Viewing, broadcasting, and betting on electronic gaming is worth billions of dollars per year in revenue. Competitive esports is a lucrative business. But its popularity has also put a target on the industry's back. Cybersecurity threats like malware, identity theft, and fraud are also reported to be on the rise.
Hackers and malware pose a massive potential danger for esports players and their online information. Accounts might contain credit card details, in-game currencies, cryptocurrency, or personal data. Sometimes, user accounts are hijacked for the experience – though even virtual items are known to be worth black-market funds.
Recent news of match-fixing within the popular esports title Counter Strike is something all internet users should pay attention to. Even if you do not participate in online gaming, the FBI's investigation into esports crimes shows that the potential threat of cyber-crimes might affect any user with an online account anywhere.
From Fortnite to online poker, here is a look at some of the worst hacks and scams from the world of competitive esports.
Counter Strike: Global Offensive is a multiplayer first-person-shooter – and one of the most popular titles for online tournaments in the esports era.
Tournaments are worth the potential of thousands, and with the option to bet on the game's progression or outcome is increasing in popularity. Unfortunately, this has meant an increasing likelihood of attempts to rig the odds.
Match-fixing might happen within any serious sport and gets reported often enough from esports news.
In 2020, six men from Australia were sentenced to an incredible 10 years imprisonment for their attempts to rig Counter Strike tournament matches.
Match-fixing is always illegal, regardless of the sport in question.
Read More: https://www.abc.net.au/news/2020-05-03/men-charged-over-alleged-esport-match-fixing-australia/12209154
Read More: https://www.theguardian.com/australia-news/2019/aug/24/game-over-six-arrested-by-australian-police-over-alleged-online-gaming-match-fixing
World of Warcraft is under license from Blizzard Entertainment and makes up one of the largest gaming franchises of all time. If you have not played the game, you might know about it from its 2016 film Warcraft, or from notorious stories of addiction linked to players who might spend obsessive amounts playing it.
In 2010, news of a Distributed Denial of Service (DDoS) attack on the Blizzard servers was reported.
The attack was launched by a user, aimed at keeping his competitors from accessing the website – and subsequently, participating in any games.
The hacker was eventually ordered to pay US$29,987 in additional costs to Blizzard and sentenced to a minimum of one year in prison.
Read More: https://www.pcmag.com/news/gamer-gets-1-year-in-prison-for-world-of-warcraft-ddos
Read More: https://www.bbc.com/news/technology-44038178
When it comes to fleecing the tables, the MIT Blackjack Team depicted in the movie 21 might be a clear example of card-counting at work. But what happens when hackers combine forces to put their effort into attacking gaming companies instead of brick-and-mortar casinos?
A hacking group named APT41 achieved overnight notoriety when the full extent of their exploits was discovered and reported. According to an article from PC Gamer, the team of internet criminals attacked the servers of at least nine different (and unnamed) large gaming companies.
Their attacks were aimed at hijacking accounts for their information, and for selling stolen in-game items which other players had paid for – with real money. The type of exploit can be seen just as often in any pay-to-play games with valuable items for the taking.
Read More: https://www.pcgamer.com/notorious-chinese-hackers-charged-in-elaborate-scheme-to-steal-and-sell-online-game-loot/
The scope of their attacks on gaming companies should make anyone interested in cybersecurity or esports pay more attention to how safe they imagine their accounts are.
Fortnite was launched to players in 2017 and has become one of the most popular titles for esports viewers and participants. Game currencies are worth real money, and user accounts with desirable traits or experience take real-life cash and time to accumulate.
An enlightening Bloomberg article published in 2020 exposed some insider details from the world of esports account exploitation. According to the piece, hijacked Fortnite accounts might sell for as much as approximately US$250 each to potential black-market buyers.
Read More: https://www.bloomberg.com/news/articles/2020-08-27/stolen-fortnite-accounts-sold-as-part-of-1-billion-black-market
The scam is not unique to Fortnite but might occur within any system where an online account has details on it that a hacker could exploit or sell.
Read More: https://www.cpomagazine.com/cyber-security/fortnite-accounts-other-games-now-constitute-a-1-billion-black-market-for-hackers/
Even if you are not a gamer, social media accounts can be just as vulnerable to the same criminal business model. Always protect your online accounts.
Read More: https://www.searchenginejournal.com/are-you-one-of-the-533-million-facebook-users-who-had-their-data-stolen/401668/
Capcom was founded in 1979 and created international gaming franchise such as Street Fighter and Resident Evil. If you know gaming or esports, then you will have encountered more than a shelf's worth of their games.
In 2020, news of a ransomware attack targeted at Capcom hit headlines.
Through accessing a vulnerable point in a Virtual Private Network connected to the company, cyber-thieves were able to break into vast amounts of important user data.
Read More: https://portswigger.net/daily-swig/capcom-ransomware-attack-hackers-gained-access-via-vulnerable-vpn-report-finds
Read More: https://www.bbc.com/news/technology-54958782
A report from Game Rant explored the full extent of exactly which data was known to be compromised in the attack.
Read More: https://gamerant.com/capcom-leak-2020/
In 2011, an online poker player from the United Kingdom found himself under investigation for cyber-crime after hijacking virtual poker chips to the value of approximately US$12 million.
The exploit had been targeted at the online gaming company Zynga, known for launching their games through Facebook. Founded in 2007, Zynga is the creator of hugely popular titles that include Farmville and Words With Friends.
When the virtual poker thief was discovered, he was hit with two years’ imprisonment – and presumably, a lifetime ban from all varieties of card games.
Read More: https://nakedsecurity.sophos.com/2011/03/23/two-years-in-jail-for-zynga-poker-hacker/
Read More: https://www.bbc.com/news/technology-12357005
Online poker tournaments are popular and lucrative but remains just as vulnerable to exploitation as any other game.
News reports dealt a final blow to the professional poker career of Peter Jepsen. While initial news kept his name out of headlines, later announcements did not. After investigation, it was discovered that Jepsen had installed malware on his competitor's computers.
Installed malware allowed Jepsen insight into their hidden cards, and enough traction necessary to tip the game towards an easier win.
That's called cheating, but also fits the definition of a serious cybercrime.
Jepsen was reportedly sentenced to four years' worth of jail time for his role in defrauding the EPT.
Read More: https://www.gamblingnews.com/news/peter-jepsen-found-guilty-in-online-poker-cheating-case/
Read More: https://www.pokertube.com/article/peter-jepsen-sentenced-to-four-years-in-prison-for-computer-based-theft
Read More: https://www.bbc.co.uk/bbcthree/article/d497a8d4-a0b4-4cf7-8b29-662a5635e71e
This is a guest post contribution from Alex J Coyne
Alex writes excellent cybersecurity guest post articles for us and it looking for paid work in that field. If you are looking for a top cybersecurity writer send us an email at firstname.lastname@example.org and we will put you in touch with him.