====== Ethics and Security in Gaming ======

----

  * Why do we cheat?
  * Why do we break things?
  * How do game companies protect their intellectual property?
  * The stakes are extraordinarily high, especially with MMORPGs. Why?
    * The "trinity of trouble:"
      * connectivity, complexity, and extensibility
    * MMORPGs have pushed the limits of computing and gaming
      * > 12,000,000 players worldwide; > 500,000 users simultaneously on 6 continents
      * > 7,000,000 players on World of Warcraft
        * about $14 (average monthly subscription) * 7M = 98M * 12 (months) = $1.176 Bil / year.
          * This does not include the client or add-ons.
        * In other words, a lot of money to be made.

===== Virtual Economies =====

  * Exchange rates exist between in-game currency and real money.
    * See [[http://www.ige.com/|Internet Gaming Entertainment]].
  * The market is in the $billions of dollars.
  * In October 2005, a player paid $100,000 for the "Asteroid Space Resort" in Project Entropia (now [[http://en.wikipedia.org/wiki/Entropia_Universe|Entropia Universe]])
  * The [[http://en.wikipedia.org/wiki/Gold_farming|Gold farming]] industry have been noted.
    * Sweatshops
    * Laborers alleged to work long hours doing mundane game tasks, and sometimes even run bots
===== Game Hacking =====

  * ROM hacking
  * Console modding
  * Modding characters and levels (this can be perfectly legal)
  * Game server manipulation

===== Advanced Gaming Hack-Fu =====

  * Gold duplication
  * Macros
  * Scripting
  * Bots
  * Reverse engineering the client:
    * break it apart => find any software bugs and flaws => perhaps even fix the user interface => take advantage of what you find
  * Manipulating memory
  * Injecting new code into the client via DLL injection
  * For online games, reading network packets via sniffer or proxy

===== Random Numbers and Security =====

  * Critical for games that require randomness (e.g., games of chance, including Poker and Blackjack)
  * java.util.Random is insecure => predictable based on the usual RNG seed that is used (i.e. the current time)
  * Generating secure random numbers in Java: java.security.SecureRandom - provides a cryptographically strong pseudo-random number generator (PRNG)
  * An analysis of how to cheat in online poker (from Cigital, Inc.): http://www.cigital.com/papers/download/developer_gambling.php

===== Lawyers and Legalese =====

  * Piracy and privacy
  * End Use License Agreements (EULA) -- vast majority do not know what they are agreeing to
  * Terms of Use (i.e., how to get banned)
  * Digital Millennium Copyright Act of 1998 and the Induce Act (prohibits reverse engineering of software)
  * Spyware and rootkits
    * Example: "The Warden" in World of Warcraft
      * Purpose: combat cheating
      * Read all sorts of data from the gamer's PC, including the title bar of every open window, running processes, URLs, etc.
      * Ran about every 15 seconds; sent information back to Blizzard
      * The Governor, a program written by Greg Hoglund - A program that identified what exactly the Warden was doing.

----