No Such Thing As A Locked Door

Aaron Birch just published an article on Den of Geek, asking a serious question:

“Hacks on gaming services have become more and more common of late, but what are they, why do they happen, and can they be stopped?”

In his article, Birch touches on both “external” events (specifically, DDoS-style attacks like the recent Xbox and Playstation outages over the Christmas season), as well as the much more troubling focused, penetration-style style attacks designed to break into a service’s player accounts, and to enable theft and other criminal activities.

This, as anyone who’s been following this blog knows, is not something that I consider to be a minor, or trivial, distinction.

While the damage to a game service’s or publisher’s reputation cannot be overstated, the actual real-money impact that can occur when a cyber criminal is allowed to access a customer’s private, sensitive, or financial data is felt not only by the publisher, but also potentially by every player who enjoys that game, who has invested time and effort into accruing in-game items and currency, and who has used a credit card to make an in-game purchase.

As to whether or not hacks and attacks can ever be stopped, Birch goes on to make this very important point :

“With hacking-related issues surfacing more and more in recent years, it would seem as though there’s an even greater need for security, including within the gaming sector, but is this possible? Can such attacks actually be prevented, or stopped if they do happen? The real answer is, no. Although good security can help fight hackers, and certainly limits any potential damage, hackers have proven that there’s no such thing as a locked door, and any and all security can be bypassed with time. Maybe one day an unbreakable encryption algorithm or form of security will be created, but I’m willing to bet there’s a hacker waiting in the wings to break it.”

The desire for an “unpickable lock” by heads of security tasked with securing online access points is something I’ve noticed throughout the years in several high-risk industries, from online banking and ecommerce all the way to games. Unfortunately, as Birch points out, I personally don’t think there ever is, nor will there be, such a thing.

I’ll be writing in more detail soon about this topic soon, where I’ll detail not only why I think an unpickable lock is a losing proposition, but also why I believe there are easier, cheaper, and in the end better methods for securing accounts and keeping game worlds fun, safe, and profitable.

 

Related Articles
Video Game Publishers Must Log Player Data to Prevent In-Game Fraud
Stop REACTING: 5 Reasons Why Video Game Publishers Must Embrace a Proactive Security Posture
From the Mob to Mario: How Money Laundering Lives on Through Video Games