As if regular ID theft weren’t enough, now there is an organized crime ring of password stealers who are targeting your online gaming accounts.

For those of you who aren’t familiar with these online games, you create a character or ‘avatar’ who adventures through a fantasy world, interacting with other players to overcome various hazards and quests. Many people invest huge amounts of time and energy developing the character’s skills and building up possessions in these online worlds. The Wall Street Journal has run several stories about the ‘virtual economies’ that sprang up around these games. Some players build up strong characters or search for rare possessions for the sole purpose of selling them to new players who don’t want to go to the effort of building up an inexperienced character themselves. It may sound a little weird but it’s all legal – the free market in action.

The hack in this case is an infection on your machine just so the hacker can steal the password to your online game account. They log on as you and sell all your carefully hoarded possessions for virtual gold coins which are then handed over to some other online confederate who sells the virtual gold for real-world cash at an online exchange like IGE. (Yes, you can make real money playing games.)

Unlike a theft of your real-world bank password, the theft is virtual so it’s not clear that you can actually report it to the police (or that they could do anything if you did). Furthermore, it’s very easy to launder the transaction – there’s almost no chance that the hacker will get caught.

On the plus side, some of the recent security updates have closed the worst holes that these password stealers exploited. This example highlights the need to keep your computer fully-patched and your antivirus and anti-spyware up-to-date. And, of course, don’t play those online games on your work computer.

Read more at CSOonline or get a copy of Exploiting Online Games by Hoglund & McGraw.

One Comment

  1. Terri McElheny says:

    I really appreciate the “Tips” and I think the BLOG is a great idea! I think it is easier to lookup past entries in the BLOG, instead of having to save emails! The tips have been very beneficial to our company and to me personally. Keep posting the tips, they are very much appreciated!!!

Leave a Reply