Ethics and Security in Gaming

Virtual Economies

Exchange rates exist between in-game currency and real money.
- See Internet Gaming Entertainment.
The market is in the $billions of dollars.
In October 2005, a player paid $100,000 for the “Asteroid Space Resort” in Project Entropia (now Entropia Universe)
The Gold farming industry have been noted.
- Sweatshops
- Laborers alleged to work long hours doing mundane game tasks, and sometimes even run bots

Gold duplication
Macros
Scripting
Bots
Reverse engineering the client:
- break it apart ⇒ find any software bugs and flaws ⇒ perhaps even fix the user interface ⇒ take advantage of what you find
Manipulating memory
Injecting new code into the client via DLL injection
For online games, reading network packets via sniffer or proxy

Critical for games that require randomness (e.g., games of chance, including Poker and Blackjack)
java.util.Random is insecure ⇒ predictable based on the usual RNG seed that is used (i.e. the current time)
Generating secure random numbers in Java: java.security.SecureRandom - provides a cryptographically strong pseudo-random number generator (PRNG)
An analysis of how to cheat in online poker (from Cigital, Inc.): http://www.cigital.com/papers/download/developer_gambling.php

Piracy and privacy
End Use License Agreements (EULA) – vast majority do not know what they are agreeing to
Terms of Use (i.e., how to get banned)
Digital Millennium Copyright Act of 1998 and the Induce Act (prohibits reverse engineering of software)
Spyware and rootkits
- Example: “The Warden” in World of Warcraft
  - Purpose: combat cheating
  - Read all sorts of data from the gamer's PC, including the title bar of every open window, running processes, URLs, etc.
  - Ran about every 15 seconds; sent information back to Blizzard
  - The Governor, a program written by Greg Hoglund - A program that identified what exactly the Warden was doing.