Why do Hackers Target the Gaming Industry?
18 February 2021
Hacking in the games industry is not rare. It is an industry that has been growing exponentially for many years. This growth means much greater exposure to the world at large. More exposure usually means more risks. It’s an all-too-common event that hackers break into a game and began to exploit it.
As an industry built around tech-literate users, the risk of hacking isn’t just present – it's far more likely. In a report conducted by Dreamhack, they noted that “55% of people who identified as frequent gamers had an account compromised at some point”. The question that many ask is, why? Why would someone hack or cheat? There’s plenty of reasons why and different benefits to be gained.
The number one reason behind the majority of hacking is no doubt, financial gain. The ability to make a real-world profit from an in-game exploit is the goal behind most hacks. With enough time and skill, a hacker could find a vulnerability worth exploiting. These include duplication of items and gold to sell out of game. Some may hijack other player’s accounts or accessing another player’s account to steal items before disappearing.
If a hacker, with a vulnerability, is able to gain a huge increase in resources or experience points, they are then able to easily farm high-level accounts to sell off to other players. There will always be those seeking to skip the grind. One example of such a vulnerability our team found, was upon quest completion the rewards were delivered to our character. However, the ‘quest complete’ trigger could be used as many times as we wanted – allowing us to quickly attain huge amounts of experience points and gold.
Ransomware attacks are a more uncommon and far more malicious means to financial gain. These are direct attacks on players and developers. Hackers break in and hold data ransom. They effectively compromise your network infrastructure and data. Infected and locked, you simply have to hope that paying them will be enough and even then, there is no guarantee that they will do so. That is if the price they ask is even possible to deliver.
A recent example of such an attack is on CD Projekt, developers of The Witcher game series and Cyberpunk 2077. Recently targeted by a ransom hacker group; the source code to many of their games, and a huge range of internal documents were infected by a ransomware virus. The source code alone is the very building blocks for a game. Following a refusal to follow along with blackmail, it has been supposedly sold on the Dark Web.
Some hackers are just seeking to learn more about their abilities and test themselves. However, hacking say a banking application, or some everyday app can seem daunting. Instead of attempting to hack something they perceive as dangerous, that may have repercussions, they will instead turn to games.
There is a misconception among many that hacking a game doesn’t cause any problems. It’s often said that “it’s just a game”. But for developers, it is directly harmful to their business. The idea that anyone can try out their hacking against a game because it causes no problems is a longstanding issue that affects a huge number of developers.
There are also those who hack games to gain a competitive edge. Things like aimbots and botting, while troublesome, aren’t actually hacks.
In this case, we are talking about the exploitation of vulnerabilities to give players an unfair advantage. These include abusing player values, granting infinite health or mana. Gaining the ability to equip gear far beyond your level or capability. Or even increasing your speed or access to a mount to greatly change your mobility or travel capacity.
If these exploits are used in a staking or gambling system in-game, the other players aren’t at a disadvantage. They’re barely competing at that point. They can’t possibly beat a player who hits 100% of the time or who deals max damage with each ability. They certainly can’t beat a player with infinite health.
These are just a few examples of why people engage in-game hacking. There’s a multitude of other reasons why a hacker would attempt to find and abuse a vulnerability in your game. We’ve seen it first-hand, during our testing of MovieStarPlanet 2 for example. We discovered a total of 38 potential security issues - 16 of which they deemed as 'critical'. At Cyrex, we work to find these vulnerabilities first and help you fix them before they can be exploited.