UW Computer Security Research and Course Blog

Most people in our society today are familiar with the concept of MMO gaming.  World of Warcraft, for example, is something most everyone has heard of.  Most MMO games operate under a fairly strict client/server paradigm.  A company that desires to produce an MMO will create a client that handles the graphics processing, user input and output, and perhaps may store some basic per user settings, usually again related to display settings and interface options.  The remainder of the game, including all user character data and user interaction with the online world, is stored and run on company controlled servers.  This assists the company in its endeavor to give the users the experience they intended as well as control various types of cheating.  In addition, users generally cannot play offline – this means that a given user must authenticate with the server in order to access a given character or play with others in the virtual world.

I would like to briefly discuss some security issues related to this paradigm of MMO gaming.  With the number of users of such games seemingly always on the rise, the need for security will become more and more significant, as any system with a large number of users is an attractive target for various malicious behavior.

One asset these systems have is character data relating to a user’s time.  Such games usually require many hours of playtime on any given character in order to increase their strength and their ability to access or be viable in various areas of the game.  Thus one security goal is that such data be unalterable by outside parties except for the way they were intended to be altered (i.e. playing the game).  One reason this is important is to prevent users from cheating by altering their attributes to be more powerful than they should be or by creating a character instantly that normally takes hundreds of hours of play time to acquire.  If such things were to happen it would be damaging to the gameplay experience of legitimate users.

Another asset these systems have is a real-world value of virtual assets.  The relevant security goal is to ensure that in game assets cannot be generated or obtained except by legitimate means.  Another possible goal in this area would be to limit a users ability to trade virtual assets for real money, but this is more of a policy (and enforcement of that policy) problem than a security problem.  Keeping the virtual assets secure is important both for the sake of the proper operation of the in game virtual economy, as well as because having a real-world monetary value makes this area appealing to malicious individuals.

Two possible adversaries are 1) players of the game and 2) those that wish to exploit the game for monetary gain.  A player of the game might wish to alter their own character for their own benefit, or perhaps somehow bypass the monthly fee.  Those that wish to exploit the game might have no desire to actually play the game, but would be interested in instantaneously creating (or obtaining) virtual assets that could then be sold for real-world monetary gain. 

One potential weakness of this system is user login credentials.  If such credentials were compromised, a malicious party would gain instant access to the virtual assets of the player, and could then proceed to transfer or sell those assets before the player next attempts to log in.  Another potential weakness in this system is insider misconduct.  An administrator of the game may legitimately have the power to, for example, spontaneously create in game currency, but then use this ability inappropriately with a desire to sell the created virtual assets for real-world monetary gain.  

User login credentials could be defended by instructing users to keep their name and password secure.  A system could (and should) also be in place to email any user if their name and/or password is ever changed so they can respond as quick as possible should such a change be unauthorized.  Also, the transmittal of login credentials should of course be encrypted using up to date standards.

Insider misconduct could be defended against by ensuring no one has “invisible” power, such that anytime administrative privileges are used to create virtual assets or change something outside of normal intended cause/effect in the game, a log is created which several people in the company see and review.

The risk of an account being compromised seems to be fairly significant.  Many malicious users take this route, especially because credentials could be obtained by social engineering (such as phishing attacks) which is often easier than a more technical route of actually trying to find a flaw in the login system.  As far as a malicious insider, I have no information on how often that occurs, and companies would in general not want their users to know if an insider had done something they shouldn’t have.  Still, the threat certainly exists, and will become more and more of a concern if the monetary value of virtual assets continues to increase, as “printing your own money” is a tempting proposition to many.

In conclusion, the establishment of real-world monetary value for something that can be created in infinite supply without cost (such as MMO in game currency) makes this a fairly new phenomenon.  While the consequences don’t seem to be all to drastic (it is “just a game,” after all), a breach in the security of an MMO is something that should be more carefully considered, especially for MMO’s that have users bases in the millions.  People that are paying for a service, even recreational, deserve to have the integrity of that service upheld regardless of its attractiveness as a target to malicious individuals.