Posted by Kalyani M. on Jun 14, 2013
The gaming community is one of the most web-savvy and technologically informed demographics on the net. But that fact has unfortunately attracted the attention of some of the world’s most notorious hackers, which have made developers and gamers prime targets in their coordinated attacks. Recently, four British men were charged with taking part in the notorious 2011 LulzSec attacks. The hacking group targeting big organizations and companies like the CIA and Sony, boasting about their exploits publically on Twitter along the way. The four men sentenced were Ryan Cleary, Ryan Ackroyd, Mustafa Al-Bassam, and Jake Davis. All of the men hid behind the online aliases of ViraL, Kayla, tFlow, and Topiary.
LulzSec grew out of the libertarian hacktivist group Anonymous, but quickly dropped the political motivations behind Anonymous, adopting the slogan, “laughing at your security since 2011”. According to prosecutor Sandip Patel, “They are at the cutting edge of a contemporary, emerging species of international criminal offending known as cyber-crime,” adding that, “LulzSec saw themselves as latter-day pirates. After hacking into Sony and the CIA, LulzSec set their sights on gamers. On its Twitter account, the hacking group claimed that it had taken down the website and server for the massively multiplayer game EVE Online, the online strategy game League of Legends, and Minecraft.
The group posted to @EveOnline, “our boats sunk your inferior spaceships, ujelly,” as well as, “Silly Eve have taken their entire network offline after our very simple DDoS attack. Oh well, another day, another lulz!” From PBS to Nintendo, it seems that no one is safe from these hackers. Even popular developers like Bethesda Softworks have fallen victim to LulzSec. In a recent breach, the hackers obtained the stored personal information of about 200,000 individual gamers. After successfully breaching the developer’s security, the hacking “group claimed that because it “liked” the development company it wouldn’t reveal the users’ personal information.” No one is sure as to why LulzSec would hack a company it likes in the first place, but this anomaly will do little to satisfy the concerns of most gamers looking to game in peace without the risk of losing their private data to hackers. And gamers should receive little consolation as the group has shown disdain in the past for hacked gamers, writing in a post, “If you’re mad about Minecraft, we’d love to laugh at you over the phone. Call 614-LULZSEC for your chance to reach Pierre Dubois! :3”.
Unfortunately, LulzSec is not the only offender to worry about. As a recent investigation by Kaspersky Lab analysts shows, cybercriminals are actively seeking systems to breach for exploitable source codes, digital certificates, and in-game currency. Hackers have discovered that gaming companies often store sensitive user information like addresses and financial records. This valuable data justifies the time and risks of an APT (advanced persistent threat) attack, which are normally reserved for hacks on government agencies. Hackers also look to take advantage of development secrets while using gaming networks to distribute malware to a massive amount of users. One simple way players can help guard their data is by never engaging in illegal black market gaming. Users connecting to unofficial servers ultimately reward such hackers while leaving their data vulnerable to attack.
Players that take advantage of modified games or stolen game source codes may think that they are cheating the system, but could ultimately damage their entire system through inadvertently downloading and spreading malware. According to PCAdvisor.co.uk, players that engage in such black market gaming put their data and systems at considerable risk. Research conducted by AVG Technologies revealed that 90% of hacked games are infected with malware. Gamers should demand that developers and gaming companies protect their data through private cloud storage.
Finding the right third party cloud service can be a challenge as many cloud services on the market have wide security gaps that leave sensitive data wide open to third party attacks from groups like LulzSec. One cloud service provider that sets itself apart from the market is SpiderOak. This private cloud provider offers the full benefits of cloud storage and sync along with 100% data privacy.
SpiderOak protects sensitive user data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Two-factor authentication is just like the process used by some banking services that require a PIN as an extra precaution along with a password in order to successfully log in. With SpiderOak, users that choose to use two-factor authentication must submit a private code through SMS along with their individual encrypted password. Users can store and sync sensitive information with complete privacy, because this cloud service has absolutely “zero-knowledge” of passwords or data. Plaintext encryption keys are exclusively stored on the user’s chosen devices, so businesses and users can rest easy knowing their data won’t be exploited by the latest hacking group. SpiderOak’s private cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for flexible solutions for both developers and gamers.