Thieves Targeting Online Games Prompt Tighter Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Thieves Targeting Online Games Prompt Tighter Security

Growing in popularity, massive multiplayer online games have become targets of organized crime rings and hackers.

The popularity in fantasy online hosted massive multiplayer online game (MMOG) sites like Blizzard and K2 Network has led organized crime rings and hackers to highjack gamers' personal data, credit card numbers, and virtual game pieces and accessories that many spend years building on.

Organized crime units in Turkey, Russia and the Ukraine will hack into the online game database to highjack accounts, stealing user names and passwords, and either attempt to sell the characters and the accessories back to the original owner, or to other players at a discount price.

Securing the online game site, K2 Network Inc. has added a security platform from NetContinuum to protect the more than 7 million registered gamers that play on the site against virtual and real-world ID theft, an executive said Friday. K2 Network senior director of infrastructure and engineering David S. Lee said people will pay between $2,000 and $8,000 for an account because of the money and time put into developing the characters in the game. "Online gamers typically stick with one game from eight months to three years, putting money into characters and accessories," Lee said. "About 60 to 70 percent of game publishers and hosting sites suffer from hacking every day."

K2 Network licenses many games from Asia, localizing them for markets worldwide. Many of the games focus on sorcery. People can create a virtual online societies and economies they build-on for years. By purchasing in-game currency, they buy swords, shields and potions that allow them to move up into higher game levels.

Scott Crawford, senior analyst at Enterprise Management Associates, has begun "to see intangible assets in the game, for example status, secrets and virtual real estate, given tangible value."

And it's not surprising that people have found ways to hack into the game databases and sites, said Colin Sebastian, senior research analyst with Lazard Capital Markets LLC. "On one hand it's a business model for the game site because it allows them to sell extra content like swords and uniforms, but on the one hand you want to have an open environment where players can experience balance that maintains the integrity of the games," he said.

Thieves hacking into the Web site use a method called sequel injection in hopes of discovering a hole in the application to highjack the database and retrieve customers' personal data. "Every other day I'd come into the office, and here we go again with another hacking coming out of some country halfway across the world," Lee said.

Putting up a firewall to block IP addresses wasn't an option. It would alienate a too many honest players. And a proxy server could always hide the person's true location if someone wanted to hack into the system.

It isn't enough that K2 built an application to recognize where the IP address originates. Nor to redesign parts of the Web site by reducing the length of characters required for user name and password, though Lee said it prevents thieves from entering harmful syntax that could wreak havoc on the site.

Losses mounted to nearly $1 million in one year, Lee said. "It's not lost money generated daily, but lost customers that wouldn't come back. We'd have to take down the site to fix things," he said. "The 11- to 35-year olds who play on the site are very smart, great programmers, and will take down the system if they get angry."

Part of the solution came with in the NetContinuum's NC-2000 Application Gateway. Typical firewalls concentrate on the network layer and don't inspect all the data packets. NetContinuum provides a Layer 7 firewall, so it reviews every packet, including the application layer. Lee said it scans the information coming in before it ever gets to the Web server, as well as provides SSL acceleration and load balancing.

Pete Abrams, vice president of marketing at NetContinuum, said users comes in thinking they're connecting to end server, "but we intercept the session between the browser and the Web site, and run security checks. If there's no problem, we let the session pass. It's all done in less than five milliseconds, so the online gamer can't tell."

Calling them "juicy targets" for hackers and thieves, Abrams has seen an increase in game publishers and hosting sites request demos in the past six months. He said it's because MMOGs have built huge customer databases to take in name, address and credit card information required by the customer before game play can begin.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll