New technologies and high-speed internet connections have helped online gaming become a popular pastime on the internet. Because gamers invest large amounts of time and money in today’s sophisticated games, others see an opportunity for mischief or illicit profit. The technological and social risks of online games should be understood by anyone who enjoys them.
These include: risks from social interactions with strangers who may trick you into revealing personal or financial information; risks from computer intruders exploiting security vulnerabilities; risks from online and real-world predators; risks from viruses, Trojan horses, computer worms and spyware Online gambling. People play casino-like games, lotteries, and bet on sporting events. Like any form of gambling, the risks include addiction and the potential rapid loss of any funds invested in the game.
Operating a computer server to run a gaming application involves the same challenges and risks associated with operating a server for other applications. Intruders may break into or crash your server if its security profile, or level of protection is insufficient.
Online Gaming Risks
An abundance of choices exist in today’s online gaming environment. One popular genre of games has emerged called Massive Multiplayer Online Role Playing Games (MMORPGs or MMOs). Most allow players to create online identities as game characters who participate in virtual adventures, which sometimes cross into the real world: for example, gamers sell virtual game items for real-world money in markets such as eBay. In some games, there is a user-created, virtual world where people use real money to create or purchase personal property in their online world. This has created an opportunity for a new type of criminal activity called “virtual crime.” In general, online gaming may involve both social risks and technological risks. So the games pose another opportunity for the compromise of the privacy or computer security.
Compromise of privacy and computer security
Technological Risks Online gaming can involve the following technological risks to your computer system or the systems of gamers with whom you interact. Viruses and Worms Viruses may arrive as attachments in email messages or via instant messaging programs, and corrupt or malicious programs may be hidden in game files you download or software you install. Malicious Software Viruses and worms may be used to install malicious software on your computer. Malicious individuals may also take advantage of the social networks associated with online games that rely on chat, email, or even voice communication to entice you to visit bogus web sites or open email attachments containing malicious software and install it on your computer. They then use this software for a variety of illicit purposes.
Insecure or Compromised Gamer Servers Gamer concerns: If the software on the game server has been compromised, computers that connect to it can be compromised also. Essentially, any game with a network connection carries some level of risk to computer security, especially compared to playing a computer game that does not require a connection to another computer or a link to the internet. By exploiting vulnerabilities, malicious users might be able to control your computer remotely and use it to attack other computers or install programs such as Trojan horses, adware, or spyware, or gain access to personal information on your computer.
For instance, a security research group called Independent Security Evaluators recently discovered two vulnerabilities in two popular MMOs, Age of Conan and Anarchy Online. Exploiting vulnerable code will allow attackers to read files from a gamer’s computer, crash the games during online play, and in the case of Anarchy Online, to gain full control of the exploited computer.
Risks
Insecure Game Coding Some game protocols – the methods for communicating game information between machines – are not implemented as securely as other protocols. Game code may not be as well scrutinized as more popular commercial software. Consequently, game software may sometimes cause “buggy” behavior on your computer or introduce unknown vulnerabilities.
Social Risks Most games now have an online community that talks, chats, or sends instant messages during the games. Some computer intruders may use the social interaction of the online gaming environment in an attempt to exploit software vulnerabilities. Others may try to gain access to unprotected computers connected to the internet. The intruders may want to: capture personal information; steal identity; steal credit card information; inappropriately contact children by pretending to be another child, setting up meetings, or tricking them into revealing personal information.
Social Engineering Malicious individuals may try to trick you into installing software on your computer that they can use to control your computer, monitor your online activities, or launch attacks against other computers. They may, for instance, direct you to phony web sites offering bogus patches or game downloads that, in reality, are malicious software.
Identity Theft If a malicious individual can gather information about you from the profiles you create in games and other sources, they may be able to use it to establish accounts in your name, resell it, or use it to access your existing financial accounts. In South Korea, more than a thousand gamers had their identities compromised through a fantasy game called “Lineage.” Game accounts were created in their name without their knowledge. There was speculation that people were trying to make money selling virtual weapons and abilities used in the game.
Virtual Mugging The term “virtual mugging” was coined when some players of Lineage II used software applications that run over the web, called bots, to defeat other player’s characters and take their items. Japanese police arrested a foreign exchange student in August 2005 following the reports of virtual mugging and the online sale of the stolen items. The number of game players who have experienced some manner of virtual crime is already large. South Korea, a country with many active gamers, had over 22,000 reported cases of various types of virtual crime involving games in 2003.
How to Protect Against the Risks
Internet gaming can be a safe and enjoyable online activity if you educate yourself and practice the basic principles of good computer security. Many computer security principles are the same as those you may have practiced in other computer applications. Key practices of good personal computer security include: use antivirus and antispyware programs; be cautious about opening files attached to email messages or instant messages; verify the authenticity and security of downloaded files and new software; configure your web browsers securely; use a firewall; identify and back up your personal or financial data; create and use strong passwords; patch and update your application software.
Gaming-Specific Security Practices Recognize “Administrator Mode” Risks: Some games require you to use your computer in “administrator mode.” If this is the case, it is important to make sure the game vendor is reputable and download the game from a site you believe you can trust. By operating in “administrator mode,” you open yourself to the risk that an attacker could gain complete (administrator-level) control of your computer. Web browsing from a user account is generally safer than using administrator mode.
Recognize ActiveX and JavaScript Risks: Some web games are played via a web browser and require ActiveX or JavaScript to be enabled. If this is the case, be aware that enabling these features can lead to some vulnerabilities. For more information, read the CERT document on securing your web browser.
Play the Game at the Game Site: When playing an online game, it is best to play it at the game site and save web browsing for later. This way, when you are done playing, you can switch back to a user account to browse the web. This may reduce your risk if you end up on a malicious web site.
Pay Attention to Firewall Management: Home users often use firewalls to help protect their computers. Playing a multiplayer internet game sometimes requires an exception in the rule set for the firewall to allow information from the game to get through to your computer. Remember that anytime you allow more permissive security settings on your firewall, you increase the chance of a computer security problem. Firewalls may also allow you to designate specific IP addresses of fellow gamers as “trusted” to reduce the possibility of interaction with a malicious individual or of a malicious program infecting your computer.
Conclusion
Online gaming has many positive aspects. It has become a major source of entertainment, developed new industries and sources of revenue, and introduced new uses of the human imagination to millions of people. However, it is important to know and guard against the risks associated with the internet gaming world to keep it safe and enjoyable for all.
