The quest to get ahead in games by buying virtual currency is funding elaborate cybercriminal operations, researchers claim.
Gaming has come a long way in the last decade. Once, the graphics of Final Fantasy 7 were the pinnacle of achievement in the industry; and now, gaming has spread from PCs to consoles and mobile devices, connects players worldwide and has led to a booming economy in currency and virtual items.
However, as gaming systems such as Massively-Multiplayer Online Role-Playing Games (MMORPGs), including World of Warcraft and League of Legends have increased in popularity, there are those who would exploit these trends for their own benefit.
On Tuesday, researchers from Trend Micro released a new report investigating how online gaming can be exploited to fuel cybercrime. Hacking, glitches, lax security surrounding gaming accounts and a lack of punishment for doing so are all elements which, when brought together, create a lucrative market for fraudsters.
According to the cybersecurity firm, Real-Money Trading (RMT), the sale and trade of virtual items and currency in exchange for real money, is at the core of the business.
While legitimate gamers sometimes use these services to get ahead — although sometimes considered unethical and unfair — such competition can also turn a game into a target for fraud as a consequence.
You can indulge in RMT through many third-party websites. Virtual items and currency may be legitimately earned. However, they may also be the result of gamer accounts being compromised or stolen, game glitches exploited for purposes including item replication, game code modification, malware, infostealers and bots, which allow users to automate processes such as grinding and item farming.
“There are no laws set to indict a person involved in hacking, glitching, or even buying online gaming currencies — even if it were done through the use third-party programs or exploits,” Trend Micro notes. “However, while not necessarily illegal, the earnings gained from hacking may be supplying illegal and illicit activities and may lead the actor into a life or career in criminal elements.”
One major area of concern is that the sale of virtual currency is now used as a way for cybercriminals to launder real world money resulting from other criminal exploits. Once a transaction between gamer and seller is made through a third-party website, the proceeds are often converted to other forms of virtual currency — including Bitcoin — to keep the eyes of law enforcement turned away.
In addition, these funds will often be put through a laundry service which further “cleans” the cash by mixing it with other cryptocurrencies, which erases the records relating to transactions.
Cybercriminals may then invest this money back into their operations, cash it out, or use it to buy more virtual currency for later sales.
Some groups which use these tactics for profit are well-known, such as Lizard Squad, Team Poison and the Armada Collective — the latter of which earned $100,000 just by threatening a company with a distributed denial-of-service (DDoS) attack.
While these funds can be used to launch DDoS attacks and disrupt businesses, hire attack infrastructure and pay for spam campaigns, Trend Micro says the effects can be felt on a far more personal level.
If players use RMT to gain an unfair advantage this can cause the game developer harm and put other games off playing entirely. The company also says that “forced labor” is now a common theme, with sweatshops appearing which make “employees” work long hours farming for virtual money and items to be resold online.
“Just like the typical sweatshops in other industries, these gaming currency farmers are forced to work for long hours with very little pay — or none at all — and are exposed to poor working conditions,” Trend Micro says. “One evidence of such a sweatshop is when labor camp prisoners in China were forced to play online games for hours on end in order to farm online ‘gold.'”
In 2005, it was estimated that at least 100,000 Chinese gamers were working in these establishments.
It is up to gaming developers and vendors to keep account security as tight as possible but you cannot prevent the trade of online gaming currencies entirely. Instead, if players are going to keep their accounts and funds safe from exploit they need to practice better personal security — and be wary of any online currency deals which seem too good to be true.
The researchers said:
“In the basic sense, buying and selling online gaming currencies is not illegal. Players should, however, practice caution in participating in such an exchange since they may, after all, be financing cybercriminal acts that will have devastating real-world implications.”