23 Feb 2014

Why cybercrooks see the chance for profit almost everywhere

When push comes to shove, most cybercrooks are in it for the money – but in a world where everything, everywhere, has a value, you’d be surprised how many ways there are for criminals to turn their skills into cash.

Take computer games: many online games now operate on a model whereby players earn credits the more they play, which in turn gives them access to more of the game.

It can take hours to rack up credits, so predictably enough, there are those who want a quick way of getting ahead, and are happy to pay for the privilege.

Hackers have spotted this potentially lucrative market. Felix Oechsler works on security for a major European gaming company, and in a presentation at Kaspersky’s Security Analyst Summit earlier this month, he mapped out how criminals targeted his firm to capitalise on the trade in gaming credits.

20_cybercrime_g_w

Firstly they set up a website where they offered to sell credits to players of a particular game. Then they started spying on the gaming company that makes the game, trying to work out what software was used on the computer servers hosting it. Once they’d come up with a way of hacking into that software, they sent it out as an email to key people within the gaming company, under the pretence that it was a legitimate update to the system.

Some employees fell for the ruse, installed the update, and gave the hackers access to the gaming server software. This enabled the criminals to assign credits at will to the players who paid them for the privilege.

When Felix and his colleagues worked out what was going on, they secured the servers and shut the bad guys out. You would have thought that would be the end of it.

But within a year the hackers were back: this time they targeted the gaming company’s partners around the world; they found out employees’ personal email addresses, their social networking accounts; they hired someone to write emails fluently in the target’s native language.

Once again, albeit briefly, the tactics worked, forcing the gaming company to overhaul its IT layout and once again close the door on the hackers.

It’s just one example of the daily advances in ingenuity exhibited by cybercrime community that sees the chance for profit almost everywhere.

Follow @GeoffWhite247 on Twitter