Hello all I was not sure if I should post this in general or technical.

I have been into network security for roughly 15 years now and I was approached by a client with a interesting problem.

Lately in their game of World Of Tanks a "clan" that they have battled has apparently some how gaining remote access to their server with a plugin or something of the sort and DDoSing main people who play a inportant role during battles.

I checked their server logs and I cannot seem to find anyone logging in or out during the time this takes place but the person doing this has administrative rights because they all stated (multiple) witnesses that they heard a voice saying watch this right before it happens.

My goal basically is to find out how this is being done catch the culprit in logs and in a recording and make this a legal matter as what the person is doing is illegal.

Anyone that knows DDoS it is almost impossible to find out who started it and to trace it to one specific person, with that said if anyone has heard of this being done before and might be able to shed some light on me so I can legally trace these actions and give the information to my clients lawyer I would appreciate it.

As I have stated I have checked all server query logs and watched the logins like a hawk before during and after the incident and cannot see directly how they are doing this I have also reached out to the hosting provider and they are on board as well for security purposes I am going to leave host details out along with server specifics I do not need a person to read this then harass the host or my clients further.

To my best guess they are using a plugin of some sort that gives them elevated privileges which would explain hearing the voice but not physically seeing the person on the server when it happens which would bypass certain logs.

Thank you for any help anyone can provide,
Brandon