Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Games

Hackers Leak Full EA Data After Failed Extortion Attempt (therecord.media) 56

The hackers who breached Electronic Arts last month have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer. From a report: The data, dumped on an underground cybercrime forum on Monday, July 26, is now being widely distributed on torrent sites. According to a copy of the dump obtained by The Record, the leaked files contain the source code of the FIFA 21 soccer game, including tools to support the company's server-side services. The existence of this leak was initially disclosed on June 10, when the hackers posted a thread on an underground hacking forum claiming to be in possession of EA data, which they were willing to sell for $28 million.
This discussion has been archived. No new comments can be posted.

Hackers Leak Full EA Data After Failed Extortion Attempt

Comments Filter:
  • by willoughby ( 1367773 ) on Monday August 02, 2021 @09:46AM (#61646923)

    Offered for sale and when no-one bought it they gave it away for free. Hard to believe they will have any takers for future stolen data. I'm not sure they thought this one through.

    • by Tukz ( 664339 )

      Or they just proved they are willing to actually leak the data if their terms are not met in the future.

      • by gweihir ( 88907 ) on Monday August 02, 2021 @10:56AM (#61647157)

        As they victim has absolutely no assurance beyond the word of criminals that if they pay the ransom, the data will not get sold and not eventually published anyways, there still is no reason to pay. That is a very fundamental problem with this type of criminal business model and I do not think it can be fixed. The whole idea is kind of a non-starter.

        • As they victim has absolutely no assurance beyond the word of criminals that if they pay the ransom

          Wait are we talking actual criminals here or the world in general? Because I think criminals have more integrity than most corporations do these days.

          • by DarkOx ( 621550 )

            Incentives right - groups like ReVil etc have a reputation to maintain. Holding up their end and not releasing when ransoms get paid lets victims research their history and see that they can be if not exactly 'trusted' relied upon to not double dip. In that sense they have the same incentive a business does in terms of reputation.

            Your roofer or hvac contractor might give you bad advice or do shoddy work hoping to come back and make money on repairs later but eventually that sort of business practice catch

            • by gweihir ( 88907 )

              Does not work. The data could still be released years or decades back. Unless they build that reputation over a few decades, they do not have it.

          • by gweihir ( 88907 )

            You can have a contract with a corporations and sue them if they breach it. Try that with criminals...

            • You can have a contract with a corporations and sue them if they breach it. Try that with criminals...

              You don't need contracts. Even criminals understand the value of a reputation as a good "business partner".

    • by Junta ( 36770 )

      I presume they needed to do something 'scary' to the victim for failing to pay the ransom. Your confidential data will leak even if you don't think someone would buy it.

      Except here, while *technically* confidential, no one cares. The fact that it is legally intended to be confidential suffices in this case from it being a problem that it is out.

    • by gweihir ( 88907 )

      They clearly did not thinks this one through. The real problem is that the data is essentially worthless to anybody except EA, except for embarrassment value. Nobody can use the tools or the code. The risk of being found out is just way to great. And learning from it is far too much effort.

      Even the embarrassment value may well be low, because you have to dig through things and digging through this amount of data (nearly a TB) is the work of years or decades. So by the time anybody finds anything, it will be

      • The data is valuable for those who are trying to crack DRM or those who make and sell hacks to cheat at online play. Having access to source code can make their jobs much easier. I doubt either group are willing to spend money to get the code though.

        Another party are moders. But they would be even less likely to pay since most dont make a cent from their mods are do it as a hobby anyways.

  • by argStyopa ( 232550 ) on Monday August 02, 2021 @09:46AM (#61646925) Journal

    OK EA, you've basically lost control of FIFA2021.

    So, how much are you willing to spend on your cybersecurity this year, again?
    How much is it worth to you to tighten stuff up?

    • by Guybrush_T ( 980074 ) on Monday August 02, 2021 @09:59AM (#61646965)

      They haven't lost a thing. There were no security credentials, only source code which remains EA's full property.

      At most that'll open ways for enthusiasts to produce additional content, mods, or other fun stuff, drawing even more attention to FIFA and making them make more money. Or it will allow some to recompile the game (good luck with that) and play the game offline, if that's even possible.

      • by Opportunist ( 166417 ) on Monday August 02, 2021 @10:06AM (#61646979)

        They lost more than you may think, very obviously you don't know how EA games work. Basically they lost FIFA forever, all people now have to do is to reskin the models, recompile the code and they have FIFA 2022, FIFA 2023, FIFA 2024...

      • I remember when the source code for Windows was leaked.

        https://slashdot.org/story/04/... [slashdot.org]

        (Whew! 12 pages of replies, those were the days).

        It seemed like such a momentous event. 'Will the Microsoft empire fall?'

        Didn't change a thing.

        • I'm sure if the hackers got away with the source code to the server-side software, even (and maybe especially) for a load of legacy games, there would be 12 pages of replies. I don't think people will get too excited anymore about the source code to a game anymore but being able to run your own server and revive legacy games, that would be.
      • by AmiMoJo ( 196126 )

        I wonder if there is anything about their loot boxes, pay-to-win, and algos designed to make the player spend more?

        Might be of interest to lawyers, or to players who want to understand how the RNG works. Usually with gambling it's not really random, it's weighted to deliver maximum profit.

        Reminds me of when emulators started appearing for fruit machines, or one-arm-bandits or whatever you want to call them. Save states showed that they were not random at all, and some games had to be withdrawn because peopl

  • Horray to EA for not paying.

    You can't trust criminals; if they'd paid, they'd only get hit again in another month and asked to pay again. Once the criminals find a cow, they don't stop milking it just because they got paid once.

    https://www.newsweek.com/most-... [newsweek.com]

    • by gweihir ( 88907 )

      Indeed. Doing a trade requires some level of honesty and integrity on both sides. Or at least some real possibility for retaliation. All these are missing here, so only fools will pay anything.

  • Who did the hackers suppose would be looking to buy the data, and what would the buyers do with it? Any direct EA competitor (other game studios) couldn't ever hope to make use of it (without getting sued into oblivion). It's doubtful anyone could use it to make their own copy of a game. Probably one could use it to gain access to EA's online services, for which one might otherwise need to pay some subscription or fee to. Someone may be able to find security holes in the game code, and use use that as a
    • Not every criminal is a mastermind.

    • Yeah, that could be worth a buck or two. 28 millions, well, maybe not, but ponder if you will what it may be worth to get every Playstation on the planet to mine bitcoins for you.

      Online games, and nowadays pretty much every AAA-game is one, is a still fairly untapped malware potential. Which is kinda odd considering that games do routinely have administrative privileges because they need them for anti-cheat and anti-piracy measures and also generally have very, very poor security standards.

      • ...games do routinely have administrative privileges because they need them for anti-cheat and anti-piracy measures and also generally have very, very poor security standards.

        If the games are so poor, they should get a job.

      • by mridoni ( 228377 )

        Yeah, that could be worth a buck or two. 28 millions, well, maybe not, but ponder if you will what it may be worth to get every Playstation on the planet to mine bitcoins for you.

        While I agree on principle, you should first convince all those Playstations to run unsigned binaries. On the other hand, PC users who use some shady pirated version of a game know perfectly well (or they should) that it is probably full of malware.

        • The idea is here that due to improper input sanitation, a manipulated packet can be used to make the binary, which was signed and sanctioned by Sony, execute the malicious code. Not that I have the console "knowingly" execute my binary.

  • "We will pay $2.8 million tor the perpetrators of this act, dead or alive, and credible evidence of their crimes."
  • Finally, EA stuff is selling for its natural fair market value.

  • I'd love to see what the code quality is like and, most importantly, if there are any dodgy/unfair/addictive schemes coded into their products. New coders could potentially also learn from it a lot about big-scale game dev.
  • People--programmers and corporations alike--tend to think of their source code as their primary business asset, the lifeblood of their company. It generally is not. The real life of a company is wrapped up in its people, and the relationships they have built with other people and other companies. You can steal the code, but if you don't know how to run a business based on that code, you are going nowhere.

    I'm not saying the code isn't valuable, it is. But to make real use of it, you have to know how to make

  • I think the bigger point is that EA is THE classic hated company in the video game world. It's unsurprising that a disgruntled employee or former employee would leak this for reasons having more to do with revenge. In all likelihood the goal was to leak it and generate bad press with the ransom demand.

    Activision Blizzard, anyone?

Whoever dies with the most toys wins.

Working...