Hacking in Online Games
January 25, 2023Author: Kevin Pozucek
If you have played any form of an online game, you have probably heard another player claim that someone else is “hacking” when they are performing exceptionally well. These accusations may or may not be true in certain cases. What is true is how gamers and gaming companies are targeted by hackers daily. Hackers' motivations and methods are as diverse as the games they attack.
Traditionally, hackers in games find exploits in order to give themselves an advantage, especially with competitive online games. However, it is not uncommon for these hackers to have other motivations like gathering sensitive information or causing a Denial of Service (DOS)* to others.
Dark Souls 2. Credit: FromSoftware
During the COVID-19 pandemic there was a significant rise in most forms of cyber attacks against the games industry, especially against mobile and web-based games. However, even larger games made by big companies can be exploited just the same.
Hacking in popular games made by massive development teams is much more common than you might think, take the Dark Souls franchise for example. Earlier this year game Dark Souls and Elden Ring developer FromSoftware was forced to shut down their game servers for more than half a year because of an exploit found within the games multiplayer system on PC. Players discovered a Remote Code Execution (RCE)** within the Dark Souls franchise of games that allowed hackers to invade other players' worlds and take control of their PCs. The issue was brought to the direct attention of developers after a streamer by the name of The_Grim_Sleeper was directly affected by the exploit during a Twitch.tv live-stream. The attack from the hacker caused the streamers PC to crash and open Microsoft PowerShell, where a prepared text-to-speech prompt began speaking directly to him.
Remote code execution (RCE) is a vulnerability in cyber security that allows the attacker to connect to a remote machine across public or private networks and run any command or code they wish.
Dark Souls 3. Credit: FromSoftware
Naturally, this is extremely dangerous for many reasons. Due to this vulnerability, the developers deactivated all PvP*** servers in the entire library of the Dark Souls games in order to address the issue. FromSoftware has been slowly turning servers for their games back on after extensive testing. They activated Dark Souls III servers after 7 months of downtime, Dark Souls II servers returned 2 months after, and the Dark Souls Remastered servers are still down with no clear sign of returning soon.
Even with the large volume of cyber attacks that happen daily, there are always ways for users to protect themselves. Using two-factor authentication (2FA), for example, is currently one of the best ways of protecting yourself. Two-factor authentication is a security system that requires at least two separate, distinct forms of identification required to access potentially sensitive data. You may have noticed your google account asking you to verify your email address or sending you a text message with a code. These are all very simple but very effective methods of ensuring that you are who you say you are. Many games like Fortnite and World of Warcraft implement 2FA for good reason, so if you have the option it is highly recommended. If using 2FA is not an option at the very least make sure you are using proper password protection. You may feel that the single password you use for your accounts is unique but all it would take is a breach in any of those accounts to compromise the rest. There are many trusted and free password managers that help you create strong passwords for your accounts and can alert you about data leaks.
The gaming industry is no stranger to cybersecurity threats and though this case was largely in the hands of the developers, don’t let hackers invade your games. Keep yourself safe by engaging in helpful cyber security practices because it never hurts to remain vigilant in the online sphere.
Terms to know:
Denial of Service (DoS)* - This type of attack can exhaust system resources and crash the system, or to leverage the system’s resources to conduct DoS against third parties.
Remote code execution (RCE)** - A type of security vulnerability that allows attackers to run arbitrary code on a remote machine, connecting to it over public or private networks.
PvP*** - Short for “player vs player”, a common term used in online gaming.