LulzSec hacks: Time to play the game

News 6 Jun, 2011

Following some notable hacks on Sony and Nintendo, Tom Brewster asks why are gaming firms being targeted?

Hackers have gone for all kinds of businesses in the past, from Governments to security companies.

One apparent trend in recent months, however, has been to go after entertainment-focused firms.

In the past two months we’ve seen attacks on two of the biggest forces in the gaming world – Sony and Nintendo.

In the case of Nintendo, it looks like the event will pass without much fuss, but the PlayStation owner won’t see the back of its security saga for a while yet.

But why are hackers going after these companies? There must be value there, so what is it?

Fair game

The fact is online and console gamers have been in hackers' crosshairs for some time now.

By their very nature, gamers are good targets, according to Catalin Cosoi, head of BitDefender Online Threats Lab.

“Gaming is addictive which means that we will have users that purchase any upgrade to their favourite games or users that will go beyond the legal border and download pirated games,” Cosoi said.

“It’s not something new to say that some users will often kill their anti-virus in order to be able to play their favourite game, even if the anti-virus says that the torrent-downloaded file they try to install is packed with malware.”

In these recent attacks, however, we’ve seen the service providers’ servers hacked, rather than cyber criminals going for the gamers directly.

For David Harley, senior research fellow at ESET UK, this is just the next phase in the evolution of hackers' efforts to get hold of gamers’ credentials.

“Online and console gaming has long been a favourite target for phishing for credentials, and attacking the service providers is a natural progression as a supplement to that kind of attack,” Harley told IT PRO.

Hackers are using the old grey matter here. Why should they bother relying on end user desperation and foolishness, when they can go straight to the mothership, find its weaknesses, infiltrate and then steal substantial amounts of user data in one fell swoop?

They’ll make plenty more money that way, so expect attacks on other games firms to appear in the news soon enough.