Thieves Targeting Online Games Prompt Tighter Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Thieves Targeting Online Games Prompt Tighter Security

Growing in popularity, massive multiplayer online games have become targets of organized crime rings and hackers.

The popularity in fantasy online hosted massive multiplayer online game (MMOG) sites like Blizzard and K2 Network has led organized crime rings and hackers to highjack gamers' personal data, credit card numbers, and virtual game pieces and accessories that many spend years building on.

Organized crime units in Turkey, Russia and the Ukraine will hack into the online game database to highjack accounts, stealing user names and passwords, and either attempt to sell the characters and the accessories back to the original owner, or to other players at a discount price.

Securing the online game site, K2 Network Inc. has added a security platform from NetContinuum to protect the more than 7 million registered gamers that play on the site against virtual and real-world ID theft, an executive said Friday. K2 Network senior director of infrastructure and engineering David S. Lee said people will pay between $2,000 and $8,000 for an account because of the money and time put into developing the characters in the game. "Online gamers typically stick with one game from eight months to three years, putting money into characters and accessories," Lee said. "About 60 to 70 percent of game publishers and hosting sites suffer from hacking every day."

K2 Network licenses many games from Asia, localizing them for markets worldwide. Many of the games focus on sorcery. People can create a virtual online societies and economies they build-on for years. By purchasing in-game currency, they buy swords, shields and potions that allow them to move up into higher game levels.

Scott Crawford, senior analyst at Enterprise Management Associates, has begun "to see intangible assets in the game, for example status, secrets and virtual real estate, given tangible value."

And it's not surprising that people have found ways to hack into the game databases and sites, said Colin Sebastian, senior research analyst with Lazard Capital Markets LLC. "On one hand it's a business model for the game site because it allows them to sell extra content like swords and uniforms, but on the one hand you want to have an open environment where players can experience balance that maintains the integrity of the games," he said.

Thieves hacking into the Web site use a method called sequel injection in hopes of discovering a hole in the application to highjack the database and retrieve customers' personal data. "Every other day I'd come into the office, and here we go again with another hacking coming out of some country halfway across the world," Lee said.

Putting up a firewall to block IP addresses wasn't an option. It would alienate a too many honest players. And a proxy server could always hide the person's true location if someone wanted to hack into the system.

It isn't enough that K2 built an application to recognize where the IP address originates. Nor to redesign parts of the Web site by reducing the length of characters required for user name and password, though Lee said it prevents thieves from entering harmful syntax that could wreak havoc on the site.

Losses mounted to nearly $1 million in one year, Lee said. "It's not lost money generated daily, but lost customers that wouldn't come back. We'd have to take down the site to fix things," he said. "The 11- to 35-year olds who play on the site are very smart, great programmers, and will take down the system if they get angry."

Part of the solution came with in the NetContinuum's NC-2000 Application Gateway. Typical firewalls concentrate on the network layer and don't inspect all the data packets. NetContinuum provides a Layer 7 firewall, so it reviews every packet, including the application layer. Lee said it scans the information coming in before it ever gets to the Web server, as well as provides SSL acceleration and load balancing.

Pete Abrams, vice president of marketing at NetContinuum, said users comes in thinking they're connecting to end server, "but we intercept the session between the browser and the Web site, and run security checks. If there's no problem, we let the session pass. It's all done in less than five milliseconds, so the online gamer can't tell."

Calling them "juicy targets" for hackers and thieves, Abrams has seen an increase in game publishers and hosting sites request demos in the past six months. He said it's because MMOGs have built huge customer databases to take in name, address and credit card information required by the customer before game play can begin.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll