Enticing and expecting MMORPG enthusiasts to spend countless exciting time piloting avatar, of a new game, in the absence of enjoying game account security is a matter of unabashed corporate indifference. An expected game marketing approach already realized by free minded gamers as another episode of a remorseless exploitation of gamers time, life, and money.
Such setup expects gamers, whose minds were held captive for years by this kind of online gaming industry, whose cheating mentality had been honed and their gaming addiction being exploited, to join the new game the moment it's online. Those among the cheaters flank will desperately seek and beg for applicable cheats and hacks to be available. By experience, the supposed gamer’s excitement will be bleak as hacktivism and cheating starts to kick-in. On the other hand, except those with money to burn, free minded gamers would seize their pockets from being hitched into such new game. It certainly bears a bleak future for would be lucrative business once again.
Exploring online games offered in the market, one would easily find that the denomination of every new MMORPG, in advancing gaming excitement, is not far from each other. They were copy-cat of another if not an enhancement of the other. Thus, introducing a new MMORPG by how compelling, action-packed it is, coupled with how the publisher could enhance the game excitement by sponsoring off-game events is already an out-dated strategy to lure gamers.
The new game publishing approach in this Cyber Security Age, which is yet to be recognized by inept MMORPG developers and publishers, is assuring end-users that they have the appropriate management capability and resources to sustain the intended game play, secure game accounts- avatars, and provide dependable customer services. Game publishers then have to assure gamers that the new game will not be hacks/cheats infested; will not be cheating tolerant; has avatar-game account recovery and rollback system against the use of hacks and account hacking; and, that they will be sensible and prompt in responding to customer issues.
In the promotion of cyber security, a game publisher has to assure prospective gamers that game developer had recognized end-user cyber security considerations in the development of the introduced new games. That end-user presumption of ignorance, negligence and stupidity will not be an outright excuse, in every case of a reported issue, to easily justify denial of service, in action, or negation of investigation. And whereby, cyber security is acknowledged as a shared responsibility between the developer, the publisher, and the end-users.
Simply put, game account cyber security includes:
- The in-game and game web site security system prevents the use of the game account from becoming a pathway for hackers and sniffers, whereby compromising end-user's personal and confidential information.
- The reversal of actions in case of a fatal mistake and the full recovery of game account and game avatar due to game account hacking or mugging, which includes opportunity to change supplied personal information once found compromised, notification once an attack is detected, and replacement of user game access code found compromised.
- The high prospect of detecting and identifying game avatar, using hack or cheat, to be warned and its game account be sanctioned, in real-time.
Game developers and publishers, as well as their captive minded gamers, will always have that tendency to deny and cover-up security breach and issues. However, denial is no relief to the challenging menace of cyber-attacks and cyber-espionage campaign being the new unwavering worldwide predicament. MMORPG enthusiasts, as seen in the last five years, are no exception to this dilemma.
It was reported by Kaspersky Lab that Philippine online gamers are among those targeted by cyber criminals. It was referring to a particular cyber-attack, found to have started in 2009 but only detected in 2011, which had been stealing digital certificates and source code of online game projects, targeting servers of game providers, and manipulating gamers’ computers without being detected. Those stolen data were also found to have been distributed for use to other hacking groups.
It is no surprise that Korean firm ESTsoft was listed among those compromised by that attack. No wonder that the likes of CabalRider, a hacking group, are still feasting. That report also stated that the money making motives of this attack include:
- Manipulate the accumulation of in-game currency, such as “runes” or “gold” [or “Alz”] that’s used by players and convert the accumulated virtual money into real money [“Alz” RMT];
- Use the stolen source code from online game servers to search for vulnerabilities inside games to augment and accelerate the manipulation of in-game currency and its accumulation without suspicion; and,
- Use the stolen source code from servers of popular online games in order to deploy their own pirated servers.
The statement that "game account is the sole responsibility of the account owner" just became an ostensible pretence in view of those findings. Likewise, the usual mendacious propaganda that "compromised or hacked game account was due to owner's negligence and stupidity" just been debunked by the same report. These tall tales of excuses were also evident in the facts of 2012 security incident recap, based on the findings of CyberFactors, indicating that 40% of the cases were caused by someone inside the organization. In MMORPGs, incidents instigating game imbalance, exercising undue favoritism, enjoying malicious antagonism also likely fall within that percentage with “someone inside the organization” which is actually destroying the reputation of a game publisher, causing gamers’ withdrawal, and encouraging hacking and cheating in-game.
Once again, 2013 is another reaffirmation that cyber security is a shared external and internal security responsibility at both ends - that of the developer/publisher and that of the end-user. Obviously, what is beyond the said shared security is when game developer's source code was compromised before a project/patch/title is even published. Game developers and publishers of new titles have to recognized that each gamer is a stakeholder of this gaming industry, whom they have responsibility and accountability, and not to be treated anew as an unprotected subscriber disabled by the supplied contract of adhesion (EULA).
One might wonder how huge is the number, and the average hours spent per week, of those into online gaming. These statistics reported by Norton, will somehow show why our country is beside the bull’s-eye of cyber criminals:
- 95% of Philippine Internet users are on social networks, among the highest penetration rates in the world;
- 81% of us have an active Facebook profile, 51% a YouTube profile, and 32% an active Twitter account;
- We spent an average of 21.5 hours per week online.
- In 12 months of activity ending May 1, 2012, the following have been detected: manual sharing - 5, 410, 965; like-jacking - 2, 878, 248; copy-paste scams - 498, 547; fake plugins - 960, 755; and, fake offers - 666,181.
Norton, also offered these following statistics relevant to cyber security, which is an eye opener to those whose minds still fastened into gaming excitement alone:
- Cybercrimes costs consumers $110 Billion each year;
- 2/3 of online adults have been hit by cybercrime;
- 1 in 6 social network users have been hacked each year;
- 40 Million unique variants of malware in 2012 vs 286 Million in 2010.
Even how powerful a new game is, if gamers accounts are helpless and have no chance of recovery against cyber-attacks, what good that game will it be to deserve someone's attention and expense? How long will the excitement of playing a game last when its systems and policies have no regard to end-user cyber security? Let alone the naive gamers who are yet to be exploited and the already captive minds among the existing cheating communities of cheating gamers. Obviously, with so many exciting online games available, it is a bad news to inept, if not scam, game developers and publishers that their offer of excitement alone can't bargain for the time and money of the free minds.
By visiting a game and its community forum (forget the game main web site), one can tell how a game is being managed, what kind of gamers are into it, and the reputation, if there is any, of its publisher. One would easily have a mental image of a game would be tag line, like - "play at your own risk", or "let me have your money fast", or "come waste your countless precious time", or "come play with cheats and hacks", or "come play with the devil", or "join violence and destruction now", or even "come play stupid".
In this age of cyber security, free minded online gamers have to look beyond the game promotional tag words like “exciting”, “action-packed”, “most popular” and “free-to-play”. And in our search for better and safe virtual world to explore, these words of wisdom from Marcel Proust still ring a bell in this new age – “The real voyage of discovery consists of not in seeking new landscapes but in having new eyes.” I myself would say, that for those game developers and publishers who had recognized our new eyes and game security considerations in their visions and works, these words of wisdom from the same novelist go to them - “Let us be grateful to people who make us happy; they are the charming gardeners who make our souls blossom.”
Sources:
- Cover Image: blog.investis.com
- newsbytes.ph, 2013/04/25 provides an example of a new game - the FPS Assault Fire
- Abode of Countless Invited Minds in Captivity
- MMORPG As Untamed Human Activity And Its Influence
- An example of a hack request for Assault Fire PH
- On Hacktivism and Cheating
- Kaspersky lab report cited in the newsbytes.ph 2013/4/22, post: "PH online gamers among those targeted by cybercriminal group"
No comments:
Post a Comment