ Digital Daily. Reproduction and redistribution prohibited.

2024-03-08 13:23:53

#단독 #Swiss #Knife #LoL #DDoS #attack

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.