Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Security Games

Online Games a 'Playground' For Organized Crime 73

New submitter cadenceaniya sends this excerpt from Polygon: "Online games are a 'playground' for organized crime and cyber criminals, JD Sherry, vice president of technology and solutions at Trend Micro said following the news that League of Legends accounts were compromised. Earlier this week, account information — usernames, email addresses, salted password hashes, and some first and last names — for some North American League of Legends players were 'compromised' by hackers. Riot was also 'investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed.' The increase of free-to-play online gaming across all platforms over the years 'have opened the doors to micro-transactions in-game.' The simple and functional systems created so players can spend money effortlessly creates 'playgrounds' for cyber criminals take advantage of. 'Game platforms can have millions of users all storing sensitive information or code access for more features,' Sherry said. 'These are highly sought after in the cyber-crime underground for trading and selling in the black market. These platforms can fall victim to cyber-attacks just like any organization, especially if they have vulnerabilities that go unpatched.'"
This discussion has been archived. No new comments can be posted.

Online Games a 'Playground' For Organized Crime

Comments Filter:
  • by wbr1 ( 2538558 ) on Friday August 23, 2013 @11:09AM (#44655181)
    The headline makes it sound as if the criminals are -playing- the games to steal info. They are just stealing the info same as they would from any other company. It has absolutely nothing to do with the fact that it is a game, except for the fact that the amount of players and possibly lax security make it a valuable and vulnerable target.
  • by raymorris ( 2726007 ) on Friday August 23, 2013 @11:56AM (#44655859) Journal

    One use would be for ongoing purchases in / for the game. When you sign up, they store the CC on a protected payment system that's not directly accessible from the internet. The internet-accessible server has only a secure salted hash of the CC. For a purchase, the client prompts for the CC to use, then sends the hash of it to the public server. That confirms that the user truly has presented the correct card number. The public server can then call the one and only function exposed by the payment server, billcard(hash,amount).

    That way they can prove that the customer entered the card number into their game, without sending the card number over the internet.

Receiving a million dollars tax free will make you feel better than being flat broke and having a stomach ache. -- Dolph Sharp, "I'm O.K., You're Not So Hot"