Gamers hijacked your server? Might be an inside job

Data breach at New Hampshire medical center raises questions

This morning's post about a medical-center data breach being blamed on bandwidth-hungry gamers got me wondering about how often such parasitic intrusions happen and how they're viewed in the gaming community. Not knowing much about gaming or the gaming community, I asked Stephen Heaslip of the gaming site Blue's News to answer a few questions. Here's our e-mail exchange:

Is this kind of thing - gamers hijacking a server for a game session - common or not?

I think such situations are probably fairly common, though perhaps not on such prominent servers. Games running on corporate servers are not always due to breaches, though, as system administrators can be fairly autonomous, and there are a number of games running on corporate networks operated by IT departments without the approval of higher-ups.

(2011's 25 Geekiest 25th Anniversaries)

In the case of Call of Duty: Black Ops, the dedicated server files for the game are not publicly available, so this was illicit on two levels.

There was an incident in the early days of Quake multiplayer when it was difficult to find servers, since this was before external programs like GameSpy, much less server browsers built into game interfaces. The first resource to find multiplayer servers was a website called ][ronman's server list which ran for a couple of months and became very prominent. When it went offline it was revealed this was running on a corporate server by a system administrator, although his bosses believed he was running a company project.

Is glomming on to a random server considered fair game or bad form by most gamers?

As for how gamers feel about such things, I don't think they care about who owns the game server they are playing on as much as whether they have a good connection and enjoy the game type, competition, etc. In this specific instance, one of the reasons Activision doesn't distribute the software to run your own Black Ops server is to prevent multiplayer stat padding and other server-side cheating, and a portion of the gaming population will specifically avoid such servers, while there's another segment that will seek them out.

Is part of the motivation for using someone else's server a desire to avoid paying for access to the dedicated servers operated by GameServers? If so, what does it cost to play legit?

There's no question in my mind that avoiding the cost of renting a game server is one of the motivations for this. To rent a dedicated server from GameServers is $14.95/month for an 18-player ranked server (the ranked part allows it to collect official statistics) or $0.99/month per player (up to 24 players) for an unranked server. That's not incredibly expensive, but people have gone to more trouble to avoid smaller payments, and some folks on the Internet work as hard as they can to avoid paying for anything on principle, to use the term loosely.

Are there telltale signs a network executive might watch for that would tell them someone in their shop is doing this with a company server?

For an admin on a smaller network it shouldn't be that hard if they are looking to stay on top of such things, as the bandwidth and server usage should show up in monitors and logs. Of course some shops are large enough that this stuff will be a drop in the bucket, which will require extra scrutiny, and may not be readily detected at all. As for non-technical higher-ups, they are going to have to trust the IT department to be on top of this, but that applies to most things that go on in server rooms.

Is this activity ever allowed with a wink-and-nod as a perk of working in IT? Or do admins think of it that way?

I have definitely seen this done with approval, and some companies allow gaming after hours. I'm also aware of others where it is a wink-and-a-nod policy where the admin can do what they want as long as everything runs smoothly otherwise. And yes, there are also cases where admins think they're entitled to run game servers, even though they know their bosses would not approve, or where they don't think they're entitled on any level, but do it anyway.

Feel free to leave all confessions in comments.

Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up. Follow me on Twitter here.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.