Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Cheating in Massively Multiplayer Online Games and Associated Security Issues
1. Cheating in Massively Multiplayer
Online Games and Associated
Security Issues
Why does it matter?
Kirby Lo (20268479)
2. Why do games matter?
• Change in the amount of leisure time
▫ 6-7 hours per week for men
▫ 4-8 hours per week for women
• Video game was created as one of the new
hobbies
3. Why do games matter?
• Revenues of $66 billion
dollars
• Mobile gaming on the
rise
▫ Growth: 5.8b to 8b
• As video games become
more
mainstream, market
begins to grow larger
0 20 40 60 80
Traditional video games
(excluding mobile games)
Mobile games
Global video game market
revenue (including mobile
games)
Retail software revenue
Online revenue
Estimated 2013
2012
4. Gaming is serious business
• World of WarCraft
▫ Peaked at 12 million
subscribers
▫ At $15 per month, that’s a lot
of money!
• EVE Online
▫ 65303 concurrent online
users on a single server
▫ 205th in the world, if that was
a country
5. Gaming is serious business
• The virtual item market has significant value
• Real money trade in 2007 had an estimated
volume of $2 billion!
▫ Still rising!
6. But I don’t care about games
• Massively Multiplayer Online Games (MMOGs)
represent a learning opportunity for cloud
computing
• Sophisticated server cluster used
• Vulnerability of MMOGs often mirrors cloud
vulnerability
▫ Gauge strengths/weakness of a cloud system
7. Cheating in MMOGs
Type Label Cheating Form
Of special relevance to
online games
A Exploiting Misplaced Trust
B Collusion
C Abusing the Game Procedure
D Cheating related to Virtual Assets
E Exploiting Machine Intelligence
F Modifying Client Infrastructure
Generic G Timing Cheating
Of special relevance to
online games
H Denying Services to Peer Players
Generic
I Compromising Passwords
J Exploiting Lack of Secrecy
K Exploiting Lack of Authentication
L Exploiting a Bug or Design Loophole
M Compromising Game Servers
N Internal Misuse
O Social Engineering
8. Cheating in MMOGs
Violations Violators
Availability G
Authenticity K
Confidentiality A, B, I, J, O
Integrity A, F, H, J ,M, N
Type Label Cheating Form
Of special relevance to
online games
A Exploiting Misplaced Trust
B Collusion
C Abusing the Game Procedure
D Cheating related to Virtual Assets
E Exploiting Machine Intelligence
F Modifying Client Infrastructure
Generic G Timing Cheating
Of special relevance to
online games
H Denying Services to Peer Players
Generic
I Compromising Passwords
J Exploiting Lack of Secrecy
K Exploiting Lack of Authentication
L Exploiting a Bug or Design Loophole
M Compromising Game Servers
N Internal Misuse
O Social Engineering
9. Availability
• Availability of platform to users
▫ Significant amount of paying users
• Translatable across different industries
• Availability is important in:
▫ Cloud platforms
▫ Cloud apps
• Learning opportunity from vulnerabilities
10. Availability: Vulnerabilities
• DDoS
▫ Denial of service attacks
▫ Flood server so it cannot respond to legitimate
requests
• Server load
▫ Insufficient server load
▫ Cyclical nature of certain applications
11. Availability: Case study
• World of WarCraft
▫ Massive downtime during patches and expansions
▫ Cyclical nature
New content players return
▫ Load planning
Plan for peak load?
Plan for average load?
▫ Solution: Borrow servers/cloud computing
12. Authenticity
• Ensure data transfer is from a trusted source
• Often provide non-repudiation
• User interaction in MMOGs
▫ Often anonymous
▫ Preserve user experience
13. Authenticity: Vulnerabilities
• Man in the middle attack
▫ Bogus game servers to collect user name/passwords
• Phishing
▫ Imitation of official websites/services
▫ Trick user into entering legitimate passwords
• Pharming
▫ Redirect traffic from legitimate site to non-legitimate
ones
▫ DNS alternation
▫ Host file
• Greed – primary driver for falling victim
14. Authenticity: Case study
• Eden Eternal
▫ Require user to enter CAPTCHA code randomly
▫ Ensure user is human and not a bot
▫ Humans end up having more trouble than bots
OCR technology
• World of WarCraft
▫ Phishing and scamming too prevalent
▫ Push out two factor authentication for all users
▫ Trusted period
15. Confidentiality
• Protection of information assets
• Sensitive information
▫ Credit card info
▫ Personal info
▫ User name/passwords
• Litigation risk
• Lucrative black market serves as motivation
16. Confidentiality: Vulnerabilities
• Misplaced trust/Collusion
▫ Attacker trusted with information
• Compromising passwords
▫ Access to accounts that could view confidential
info
• Social engineering
• Network intrusion
17. Confidentiality: Case Study
• PlayStation Network failure (2011)
▫ 70 million user’s information
Name/address/birth dates/passwords/security
questions
▫ Significant reputation loss
▫ Fined for breach of Data Protection Act
▫ Share price plummeted
▫ Cost of $170 million
Plus lost sales and goodwill
18. Integrity
• Prevention of unauthorized modification
• Exploitation in integrity opens doorway to other
exploits
• Client/data modification
20. Integrity: Case Study
• Warden (Blizzard)
▫ Monitor programs
▫ Hash value of processes sent for review
▫ Cheat signatures compared
▫ Shuts down game immediately if match
21. Conclusion
• Cheating in MMOGs exposes vulnerabilities in
cloud computing
• Cyber attack and cyber defense is a cat and
mouse game
• Learn from lessons presented in case studies
• Application of lesson on wider cloud/security
environment