docGaming and the Underground Economy
download 
Report Transcription
Gaming and the Underground Economy
The
simple
days of
Duck
Hunt
and
Donkey
Kong
are gone.
Today
players enter
virtual
worlds
that
look
amazingly
real with
=tles like
“Call
of
Duty”
and
“Halo”.
They
take
on
roles
such
as
military
Special Forces operators working
toward
objec=ves in
hos=le urban
terrain,
communica=ng
by
headset
with
team
players
half
way
across
the world.
The
Internet
plus
increasingly
powerful hardware plaGorms has turned
gaming
into
a very
lucra=ve industry.
Today,
professional
video
gamers compete
in
tournaments,
sign
endorsement
deals 1,
and
live
like
sports
celebri=es
within
the
vast
gaming
world.
The
mul=‐billion
dollar
video
game industry
now
commands the aJen=on
of
movie
studios 2
and
ins=tu=onal investors 3.
Ac=vision‐Blizzard
recently
released
“StarcraO
II”4,
which
is the
much
an=cipated
follow‐up
to
the 1998
original “StarcraO”.
While
today’s most
popular
games are
released
for
console plaGorms like
MicrosoO’s Xbox
360,
Sony’s
Playsta=on
3,
or
Nintendo’s
Wii,
StarcraO
II
was developed
solely
for
the PC
(personal
computer).
The cost
of
StarcraO
II
development:
$100
million.
The
U.S.
na=onally
televised
VGAs 5
(Video
Game
Awards)
present
awards
for
video
games in
mul=ple
categories such
as
“Best
Original Score”.
That’s right;
video
games
now
have
original
soundtrack
scores.
1
http://www.1up.com/do/newsStory?cId=3179024
2
http://en.wikipedia.org/wiki/List_of_films_based_on_video_games
3
http://www.marketwatch.com/story/videogame-publishers-on-deck-for-tough-quarter-2010-07-29
4
http://www.cnbc.com/id/38414156
5
http://www.spike.com/event/vga2009/page/vote/category/34766
©
Team
Cymru
2010
MMORPG
World
of
WarcraO
(WoW)
is one
of
the
most
popular
PC
games
of
all =me.
WoW
is
a
MMORPG
(Massively
mul=player
online role‐playing
game).
Players take on
roles and
work
with
other
players in
the
network.
Blizzard’s
game
servers
each
support
thousands
of
simultaneous players
who
compete
for
virtual
resources.
Virtual
gold
is
one
of
the
more
valuable
commodi=es.
This had
led
to
a rise in
“gold
farming”6 .
Collec=ng
gold
in
WoW
takes
=me
and
effort.
Gold
farmers
are individuals/organiza=ons
who
code
bots
to
perform
mundane
repe==ve
tasks
in
the game
in
order
to
collect
larger
amounts of
virtual gold.
Typically
these
bots are
coded
in
Lua
(a scrip=ng
language
similar
to
Python)
and
the
harvested
gold
is sold
on
commercial websites that
specialize in
virtual
goods.
Certain
gold
harves=ng
companies
find
cheap
labor
and
use humans
for
the
monotonous gaming
work,
oOen
hundreds of
people 7.
A
Google search
for
“gold
farmers”
turns up
a trove
of
websites and
images.
Forty
dollars typically
buys 400‐500
gold
in
WoW.
Once
you
enter
payment
informa=on
on
a gold
farmer’s website,
the
virtual player
then
meets
you
in
WoW
and
transfers the
gold.
While
Blizzard
officially
frowns
upon
this prac=ce
and
bans bots
where
they
find
them,
the secondary
market
for
virtual
gold
and
other
goods
is
thriving.
Consider
a businessman
who
enjoys WoW,
but
has
liJle
=me
to
play.
He
cannot
amass
the
virtual
resources necessary
in
WoW
so
he
buys
them
from
an
auc=on
house.
Everyone
appears
to
win.
The
problem
is that
many
players complain
that
the gold
farming
prac=ce
ruins
the
game’s experience,
specifically,
the
in‐game
economy.
Prices for
common
virtual goods
may
experience price
infla=on
due to
the increased
supply
of
gold.
Blizzard
sells
extremely
expensive
virtual goods,
seemingly
for
the purpose
of
reducing
the
amount
of
gold
that
is
present
among
a
game’s
players.
Users
can
easily
spot
automated
programs
in
the
WoW
virtual world
and
they
resent
the
chea=ng
when
legi=mate
players spend
real
=me in
the game.
In
speaking
with
frequent
gamers,
Team
Cymru
discovered
that
most
of
these gold
farming
organiza=ons are
legi=mate,
and
gold
fraud
is
rarely
encountered.
Other
games
present
similar
opportuni=es.
In
Diablo
2,
it
was previously
possible
to
cheat
by
duplica=ng
("dupe")
items acquired
in
the game.
Assortments of
virtual goods were
oOen
6
http://en.wikipedia.org/wiki/Gold_farming
7
http://www.nextnature net/wp-content/uploads/2009/03/gold-farming-china-wow7go-530.jpg
auc=oned
on
eBay8 .
When
a player
found
a rare virtual
good
in
the
game,
he/she
could
duplicate
it
and
sell
these copies to
other
gamers.
Players
were able
to
profit
from
a
copy‐paste
func=on
in
a
maJer
of
seconds.
The
mone=za=on
of
virtual goods is nothing
new.
Linden
Labs introduced
Linden
Dollars
into
their
Second
Life virtual
world,
the
market
for
which
can
be
tracked
on
the
LindeX9 .
This virtual
currency
has
a stated
exchange rate
(currently
about
$250
Linden
to
$1
U.S.)
to
real U.S.
dollars.
The
virtual
currency
can
be
used
to
purchase
virtual land
and
other
virtual
goods
and
services.
The
gaming
industry
understands that
virtual commodi=es hold
real value for
gamers.
The
Underground
Economy
also
understands this truth
and
as always they
are ac=vely
exploi=ng
vulnerable
gamers
and
mone=zing
stolen
virtual
resources
for
real
money.
One
of
the
most
popular
UE
gaming
pas=mes
is
phishing:
via
email 10
and
in
game 11.
While users
are playing
a
game
like
WoW,
they
receive
an
unsolicited
message that
appears
to
be
from
the
host
company
like Blizzard
or
another
legi=mate
user.
The
socially
engineered
message informs
the
user
that
their
account
has
been
compromised
or
there
is
a new
game
version
recently
released,
etc.
and
a malicious link
is
included
that
typically
leads
to
malware
(key
logging
trojans
are
a
favorite).
It
appears that
the
gaming
popula=on
falls
prey
to
this
aJack
more frequently
than
other
user
segments.
Once a
gamer’s creden=als are
phished,
the
fraudsters then
steal
the
player’s
virtual
avatar
and
steal
all of
his/her
resources.
Once
the gamer
regains access
to
their
account,
they
find
their
virtual persona standing
naked
in
a waste
land,
penniless.
The
fraudsters
literally
commit
a
virtual
mugging.
8
http://cgi.ebay.com/Diablo‐II‐2‐Item‐USEast‐Ladder‐S6‐Zod
Rune/320544910296?cmd=ViewItem&pt=Video_Games_Games&hash=item4aa1f72bd8
http://cgi.ebay.com/Diablo‐2‐Useast‐CLASSIC‐Ladder‐Sojs‐
/170520520011?cmd=ViewItem&pt=Video_Games_Accessories&hash=item27b3d0a54b
9
http://secondlife.com/statistics/economy-market.php
10
http://www net-security.org/secworld.php?id=9633
11
http://sunbeltblog.blogspot.com/2010/07/phish-whisperer.html
©
Team
Cymru
2010
Blizzard
has responded
by
offering
a two
factor
authen=ca=on
solu=on
via hardware
token
for
$6,
but
few
users
appear
to
capitalize
on
the
improved
security
posture.
Team
Cymru
interviews
with
gamers
suggest
that
many
of
these
vic=ms
are vic=mized
mul=ple =mes and
their
only
real
concern
is
re‐establishing
access
to
their
gaming
account
to
restore
their
virtual
avatars.
Fraudsters
also
package
malware
within
soOware designed
to
modify
or
hack
a game and
give
an
extra
advantage
to
the
player,
such
as the
ability
to
see
through
walls.
Gamers oOen
search
for
this type
of
soOware
on
Peer‐to‐Peer
networks and
subsequent
infec=on
typically
leads
to
stolen
game accounts.
Games
like
WoW
charge
users
a
monthly
subscrip=on
fee.
Gamers oOen
subscribe
to
game networks that
allow
them
to
play
mul=ple
games
released
by
a par=cular
game studio.
Examples
include Xbox
live for
console
games on
the
Xbox.
Steam
is the virtual
locker
for
PC
games released
by
Valve
(best
known
for
Half
Life).
OOen
compromised
creden=als
to
these
types
of
subscrip=on
networks
are
sold
in
the
Underground
Economy
to
avid
gamers.
Social
Gaming
Over
500
million
people
now
use
Facebook.12 Over
100
million
of
those users enjoy
playing
games created
by
Zynga.
The
company
has produced
blockbuster
games
like
Farmville (60
million
players)
and
Zynga’s es=mated
$500
million
in
revenue
has
the business world
taking
no=ce.
Zynga
specializes in
social gaming,
a sub‐category
typically
involving
game
integra=on
into
a
social
network
like Facebook.
Addi=onally,
many
of
Zynga’s
games are available on
smart
12
http://www.insidefacebook.com/2010/07/21/facebook-announces-500-million-users-stories-application/
©
Team
Cymru
2010
phones.
It
is telling
that
Google
is in
talks
with
Zynga
to
create a social
network 13 to
rival
Facebook.
Zynga
has
a
loyal
base
of
social
gamers
that
Google
could
leverage
to
quickly
build
a
new
social
network.
According
to
the
Wall
Street
Journal,
“In
countries such
as China
and
Japan,
social games
generate
billions of
dollars in
revenue.
In
the
U.S.,
social gaming
was a
$700
million
market
in
2009,
according
to
es=mates
by
ThinkEquity
LLC,
a research
firm.
That
figure is supposed
to
triple
by
2012,
the
firm
said.”
These social
games produce revenue
through
the
sale
of
virtual goods.
Social gamers
assign
real
value
to
virtual
goods.
Facebook
currently
takes 30%
of
the
revenue
generated
by
these virtual
goods.
Social
gaming
is another
opportunity
for
the
Underground
Economy
because
of
the scale
of
users involved
and
the
fact
that
virtual
goods are
oOen
easier
to
mone=ze
than
physical goods.
The
Wall
Street
Journal
reported,
“Merchants that
sell digital goods lost
1.9%
of
all
revenue to
fraud
in
2009
compared
with
a
1 . 1 %
f r a u d
rate
for
companies
that
sell
physical goods
on‐Iine,
according
to
CyberSource Corp.,
which
processes
credit
cards
for
online
merchants.
[sic]
World‐wide
sales of
digital
items
in
games and
social networks reached
$2.2
billion
in
2009
and
are
expected
to
grow
to
$6
billion
in
2013,
according
to
Piper
Jaffray
&
Co.”
The
market
for
virtual
goods
is
rapidly
expanding
and
fraudsters
are
surely
taking
no=ce.
In
2009
Facebook
ini=ated
“Credits”,
a virtual currency
for
Facebook
linked
games
and
other
services.
The
difficulty
for
Facebook
and
other
virtual
goods sellers is
detec=ng
fraud,
specifically
with
stolen
credit
cards since
the
product
being
purchased
is instant
and
virtual
and
does not
require
a shipping
address.
Team
Cymru
has witnessed
UE
adver=sements for
the sale of
these types
of
virtual
goods,
specifically
Facebook
virtual
poker
chips and
Farmville
dollars,
but
the criminal
buyers are
lacking.
While a
higher
percentage of
criminals appear
interested
in
WoW
creden=als
and
Steam
accounts,
there is
currently
liJle criminal
interest
in
purchasing
social gaming
resources.
©
Team
Cymru
2010
The
UE
is
primarily
comprised
of
criminals selling
to
other
criminals.
If
fraudsters are
able
to
port
stolen
social gaming
services to
mainstream
buyers under
the
banner
of
legi=macy,
then
the
business model
might
succeed.
Success
being
the
ephemeral no=on
of
criminal effort
required
to
successfully
mone=ze a
high
percentage
of
resources at
an
acceptable price point.
Fraudsters
may
decide that
reselling
virtual goods is
easier
and
presents a
more
robust
business
model
than
reselling
fraudulently
obtained
physical
goods,
but
buyers
would
need
to
believe
that
the
criminal
sellers are
legi=mate
businesses
making
profits
on
resell markup
margins.
Gold
farming
is not
criminal,
but
using
stolen
credit
cards to
purchase
virtual
goods is.
Would
social
gamers recognize
a
criminal website
reselling
virtual goods
that
are
cheaper
than
purchasing
directly
through
Facebook?
Consoles
Console gaming
has its
fair
share
of
criminal opportunity
as well.
MicrosoO’s
Xbox
360
and
Sony’s PlaySta=on
3
boast
a bevy
of
first
person
shooter
games.
The
games can
be
collabora=vely
played
across the Internet
in
real
=me.
MicrosoO’s gaming
network
(Xbox
Live)
uses the “host
boot”
protocol
which
involves UDP
packets to
port
3074.
There are
a
number
of
YouTube
tutorials
on
the
topic
of
locally
analyzing
host
boot
traffic
for
the
purpose
of
DDoSing
opponents
to
knock
them
out
of
the
game.
In
order
to
DDoS
an
opponent,
a gamer
must
first
iden=fy
the
proper
IP
address
for
the opponent
in
ques=on.
Plenty
of
YouTube
tutorials exist
for
this topic
involving
the
Windows
hacking
tool
Cain
&
Abel 14.
Once
a
vic=m’s IP
address is iden=fied,
point
and
click
programs like
DDoSSer
can
be used
to
force the
vic=m’s disconnec=on
from
the
game.
The apparent
college
student
author
of
DDoSSer
posted
a
number
of
YouTube
tutorials
explaining
the
program’s
use 15.
Even
in
console
games,
virtual
life
mimics real life.
In
2007,
a gamer
told
a virtual room
full of
people in
the “lobby”
of
a game
that
he
was
going
to
kill the president
of
the United
States.
The
comment
was reported
to
the
U.S.
Secret
Service
who
inves=gated
the
incident
and
interviewed
the
suspect
aOer
discovering
his
true
iden=ty.
14
http://www.youtube.com/watch?v=WQk6Zw_-IrI&feature=related
15
http://www.youtube.com/watch?v=TRV6EciLj_E
©
Team
Cymru
2010
Conclusion
Gaming
is now
a main
stream
phenomenon.
Dedicated
gamers purchase
expensive
computers
and
powerful
consoles,
and
millions of
people
enjoy
the distrac=on
of
social gaming,
oOen
on
their
mobile
phone.
Companies
understand
that
gaming
is a global
passion
and
individuals are
increasingly
willing
to
spend
disposable
income
on
virtual
goods
and
services
in
these
games.
The
Underground
Economy
to
date
has experienced
limited
demand
for
gaming
creden=als and
virtual
goods,
but
as gaming
becomes even
more
mainstream
criminals
may
aJempt
to
establish
large virtual goods businesses beyond
WoW
gold
farming.
Addi=onally,
gaming
creden=als may
contribute
to
an
increase
in
cross
channel
fraud
as gamers use the same
creden=als
for
social
media
accounts,
e‐mail
accounts,
bank
accounts,
etc.
©
Team
Cymru
2010
References
Ac=vision
Bets
Big
on
PC
Game.
(2010,
July
16).
The
Wall
Street
Journal
(Western
ed.),
p.
C3
First,
Give
Away
the
Game.
(2010,
July
30).
The
Wall
Street
Journal
(Western
ed.),
p.
B5
Fraudsters
Like
Virtual
Goods.
(2010,
July
21).
The
Wall
Street
Journal
(Western
ed.),
p.
B3
Thank
You
Special
thank
you
to
Wes
Young,
REN‐ISAC
for
his
=me
and
thoughts.
©
Team
Cymru
2010
