Earlier this week, South Korean security vendor AhnLab said that a growing number of hackers are going after credit card numbers and other vital information put online by gamers. This Chosun story also reports that Symantec says hackers increasingly are attacking game sites in Korea, Japan and China.
Gaming is growing and, despite the fact that it is by definition a leisure time activity, must be scrutinized by security staffs. Any doubt of the importance of game site security is answered in this video interview at Second Life Online with Greg Hoglund, the co-author of "Exploiting Online Games: Cheating Massively Distributed Systems." Said Hoglund:
Online games, especially MMOs, are the most advanced multi-user application ever built. You have other hosted online applications like your accounting system, QuickBooks or something like that. But those are Web-based. These are complete standalone clients with their own protocols, and they have a lot more traffic going over the system and they have a lot more simultaneous users...The people who built these games come up with good secure methods of reducing risks and costs such as hacking. They should be writing papers on this because people who build other non-gaming applications can learn a lot from the architectures and the approaches they are taking.
Gary McGraw -- who co-wrote the book with Hoglund -- discusses ways in which people cheat in these massive games in this SecurityFocus piece. McGraw first points to the massive number of simultaneous players and describes the way in which all the games are kept synchronized. The piece deals with some of the considerable security threats. The bottom line is simple: Online gaming is a tremendous security challenge.
The structure is the problem, it seems. This TechNewsWorld piece says massive multiplayer online (MMO) games -- it offers World of Warcraft and Everquest II as examples -- rely on downloading a large portion of the software to client PCs. That's a problem, of course, because there is no way to control what the user does with the code. Thus, the platform is inherently insecure. This structural flaw is exacerbated by the fact that the popularity of MMOs is attracting an increasing number of hackers and malware distributors.
Gaming concerns are beginning to be recognized in the broader world of security. ScanSafe's security predictions for 2008 discuss gaming issues within the context of Web 2.0. The firm says the desire of hackers to steal "in-game currency and rare items" -- whatever that means -- will lead to extensive use of backdoors, bots and Trojans. The firm says Second Life and other avatar-based virtual worlds will become increasingly inviting targets during the year ahead.
Experts can debate where the line is between concerns that are specific to games and those that relevant for security in general. Even if it is determined that many of the issues are gaming-specific, it is still an important area to watch. It is a virtual certainty that the technology supporting online gaming will be co-opted for corporate use -- perhaps for training or as a way to gather customer feedback. The other concern is more current: Employees participate in online games from their work PCs and may be inadvertently compromising organizational security.