Riot has faced many different issues in the past. This one, however, seems to be by far the biggest. Why?
The troubleshooting path in League of Legends is pretty straightforward. If players have a problem with LoL, it’s only natural for Riot to start repairing. Of course, sometimes it takes longer than it should, but in the end, it is usually possible to get rid of a given bug or exploit.
A few years ago, League of Legends had a problem not so much with its system as with an external program that would allow anyone in the game to DDOS. It took several years, some professional players were permanently banned for it (at least theoretically, about which later). It was only gotten rid of by the death of the communicator known as… Skype.
What does Skype have to do with the biggest DDOS problem in LoL history?
Let’s go back to 2013. Back then, many people had Skype installed on their computers. Those were the days when some of them were still using Mumble or TeamSpeak. Discord was absolutely out of the question. However, Skype was quite leaky, as a result of which players were able to get the IP address of their opponents from it.
How? At that time, websites offering to extract IP addresses from a specific Skype account were extremely popular. So it was enough to:
Copy the person’s nickname from League of Legends
Then search for it in the Skype client. If there was such an account, then its name was entered on a special page and that’s it. We already had the IP address of an opponent.
So it was enough to just visit one of the thousands of sites that allow a DDOS attack. And it was this simplicity that was the worst of it all. Six years ago, the well-known streamer “Greekgodx” even recorded a short video about how DDOSize happens in his games.
People in the chat directly wrote that either someone would give them back the position or character, or they would get a DDOS. Let us remind you that it was the years 2013-2015, so it dragged on for a really long time. The worst part was that Riot couldn’t do anything about it. It was not about a loophole in League of Legends, but an external messenger in general.
What was so irritating about the situation? Not only was SoloQ destroyed in this way, but also serious professional tournaments. If any player had Skype, it was almost certain that he would get a DDOS. IP variables were not that popular then, and in many places around the world, there was no option to quickly change the address.
It even got to the point that the chances of one of the teams entering the LCS were completely buried. In 2015, Denial Esports and Team Dignitas competed in the Challenger Series. The winner was to get to the finals and fight to enter the LCS. People dealing with DDOS decided to mix things up here. As a result, the IP of the Denial Esports jungler was tracked and he was completely off the game.
The team had to give up the win, due to the rules. The DDOS hadn’t let go for a few more hours, so there was no question of going back.
Today, you can still find articles on the web saying that the player ran to his sister’s house, but it did not help much. He was attacked there as well. Somehow, hackers got the IP of three different locations.
There were many more such stories, and no one could do anything. Of course, everyone stopped using the application that was the source of all these problems.
Has anyone been punished?
Has anyone suffered the consequences? Yes and no. Jensen, a professional League of Legends player, was officially permanently banned. A special announcement was issued and the player was indeed suspended, at least for a while.
The reason for the ban was showing IP in the game chat and determining the location of players. Jensen admitted that he did extract IP, but never DDOSed or commissioned such attacks.
As a result, he was hung up and plays the LCS for Team Liquid today.
Is the problem gone? Yes, but more thanks to the awareness of League of Legends players than by improving Skype’s security. At one point it was impossible to extract IP addresses, but that was a few years too late. Until today, practically no one has suffered any consequences for this, except of course people who wrote directly in the chat that they were just launching an attack.