Latest Trending
Last Updated, Jun 15, 2021, 2:47 PM
Hackers Target Videogame Publishers for Ransom, Source Code


Gamers have struggled for years with hackers who cheat and take over accounts. Now, videogame studios are coming under serious attack, prompting them to step up their cyber defenses.

Electronic Arts Inc.

said Thursday it was breached by hackers recently, confirming an earlier report by technology news outlet Motherboard. That followed a disclosure by Polish game developer CD Projekt SA in February of a ransomware attack and a similar invasion of systems at

Capcom Co.

Ltd. last November.

Each attack involved data theft, with schedules for coming Capcom releases posted on darknet forums for games including Resident Evil Village and Street Fighter.

Hackers claim to have pilfered the source code for popular games such as EA’s FIFA series and CD Projekt’s Cyberpunk 2077, and the libraries of code and digital assets known as game engines used to create them.

Rather than demanding ransom to not publish the source code, the hackers have instead said they would auction it on the darknet.

“When you have the keys to the kingdom, and you understand how the code is being written and how the applications are being used, that’s obviously more visibility than I think anybody would want,” said

Mark Ostrowski,

head of engineering at

Check Point Software Technologies Ltd.

, a cybersecurity provider that has worked with videogame companies on their security, including EA.

In response to the ransomware attack, CD Projekt said in a statement on June 10 that it redesigned its core information-technology infrastructure, upgraded firewalls, expanded its internal security team and engaged third-party specialists to assist with cybersecurity. A spokeswoman for the company didn’t respond to a request for comment.

A spokeswoman for EA said the company lost a limited amount of game source code and related tools during its attack, and it doesn’t believe player data was at risk. EA has a full-time internal penetration testing team in place, she said, and is following best practices such as those outlined in President Biden’s May 12 executive order on cybersecurity.

Capcom said in an April 13 report that it had upgraded its technology and created a committee to oversee cybersecurity. A spokeswoman for Capcom referred queries on the attack to the company’s report.

Videogame studios, however, face a number of challenges unique to their industry. The need to consistently stream large volumes of data into and from servers, which power online gaming, means security tools are often customized for a studio.

Additionally, the digital nature of prized assets, such as source code, means that were a hacker to break in, crucial intellectual property can be targeted and stolen.

MORE FROM WSJ PRO CYBERSECURITY

“There’s not a single gaming company out there that does not focus on asset protection in some way,” said

Steve Ragan,

a security researcher at cybersecurity company

Akamai Technologies Inc.

who specializes in the videogame market.

High turnover of staff in the videogame industry, where entire teams can be hired for contract work or laid off after a project is completed, means that managing user access to sensitive systems can be challenging, said

Eric Milam,

vice president of research and intelligence at technology company

BlackBerry Ltd.

That increases the risk that accounts with access to sensitive data may remain open, or that disgruntled former employees may present insider risks, Mr. Milam said. “Just because they let those people go doesn’t mean those people forget about how to access certain things,” he said.

Hackers could sell source code or use it to launch attacks in a number of ways, according to researchers. For instance, by tapping into the core functions of a game, hackers could build tools that let them pose as support staff and then send phishing email to gamers to gain access to accounts to exploit or sell on the darknet, said

Hank Schless,

a senior manager at cybersecurity company Lookout Inc.

Additionally, alternate versions of games containing malware could be distributed to gamers, Mr. Schless said. Popular app stores such as

Alphabet Inc.’s

Google Play and

Apple Inc.’s

iOS App Store have strong protections, but such impostor versions of games could sell on third-party platforms with weaker oversight, he said.

Criminals may also be able to develop tools that wreak havoc on games, Mr. Ragan said. “If you’re in the market for selling cheats and cracks for a certain game, the source code is going to help you identify ways to bypass protections. That’s the really big fear,” he said.

While cheating disrupts enjoyment from gaming, it also puts growing revenue from esports at risk if sophisticated tools become widespread.

Gaming research company Newzoo International B.V. estimated in March that revenue from the esports market will top $1 billion in 2021 for the first time, with a global audience of 474 million people. The videogame industry as a whole generated revenue in excess of movies and U.S. sports combined in 2020, according to estimates from market research company International Data Corp.

Ongoing updates, subscriptions and in-game economies, known as live services, also provide a lucrative source of revenue for games far beyond their initial sale value, and could be vulnerable to hackers through attacks on gamers or attacks engineered by analyzing a game’s source code.

EA’s live services accounted for 71% of its net revenue, at just over $4.01 billion, in its 2021 fiscal year, according to regulatory filings. Around $1.62 billion of that came from FIFA’s Ultimate Team mode.

EA’s spokeswoman said the company doesn’t expect the recent attack to have a material impact on its games or business.

Write to James Rundle at james.rundle@wsj.com

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

24World Media does not take any responsibility of the information you see on this page. The content this page contains is from independent third-party content provider. If you have any concerns regarding the content, please free to write us here: contact@24worldmedia.com

Latest Post

Common Mistakes When Using Athletic Field Tarps

Last Updated,Jun 5, 2024

High-Performance Diesel Truck Upgrades You Should Consider

Last Updated,May 14, 2024

Warehouse Optimization Tips To Improve Performance

Last Updated,May 6, 2024

Fire Hazards in Daily Life: The Most Common Ignition Sources

Last Updated,Apr 30, 2024

Yellowstone’s Wolves: A Debate Over Their Role in the Park’s Ecosystem

Last Updated,Apr 23, 2024

Earth Day 2024: A Look at 3 Places Adapting Quickly to Fight Climate Change

Last Updated,Apr 22, 2024

Millions of Girls in Africa Will Miss HPV Shots After Merck Production Problem

Last Updated,Apr 18, 2024

This Lava Tube in Saudi Arabia Has Been a Human Refuge for 7,000 Years

Last Updated,Apr 17, 2024

Four Wild Ways to Save the Koala (That Just Might Work)

Last Updated,Apr 15, 2024

National Academy Asks Court to Strip Sackler Name From Endowment

Last Updated,Apr 12, 2024

Ways Industrial Copper Helps Energy Production

Last Updated,Apr 11, 2024

The Ins and Out of Industrial Conveyor Belts

Last Updated,Apr 10, 2024