The Guardian reports, “South Korean police recently arrested five people who allegedly collaborated with North Korean hackers to steal millions of dollars in points from online gaming sites. Members of the gang, which included North Korea’s technological elite, worked in China and shared profits after they sold programs that allowed users to rack up points without actual play.”
Scammers resell stolen points to gamers, who use the points to play more games or to purchase equipment or accessories for their avatars. According to Seoul police, the cybercriminals behind this particular scheme made $6 million in less than two years. 55% of that went to the team of hackers, while some went to Kim Jong-il’s multibillion-dollar slush fund, which American and South Korean officials say is at least partially used to fund a nuclear weapons program.
South Korean officials blame the North Korean government’s Computer Center, an IT research venture, for orchestrating the fraud.
Many of the world’s largest gaming publishers and digital goods providers rely on iovation’s ReputationManager 360 to detect fraud upfront through its extensive, globally-shared database of 700 million devices seen connecting to online businesses and the 6 million fraud events already associated with many of these devices.
iovation has already flagged more than 13 million activities within gaming sites for gaming publishers to either reject as completely fraudulent, or to send for manual review as high-risk activity was detected in real time. This has saved gaming publishers millions of dollars in fraud losses by not only stopping a fraudulent activity (such as a cyber criminal setting up a new account in the game, or a purchase from the in-game store using stolen credentials), but it connects cyber criminals working together so that the publisher can identify entire fraud rings and shut them down at once.
Gaming operators can customize business rules around geolocation, velocity, and negative device histories (including gold farming, code hacking, virtual asset theft, and policy violations) to identify nefarious accounts activity, or fraudulent use of stolen accounts. More than 2,000 fraud-fighting professionals contribute to iovation’s global database every single day, continuously strengthening the system while maintaining a safe and inviting environment for their players.