Globally people have developed an interest in online gaming and video games. Video games encompass a wide audience, from casual players to professional competitors. The industries strong continual growth in revenue is a sure sign of this fact; however, there are major security concerns for online gamers that need to be addressed from a cybersecurity aspect. This term paper focuses on online video gaming, and how the online gaming industry is a target for scams, fraud and hacks as well as some previous major scams and cyber vulnerabilities. This paper will address, as well, whether companies or businesses that create these games have some security in place and if not, how they should protect their users’ information.
Any fraudulent business or scheme that takes money or other goods from an unsuspecting person is known as a scam (Computer Hope, 2017). The Internet has made it easier for thousands of scams to occur daily. In the past couple of years, online gaming scams have soared in an industry that is said to be worth more than $15 billion dollars. In an article, the author identifies seven of the most common types of online gaming scams from Internet fraud to phishing scheme traps, to phony jobs that allure users to test video games. Other scams include fraudulent cellphone use and charges, virtual gold and other imaginary credits bought with real cash, and reliability on illegal forms of content sharing (K, n.d.).
Amongst these threats include cellphone dialers, who downloaded an anti-terrorism game onto the victim’s cellphones, which results in long distance and premium calls being made. Cell phone users will run virtual businesses and other activities through the earning of credits obtained by playing social networking games (K, n.d.). Since credits are so hard to come by, the victims of these games oftentimes encounter other players or even receive emails where they can earn free credits if they view ads or watch a short clip or take part in other quizzes. When users take these test your IQ quizzes, they have to input their cellphone number to obtain the results and some advertising-driven offers are not considered genuine (Keith, n.d.). Lurking in the small, fine print of these offers lays a trick that is old and familiar which pushes the victims to sign up for a recurring monthly fee, of 5-10 dollars. Another deceitful attack is when scammers trick their victims in a one-time fee, typically $40 or less, allowing the victim unlimited downloads of most PC or device games like PSPs and Xbox (Keith, n.d.). The users do no realize that they are getting a set of links to torrent sites that enable users to swap games and other files. When a user downloads from a torrent site, they commit an illicit of piracy. These file sharing sites often come riddled with malware, which can further endanger the victim’s information. The most common scam, phishing, is when attackers send legitimate looking emails to players, asking for information regarding their account, in order to resolve an issue or give a ?special’ promotion. Once a victim responds to these emails, their original account and information is in jeopardy. One topic in the phishing emails could be the promise of virtual assets like gaming credits, or special equipment which can be bought and sold between players. Amongst this virtual trade lie scammers who sell items they do not have, in hopes of making a quick buck from players. Scammers will promise, as well, video game testing positions, with pay up to $100 an hour, a list of dead leads for a hefty price, or useless training (Keith, n.d.).
Another article that was found talks about seven ways modern games have turned into scams. The seven ways are: 1.) hundred-dollar buttons, 2.) paying for healing, 3.) EA’s rating scam, 4.) retroactive ruination, 5.) breaking pieces of the game to sell, 6.) undoing your money, and 7.) turning games into chores (McKinney, 2015). In the game Super Monster Bros, Mario remade with Pok?©mon sprites, every second tap that a child does on the screen will bring up a purchase confirmation for items, usually that cost $100 dollars. If a child hits yes or sure at the alert that pops up at the start of a new game then that child downloaded a Trojan horse and not a new game and will require the parent’s credit card. McKinney states that in Dungeon Hunter 4, your options are ?FIGHT,’ ?ITEM,’ and ?CREDIT CARD,’ because you have to buy healing potions (2015). Apparently, each player starts each day with three healing potions. The only way to get more is to pay cash
money for them.
A game that carves itself into pieces, where the player has to buy items in order to move on, would be Demon’s score (McKinney, 2015). Demon’s Scoreis a music/rhythm game where each costume unlocks a new musical theme. A player starts the game with only one costume so if that player wanted to beat the game without buying the extras, he/she would have to repeatedly play the same musical level.
On the other hand, there are players who invest time and money in games to continue on with the story just to have it shutdown. SimCity
Social, The Sims Social and Pet Society were gaming worlds that EA casually informed its players that they would be shutting down. In that case, the players lost the money that they had invested or bought on those games and EA did not want to give them the money back (McKinney, 2015).
The author SebastianZ (Z), an employee with Symantec, mentioned that most phishing attempts target most popular games that have the biggest base of players (2014). Nowadays the cherry on top would be Blizzard. Blizzard is an innovator in the online gaming community as they have created games such as World of Warcraft, Diablo, Starcraft and a few others, which are manageable by one shared account, Battle.net and may include a player’s gaming data, real payment information, such as Paypal or Credit Card information. However, Blizzard is aware of phishing attempts that target unaware gamers and tries to educate and gives recommendations on what not-to-do if one is faced as a target for a phishing email. Phishing does not necessary mean that it will come in email form, according to Z. An online chat system or in-game mail system can be found in every online game nowadays. TrendLabs gives an example of an in-game phishing attack for World of Warcraft. Attackers were tempting the gamers by sending them invitations to beta-testing of World of Warcraft expansion: Mists of Pandaria. If the users participated, they would get a free in-game mount obtained by following the provided link. The player clicks on the link and is brought to a website that poses as a legitimate Battle.net page. Their account would be compromised as soon as they logged in to claim the reward (Z, 2014). Z goes on to explain that in-game trade, account trade or sale, gold and items sale and power leveling are common online game scams that a user may encounter.
Just like the online gaming industry is prone to scams, it is subjected as well to constant vulnerabilities like distributed denial of service (DDoS) attacks, spoofed websites, money being stolen with ransomware and scareware, brute force attacks and keyloggers, social engineering techniques, and more. In 2011, the world saw Sony’s PlayStation network become a victim of a high-profile DDoS attack and according to Ma, the attacks have gotten more powerful and more frequent (2017). Over the years, companies like Xbox Live, Nintendo, League of Legends, Blizzard, and smaller networks have all suffered devastating DDoS attacks. Since DDoS attacks are growing in frequency and severity, gaming networks that have latency and outage issues struggle (Ma, 2017). Ma in her article, states three types of DDoS attacks that negatively impact gaming servers. The three attacks are: volumetric attacks, protocol attacks and application layer attacks (2017). Volumetric attacks are brute force attacks that can include Internet Control Message Protocol (ICMP) floods, User Datagram Protocol (UDP) floods and spoof packets. When this attack occurs, the bandwidth is flooded and access to online resources is blocked. Protocol attacks target the online server resources that can affect communication equipment such as, firewall and load balancers (Ma, 2017). The most sophisticated types of DDoS attacks, the application layer attacks, are the attacks that mimic human user behavior making them hard to detect. The gaming company Valve owns the multi-OS platform, Steam, which is an e-store for video games. According to Dickson, Steam has more than 125 million members, 12 million concurrent users and thousands of games (2016). Steam offers features for game inventories, trading cards and other valuable goods that users can purchase and attach to their accounts. Cook(a), Dickson and Paganini(a) both state in their articles that a new breed of malware, Steam Stealer, that is responsible for the hijacking of millions of user accounts (2016). All three authors state that Steam, in 2015, admitted that about 77,000 Steam accounts are stolen every month. Kaspersky Lab has identified more than 1,200 specimens of the malware (Dickson, 2016).
Cook describes the grey market as the biggest unintended consequence of video games since the move to online (2016a). The grey market is where virtual items through regular game play are sold for real money, with sellers ranging from U.S. college students working for beer money to Chinese children sitting at Internet cafes for 20 hours a day (Cook, 2016a).
Paganini states in his article that in 2015 Lizard Squad, a hacktivism group, knocked Sony’s PlayStation Network and Microsoft’s Xbox Live offline on Christmas Day, which affected thousands of gamers and prevented them from accessing both services (2016a). Paganini says that spoofed websites are fake websites that contain malware, where unsuspecting users click on them and have their information stolen. Cybercriminals in 2015 were infecting gamers’ machines with ransomware. This caused users to not be able to play any of their games until they paid a Bitcoin ransom (Paganini, 2016a). Sony, Ubisoft and others are no exception where cybercriminals pursue log-in usernames and passwords (Paganini, 2016a).
In another article by Paganini, Pok?©mon Go was a game that everyone worldwide went nuts for. Pok?©mon Go uses augmented reality and the hacking group, PoodleCorp, claimed credit for taking down the servers with DDoS attack (2016b). Users in Europe and US were not able to access the gaming platform because PoodleCorp flooded the servers of the company with so many requests that the servers crashed. Paganini says that PoodleCorp claims it was a test for a bigger offensive which is the most concerning aspect of the attack (2016b).
Amir mentions in his article that PoodleCorp is claiming responsibility for DDoS attacks on Blizzard and League of Legend servers. Riot Games created League of Legends, a multiplayer online battle arena video game, for Microsoft Windows and OS X (Amir, 2016). Angry players took their rage to Twitter asking Blizzard support handle about the DDoS attacks. According to Amir, League of Legends decided not to talk about the attack and decided to solve things internally (2016).
As if users did not have enough to worry about, Porolli states in his article five threats that online gamers face, which are in no particular order: 1.) TeslaCrypt, 2.) password stealers, 3.) fake game cracks, 4.) fake apps and 5.) phishing. TeslaCrypt falls under malware and it encrypts game-play data for dozens of video games, prompting the user to pay a ransom to decrypt those files. Saved game files, configuration files or game items from Call of Duty and Minecraft were targeted by TeslaCrypt which blocked access. Porolli remarks that TeslaCrypt is no longer operational but the ransomware is still spreading and it not that effective since current games are often designed to save games and settings on the cloud servers (2016). Password stealers are where hackers used social engineering techniques or deceit, through chat message, to have victims install an application. Once a victim downloads the application, which is really malicious software, the victim’s account credentials are stolen. Another social engineering technique is where players think he/she is installing a crack but the file that is downloaded contains malware and sometimes it cannot bypass the game protections (Porolli, 2016). Among the many games at Google play, an Android Trojan is hidden where attackers can control the Android devices remotely. This Trojan imitates games like Plants vs. Zombies 2 or Subway Surfers.
In the year 2016, the video game industry saw a ton of cyber incidents, according to Cook. June 3, 2016 was when Blizzard released Overwatch and within in the first week, thousands of players were permanently banned for cheating. July 7, 2016, Overwatch cheat makers were sued by Blizzard for copyright infringement. Blizzard quoted, millions or tens of millions of dollars in revenue were lost as a result (Cook, 2016b). TinyBuild accused G2A for selling $450,000 worth of stolen game keys on August 1, 2016. On November 14, 2016, hackers stole $15M to $18M in coins from EA, Electronic Arts, FIFA, over a period of two years. The FBI ended up getting involved and the result was the hackers went on trial (Cook, 2016b).
Who protects the gamers from DDoS attacks and the other vulnerabilities that were mentioned? The responsibility falls to game developers and publishers. PlayFab is a gaming company that provides services for building MMO and other connect games, and tools for operating them, which means keeping track of what players, are doing and customizing the game around their activities, using targeting techniques (Cawley, 2015). PlayFab conducted a survey, with 70% of respondents stated they were unaware that any game company had a security breach. This is a surprise since online gaming breaches have been happening for years. The survey reveale that security is given a back seat and that the game developers and publishers are not dealing with breaches responsibly or openly. Cawley discusses that in the gaming industry, online security issues need to be dealt with and not placed on the back burner (2015).
Boutilier tells in his article that Ubisoft, a gaming studio, uses the customer data primarily for their internal marketing and demographic studies according to St?©phanie Perotti, a vice president with gaming studio Ubisoft. Ubisoft is not the only company that uses its gamers’ data to improve its ability to sell games. Other companies do it as well. Ubisoft can collect, at any time, information on its customers’ gaming habits from: the unique identity of the gaming console that was purchased, a user’s Internet provider, dates and times spent playing Ubisoft games, game scores, metrics and statistics and how much money is spent in-game (Boutilier, 2015). Perotti states, Ubisoft takes the privacy and security of personal information very seriously.
If a company will not protect a users’ data then the user has ways to keep their information safe. Cawley mentions some safety tips a user can do. They are: 1.) do not use the same passwords in multiple games, websites and services, 2.) stick with well-known platforms, 3.) avoid buying virtual goods and credit outside of the game, 4.) use games that accept two-factor authentication, 5.) avoid ad-supported games on smartphones and tablets and 6.) resist the temptation to buy and download cheats from grind automation to anything claiming you can gain game cash for little effort (Cawley, 2015).
Two-factor authentication, called 2FA or two-step verification, is a method that requires two different ways to verify someone’s identity. A user can use his/hers cellphone in addition to a password to protecting their account. Stegner says that Playstation, Xbox, Steam, GOG, Good Old Games, Origin, and uPlay all have ways to enable two-factor authentication (2017). Nintendo does not offer two-factor authentication so a user should choose a hard password that would take years for someone to figure out (Stegner, 2017).
Symantec gives tips on how to keep your gaming account secure. The tips are: 1.) always use a secure password and change it every three months, 2.) educate oneself about phishing scams and what to be on the lookout for, 3.) be wary of online gaming forums, 4.) secure one’s home network, 5.) remember that gaming companies will never contact a user asking for their credentials and to go directly to the game company’s website if there are any issues and 6.) if the gaming company has had a data breach then go to the account immediately and try to change the password. If a user cannot change the password then he/she must contact the gaming company directly.
A professional writer will make a clear, mistake-free paper for you!Get help with your assigment
Please check your inbox
I'm Chatbot Amy :)
I can help you save hours on your homework. Let's start by finding a writer.Find Writer