Suspect in WoW Classic and Overwatch DDoS attacks arrested

Michael Gwilliam

Blizzard has posted an update regarding a series of September DDoS (Distributed Denial of Service) attacks that took titles such as Overwatch and World of Warcraft Classic offline.

In a September 19 post on the WoW forums, Community Manager Kaivax set out to provide some closure to players impacted by the September 7-8 downtime.

Kaivax revealed that the company’s security team began working with international law enforcement agencies to track down the source of the DDoS attacks right as they began. 

An update on the attack was posted on the WoW Forums.

“It is our understanding that, within a few days, authorities were able to successfully identify and arrest a suspect,” Kaivax added. “We really appreciate your patience and understanding.”

Cloudflare describes a DDoS attack as, “a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.”

Overwatch players were victims of the DDoS attacks too.

Timeline of the attack

The attacks first began on September 7 when WoW Classic players began reporting server issues such as spontaneously being booted despite being able to connect.

Overwatch players also reported network instability resulting in competitive players being tossed out of games and locked onto the “rejoin match” screen. With no way to join back, we assume many players lost a bunch of skill rating at once.

At 2:20 PST, Blizzard confirmed the cause of disruption was a DDoS attack.

The DDoS attacks plagued WoW Classic players all weekend.

While the issues eventually subsided, the very next day on September 8, Blizzard was bombarded with another wave of DDoS attacks that even potentially affected the Overwatch League playoff broadcast on Twitch. 

On Twitter, commentator Wolf ‘Proxwolf’ Schröder wrote that “a temporary solution for the DDOS attacks” was to use the built-in Command Center function, implying that the broadcast was yet another casualty. 

At 1:11 PM PST Blizzard made a public post that an investigation was ongoing regarding realm stability. Nearly an hour later at 2:25, they confirmed that it was another DDoS attack against network providers. 

By 5:05 PM, however, the dust had settled and all WoW Realms except Rattlegore were back online and stable. 

With the alleged perpetrator now in custody, players should be able to enjoy their video games in peace and not have to worry about being booted for the foreseeable future.