The online gaming world is rife with players looking to achieve top scores and impress their friends through battles, races and strategic warfare, but it’s also a hotbed of criminal activity. Cyberattackers don’t have to break the law, exactly, in order to cause mayhem in the online gaming community. In fact, according to a recent report from Trend Micro, cybercriminals can – and do – exploit loopholes in order to get away with massive amounts of fraud.
There’s a lot of money to be made in the gaming industry, whether it’s gathered legally, illegally or in the gray area in between – and hackers are taking advantage of the latter option now more than ever.
How does it work?
Massively multiplayer online role-playing games are popular ways to connect and play with friends across the world. These online landscapes, which include titles like World of Warcraft and Final Fantasy XIV – are populated by both player characters and non-player characters, and interactions between people around the globe are crucial to the player experience. These kinds of MMORPGs engender a fierce level of competitiveness in some users, such that they will do anything to get ahead of the pack.
However, fraudsters, as they are wont to do, have figured out a way to exploit these folks who simply want to be the best at their chosen games. Sometimes, cybercriminals masquerade as players in the universe of the MMORPG and approach player characters. Other times, they set up websites as shop fronts to get the attention of gamers that want to purchase in-game money with real-world cash. The idea is that by investing in in-game currency, players will be able to obtain items they normally would have to farm for days or even weeks.
The problem with this practice of real-money trading – other than the fact that it’s generally seen as cheating by the online community and therefore usually punishable in-game, sometimes resulting in the banishment of both parties’ accounts – is that while RMT isn’t illegal, per se, these cybercriminals are using it to fund their other, decidedly more illegal activities.
“Based on these reports, we can say that the act of buying online gaming currency is, in essence, a cyclical, self-defeating effort,” wrote Trend Micro researchers. “By paying for illegitimate methods to get ahead of the game, players also unintentionally fund the downfall of the online game they’re spending money on.”
In other words, players who decide to take part in RMT schemes and essentially become cheaters are part of the issue. The RMTs are using the money they’re making off of these users to fuel their operations in other areas, including the actual cyberattacks they’re conducting on enterprise organizations, as well. Trend Micro researchers warned that enterprises should make sure they’re aware of this kind of money laundering and step up their cybersecurity, or they could potentially fall victim to these kinds of funded malicious attacks.
Not the first rodeo
This kind of money laundering has been around as long as online gaming itself. In 2013, the U.N. Office on Drugs and Crime released a report detailing the methods by which cybercriminals exploit the system. These activities, the office warned, would become difficult to monitor and police.
“As we spend more time and money online, opportunities for criminals to involve us in their money laundering scams will only continue to grow,” the report read. “This will create an increasingly difficult situation for the various law enforcement agencies that are already being put to the test by the cunning of such criminals and the myriad untraceable means they have discovered to launder illegally obtained money.”
Since the 2013 report, the prevalence of RMT has only become more dire. It’s clear that this has been a problem for quite some time, and will be for the foreseeable future. In fact, according to WeLiveSecurity, RMT in online games is also a possible gateway activity for younger cybercriminals to exploit before moving on to more complicated forms of illegal hacking.
Real-world consequences of RMT
The other problem with RMT is one of human rights. Here’s a question: Where do the in-game items and money come from that players are spending real-world money on? The answer is sweatshops.
It may sound strange, but there are more reports of forced labor being used as a means of farming the currency and items that RMTs then sell to eager gamers. In fact, labor camp prisoners in China have been forced in the past to play games for hours on end, and in 2005, it was estimated that around 100,000 Chinese gamers worked in these kinds of camps.
The result is that not only are gamers funding cybercriminal operations, but they’re also tacitly implicated in a human rights issues if they’re contributing to the demand for these kinds of labor camps.
“You can indulge in RMT through many third-party websites,” wrote ZDNet contributor Charlie Osborne. “Virtual items and currency may be legitimately earned. However, they may also be the result of gamer accounts being compromised or stolen, game glitches exploited for purposes including item replication, game code modification, malware, infostealers and bots, which allow users to automate processes such as grinding and item farming.”
Hacking opportunities abound
RMT isn’t the only way cybercriminals make money from the nearly $100 billion market that is the world of online gaming. According to TechCrunch contributor Ben Dickson, hackers can do what they do best, as well, in order to exploit the players and companies in this universe. Data breaches and DDoS attacks against well-known gaming networks have become commonplace. The near-dependability of a DDoS attack being used against the PlayStation Network or Xbox Live during the holiday season – like the one used the last couple of years by infamous hacker group Lizard Squad – is a comical yet frustrating example of how successful these hackers can be.
For instance, according to DigitalTrends, earlier in 2016 a security company noted that 1,200 versions of information-stealing malware had been levied against the popular gaming service Steam, which boasts more than 125 million members and 12 million concurrent users. Steam Stealer, as the malware is called, has led to the account information of nearly 77,000 accounts being stolen per month. These malware samples are delivered via phishing attacks or through infected clones of sites and programs like TeamSpeak or RazerComms.
Steam Stealer is available on some black market hacking websites for as little as $3, making it an attractive avenue for cybercriminals looking to make a quick buck with little or no startup cost. In addition, gamers may be to blame for no small level of vulnerability exploited by cyberattackers, because some players don’t like to have anti-virus software installed on their devices.
The bottom line is that hackers will never stop trying to steal money from unwary parties. Whether it’s through money-laundering schemes or hacking into PSN, cybercriminals will continue to exploit the system. There will always be those who try to take advantage of unsuspecting online users, including gamers. This is why small businesses, large organizations and consumers alike need to ensure they’re protecting their network security systems and their data with the best cybersecurity tools possible.