Posts

“Operation Game Over” Purges Sex Offenders From Online Gaming

Over 2,100 accounts of registered sex offenders have been purged from online gaming platforms as part of “Operation: Game Over,” a first-of-its-kind initiative to protect children from predators on online gaming networks.

An additional 3,500 accounts of registered sex offenders purged from major online gaming companies earlier this year.

“The Internet is the crime scene of the 21st century, and we must ensure that online video game platforms do not become a digital playground for dangerous predators. That means doing everything possible to block sex offenders from using gaming systems as a vehicle to prey on underage victims,” said Attorney General Schneiderman. “I applaud the online gaming companies that have purged registered sex offenders from their networks in time for the holiday season.

Together, we are making the online community a safer place for the children of New York.”
Under New York State’s Electronic Securing and Targeting of Online Predators Act (e-STOP) law, convicted sex offenders must register all of their e-mail addresses, screen names, and other Internet identifiers with the state. That information is then made available to certain websites so that they have the option to purge potential predators from their online worlds.

Gaming sites use multiple layers of defense in their fight against cybercriminals, predators and other bad actors. One of the more effective layers is the use of device reputation by iovation. By identifying the devices being used for chat spam, gold farming, account compromise and other abuses, gaming sites can stop them from opening new accounts under stolen identities to further cause damage to their brands and customers. In one particular case, a gaming publisher using iovation ReputationManager 360 took action against 1,000 fraudulent accounts shortly after implementing the fraud prevention service. In addition to keeping repeat offenders out, clients of iovation share fraud intelligence so that when a bad actor comes in from another global gaming site, the new site knows upfront that it’s dealing with high risk activity from the start.

Online gaming has come a long way.  I’m pleased to see that most of the major gaming publishers are taking a serious stand against cybercriminals, predators, and the like, to keep honest consumers, players, and in many cases—our children—safe.

What is Gold Farming and How Can MMOs Fight Back?

If someone asked me to go “gold farming,” I’d probably assume we were going to grab a couple pans and head north to a stream in New Hampshire, and with any luck, strike it rich.

But gold farming doesn’t refer to literal gold. Rather, gold farmers accumulate virtual currency by playing massive multiplayer online games. That virtual currency, or “gold,” is then sold to other players, despite the fact that most game operators explicitly ban the exchange of in-game currency for cash. Gold farming is so lucrative, people in China and other developing nations can support themselves as full-time gold farming ring operators.

The Washington Post recently reported, “Low-educated laborers in Asia spend hours each day advancing through levels of an online game, picking up gold, swords and gems that enhance a player’s status. Then gaming studios, which employ the players, sell those virtual goods to online retailers. Finally, the retailers sell those items to more than 120 million players worldwide, many of them in North America and Europe, who are unwilling to play the games all day to gather the items on their own.”

Some argue that in certain developing countries, gold farming is tantamount to slave labor. The New York Times reports that in China, gold farmers often work twelve hours a night, seven nights a week, with only two or three nights off per month. “For every 100 gold coins farmers gather they make about $1.25, earning an effective wage of 30 cents an hour, more or less. The boss, in turn, receives $3 or more when he sells those same coins to an online retailer, who will sell them to the final customer (an American or European player) for as much as $20.”

Meanwhile, a recent report by the World Bank suggests that online gaming has a positive impact in Asia because 70% of the industry’s revenue remains in the gaming countries, with most of that money going to studios.

I don’t know. 12-hour days, for 30 cents an hour? What do you think?

The bottom line is that gold farming negatively affects game play in that legitimate players are now unable to enjoy the full game experience. Being unsatisfied, they leave for other games (and often take their friends with them) and this damages the brand reputation and reduces the gaming publisher’s profits.

Many leading MMOs are finding it increasingly necessary to deploy a layered defense to protect against gold farming, chargebacks and increasingly, account takeovers within gaming environments.  By leveraging the power of device reputation, which looks at the computer, smart phone or tablet connecting to the games, the gaming publisher can easily connect together players working together and shut down entire rings in one sweep.  In one case, a major gaming publisher saw the marvel of Oregon-based iovation’s fraud protection service and took action against 1,000 fraudulent accounts shortly after implementing the SaaS-based service.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

North Korea Hacks Online Games to Fund Terrorism?

The Guardian reports, “South Korean police recently arrested five people who allegedly collaborated with North Korean hackers to steal millions of dollars in points from online gaming sites. Members of the gang, which included North Korea’s technological elite, worked in China and shared profits after they sold programs that allowed users to rack up points without actual play.”

Scammers resell stolen points to gamers, who use the points to play more games or to purchase equipment or accessories for their avatars. According to Seoul police, the cybercriminals behind this particular scheme made $6 million in less than two years. 55% of that went to the team of hackers, while some went to Kim Jong-il’s multibillion-dollar slush fund, which American and South Korean officials say is at least partially used to fund a nuclear weapons program.

South Korean officials blame the North Korean government’s Computer Center, an IT research venture, for orchestrating the fraud.

Many of the world’s largest gaming publishers and digital goods providers rely on iovation’s ReputationManager 360 to detect fraud upfront through its extensive, globally-shared database of 700 million devices seen connecting to online businesses and the 6 million fraud events already associated with many of these devices.

iovation has already flagged more than 13 million activities within gaming sites for gaming publishers to either reject as completely fraudulent, or to send for manual review as high-risk activity was detected in real time. This has saved gaming publishers millions of dollars in fraud losses by not only stopping a fraudulent activity (such as a cyber criminal setting up a new account in the game, or a purchase from the in-game store using stolen credentials), but it connects cyber criminals working together so that the publisher can identify entire fraud rings and shut them down at once.

Gaming operators can customize business rules around geolocation, velocity, and negative device histories (including gold farming, code hacking, virtual asset theft, and policy violations) to identify nefarious accounts activity, or fraudulent use of stolen accounts. More than 2,000 fraud-fighting professionals contribute to iovation’s global database every single day, continuously strengthening the system while maintaining a safe and inviting environment for their players.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures

Online Gamers Risk Credit Card Fraud

The Sony Corporation has been providing consumers with stellar electronics since before the introduction of the Walkman. The past six months have been harsher for Sony, with attacks by hacktivists and numerous breaches of clients’ data.

Many recent breaches involved usernames, passwords, email addresses, and in some cases, credit card numbers. Each compromised data point is another opportunity for a criminal to steal your identity and make money at the expense of your good name.

If a company becomes aware that usernames and passwords have been compromised, they should notify users and prompt them to change their passwords. Users should change passwords every six months, regardless of whether a breach has occurred. Passwords should include upper and lowercase letters and numbers, and should not be used across two or more accounts. I have 700 different accounts and 700 different passwords.

Beware of spear phishing emails. When hackers get your email address from a breached gaming account, they will send emails that look like they are coming from the company that has been breached. Never click on links within an email. Instead, go to your favorites menu or manually type the correct address in the address bar.

Pay close attention to credit card accounts. I monitor my accounts weekly for all activity. Simply log in, look at each charge, and refute unauthorized charges immediately. A new free service called BillGuard scans your credit cards daily and alerts you to hidden fees, billing errors, forgotten subscriptions, scams, and fraud.

If you have provided a credit card number to your child for online gaming, beware of purchases they may make that you have previously approved. Many gaming sites try to upsell their users, and will charge the credit card on file. Spend some time with your child discussing appropriate online behavior, and look for parental controls that will send you email alerts when your child makes a purchase.

McAfee, the most trusted name in digital security, includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live agents who can help subscribers resolve identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)