cs498gd:ethics_security
Table of Contents
Ethics and Security in Gaming
- Why do we cheat?
- Why do we break things?
- How do game companies protect their intellectual property?
- The stakes are extraordinarily high, especially with MMORPGs. Why?
- The “trinity of trouble:”
- connectivity, complexity, and extensibility
- MMORPGs have pushed the limits of computing and gaming
- > 12,000,000 players worldwide; > 500,000 users simultaneously on 6 continents
- > 7,000,000 players on World of Warcraft
- about $14 (average monthly subscription) * 7M = 98M * 12 (months) = $1.176 Bil / year.
- This does not include the client or add-ons.
- In other words, a lot of money to be made.
Virtual Economies
- Exchange rates exist between in-game currency and real money.
- The market is in the $billions of dollars.
- In October 2005, a player paid $100,000 for the “Asteroid Space Resort” in Project Entropia (now Entropia Universe)
- The Gold farming industry have been noted.
- Sweatshops
- Laborers alleged to work long hours doing mundane game tasks, and sometimes even run bots
Game Hacking
- ROM hacking
- Console modding
- Modding characters and levels (this can be perfectly legal)
- Game server manipulation
Advanced Gaming Hack-Fu
- Gold duplication
- Macros
- Scripting
- Bots
- Reverse engineering the client:
- break it apart ⇒ find any software bugs and flaws ⇒ perhaps even fix the user interface ⇒ take advantage of what you find
- Manipulating memory
- Injecting new code into the client via DLL injection
- For online games, reading network packets via sniffer or proxy
Random Numbers and Security
- Critical for games that require randomness (e.g., games of chance, including Poker and Blackjack)
- java.util.Random is insecure ⇒ predictable based on the usual RNG seed that is used (i.e. the current time)
- Generating secure random numbers in Java: java.security.SecureRandom - provides a cryptographically strong pseudo-random number generator (PRNG)
- An analysis of how to cheat in online poker (from Cigital, Inc.): http://www.cigital.com/papers/download/developer_gambling.php
Lawyers and Legalese
- Piracy and privacy
- End Use License Agreements (EULA) – vast majority do not know what they are agreeing to
- Terms of Use (i.e., how to get banned)
- Digital Millennium Copyright Act of 1998 and the Induce Act (prohibits reverse engineering of software)
- Spyware and rootkits
- Example: “The Warden” in World of Warcraft
- Purpose: combat cheating
- Read all sorts of data from the gamer's PC, including the title bar of every open window, running processes, URLs, etc.
- Ran about every 15 seconds; sent information back to Blizzard
- The Governor, a program written by Greg Hoglund - A program that identified what exactly the Warden was doing.
cs498gd/ethics_security.txt · Last modified: 2013/11/12 19:18 by jchung