Forgot your password?
typodupeerror
Security Games

Online Games a 'Playground' For Organized Crime 73

Posted by Soulskill
from the criminals-need-to-level-their-death-knights-too dept.
New submitter cadenceaniya sends this excerpt from Polygon: "Online games are a 'playground' for organized crime and cyber criminals, JD Sherry, vice president of technology and solutions at Trend Micro said following the news that League of Legends accounts were compromised. Earlier this week, account information — usernames, email addresses, salted password hashes, and some first and last names — for some North American League of Legends players were 'compromised' by hackers. Riot was also 'investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed.' The increase of free-to-play online gaming across all platforms over the years 'have opened the doors to micro-transactions in-game.' The simple and functional systems created so players can spend money effortlessly creates 'playgrounds' for cyber criminals take advantage of. 'Game platforms can have millions of users all storing sensitive information or code access for more features,' Sherry said. 'These are highly sought after in the cyber-crime underground for trading and selling in the black market. These platforms can fall victim to cyber-attacks just like any organization, especially if they have vulnerabilities that go unpatched.'"
This discussion has been archived. No new comments can be posted.

Online Games a 'Playground' For Organized Crime

Comments Filter:
  • by wbr1 (2538558) on Friday August 23, 2013 @11:09AM (#44655181)
    The headline makes it sound as if the criminals are -playing- the games to steal info. They are just stealing the info same as they would from any other company. It has absolutely nothing to do with the fact that it is a game, except for the fact that the amount of players and possibly lax security make it a valuable and vulnerable target.
  • by raymorris (2726007) on Friday August 23, 2013 @11:56AM (#44655859)

    One use would be for ongoing purchases in / for the game. When you sign up, they store the CC on a protected payment system that's not directly accessible from the internet. The internet-accessible server has only a secure salted hash of the CC. For a purchase, the client prompts for the CC to use, then sends the hash of it to the public server. That confirms that the user truly has presented the correct card number. The public server can then call the one and only function exposed by the payment server, billcard(hash,amount).

    That way they can prove that the customer entered the card number into their game, without sending the card number over the internet.

Think of your family tonight. Try to crawl home after the computer crashes.

Working...