CDPR hit with Cyberattack, source codes of Cyberpunk 2077, The Witcher 3, and more supposedly leaked.

[gloop]

3 minutes ago, flo_306 said:

Yes night city is smaller but wayyyyy more detailed then

Guess we'll have to agree to disagree then. I think that RDR2 is much more detailed, has a lifelike open-world, the best written story in any media and the most realistic graphics in a game. Glad you enjoyed your time in Cyberpunk though.

 

8 minutes ago, Stahlmann said:

Is my memory that bad or was RDR2 pretty much unplayable at launch too?

Console was OK, the game worked fine. PC was bad, there was some significant issues. I'm not saying that RDR2 was fine, but that Cyberpunk was worse. They knew that the consoles were completely broken before launch by not sending out review codes, then only allowing pre-release reviews use CD Projekt's own footage. If they had come clean it would had been worse for the first few days but much better in the long run,

[D13H4RD]

6 minutes ago, WereCatf said:

It's just a convenient excuse. The real objective was, quite obviously, just simply money.

 

1 minute ago, leadeater said:

Probably not, not directly anyway. It's most likely someone ceasing on to the opportunity due to the bad publicity. Would this have happened without that, maybe, but I can't also discount the possibility that this publicity game someone look now not later.

Pretty much, because I've seen that email format before. Would've likely happened even when Cyperpunk launched in a brilliant state, but obviously, CDPR's PR shambles and such provided an opportunity.

[Master Disaster]

1 minute ago, leadeater said:

Honestly we wouldn't notice either. If it doesn't degrade service then you're unlikely to notice unless you are running some actually decent Data Leak Protection system.

Wouldn't your switches notify you of abnormal traffic?

 

I mean, even if you average a few 100 TB per month normally it would still be double your average.

[leadeater]

16 minutes ago, WereCatf said:

Is it, though? It's not like you can prepare for it in any way or anything like that, and the stress from being reminded of such people and their actions may not be healthy

Of course it's good to remember that and yes you can prepare, you just don't have to go overboard with it and not try and build something like the Great Wall of China. One way you can prepare for it is like I said, don't knowingly do a bad thing that you know for sure certainly will annoy a large collection of people.

 

I think you're taking it far too to the extreme with what would need to do or how they would be thinking day to day. It's really as simple as during an executive meeting that is to decide on the release schedule or change there of to remember there may will be consequences to anti consumer behavior. That will in no way stress anybody out.

[Vishera]

From what the hacker said we can conclude that:

1.The hacker is angry about what happened with Cyberpunk 2077

2.The hacker went on a journey of vengeance

 

Well,when thing like this happen there are rules to follow:

1.Report to the relevant authorities.

2.Prepare for the worst case scenario

3.Don't pay ransom,in many cases the data is sold or leaked even after the ransom was payed.

4.And of course don't trust anything the hacker says.

[leadeater]

33 minutes ago, Master Disaster said:

Wouldn't your switches notify you of abnormal traffic?

No, switches don't really do that. Not unless you setup QoS rules with alerting on them but that doesn't mean the traffic will actually trigger a QoS condition, especially if it's going outside the network which will be far slower than any QoS rule. You'd need to use a traffic analysis and trending tool like Cacti then look for any changes.

 

At the end of the day at the network layer it's just data, there's nothing that would be inherently abnormal about it other than the volume of data over time to a destination outside the network. That's where Data Leak Prevention tools come in that analyize the traffic exiting the network at the application layer, you can define rules for information that is not allowed to leave the network and that will block the traffic, things like that.

 

I know just for the things I look after over a 24 hr period more than 10TB moves between cities/datacenters.

[Vishera]

10 minutes ago, leadeater said:

Of course it's good to remember that and yes you can prepare, you just don't have to go overboard with it and not try and build something like the Great Wall of China. One way you can prepare for it is like I said, don't knowingly do a bad thing that you know for certainly will annoy a large collection of people.

My server's firewall is more strict than the Great Firewall of China,

Everything is blocked as default, IP addresses must be whitelisted manually.

And i am very strict with whitelisting.

[leadeater]

2 minutes ago, Vishera said:

My server's firewall is more strict than the Great Firewall of China,

Everything is blocked as default, IP addresses must be whitelisted manually.

And i am very strict with whitelisting.

Whitelisting at scale is highly impractical and if any of your servers has outbound internet access then data can leave via the rule and you'd never know about it.

 

Edit:

Inbound connections are blocked by default by every firewall, that's the default rule for that from every vendor. This issue is if you publish anything to the internet that is a potential entry point and then data leaving the network is using your outbound rulesets not your inbound rulesets. Traffic is being initiated from within the network.

[Vishera]

1 minute ago, leadeater said:

Whitelisting at scale is highly impractical

True,in my case it's manageable and seems like i already whitelisted all the addresses i need.

3 minutes ago, leadeater said:

and if any of your servers has outbound internet access then data can leave via the rule and you'd never know about it.

The rules are applied to both inbound and outbound traffic.

[leadeater]

Just now, Vishera said:

The rules are applied to both inbound and outbound traffic.

Yes but do any of your servers have internet access? Having a rule doesn't protect you if the rule allows the traffic. I mean sure you could enforce whitelist IPs and/or URLs on outbound rules to but that really is a right pain in the ass. In a nice small setup at home or in a lab that might work but for a business it just won't. There will be servers like that but not all of them can be.

 

Every server in our backend and secure/storage security zones have no internet access, if something absolutely needs access to something outside the network a rule is created for that. The problem is there is also a frontend security zone with servers that have and need more general access, and there are also rules for the servers to access servers/services in the more secure zones.

 

There's always going to be weak points, the larger your network the larger the potential of weak points there might be. Software Defined Networks can help a lot here but to switch over to that is a massive change, something that would take us around 5 years if not more.

[Vishera]

1 minute ago, leadeater said:

Yes but do any of your servers have internet access?

Yes,some of them have.

2 minutes ago, leadeater said:

Having a rule doesn't protect you if the rule allows the traffic. I mean sure you could enforce whitelist IPs and/or URLs on outbound rules to but that really is a right pain in the ass. In a nice small setup at home or in a lab that might work but for a business it just won't. There will be servers like that but not all of them can be.

I agree.

It was indeed a pain in the butt to set it up but it was still practical in my case and i think it's worth it.

[Delicieuxz]

Some people have suggested the same people behind the Capcom hack could be behind the CDPR hack.

 

[StDragon]

3 hours ago, leadeater said:

Well at least maybe it'll teach a lesson to Producers, Board Members and Investors; Finish the development correctly and don't release garbage and piss people off. Someone somewhere might just act upon their anger.

You're assuming that's the motive; I don't see proof of that.

 

This look like a standard opportunistic high profile case of a ransomware attack. Meaning, it would have happened regardless of the bad PR.

 

The question I have is this: What is the vector? An email? Or, was this an inside job via a disgruntled employee that might lead credence to your original assertation?

[Dedayog]

4 hours ago, WereCat said:

maybe the hackers can fix the cyberpunk now

 

4 hours ago, Moonzy said:

Came here to say the same thing

Interesting, seems like you are okay with the attack.  They got their just desserts?

 

In no way was this okay or warranted, criminal activity like this costs all of us.  CDPR now to fix the issue, us to pay more for games due to increased cost to produce (of which security is a part), etc.  

 

Blah, total bullshit.

[Sauron]

The best thing to do would be for them to just release the source officially now, but they won't.

[Guest willies leg]

I wonder if it compiles as shitty as it runs?

[sub68]

4 hours ago, WereCat said:

maybe the hackers can fix the cyberpunk now

maybe CDPR should put cyberpunk as a open source project than it could be better

[Doobeedoo]

FeelsBadMan

Hopefully a minor setback.

[Vanderburg]

4 hours ago, leadeater said:

Well at least maybe it'll teach a lesson to Producers, Board Members and Investors; Finish the development correctly and don't release garbage and piss people off. Someone somewhere might just act upon their anger.

And also stop wearing that dress, because clearly, they were asking for it.

[WereCat]

54 minutes ago, Dedayog said:

 

Interesting, seems like you are okay with the attack.  They got their just desserts?

 

In no way was this okay or warranted, criminal activity like this costs all of us.  CDPR now to fix the issue, us to pay more for games due to increased cost to produce (of which security is a part), etc.  

 

Blah, total bullshit.

So just because I poke some fun on the matter I automatically must take side with the hackers? Obviously, it was not ok. I think we can all agree on that. But them releasing a broken pile of junk for $60 was not ok as well so we can pretty much all agree on that as well.

[leadeater]

15 minutes ago, Vanderburg said:

And also stop wearing that dress, because clearly, they were asking for it.

Sure as if that really applies here. Sure no company deserves to be targeted and damaged like this but never go around acting surprised if someone slaps back if you slap first. Because honestly are you actually surprised this happened? No? And if so why is that?

 

Whether actually true or not the evidence thus far is the game was released before it was actually in a release stable state because seemingly the choice between delaying longer and releasing now came down to a financial choice. Now I for one have no idea what their financial situation was but it is rather clear by the evidence we can see that their financial  situation was put above the quality of the product and their consumers, necessarily or not.

 

So if you want to boil it down to something as stupid as that, yes they were asking for it. If you want a more complicated answer no they didn't deserve it but they still had a hand in this situation, fair or not. If they had released a more fully stable product across all platforms then there wouldn't be anything to criticize them for now would there and there wouldn't be any potential reason to target them.

[GravityHurts]

4 hours ago, Stahlmann said:

Is my memory that bad or was RDR2 pretty much unplayable at launch too?

Not sure about console launch but pc launch was really bad

[Dedayog]

14 minutes ago, WereCat said:

So just because I poke some fun on the matter I automatically must take side with the hackers? Obviously, it was not ok. I think we can all agree on that. But them releasing a broken pile of junk for $60 was not ok as well so we can pretty much all agree on that as well.

Them releasing a bad game isn't the issue with this thread. Your flippant reply was.  Came off as total disregard for what happened.

 

Now we can all agree?  Have you not been paying attention to the state of the US lately?  We CAN NOT in any way agree on something, all of us.   I'm sure many are hoping something bad happens to CDPR over Cyberpunk.  

 

This whole thing with Cyberpunk has gotten way out of hand and far beyond just releasing a shit game.  Lawsuits, hacking, threats to the devs personally, etc.

 

Shit needs to stop. Internet isn't a wild wild west lawless place like some think.

 

Edit:  No, I don't think you meant them ill.

[GravityHurts]

Ok I know this is stupid, but what is the difference between the game that you download and the source code? I know that all cdpr games are drm free so does that not mean that we already have access to the source code of the Witcher 3 and Cyberpunk 2077?

[WereCat]

4 minutes ago, Dedayog said:

Them releasing a bad game isn't the issue with this thread. Your flippant reply was.  Came off as total disregard for what happened.

 

Now we can all agree?  Have you not been paying attention to the state of the US lately?  We CAN NOT in any way agree on something, all of us.   I'm sure many are hoping something bad happens to CDPR over Cyberpunk.  

 

This whole thing with Cyberpunk has gotten way out of hand and far beyond just releasing a shit game.  Lawsuits, hacking, threats to the devs personally, etc.

 

Shit needs to stop. Internet isn't a wild wild west lawless place like some think.

Uh... ok? I'm not from US and I know nothing of US politics. If you think the US is the only nation in the world that has broken politics and weird things are happening then you need to come out of your shell. But this is not a place to discuss politics nor am I interested in doing so.

 

And yes, it was a total disregard for what happened because companies are getting "hacked" every day left and right. It's really nothing new. Nintendo having stolen code for the Switch was much more significant than this (if I am to give an example from recent memory).

2 minutes ago, GravityHurts said:

Ok I know this is stupid, but what is the difference between the game that you download and the source code? I know that all cdpr games are drm free so does that not mean that we already have access to the source code of the Witcher 3 and Cyberpunk 2077?

No.

Lack of DRM means that you truly own the game once you download it and keep the copy. There is nothing stopping you from making multiple copies for yourself and installing it on different devices.

Having source code allows you to modify anything within the game files, you can't really do that with an installed game. Sure, you can still mod the game but with source code you can change it entirely and the code belongs to the company, not the consumer.