The simple days of Duck Hunt and Donkey Kong are gone. Today players enter virtual worlds that look amazingly real with =tles like “Call of Duty” and “Halo”. They take on roles such as military Special Forces operators working toward objec=ves in hos=le urban terrain, communica=ng by headset with team players half way across the world. The Internet plus increasingly powerful hardware plaGorms has turned gaming into a very lucra=ve industry. Today, professional video gamers compete in tournaments, sign endorsement deals 1 , and live like sports celebri=es within the vast gaming world. The mul=‐billion dollar video game industry now commands the aJen=on of movie studios 2 and ins=tu=onal investors 3 . Ac=vision‐Blizzard recently released “StarcraO II” 4 , which is the much an=cipated follow‐up to the 1998 original “StarcraO”. While today’s most popular games are released for console plaGorms like MicrosoO’s Xbox 360, Sony’s Playsta=on 3, or Nintendo’s Wii, StarcraO II was developed solely for the PC (personal computer). The cost of StarcraO II development: $100 million. The U.S. na=onally televised VGAs 5 (Video Game Awards) present awards for video games in mul=ple categories such as “Best Original Score”. That’s right; video games now have original soundtrack scores. 1 http://www.1up.com/do/newsStory?cId=3179024 2 http://en.wikipedia.org/wiki/List_of_films_based_on_video_games 3 http://www.marketwatch.com/story/videogame-publishers-on-deck-for-tough-quarter-2010-07-29 4 http://www.cnbc.com/id/38414156 5 http://www.spike.com/event/vga2009/page/vote/category/34766 © Team Cymru 2010
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Thesimpledays ofDuckHunt andDonkey Kongare gone. Today players entervirtualworldsthat lookamazingly real with=tles like“CallofDuty”and“Halo”.They takeonrolessuchasmilitary Special Forces operators working toward objec=ves in hos=le urban terrain,communica=ng by headset with team players half way across the world. The Internet plusincreasingly powerful hardware plaGormshas turned gaming into a very lucra=ve industry.Today,professional videogamers competeintournaments, signendorsementdeals 1,andlivelikesportscelebri=eswithinthevastgamingworld.
Themul=‐billiondollarvideogameindustrynowcommands the aJen=onofmoviestudios2andins=tu=onal investors3. Ac=vision‐Blizzard recently released“StarcraO II”4,which is themuchan=cipated follow‐uptothe1998original “StarcraO”.Whiletoday’s most popular gamesarereleasedforconsole plaGorms likeMicrosoO’s Xbox360,Sony’sPlaysta=on3,orNintendo’sWii,StarcraO II was developed solely for the PC (personal computer). The cost of StarcraO IIdevelopment:$100million.TheU.S.na=onally televisedVGAs5 (VideoGameAwards)presentawardsforvideogames inmul=plecategories suchas“BestOriginal Score”.That’s right;videogamesnowhaveoriginalsoundtrackscores.
1 http://www.1up.com/do/newsStory?cId=3179024
2 http://en.wikipedia.org/wiki/List_of_films_based_on_video_games
3 http://www.marketwatch.com/story/videogame-publishers-on-deck-for-tough-quarter-2010-07-29
4 http://www.cnbc.com/id/38414156
5 http://www.spike.com/event/vga2009/page/vote/category/34766
©TeamCymru2010
MMORPG
WorldofWarcraO(WoW)is oneofthemostpopularPCgamesofall =me.WoWisaMMORPG(Massively mul=player online role‐playing game). Players take onroles andworkwithotherplayers inthenetwork.Blizzard’sgameserverseachsupportthousandsofsimultaneous playerswhocompeteforvirtualresources.Virtualgoldisoneofthemorevaluablecommodi=es.
This hadledtoa rise in“goldfarming”6.Collec=nggoldinWoW takes=meandeffort. Gold farmersare individuals/organiza=ons who code bots toperformmundanerepe==vetasksin thegame inorder to collect larger amounts of virtual gold.Typically thesebots are coded inLua (a scrip=nglanguagesimilartoPython)andtheharvestedgoldis sold on commercial websites that specialize invirtual goods. Certain gold harves=ng companiesfind cheap labor and use humans for themonotonous gaming work, oOen hundreds ofpeople7. A Google searchfor “gold farmers” turns upa troveof websites and images. Fortydollars typically buys 400‐500 gold inWoW. Onceyouenter payment informa=onona goldfarmer’s website, the virtual player thenmeets you inWoW and transfers the gold. WhileBlizzardofficiallyfrownsuponthis prac=ceandbans botswheretheyfindthem,thesecondarymarketforvirtualgoldandothergoodsisthriving.
Consider a businessmanwhoenjoys WoW, but hasliJle=me toplay. He cannot amassthevirtualresources necessary inWoWsohebuysthemfromanauc=onhouse.Everyoneappearstowin. Theproblem is thatmany players complainthat the gold farming prac=ceruinsthegame’s experience,specifically, thein‐gameeconomy. Prices forcommonvirtual goodsmayexperience price infla=on due to the increased supply of gold. Blizzard sells extremelyexpensive virtual goods, seemingly for the purposeof reducing theamount of gold that ispresentamongagame’splayers.
Users can easily spot automated programs in theWoW virtual world and they resent thechea=ng when legi=mate players spend real =me in the game. In speaking with frequentgamers, TeamCymrudiscoveredthatmostofthese goldfarmingorganiza=ons arelegi=mate,andgoldfraudisrarelyencountered.
Other gamespresentsimilar opportuni=es. InDiablo2, itwas previously possibletocheat byduplica=ng ("dupe") items acquired in thegame. Assortments of virtual goods wereoOen
6 http://en.wikipedia.org/wiki/Gold_farming
7 http://www.nextnature net/wp-content/uploads/2009/03/gold-farming-china-wow7go-530.jpg
auc=oned on eBay8. When a player found a rare virtual good in the game, he/she couldduplicateitandsell these copies toothergamers.Playerswere abletoprofitfromacopy‐pastefunc=oninamaJerofseconds.
Themone=za=onof virtual goods is nothing new. LindenLabs introducedLindenDollarsintotheirSecondLife virtualworld,themarketforwhichcanbetrackedontheLindeX9.This virtual currencyhasa statedexchangerate(currentlyabout $250 Linden to $1 U.S.) to real U.S. dollars. Thevirtualcurrency canbeused topurchasevirtual landandothervirtualgoodsandservices.
The gaming industry understands that virtual commodi=es hold real value for gamers. TheUndergroundEconomy alsounderstands this truthandas always they are ac=vely exploi=ngvulnerablegamersandmone=zingstolenvirtualresourcesforrealmoney.
OneofthemostpopularUEgamingpas=mesisphishing:viaemail10andingame11.While usersare playingagamelikeWoW,theyreceiveanunsolicitedmessage thatappearstobefromthehostcompany like Blizzardoranotherlegi=mateuser.Thesociallyengineeredmessage informstheuser that their account has beencompromisedor there isa new gameversionrecentlyreleased, etc. anda malicious link is included that typicallyleadstomalware(keyloggingtrojansareafavorite).
It appears that the gaming popula=on falls prey to thisaJackmore frequently thanotheruser segments. Onceagamer’s creden=als arephished, thefraudsters thenstealtheplayer’s virtualavatarandstealall ofhis/herresources.Oncethe gamer regains access totheir account, they findtheir virtual persona standing naked in a waste land,penniless.Thefraudstersliterallycommitavirtualmugging.
8http://cgi.ebay.com/Diablo‐II‐2‐Item‐USEast‐Ladder‐S6‐ZodRune/320544910296?cmd=ViewItem&pt=Video_Games_Games&hash=item4aa1f72bd8http://cgi.ebay.com/Diablo‐2‐Useast‐CLASSIC‐Ladder‐Sojs‐/170520520011?cmd=ViewItem&pt=Video_Games_Accessories&hash=item27b3d0a54b
9 http://secondlife.com/statistics/economy-market.php
10 http://www net-security.org/secworld.php?id=9633
11 http://sunbeltblog.blogspot.com/2010/07/phish-whisperer.html
©TeamCymru2010
Blizzardhas respondedbyofferinga twofactorauthen=ca=onsolu=onvia hardwaretokenfor$6,butfewusersappeartocapitalizeontheimprovedsecurityposture.TeamCymruinterviewswithgamerssuggestthatmanyofthesevic=msare vic=mizedmul=ple =mes andtheironlyrealconcernisre‐establishingaccesstotheirgamingaccounttorestoretheirvirtualavatars.
FraudstersalsopackagemalwarewithinsoOware designedtomodify orhacka gameandgiveanextraadvantagetotheplayer,suchas theability toseethroughwalls.Gamers oOensearchforthis typeofsoOwareonPeer‐to‐Peernetworks andsubsequent infec=ontypically leadstostolengameaccounts.GameslikeWoWchargeusersamonthlysubscrip=onfee.Gamers oOensubscribetogamenetworks that allow them toplay mul=plegamesreleasedby a par=culargamestudio. ExamplesincludeXbox live for consolegames ontheXbox.Steamis the virtuallockerforPCgames releasedbyValve(bestknownforHalfLife).OOencompromisedcreden=als
tothesetypesofsubscrip=onnetworksaresoldintheUndergroundEconomytoavidgamers.
SocialGaming
Over 500millionpeoplenowuseFacebook.12 Over 100millionof those users enjoy playinggames created by Zynga. The company has produced blockbuster games like Farmville (60millionplayers)andZynga’s es=mated$500millioninrevenuehasthe business worldtakingno=ce. Zyngaspecializes insocial gaming,a sub‐category typically involvinggameintegra=onintoasocial networklike Facebook.Addi=onally,manyofZynga’s games are available onsmart
12 http://www.insidefacebook.com/2010/07/21/facebook-announces-500-million-users-stories-application/
©TeamCymru2010
phones. It is telling that Google is in talkswith Zynga to create a social network13 to rivalFacebook.Zyngahasaloyalbaseofsocialgamers thatGooglecouldleveragetoquicklybuildanewsocialnetwork.AccordingtotheWallStreetJournal,
“In countries such as China and Japan, social games generate billions of dollars in revenue. In theU.S., social gamingwas a$700 millionmarket in 2009, according to es=matesbyThinkEquityLLC,a researchfirm.Thatfigure is supposedtotripleby2012, thefirmsaid.”
Thesesocialgames produce revenuethroughthesaleofvirtual goods.Social gamersassignrealvaluetovirtualgoods.Facebookcurrently takes 30%oftherevenuegeneratedbythese virtualgoods.
Socialgaming is another opportunity for theUnderground Economy becauseof the scaleofusers involvedandthefactthatvirtual goods areoOeneasiertomone=zethanphysical goods.TheWallStreetJournalreported,
“Merchants that sell digital goods lost1.9%ofall revenuetofraudin2009compared witha1 . 1% f raudrate for companies that sell physical goods on‐Iine,accordingto CyberSource Corp.,which processescreditcardsforonlinemerchants.[sic] World‐wide sales of digital items in games andsocial networks reached$2.2billionin 2009 and areexpectedtogrowto$6billionin2013,accordingtoPiperJaffray&Co.”
Themarketforvirtual goodsisrapidlyexpandingandfraudstersaresurelytakingno=ce.In2009Facebookini=ated“Credits”,a virtual currency forFacebooklinkedgamesandother services.Thedifficulty forFacebookandothervirtualgoods sellers isdetec=ng fraud, specificallywithstolencreditcards sincetheproductbeingpurchasedis instantandvirtual anddoes notrequirea shippingaddress.TeamCymruhas witnessedUEadver=sements forthe sale ofthese typesofvirtualgoods,specifically Facebookvirtual poker chips andFarmvilledollars, but the criminalbuyers arelacking.While ahigherpercentage ofcriminals appearinterestedin WoWcreden=alsand Steam accounts, there is currently liJle criminal interest in purchasing social gamingresources.
©TeamCymru2010
TheUEis primarily comprisedofcriminals selling toothercriminals. Iffraudsters areabletoportstolensocial gamingservices tomainstreambuyers under thebannerof legi=macy,thenthe business model might succeed. Success being the ephemeral no=on of criminal effortrequiredtosuccessfullymone=ze ahighpercentageofresources atanacceptable price point.Fraudstersmaydecide thatresellingvirtual goods iseasierandpresents amorerobustbusinessmodelthanreselling fraudulently obtainedphysical goods, but buyerswouldneedtobelievethatthecriminalsellers arelegi=matebusinessesmakingprofitsonresell markupmargins.Goldfarmingis notcriminal,butusingstolencreditcards topurchasevirtual goods is.Wouldsocialgamers recognizeacriminal website reselling virtual goodsthat arecheaper thanpurchasingdirectlythroughFacebook?
Consoles
Console gaming has its fair share of criminal opportunity as well. MicrosoO’sXbox 360 andSony’s PlaySta=on 3 boast a bevy of first person shooter games. The games can becollabora=vely playedacross the Internet inreal=me.MicrosoO’s gamingnetwork(Xbox Live)uses the “hostboot” protocol which involves UDP packets to port3074. There areanumberofYouTubetutorials onthetopic of locally analyzing host boot traffic for thepurposeof DDoSing opponentstoknock them out ofthegame.InordertoDDoSanopponent,a gamermustfirstiden=fy theproper IP addressforthe opponent inques=on.PlentyofYouTubetutorials existforthis topicinvolvingtheWindowshackingtoolCain&Abel14.
Onceavic=m’s IP address is iden=fied, pointandclickprograms likeDDoSSer canbe usedtoforce the vic=m’s disconnec=on from the game. The apparent college student author ofDDoSSerpostedanumberofYouTubetutorialsexplainingtheprogram’suse15.
Eveninconsolegames,virtual lifemimics real life. In2007,a gamertolda virtual roomfull ofpeople inthe“lobby”ofa gamethathewasgoingtokill the presidentofthe UnitedStates.Thecommentwas reportedtotheU.S.SecretServicewhoinves=gatedtheincidentandinterviewedthesuspectaOerdiscoveringhistrueiden=ty.
14 http://www.youtube.com/watch?v=WQk6Zw_-IrI&feature=related
15 http://www.youtube.com/watch?v=TRV6EciLj_E
©TeamCymru2010
Conclusion
Gamingis nowa mainstreamphenomenon.Dedicatedgamers purchaseexpensivecomputersandpowerful consoles,andmillions ofpeopleenjoy the distrac=onofsocial gaming,oOenontheirmobilephone.Companiesunderstandthatgamingis a global passionandindividuals areincreasinglywillingtospenddisposableincomeonvirtualgoodsandservicesinthesegames.
TheUndergroundEconomytodatehas experiencedlimiteddemandforgamingcreden=als andvirtual goods, but as gaming becomes even more mainstream criminals may aJempt toestablish large virtual goods businesses beyond WoW gold farming. Addi=onally, gamingcreden=als may contribute to an increase in cross channel fraud as gamers use the samecreden=alsforsocialmediaaccounts,e‐mailaccounts,bankaccounts,etc.
©TeamCymru2010
References
Ac=visionBetsBigonPCGame.(2010,July16).TheWallStreetJournal(Westerned.),p.C3
First,GiveAwaytheGame.(2010,July30).TheWallStreetJournal(Westerned.),p.B5
FraudstersLikeVirtualGoods.(2010,July21).TheWallStreetJournal(Westerned.),p.B3
ThankYou
SpecialthankyoutoWesYoung,REN‐ISACforhis=meandthoughts.
©TeamCymru2010
Related Documents
