Sign up to our newsletter
There are two lines of thought with criminals and online video games. One is that these connected platforms offer easier opportunities to attack, compromise and steal data. The other, a relatively new theory, is that these games, accessible through the internet, are themselves becoming a breeding ground for cybercrime.
We explore both of these to find out why criminals are so engaged with the games we play online.
Online games are being targeted
The first point is rather clear – as video games are increasingly available online (via Sony’s PlayStation Network, Microsoft’s Xbox Live or some other platform), cybercriminals are investigating ways in which to exploit the gaming community’s users. Unfortunately, they are going to have to get used to the fact that their hobby comes with risks.
For example, almost one year ago, we saw Lizard Squad down both PSN and Xbox Live on Christmas Day with distributed-denial-of-service (DDoS) attacks. Minecraft was compromised back in January (resulting in the loss of hundreds of login details), while Valve’s Steam user accounts are constantly targeted. One unnamed games console company was reportedly under a significant DDoS attack for 38 days last year, while VTech’s gaming platform, used to download games to the firm’s range of child-friendly tablets, was breached recently, resulting in millions of customer details being exposed.
Cybercriminals essentially see online games as a way of making money – either by stealing and selling data, or convincing the user to hand over their bank details.
But while trojans, viruses and, increasingly, ransomware are used to target and steal money from individual gamers, a far bigger problem for the authorities is arguably money laundering.
Using online games for money laundering
In June 2013, the United Nations Office on Drugs and Crime (UNODC) issued a report reviewing cybercriminals’ methods for money laundering.
This study identified online gaming as a key avenue for money laundering, thanks to the rise of virtual economies in online gaming sites. Multi-player games, for example, use in-game currencies – such as World of Warcraft gold – which can be exchanged for real money.
It concluded: “As we spend more time and money online, opportunities for criminals to involve us in their money laundering scams will only continue to grow. This will create an increasingly difficult situation for the various law enforcement agencies that are already being put to the test by the cunning of such criminals and the myriad untraceable means they have discovered to launder illegally obtained money.”
Criminal breeding ground?
As well as stealing from gamers, a second theory is also emerging in relation to a cybercriminal’s use of online gaming platforms: many are avid gamers themselves and policing authorities are now suggesting that these connected games are a stepping stone into the murky world of cybercrime.
Recently, the UK’s National Crime Agency (NCA) came under fire on social media for implying that teens expressing an interest in computer science, as well as gaming, could go onto to become cybercriminals, which backs up previous comments from the NCA’s National Cyber Crime Unit (NCCU) director, Dr. Jamie Saunders.
“There are some sorts of criminality that youngsters don’t think of as serious,” he told the Independent earlier this year. “Stealing gold off each other in online games, cheating if you like. It would be hard to imagine a knock on the door from a policeman because you’ve stolen a sword off your friend in World of Warcraft.”
Although the idea of criminals starting out their ‘careers’ with gaming is relatively new, in some ways it is an obvious testbed for young black hats. After all, online gaming platforms have huge user bases, host vast quantities of data and money, and are significantly less secure than other potential targets. Stealing bitcoins, identities or even game levels from another gamer, for example, is far easier than taking money from a bank.
Not just for criminals
Internet-based gaming is more open – and arguably insecure – than hardware gaming consoles, and it is clear that these are not only of interest to criminals, but terrorists too.
Last month there were (ultimately erroneous) reports linking the Paris terrorist attack to terrorists’ use of PlayStation 4, following similar claims from Belgium’s interior minister, Jan Jambon. Meanwhile, in Austria last year, a 14-year-old boy was arrested for downloading bomb-making plans on his console and making contact with ISIS sympathizers. These are, of course, worrying trends.
It is clear that online gaming, while more convenient, interactive and fun than non-connected and traditional alternatives, is also being exploited by cybercriminals. As it is highly likely that online gamers are going to be targeted more and more, make sure you stay safe and beat the criminals in-game and in life too!
Author Editor, ESET