My Bitdefender
  • 0 Shopping Cart

Bitdefender Blog

Hackers Slam-dunk Gaming Giants One at a Time

by Catalin Cosoi, on 06 June 2011

Capitalizing on large customer database is the name of the game

Less than a day after hitting Sony, the same hacking group bashed the network security of another popular video gaming console producer, Nintendo. Despite the fact that this time the attackers didn't grab/leak any names, addresses, birth dates, emails, phone numbers or password, as in the previous case, I guess we can detect here a pattern that is ultimately aiming at ripping off significant amounts of sensitive information from not-very-secured servers.

This type of organization, which stores and processes such data, is definitely a desirable target as we’re talking about hundreds of millions users around the globe. Actually, this has been a favorite target for malware writers for several years now, and is a direct consequence of the fact that gaming is an addictive occupation – i.e. users purchase any upgrade for their favorite games or go beyond the legal border and download pirated games. It’s not something new to say that some users will often kill their AVs in order to be able to play their favorite game, even if the antivirus says that the torrent-downloaded file they try to install is packed with malware.

However, the most important aspect in these two attacks is not the motivation of financial gain. According to the hackers, it was all about making a statement and proving that network security should be a serious business. Not only for megacorportions, but for those whose job is to guard the very infrastructure of the country and Internet too, such as FBI and its partners, which weren't too careful in securing some passwords leaked by the same group.

What should these organizations do to avoid compromising their networks and preventing data leaking?

SQL injections and DDoS seem to be the favorite attack methods. As I'm ready to bet that this story won't end up here and we will hear more about similar incidents in the months to come, chances are that users' interest into purchasing goods and services from companies not able to secure their data will drastically decline.

To avoid such scenario, these organizations should make sure that any information leaving their premises is encrypted and useless for the attacker. The incident that took place on Friday revealed that at least one of the two companies had been storing passwords in plain text, which is not exactly the ideal situation, especially when a database sums up millions of entries. As for DDoS, they might consider re-designing their server network architecture and use appropriate protection technologies.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

Catalin Cosoi

Chief Security Researcher

On Jun.7.2011 11:51

Th3Gr34t said

Gamersfirst/KnightOnline.com was hacked too, their database, but they disown, and keept in secret just told to players to change their passwords in game, many accounts was hacked, and now G1 admins to blackmail the players to buy premium to return the stolen itemя│ :)) between process or item restoration is started and going slowly.

Daily "Did you know?"

On July 31, 2008, the Koobface computer worm started to target users of Facebook and MySpace; and new variants still constantly appear.

Authors

  • Bitdefender Security Specialists
    Bitdefender Labs
  • Catalin Cosoi
    Chief Security Researcher
  • Dan Lowe
    Dan Lowe, an OEM Senior Marketing Manager, has been working with Bitdefender for the last 3 ½ years. His familiarity with multiple security products from Firewalls to Antivirus has provided him a unique perspective on the security industry.
  • Ligia Adam
    Security Evangelist and Social Media Professional
  • Loredana Botezatu
    Loredana Botezatu – E-threat Analyst – Loredana has been writing about the IT world and e-security for well over five years. She has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.

Categories

HOTforSecurity