1. Cheating in Massively Multiplayer
Online Games and Associated
Security Issues
Why does it matter?
Kirby Lo (20268479)

2. Why do games matter?
• Change in the amount of leisure time
▫ 6-7 hours per week for men
▫ 4-8 hours per week for women
• Video game was created as one of the new
hobbies

3. Why do games matter?
• Revenues of $66 billion
dollars
• Mobile gaming on the
rise
▫ Growth: 5.8b to 8b
• As video games become
more
mainstream, market
begins to grow larger
0 20 40 60 80
Traditional video games
(excluding mobile games)
Mobile games
Global video game market
revenue (including mobile
games)
Retail software revenue
Online revenue
Estimated 2013
2012

4. Gaming is serious business
• World of WarCraft
▫ Peaked at 12 million
subscribers
▫ At $15 per month, that’s a lot
of money!
• EVE Online
▫ 65303 concurrent online
users on a single server
▫ 205th in the world, if that was
a country

5. Gaming is serious business
• The virtual item market has significant value
• Real money trade in 2007 had an estimated
volume of $2 billion!
▫ Still rising!

6. But I don’t care about games
• Massively Multiplayer Online Games (MMOGs)
represent a learning opportunity for cloud
computing
• Sophisticated server cluster used
• Vulnerability of MMOGs often mirrors cloud
vulnerability
▫ Gauge strengths/weakness of a cloud system

7. Cheating in MMOGs
Type Label Cheating Form
Of special relevance to
online games
A Exploiting Misplaced Trust
B Collusion
C Abusing the Game Procedure
D Cheating related to Virtual Assets
E Exploiting Machine Intelligence
F Modifying Client Infrastructure
Generic G Timing Cheating
Of special relevance to
online games
H Denying Services to Peer Players
Generic
I Compromising Passwords
J Exploiting Lack of Secrecy
K Exploiting Lack of Authentication
L Exploiting a Bug or Design Loophole
M Compromising Game Servers
N Internal Misuse
O Social Engineering

8. Cheating in MMOGs
Violations Violators
Availability G
Authenticity K
Confidentiality A, B, I, J, O
Integrity A, F, H, J ,M, N
Type Label Cheating Form
Of special relevance to
online games
A Exploiting Misplaced Trust
B Collusion
C Abusing the Game Procedure
D Cheating related to Virtual Assets
E Exploiting Machine Intelligence
F Modifying Client Infrastructure
Generic G Timing Cheating
Of special relevance to
online games
H Denying Services to Peer Players
Generic
I Compromising Passwords
J Exploiting Lack of Secrecy
K Exploiting Lack of Authentication
L Exploiting a Bug or Design Loophole
M Compromising Game Servers
N Internal Misuse
O Social Engineering

9. Availability
• Availability of platform to users
▫ Significant amount of paying users
• Translatable across different industries
• Availability is important in:
▫ Cloud platforms
▫ Cloud apps
• Learning opportunity from vulnerabilities

10. Availability: Vulnerabilities
• DDoS
▫ Denial of service attacks
▫ Flood server so it cannot respond to legitimate
requests
• Server load
▫ Insufficient server load
▫ Cyclical nature of certain applications

11. Availability: Case study
• World of WarCraft
▫ Massive downtime during patches and expansions
▫ Cyclical nature
 New content  players return
▫ Load planning
 Plan for peak load?
 Plan for average load?
▫ Solution: Borrow servers/cloud computing

12. Authenticity
• Ensure data transfer is from a trusted source
• Often provide non-repudiation
• User interaction in MMOGs
▫ Often anonymous
▫ Preserve user experience

13. Authenticity: Vulnerabilities
• Man in the middle attack
▫ Bogus game servers to collect user name/passwords
• Phishing
▫ Imitation of official websites/services
▫ Trick user into entering legitimate passwords
• Pharming
▫ Redirect traffic from legitimate site to non-legitimate
ones
▫ DNS alternation
▫ Host file
• Greed – primary driver for falling victim

14. Authenticity: Case study
• Eden Eternal
▫ Require user to enter CAPTCHA code randomly
▫ Ensure user is human and not a bot
▫ Humans end up having more trouble than bots
 OCR technology
• World of WarCraft
▫ Phishing and scamming too prevalent
▫ Push out two factor authentication for all users
▫ Trusted period

15. Confidentiality
• Protection of information assets
• Sensitive information
▫ Credit card info
▫ Personal info
▫ User name/passwords
• Litigation risk
• Lucrative black market serves as motivation

16. Confidentiality: Vulnerabilities
• Misplaced trust/Collusion
▫ Attacker trusted with information
• Compromising passwords
▫ Access to accounts that could view confidential
info
• Social engineering
• Network intrusion

17. Confidentiality: Case Study
• PlayStation Network failure (2011)
▫ 70 million user’s information
 Name/address/birth dates/passwords/security
questions
▫ Significant reputation loss
▫ Fined for breach of Data Protection Act
▫ Share price plummeted
▫ Cost of $170 million
 Plus lost sales and goodwill

18. Integrity
• Prevention of unauthorized modification
• Exploitation in integrity opens doorway to other
exploits
• Client/data modification

19. Integrity: Vulnerabilities
• Client modification
• Intercept data
▫ Modify and resend

20. Integrity: Case Study
• Warden (Blizzard)
▫ Monitor programs
▫ Hash value of processes sent for review
▫ Cheat signatures compared
▫ Shuts down game immediately if match

21. Conclusion
• Cheating in MMOGs exposes vulnerabilities in
cloud computing
• Cyber attack and cyber defense is a cat and
mouse game
• Learn from lessons presented in case studies
• Application of lesson on wider cloud/security
environment