Video Game Publisher Sues over Server-Crippling Hacks


Game publisher Ubisoft has filed a lawsuit against “members of a business enterprise” which provides its customers the means to conduct distributed denial-of-service (DDoS) attacks against game servers. The case was filed in the Central District of California.

The complaint explained that DDoS attacks work by flooding a server with illegitimate traffic, which could cause a variety of disruptions, including a server crash. Ubisoft alleged that the defendants have orchestrated or facilitated such attacks against one of its particularly popular games, Rainbow Six: Siege (R6S). Because R6S is a “highly competitive” online multi-player game, “in the case of a server or network crash, Defendants’ DDoS Attacks deny R6S’s legitimate and authorized users’ access to the R6S Servers, and more importantly, the game.”

Ubisoft argued that “by offering, marketing, and providing their DDoS Services to active R6S players, Defendants have induced countless players to breach the Ubisoft TOU and Code of Conduct,” adding that on Ubisoft’s information and belief, they have gained substantial revenue from the sale of these services. The plaintiffs also recounted the defendants’ taunts made on Twitter, mocking their security efforts.

The complaint explained specific harms suffered by Ubisoft and, by extension, players of its games. “Defendants irreparably harm the ability of Ubisoft’ s legitimate customers in the United States to enjoy and participate in the online experience carefully created by Ubisoft. That, in turn, causes users to grow dissatisfied with R6S, lose interest, and stop playing.” Additionally, Ubisoft was required to expend money, time, and staff to respond appropriately to the attacks. Finally, Ubisoft alleged damage to their reputation and loss of consumer goodwill.

The defendants comprise 3 named individuals, none of whom reside in the United States, as well as other individuals unknown or only known by their screen name. SNG.ONE was the only organizational defendant, an entity of unknown form.

The plaintiffs additionally alleged that, in anticipation of a lawsuit, the defendants “have hastily sought to conceal evidence concerning their involvement, even going so far as to create and publish a fictional seizure notice on one of the websites used by Defendants.” The notice falsely claims that the domain has been seized by Microsoft and Ubisoft.

Ubisoft specifically alleged counts of violating the Computer Fraud and Abuse Act, the California Computer Data Access and Fraud Act, trespass to chattel, interference with contractual relations, and unfair competition. They seek injunctive relief and exemplary and punitive damages against the defendants. Ubisoft was represented by Mitchell, Silberberg & Knupp LLP.