This clash has nothing to do with the simulated battles on Gindis, Eternal Duel, Mobstar or any of the more hip gaming sites.
No, this one’s for real. The villains in this combat are criminal hackers and phishing scammers, and their targets: unsuspecting online gamers.
And while the battlefield may be cyber space, there’s nothing virtual about the damage wrought by these scams. The “loot” is lucrative game points that hackers steal and then sell at a profit.
The latest target is this battle wasWorld of Warcraft, a massively multiplayer online role-playing game (MMORPG) manufactured by Blizzard Entertainment Inc., an Irvine, Calif.-based game software developer.
In May, Win32.WOW, a new Trojan attacked the accounts of World of Warcraft players. The malicious virus had the potential of shattering the online land of Azeroth.
In World of Warcraft, players create characters that are their avatars in Azeroth. As they progress in the game, the avatars gain “possessions” – clothing, armlets, rings and weapons – that add to their prowess. For instance, a particular piece of clothing can be fireproof and a pair of shoes can make the character jump higher.
Win32.WOW entered gamers’ accounts via e-mail or seemingly innocuous peer-to-peer downloads.
“The key logger virus sits silently in gamers’ computers recording key strokes. In this way it acquires users’ login information,” said David Frazer, director of technology services at F-Secure Corp., a Helsinki, Finland-based security software vendor.
This login information can then be used to transfer plundered points and “possessions” to hackers’ accounts. These points/possessions can be easily exchanged for money, through MMORPG currency exchange Web sites. “Game points and possessions are expensive, and can cost up to thousands of dollars,” said Frazer.
Aside from hacking attacks, players’ are also vulnerable to phishing e-mails that ask them to re-register at a spurious site and then steal their information.
Frazer said in the first phase of phishing, scammers used to send out e-mails masquerading as banks. Then they lured the unsuspecting into fixing their e-Bay or PayPal accounts. Now in addition to the above scams, they have started targeting online players.
He said the reason for such switches is the low shelf life of phishing ideas. “The chances of trapping the same person in a bank phishing scam twice are low. So phishing scammers constantly look for new vectors, and right now it’s online games.”
Faced with this new onslaught, gaming companies are also getting their act together.
Gamania Digital Entertainment Inc., a global gaming company based in Taipei, Taiwan is now offering security applications from F-Secure along with its games. “Most anti-virus programs are meant for Internet security and are unable to protect gamers from targeted attacks. So we opted for custom made security software for our customers,” said Ting Hung, a Gamania spokesperson.
Frazer said F-Secure software provides security capabilities that protect online gamers from hacking attacks and phishing scams. These capabilities include anti-virus and spyware protection, firewall, parental and spam controls, rootkit application detection technology. “It will scan all files for viruses when they enter the system – through e-mail, Internet downloads or instant messaging.” Users – including gamers – find the security system easy to use. He the F-secure application can be downloaded much like any other security software.
Security experts are encouraging gaming companies to protect their players from future attacks. “We’re seeing a trend of targeted attacks that take advantage of people’s vulnerability on the Internet. You need a driver’s license to drive a car, but almost anybody can use the Internet and get hurt financially,” said Scott Carpenter, director of security labs at Secure Elements Inc., a Herndon, Va.-based security company.
He said the objectives of hacking attacks have changed significantly over the years. “In the past, these attacks were designed to destroy data, now they steal data. Earlier hackers attacked for thrills. Now they hack for profit.”
Carpenter said along with the motives, the profile of hackers is also changing. The “college student working in the basement of science building” paradigm is still alive, he said. The only difference is students are being misused by criminal elements.
An expert on cyber crimes echoes these views.
Hackers work for measly sums for professional criminals who really make the big bucks, according to Rene Hamel, an ex-RCMP officer and associate director of discovery services at Navigant Consulting, a Chicago-based consultancy that provides forensic accounting and investigative services.