PlayNoEvil Game Security News & Analysis

Piracy Shmiracy - UK Developers Undeterred by Game Piracy

ceo@secureplay.com (SecurePlay) — Fri, 13 Nov 2009 09:11:45 -0800

Only 10 percent of game developers think piracy is a serious threat to their business and 60 percent think it is a small threat.

.. make no bones about it, developers do think piracy is real with 60 percent seeing it as an "issue" and 90 percent seeing the problem growing.

The discrepancy comes down to lost sales.

In a world of perfect anti-piracy, how many more sales would a given game gain?

Since so much of the success of any game is due to the game itself (a good thing) and the market (a tricky thing), how much does piracy cost?

I do seem to circle around this issue regularly:

Price and Piracy: PixelJunk and World of Goo

Does Game Piracy Matter?

For conventional "boxed"-type games (games that are sold, not operated as a service), I think the actions of the industry show that the problem is not a big threat to revenue. The obvious lack of attention to piracy in the game development process and underinvestment in anti-piracy techniques demonstrates the "state of the industry" much more clearly than rhetorical posturing by executives and trade groups.

Console piracy is even less of an issue as it seems to merit bi-monthly press releases and aperiodic busts (funded by tax payers, not the companies, it should be noted).

There are just not that many extra sales that can be gained by battling piracy.

Downloadable content (DLC) is another matter. Everyone seems to see DLC as the next game industry gold mine. We don't get a lot of data on DLC and, more interestingly, on piracy of DLC. Given the choice between spending some money on anti-piracy vs. a DLC package, the DLC package wins (and that probably is correct).

If one really steps back, the game industry has to reconsider price. Games are no longer a niche product for early adapters, they are a mass market phenomenon and are competing with other forms of entertainment and other games. While Activision trumpeted Modern Warfare 2 sales in 2 days rivaled those of Titanic, the James Cameron movie sold 128 million tickets compared with a mere 16 million units projected for Modern Warfare 2 on all platforms).

How many copies of Modern Warfare 2 would be sold if the game was $10 (like a movie) instead of $60?

If $5 is the "sweet spot" for indie games (see World of Goo recent sales), is $10 the "perfect price" for a AAA game? or should they be priced the same as a hardback novel - $20 to $30?

Considering there are 1 billion PCs worldwide and 384 million in the US, sales in the modest millions for even the most popular "sold" games is pretty unimpressive.

P. Elliiot (2009), "Developers: piracy a problem, but not threat to survival", http://www.gamesindustry.biz/articles/developers-piracy-a-problem-but-not-threat-to-survival

Modern Warfare 2 cheats for sale - 1 day after launch

ceo@secureplay.com (SecurePlay) — Thu, 12 Nov 2009 07:52:51 -0800

Several sources are reporting that Activision / Infinity Ward's Modern Warfare 2 has been compromised with cheats available for the PC version. The game's new centralized infrastructure, which has been roundly criticized for just this reason, may not allow players to kick suspected cheats out or effectively detect cheaters. The cheats seem to be standard FPS cheating fare - aimbots, radar, and such. The cheat creators are offering the cheats for sale for $20 (Free or for-sale, cheat programs should be considered very suspect as they are prime targets for malware distribution).

What is interesting is that it almost certainly would be possible for Infinity Ward to have maintained the types of control that they seem to wish over the game's online experience without getting rid of dedicated servers. (An interesting architectural challenge).

NOTE: The video has already been pulled from YouTube by Activision based on copyright claims

The next question is how long will it take for game save and configuration hacks to show up on consoles.

The real impact of these design choices will not appear for months - will the game have legs as an online, multi-player service?

J. Tolentino (2009), "Big surprise: Modern Warfare 2 already hacked", http://www.destructoid.com/big-surprise-modern-warfare-2-already-hacked-154854.phtml

E. Cavalli (2009), "Modern Warfare 2 Seemingly Hacked One Day Post Launch", http://www.escapistmagazine.com/news/view/96056-Modern-Warfare-2-Seemingly-Hacked-One-Day-Post-Launch

NOTED: Borderlands vulnerable to Gamesave Hack

ceo@secureplay.com (SecurePlay) — Thu, 12 Nov 2009 05:14:00 -0800

Apparently, the recent and quite popular First Person Shooter / RPG "Borderlands" is vulnerable to a game save attack.

Most games do not protect games saves at all or use a "hash function", such as MD5, as a signature which is trivial to spoof.

An actual public key signature or keyed hash function can work quite effectively to largely address this problem against casual hackers (and are equivalent from a security perspective).

There are more advanced techniques that are possible (and are more effective), but it depends on the game's design.

It should be noted that this type of attack can work on both PC games and consoles.

... and I discuss the topic further in Chapter 14 - App Attacks: State, Data, Asset, and Code Vulnerabilities and Countermeasures of my book Protecting Games.

Rick (2009), "Borderlands Save Editor (Revision 10)", http://blog.gib.me/2009/10/31/borderlands-save-editor-revision-10/ - NOTE - DOWNLOAD OF GAME CHEAT TOOLS CAN POSE A REAL RISK TO YOUR COMPUTER - THESE TOOLS CAN OFTEN INCLUDE MALWARE THAT CAN DAMAGE YOUR COMPUTER OR STEAL YOUR DATA

via

Zubon (2009), "Cheat", http://www.killtenrats.com/2009/11/11/cheat/

Bingo Caller jailed for Cheating

ceo@secureplay.com (SecurePlay) — Wed, 11 Nov 2009 09:04:25 -0800

A bingo caller at Gala Bingo in the UK was jailed for cheating the bingo hall.

How did he do it?

The bingo hall used an electronic system for the random number draw.... so far so good.

Alas, it has a "manual draw" option which the caller used to conveniently call the numbers which corresponded to has co-conspirators bingo cards.

How did he get caught?

Apparently, complacency and greed. The group seems to have abused the system so much that someone noticed and complained.

... the bingo hall's internal controls did not pick up the problem.

... totaling £9000.

(Financially, bingo is a player vs. player game, so its revenues are not dependent on the game being fair)

A. Richards (2009). "Gala bingo caller jailed for fraud", http://bingostreet.com/news-20091109/gala-bingo-caller-jailed-for-fraud-online-bingo-news

1 Million Hacked Xboxes?

ceo@secureplay.com (SecurePlay) — Wed, 11 Nov 2009 08:58:43 -0800

An article in the Guardian is putting the number of modified Xboxes as high as 1 million out of 20 million on Xbox Live.

I'm not sure if this is detected, banned, or whatever, but it is certainly a healthy number in absolute terms.

I'm also not sure if this was an extrapolation from Microsoft's recent statement about the number of banned consoles (see previous article).

Any corrections, follow ups, or clarifications would be welcome.

C. Arthur (2009), "Microsoft cutting off up to 1m gamers with modified Xbox 360 consoles", http://www.guardian.co.uk/technology/2009/nov/11/xbox-modded-consoles-live-cut-microsoft