The Evolving Threat: Hackers & Gaming Platforms

(Ping! Zine Issue 50) – It’s April 2011: Game enthusiasts trying to log in into Sony’s PlayStation Network can’t access the popular multiplayer platform. While many probably assume it’s simple downtime caused by maintenance, something much more sinister is at play. Sony has just pulled access to the network in response to a cyber-attack that possibly stole personal information pertaining to around 77 million user accounts. The actual attack is later revealed to have directly impacted Sony’s San Diego, California data center.

In a process that can only be described as exhaustive, the company is forced to investigate the matter during extended downtime that persists for 24 days. And while the network has since long returned with increased security to the liking of many gamers, the instance is part of a trend that’s becoming all too common: Hackers are increasingly targeting online gaming platforms.

With more and more increasingly popular game titles becoming available, especially with the approaching season of fall, companies must meet higher security standards.

Ping! Zine provides a rundown of just some of the top gaming-related breaches occurring since April 2011’s PlayStation Network downtime:

JUNE 2011: Notorious hacking group Lulzsec takes credit for a breach on game developer Nintendo. However, the damage appears to be minimal with the company noting no user data was compromised. Meanwhile Lulzsec states, “Re: Nintendo, we just got a config file and made it clear that we didn’t mean any harm. Nintendo had already fixed it anyway. <3 them,” via its Twitter page.

NOVEMBER 2011: Hackers target Microsoft gaming platform Xbox Live, according to a report by British publication The Sun. Using phishing tactics, they cause some British-based users financial losses. Some stolen money for individual users reportedly even accounts for over £200. That same news story indicates that Microsoft worked to offer users refunds.

JANUARY 2012: According to a report from the BBC, security company Avast notes that it has found malware present on children’s websites containing “arcade” and “game” in their names. The sites are commonly used to play Flash-powered games. The infections hit users with things like JavaScript infections and other unwanted viruses. “These are sites with mini-games, including flash applications and simple online apps – one example is software that allows girls to dress and change the clothes of characters,” comments Avast Chief Technical Officer in the BBC’s report.

MAY 2012: Shortly following the game’s release, many users of hack and slash title Diablo 3 are reporting that their game accounts have been hacked with items missing in their user inventories. Game creator Blizzard responds via its Battle.net forums with Community Manager Lylirra stating, “Historically, the release of a new game — such as a World of Warcraft® expansion — will result in an increase in reports of individual account compromises, and that’s exactly what we’re seeing now with Diablo III.” The game developer also provides suggestions including the use of a Battle.net authenticator to help secure accounts.

MAY 2012: Hackers successfully breach and alter inventory accounts belonging to users on popular social game title YoVille, according to a report from Venture Beat. “We detected unusual activity in YoVille, and it coincided with reports from a small number of users,” comments Zynga Chief Security Officer Nils Puhlmann in the report. The company works to correct the issue.

JUNE 2012: User accounts for popular real time strategy game League of Legends are accessed by hackers, admits came creator Riot. While the breach only accounts for a small number of players, the company fixes a key vulnerability that allowed the breach and emails affected customers regarding the stolen data that thankfully didn’t include financial information. “We take your privacy and security seriously, and we’re working diligently to improve it for the better,” comment March Merrill and Brandon Beck via the game developer’s website.

While many of the above mentioned attacks differ in their variety of tactics and intent, there are some common steps both game administrators and users can take.

On the user’s end, you guessed it: Creating more complex passwords and changing them regularly can work wonders in the security department. Even though many of us don’t want to let go of the passwords we’ve always used, implementing different variations that include capitalization and numbers is highly recommended.

And from the game administrator’s role, increased security standards like account authenticators launched by Blizzard for Battle.net and World of WarCraft can help gamers keep online accounts secure.

So what’s an authenticator? It’s a small, affordable electronics device that generates a unique code for use each time a user logs into the multiplayer game. The authenticator then tracks login locations. You might be thinking, “Well, that sounds like a hassle.” It’s actually not. This is how Blizzard explains it via its support page on Battle.net: “The authenticator system will now intelligently track your login locations. If you are logging in consistently from the same location, you may not be asked for an authenticator code. This process is designed to make logging in faster when you’re at a secure location.” And while this solution isn’t ideal for every game, it could help larger companies administrate stronger security.

Tools that allow users to view and disable active logins from remote locations could also come in handy (as previously done by social sites including Facebook. Then there are traditional means to make sure data is kept secure (i.e. firewalls).

As particular game titles become more popular, hackers are keeping their eyes open. Both users and game developers must adapt to the changing landscape. By doing so, they can secure the enjoyment of their gaming lifestyles for a long time to come.

Advertisement