Thieves in online games can be caught by watching how they play

Take care of your account

Riot games

Be careful, there are thieves. This is as true in virtual worlds as it is anywhere else. The theft of player accounts has spoiled great multiplayer online games for years. But a new approach that automatically detects suspicious activity could help catch crooks in the act.

Online games and sites like ItemBay in South Korea, which allow people to exchange virtual items for real money, bring in hundreds of millions of dollars a year. But these sites can be targeted by hackers because they tend to have lower security than a shopping site or online banking.

If thieves can get their hands on someone’s username and password – through phishing, let’s say – they can take over that person’s account and escape with the virtual items, which are often worth the money. real money, or the credit attached to it.

In 2015, it was reported that Steam, the world’s most popular online store for PC games, had around 77,000 of its accounts hacked every month. And online message boards for games like World of warcraft, Final fantasy XIV and League of Legends are littered with stories of users who have had their accounts, virtual items or digital currency stolen.

“They usually say it happens at lightning speed,” says Huy Kang Kim of Korea University in Seoul. “When they reconnect to the game server after taking a bathroom break, they are shocked to find that all of their stuff is gone. “

Automated police

Kim worked in the security division of NCsoft, the publisher of Aion, a fantasy-themed online role-playing game popular in South Korea. Now Kim and her colleagues have found a way to automatically control online games.

By analyzing several months of data from Aion, the researchers noticed that hackers often repeatedly logged in and out of stolen accounts, checking to see if the victim realized that something fishy was going on.

Thieves then tend to siphon virtual objects to a network of other accounts they control, often also stolen. Objects are indeed shared between a criminal gang of characters in the game, which generally makes them difficult to trace.

But studying the data revealed that these characters often started to behave differently themselves. Instead of taking part in battles, they might suddenly start trading items, for example. After having trained their software on the Aion data, Kim’s team found they could detect suspicious activity with over 80% accuracy.

No survey

Although theft is so common in many online games, it took a while for it to be recognized as a real theft. In 2008, US police refused to investigate when a Final fantasy The player reported that virtual items worth $ 3,800 were stolen from his account, for example. But the authorities are catching up. In 2012, the Dutch Supreme Court upheld a conviction for theft of items in a game called RuneScape.

The technique of monitoring the online behavior of people for security purposes is now booming, explains Laurent Heslault of the information security company Symantec. He is interested to see it applied to video games. Monitoring how people play could also provide some form of continuous authentication for legitimate players. “If we can detect your behavior while you’re playing, we can use that to make sure it’s really you and not someone else,” he says.

However, the tactic might not work for long. “Once people know you’re studying behavior, they can adapt it,” says Richard Bartle of the University of Essex, UK, who studies online gaming.

But Kim is not discouraged. Thieves can try to derail detection software by doing something differently. But as long as the ultimate goal is to profit from stolen goods, they will eventually have to transfer items between accounts and out of the game, Kim explains. “Their final behavior won’t change that easily. “

Journal reference: arXiv, DOI: 1705.00242

More on these topics:


Source link

Comments are closed.