Online Games and Fraud: Using Games as Bait
by Sergey Golovanov - Kaspersky Lab - Wednesday, 12 September 2007.
The game quality on rogue servers is much worse than on official servers, and this creates a number of problems for players. Errors, glitches, occasional disconnects - these are all factors that slow down the game and spoil the gaming experience. It makes no difference how the player plays - masterfully, well, or poorly... Sooner or later he will realize that he's going to be stuck on one level of the game for a very long time. This is when a player on a rogue server might resort to asking for assistance from the administrator, who is prepared to sell virtual valuables for real money (rogue servers often have pre-prepared public price lists for a range of goods and services).

The sale of virtual valuables for real money exists just about everywhere on a game server, although the game, the status of the server (rogue or official) and administrator policy will determine whether or not such sales are permitted.


Are game server administrators the only ones who can sell in-game valuables? Or can players do it, too? They can - and they do. But these “trade relations” may be prohibited by server administrators, especially those on rogue servers, because the administrator will not receive a cut. However, banning certain actions will not necessarily stop players from doing business. Some people sit down at the computer, play, earn a valuable in-game item, and sell it later for real money.

The online gaming world is a surprisingly lucrative place. There are sites where users can find the prices for in-game money on official game servers. These are, of course, illegal sales - almost all of the games listed on such resources discourage the sale of in-game valuables for real money.

Any valuable item in an online game can have a monetary equivalent in the real world. This is when demand arises and when other peoples' virtual property is stolen. But how does this work? As it turns out, it’s fairly simple if you have the right skills and knowledge.

The player authorization system (which verifies player authenticity) in most online games is based on a password system. A player logging onto a server has to enter his username and password. Once the server has identified the user, it will allow the player to enter and s/he then has complete freedom within the game. A malicious user who enters someone else’s password can simply steal items from his victim and sell them.

Stolen items are put up for auction (on sites such as and forums), and can be sold to other players for virtual or real money. A cyber criminal may also demand a ransom for the stolen items. Sad as it may seem, malicious users can really rake in the money from online games.

Buying stolen goods is, of course, punishable according to server rules. Players on official game servers know that if there is an incident, the administrators will act in their favor. A player can file a request or a complaint at any time and problems will be addressed as quickly as possible so that s/he can keep playing.

Rogue servers - which greatly outnumber official servers – are a different case. Since players don't pay for support, the administration doesn't have to deal with problems. Victims have almost no opportunity to prove that they were not involved in problems which arise with their in-game items. Proof that a password has been stolen is usually ignored; the justification for this is that any conversation can be falsified, and screenshots can be faked. False evidence can be used to accuse an innocent player who is a bothersome opponent and get him/ her removed from the game (e.g. there are penalties for using inappropriate language in-game, with the most stringent being banned from the game for several days). Money can also be made from faking the theft of items and then demanding a ransom. Administrators of rogue servers have no way of dealing with such issues, and no desire to do so.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th