Comments on: Online Game Security

By: UW Computer Security Research and Course Blog » Call For Papers: Online Game Security

Sat, 16 Aug 2008 23:00:39 +0000

[...] Papers are due September 5th. We’ve talked about security and privacy for online games on this blog already. If you have any neat ideas for an article, I’m sure Gary and Ming would love to [...]

By: Kris Plunkett

Kris Plunkett — Tue, 22 Jan 2008 06:05:24 +0000

I feel that this topic is very interesting because it has a serious economical side to it. It is amazing to me, yet true nonetheless, that some gamers would pay a considerable amount of money to gain an advantage in the games they play. I’ve heard of some MMORPGs allowing gamers to actually purchase in-game currency (Everquest, I believe?), and it is apparently well known that some gamers will pay others to play their characters for them in order to leveling them up. Where there is a demand, people will come in to fill the niche. These are the people who hack into systems, steal players’ virtual in-game assets, and sell them for a real-life profit. I would theorize that there are more such people than those who cheat for the purpose of gaining advantages in the game rather than for money. In conclusion, I’d like to offer the idea that it is precisely because of this growing monetary market for cheating that creating and properly enforcing laws preventing cheating in online games will become necessary.

By: mgklous

mgklous — Tue, 22 Jan 2008 00:50:21 +0000

Another thing to consider is how online games administer and enforce rules. From my experience, when player breaks a rule that isn’t a federal crime, the worst that can happen is that the player’s account (and possibly IP) is banned. Consider adversaries who are exploiting the game and are manipulating virtual assets. This isn’t really a crime, so what can the administrators of the game do to stop the adversary? Banning the player may suffice if the adversary’s power stems from an accumulation of assets, but there’s nothing to stop the player from creating a new account and starting over again.

By: joyleung

joyleung — Mon, 21 Jan 2008 07:13:18 +0000

On top of the concern for gamers having their assets stolen from other gamers, there is the security concern of gamers stealing virtual assets directly from the game. Games like Maple Story and Gunbound make a profit by selling virtual items that can be purchased with cash. Potentially, cheaters can fuddle with the state on their computers to gain such items for themselves without paying. This has a more direct affect on the profit of a game company and also inhibits other legitimate players from playing because of the unfair advantage cheating players have in the game.

By: bcbell

bcbell — Mon, 21 Jan 2008 05:16:57 +0000

Since virtual property is becoming an asset in the real world, it will become more important to protect it. However, the problem is that internet law is hard to enforce internationally and as we are learning, anything on a user’s machine is very vulnerable to attacks by that user. I think a partial solution may involve server-side detection of anomalies (sudden gain of a bunch of gold, etc.), but that definitely isn’t going to be perfect.

By: felixctc

felixctc — Sun, 20 Jan 2008 21:27:03 +0000

Ohh. I see. My sincere apologies.

By: tip

tip — Sun, 20 Jan 2008 17:22:58 +0000

There is a little mistake in this post:

the book entitled “Exploiting Online Games” has been written by security researchers Greg Hoglund and Gary McGraw.

Federico Biancuzzi is the columnist who interviewd one of the authors. So the URL ( http://www.securityfocus.com/columnists/461/1 ) links to an interview with questions by Biancuzzi and answers by Gary McGraw