Derptrolling (sometimes referred to as Derp) is the name of a hacker group that was active from 2011 to 2014.
They largely used Twitter to coordinate distributed denial of service attacks on various high traffic websites. In December 2013 they managed to bring down large gaming sites such as League of Legends in an attempt to troll popular livestreamer PhantomL0rd. Public reaction to their presence has been generally negative, largely owing to the unclear nature of their motives.
Initially, Derp sent a few tweets using their Twitter account to indicate that they were going to bring down the popular gaming website League of Legends.
Their first attack however, was on a game called Quake Live.
Hours afterwards, many of the League of Legends game server regions in North America, Europe, and Oceania, as well as the website and Internet forums were taken down. To bring down the game servers, they used an indirect attack on Riot Games’ internet service provider Internap.
They were revealed to have been targeting a popular livestreamer who goes by the name of PhantomL0rd on the streaming website Twitch). PhantomL0rd, whose real name is James Varga, is a 25-year-old professional gamer who regularly streams gameplays on his Twitch account and gets paid to play video games. Reddit summarized the report by saying that they had planned to use distributed denial of service attacks to flood traffic on various high profile gaming websites associated with PhantomL0rd, including League of Legends and Blizzard Entertainment’s Battle.net. According to The Escapist, the group also issued a threat to take down Dota 2 if PhantomL0rd were to lose his game, which they carried out. However, they only crashed Phantoml0rd’s game, while other games in DoTA 2 were running normally.
When PhantomL0rd asked members of the hacker group why they were attacking these sites, they responded by saying it was “for the lulz” and that it was also partially out of dislike for “money-hungry companies.” They also persuaded PhantomL0rd into playing Club Penguin while simultaneously managing to take down Electronic Arts website EA.com. PhantomL0rd’s personal information was leaked during the attack and released onto multiple gaming websites, in a process often referred to as doxing. This led to many fake orders of pizza arriving at his house, as well as a police raid on his house when they received reports about a hostage situation. According to PhantomL0rd, at least six policemen searched through his house, but they only realized later that the call was fake.
The hacker group claimed to have additionally attacked several other Internet games and websites including World of Tanks, the North Korean news network KCNA, RuneScape, Eve Online, a Westboro Baptist Church website, the website and online servers of Minecraft, and many others. A day after the attacks, Riot Games issued a statement confirming that their League of Legends services had indeed been attacked by the hacker group, though they have brought their services back online.
Aftermath and reaction
The news website LatinoPost criticized the attack as being “frivolous” and merely “just for attention,” unlike so-called hacktivist groups. Computer scientist David Birti considered it fortunate at the time that their hacking activities have mainly been restricted to denial of service attacks and have not been as severe as password leakage yet. VentureBeat noted that PhantomL0rd’s stream was still drawing in over one hundred thousand viewers and that it is “still good for his traffic.” PlayStation LifeStyle stated that they believe the current problems with the PlayStation Network had more to do with the “influx of new PS4 owners and increased holiday online activity” than any effect or damage the hacker group attempted on the network.
Editor of popular gaming news website Game Informer’s Mike Futter also blamed the Twitch streaming service and PhantomL0rd for not shutting the stream immediately despite having received several warnings throughout, and that this was tantamount to playing accomplices to the crime. Varga defended himself by saying that he was merely trying to maintain a business, and that if he did not comply, DerpTrolling would have targeted another streamer.