NetherRealm Studios, long-time developer of several popular fighting games, admits that it’s investigating a string of online attacks against Mortal Kombat 11 customers. It appears that at least one determined hacker is using distributed denial of service (DDoS) attacks to manipulate the leaderboards on PlayStation 4. There are also reports of personal threats, including several alleged instances of players whose home addresses have been posted online.
The situation was confirmed by NetherRealm yesterday evening on Twitter.
“We are aware of numerous DDoS attacks perpetrated by a certain player in the Kombat League,” wrote a representative. “We intend to make use of all options available to us to address this situation.”
We are aware of numerous DDOS attacks perpetrated by a certain player in the Kombat League. We intend to make use of all options available to us to address this situation. Thank you for your patience!— NetherRealm Studios (@NetherRealm) August 5, 2019
Original reporting by Eurogamer tells a much more complicated story. That “certain player” goes by various handles on PS4, including pa3com, pa4com, and Son-Goku-DZ. For the last few weeks they’ve been climbing up the MK11 leaderboards, but without any clear indication that they deserve the top ranking.
Instead, the hacker appears to be able to capture and exploit their opponents’ Internet Protocol (IP) address. They then target those individuals with a sudden DDOS attack. The bad traffic streaming into their home router forces their opponents to disconnect from the match, awarding points to the hacker by default and boosting their ranking.
The attacks are likely being delivered via some sort of botnet. It’s a strategy that regularly lands individuals in jail, but this time there’s a twist. Anecdotal reports allege that hackers are also able to use data captured during one-on-one matches in MK11 to determine another player’s home addresses. They then use that information to make targeted, personal threats. One such incident even occurred live on Twitch, where a player with the handle BelowZer0 was threatened with real-world violence at his home.
While these threats don’t appear to be coming from the same player who is exploiting the MK11 leaderboards, they are nonetheless evidence that there could be something seriously wrong with the security in MK11.
Polygon has reached out to NetherRealm for more information.