Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Game Hacking. Show all posts

Classic Scam the Scammers? Epic Games Hackers Faked the Hack

epic gaming scam

Hackers stage Epic hack

A group announced earlier this week that they had successfully breached Epic Games and taken 189GB of data, including user information. They are now retracting their statements, claiming that they staged the whole event to deceive real hackers.

The group, which goes by the online handle Mogilevich, claims to have accomplished this by promising to sell potential hackers the technology needed to get access to Epic Games. Naturally, the technology and data they sent on—assuming they sent any—would be worthless if the attack had never occurred. According to Mogilevich, it sold this information to eight customers without demonstrating its ability to breach an organization such as Epic.

Epic gaming scam developments

Only a few days have passed since the "hack" was originally made public. After allegedly stealing "emails, passwords, full names, payment information, source code" from its assault on Epic, Mogilevich appeared to be attempting to ransom the data back to the business.

However, Mogilevich has since altered the narrative entirely. Since it's possible that the gang pulled off a hack and this was all misdirection, we cannot confirm whether or not their account of events is accurate. It does, however, correspond with Epic's statement that there was "zero evidence" of any hacking at all.

A Mogilevich member is said to have said, "You may be wondering why all this, and now I'm going to explain everything you need," on a page that it had previously promised would contain information from the Epic breach. "In reality, we are not a ransomware-as-a-service, but professional fraudsters."

Gang aimed to get new contacts

In explaining its methodology, Mogilevich claims that it staged the operation to make fresh connections for fraud. As per the gang, everything went as planned in this aspect, with aspiring hackers reportedly sending over tens of thousands of dollars.

"We don't think of ourselves as hackers but rather as criminal geniuses, if you can call us that", the message continues. They acknowledge that their goal was to acquire access to new "victims to scam," but ideally, users and employees of Epic Games are not among these victims.

Epic still needs to respond to this revelation.


Riot Games Hit by Data Breach

Riot Games reported last week that a social engineering attempt had infiltrated the systems in their software platform. Motherboard got the ransom note that was sent to Riot Games and reported that hackers demanded $10 million in exchange for keeping the stolen source code a secret and erasing it from their servers.

The LoL and TFT teams are investigating how to cheat developers who might exploit the data that was obtained to create new tools and evaluating whether any fixes are necessary to resist such nefarious attempts. According to the game creator, the game source code obtained during the security breach also includes certain unreleased features that might not make it to the release stage.

Hackers gave Riot Games two sizable PDFs as proof, claiming that they would demonstrate their access to Packman and the League of Legends source code. These files were also obtained by Motherboard, and they seem to display directories connected to the game's code. According to the ransom message, the hackers threatened to remove the code from their servers in exchange for payment and give insight into how the intrusion occurred and offer guidance on preventing future breaches.

The hackers indicated Riot Games could contact them through a Telegram chat, and they provided a link to that chat in the post. The motherboard has joined this channel. Its members contained usernames that corresponded to the names of Riot Games personnel.

No player or user information was taken during the attempt, as per Riot, but the company warned that it would take some time to adequately protect the systems and that patches might be delayed. The breach is the subject of an investigation by Riot Games. It appears that the attacker did not utilize ransomware but instead concentrated on stealing source code so they could demand money from the business.

Hacker who developed cheats for "World of Tanks" was brought to court

For several years, on his website, a native of Yekaterinburg, Andrei Kirsanov, according to police, managed to sell thousands of packages with bots and cheat programs that allowed users to receive unfair advantages over other players. The damage caused to the creators of games is estimated at 670 million rubles ($9 million).

A Moscow court has begun considering a criminal case against Yekaterinburg resident Andrey Kirsanov, accused of creating, using and distributing malicious computer programs.

It should be noted that before that no one was brought to criminal responsibility just for the interference in the gaming computer industry.

The defendant in the case was the Belarusian company Wargaming, a publisher and developer of computer games, including the popular online tank and naval action World of Tanks and World of Warships.

In them, players take control of military equipment - tanks and ships - and participate in online battles. For winning such battles, they receive in-game currency and experience points, which allow them to develop and discover new, more powerful equipment.

According to the company's representatives, since the release of the games, a large number of malicious programs have been created for them that allow users to gain unfair advantages over other players — bots and cheats. According to Wargaming, some users lose interest in the game, including due to the fact that rivals use such malware. Representatives of the company said that only last year more than 10 thousand bots were excluded from the game in World of Tanks.

As the employees of the Ministry of Internal Affairs of Russia have established, since 2015, hackers sold bots and cheat programs for playing World of Tanks and World of Warships through the Cyber ​​Tank and Cyber ​​Ship websites.

Norton Research Shows That Almost 42% of UK Gamers Have Encountered Cyber-Attack

 

Regardless of whether casual or diehard, gamers polled in the UK said that they would rather spend their time playing video games than attending a sporting event or concert (72%), going on a date (72%), or reading a book (68 % ). 

The 2021 Norton Cyber Safety Insights Report: Special Release – Gaming & Cybercrime, undertaken by The Harris Poll among more than 700 UK adults who as of now play online games, discovered that even more than two in five UK gamers (42 percent) have encountered a cyberattack on their gaming account or gadget. Nearly four in five (78 percent) of the those polled say they have been monetarily impacted as a direct consequence, losing an average of £145. 

The study also revealed remarkable conclusions about gamer-to-gamer cyber risks as well as the extents gamers would go to win. More than a quarter of British gamers polled (28%) are at least slightly likely to hack into a friend's, family member's, or romantic partner's gaming account if they knew that it would give a competitive benefit in an online video game. This perception is much more pronounced among hardcore gamers, with approximately half of those polled (48 percent) simply stating they are at least somewhat likely, highlighting serious gamers' tenacity to win. 

“These findings are jarring, but there are some gamers out there that will do whatever it takes to win,” said BigCheeseKIT, gamer, and Twitch streamer. “I’ve learned that when you’re gaming online, it’s so important to be mindful of who you are friends with online and what information you share when gaming online. While this is especially true for professional gamers who have that public profile, it’s clear this goes for any online gamer.” 

The competitive spirit pervades all sorts of gamers, from casual to diehard. If they knew it would give them a competitive advantage, nearly half of UK gamers polled (43 percent) said that they are at least somewhat probable to exploit loopholes or technical problems in a game, and nearly one-third (34 percent) would download cheats to their gaming account or systems, pay to take possession of some other user's gaming account (30 percent), or hack into a spontaneous player's gaming account (29 percent ). 

“Scammers know that – for both experienced and casual gamers – cheats, skins, and limited edition items are highly sought after,” said Armin Buescher, Technical Director at NortonLifeLock. “Offering these competitive boosts is a perfect opportunity to share malicious links or trick gamers into downloading malware that, if successful, can rob players of their gaming profile, personal information, or more. Having security that specifically helps protect against these threats can give players peace of mind so they can focus on the enjoyment of the game itself.”

Attackers Could Use a Bug in the Squirrel Engine to Hack Games and Cloud Services

 

An out-of-bounds read vulnerability in the Squirrel programming language allows attackers to bypass sandbox limitations and execute arbitrary code within a Squirrel virtual machine (VM), giving them complete control over the underlying machine. Given where Squirrel lives – in games and embedded in the internet of things (IoT), the bug could endanger the millions of monthly gamers who play video games like Counter-Strike: Global Offensive and Portal 2, as well as cloud services like the Twilio Electric Imp IoT platform, which has an open-source code library that is ready to use. 

The issue is tracked as CVE-2021-41556, and it affects stable release branches 3.x and 2.x of Squirrel. It occurs when a gaming library known as Squirrel Engine is used to execute untrusted code. On August 10, 2021, the vulnerability was responsibly disclosed. The Squirrel Engine was designed to be a model for multi-core gaming engine efficiency. It's designed to get the most out of high-end computer hardware. 

Squirrel is an open-source object-oriented programming language used for customization and plugin development in video games and cloud applications. It's a scripting language that fits the size, memory bandwidth, and real-time demands of video games and embedded systems. 

"In a real-world scenario, an attacker could embed a malicious Squirrel script into a community map and distribute it via the trusted Steam Workshop," researchers Simon Scannell and Niklas Breitfeld said in a report. "When a server owner downloads and installs this malicious map onto his server, the Squirrel script is executed, escapes its VM, and takes control of the server machine." 

When defining Squirrel classes, the security problem involves "out-of-bounds access via index confusion." The fact that bitflags are set within indexes is problematic since it is absolutely conceivable for an attacker to establish a class definition with 0x02000000 methods, the researchers explained. 

The flaw is severe because it allows a malicious actor to create a false array that can read and write values. The researchers discovered that overwriting function pointers allowed them to "hijack the control flow of the programme and take full control of the Squirrel VM." 

While the problem was fixed as part of a code commit on September 16, the modifications have yet to be included in a new stable release, with the most recent official version (v3.1) being issued on March 27, 2016. Maintainers that utilize Squirrel in their projects should apply the available repair commit to protect themselves from assaults, according to the researchers who found the issue.

Experts Said How Cybercriminals Make Money on Russian Gamers

One of the most popular fraud schemes involves buying or selling an account in online games. An attacker can offer an account, but after transferring funds for it, the buyer does not get access to it.

Experts advise using specialized platforms for buying and selling an account, which charge a commission of about 10% for their services.

If there is no such platform, but there is a forum dedicated to the game, the expert advises to study the user's account and his rating on the forum as much as possible before selling or buying.

Gamers can also be deceived when buying expensive computer components, for example, video cards. Scammers create copies of popular online stores, in which the cost of components will be declared 2-3 times lower than the market price. The buyer most likely will not be able to return the money.

Another method of fraud is associated with the purchase of expensive goods, such as a game console through a private classifieds service. In this case, the buyer is offered to get an e-wallet on one of the legitimate services. His virtual card is allegedly linked to this account, which is used to make the payment.

The client transfers money to the wallet and informs the seller about it, after which he receives an SMS message with the virtual card data. However, the notification does not come from the service number, but from the phone of the scammers. So, the gamer makes the transfer to scammers and remains without money and the desired product.

Another method of fraud is connected with watching streams of other gamers. Scammers copy the broadcasts of famous players and add banners with ads for easy earnings to the video. By clicking on them, people get to the resources of scammers, where they lose money by providing their bank card details.

According to the expert, the solution to the problem in the game world could be the active development and use of escrow services, as it is used when selling domain names on the Internet.