MMORPG Developers Warned of Security Risks

phantomfive writes "According to an article on ZDNet, hackers are now targeting players of MMORPGs (mainly WOW), stealing their passwords, then selling their gold/equipment for money in the real world. Microsoft security development engineer Dave Weinstein warned developers of the new dangers their titles face at the company's annual Gamefest event." From the article: "Online game accounts are already on sale in the black market next to stolen credit card accounts, fraudulent passports, fake work papers and other illegal items gathered by identity theft. In fact, some game accounts can be worth up to $10,000. 'For a lot of the customers out there, there is more store value on their MMO characters than there is on the credit card with which they pay for the account,' said Weinstein."

PEBCAK

[spyrochaete]

I've played a few MMORPGs (WoW, Guild Wars, Anarchy Online) and I've only seen one kind of keylogger exploit - the kind you install yourself. People shout in-game "Visit www.guildcheats.com for Guild Wars god mode!" and the like. It's just a case of the greedy preying on the greedy. Circle of life. If your account is stolen it's 99.9% likely that it's your own fault.

Even so, in the case of Guild Wars, which has given me better support than any piece of software in my whole life, I go out of my way to report these instances with screenshots or URLs when I find supposed cheats in torrents. The sanctity of the game is at stake when unscrupulous parties try to hijack others' accounts and lewt.

Re:Some do let you use virtual gold

[vadim_t]

Second Life. You can buy currency, and you can sell it back. Some people even make a living on it.

Saw it at GDC

[Dixie_Flatline]

I saw Weinstein's talk at GDC a few months ago, and this article really doesn't do it justice. His talk is mostly speculative; there aren't any cases of accounts being sold for thousands of dollars out there. However, he does point out the stuff to be aware of when writing and designing an online game. He also doesn't limit the talk to MMOs, though that's the most common kind of online game these days. A game like Unreal Tournament with the server browser can also be a security risk, but it's worth less money than stealing gold in WoW.

If you have a chance, see his talk. He's an old-school gamer and game programmer, so he's not just some guy that understands security and nothing else.

Re:Saw it at GDC

[Araxen]

Apparently you missed the boat, because when Everquest was at it's height of popularity. It wasn't uncommon to see accounts going for $2000+ easily.

Re:That's a Lot of Cash

[caffeinatedOnline]

Back when SWG was at it's heyday, I was one of the first people on my server to unlock the Jedi archtype. After playing it for a few weeks and realizing that the entire class was borked, I put the account on eBay for $300... at the end of a week long auction, it sold for over $1600. I couldn't believe that anyone would pay that much for a game account, and was sure that it was some scammer. But, the funds got transfered from France through PayPal, and it was legit. I still to this day get a laugh out of it... my wife gets a bigger laugh (she is an accountant) when she realized that I made ~$0.50/hr on the deal!