PlayNoEvil Game Security News & Analysis

NOTED: Neopet Players targeted by Scammers - The Challenge of Protecting Children in Online Games

ceo@secureplay.com (SecurePlay) — Mon, 13 Jul 2009 08:19:55 -0700

In-game scammers are targeting Neopets players (as well as Club Penguin players as discussed previously).

It is hard enough to try to keep adults from visiting phishing sites and falling victim to scams. Children are easier prey and more likely to cause increased customer service issues when scammed.

A real opportunity would be for game companies (especially those who's customers are children) to provide free web plugins and tools to help protect players against these scams as well as build up databases of scam sites that target children's games.

C. Boyd (2009), "Hackers Target Neopets Users", http://blog.spywareguide.com/2009/06/hackers-target-neopets-users.html

via "Scammers Target Neopets Users", http://it.slashdot.org/article.pl?sid=09/07/01/1538204

GRAB BAG: Social Games, Flash Games, Monetization and other Eye Catchers

ceo@secureplay.com (SecurePlay) — Mon, 13 Jul 2009 08:06:46 -0700

... some interesting material that has accumulated in my browser tabs of late:

Justin Smith's presentation on Social Games (as well as his blog Inside Social Games):

Justin Smith / Inside Social Games - Social Gaming Summit Talk Slides

View more presentations from justinsmith.

A great article on Monetizing Flash Games called, "Flash Love Letter".

Both via Raph Koster, I believe.

The Haxe programming language that can generate code in ActionScript, PHP, Javascript, NekoVM, and C++.

Some information on iPhone App Sales and iPhone App Sales tracking tools that should make folks think a couple of times about the platform.

Virtual Games, Real Wagers - Fantastic League Virtual Soccer / Football

ceo@secureplay.com (SecurePlay) — Fri, 10 Jul 2009 09:40:32 -0700

While there is a lot of attention on the innovative business models associated with Free-to-Play and other Freemium games, the world of online gambling is seeing some interesting innovations as well.

Instead of wagering on a real sporting event, Gextech in the UK is offering a virtual soccer (football) game called Fantastic League that players can wager real money on which is apparently going to be available via interactive TV from satellite provider Satellite Information Services Limited (SIS).

I've heard of a couple of variants on this with horse racing and dog racing, but a full sports game offers a lot more opportunity for interactive entertainment (and wagering) than a racing game.

Its kind of clever - players make wagers, the game runs a game simulation with nice graphics for highlights (skip the dull bits) and pays off at the end.

In some sense, the traditional sport business should love this as it may divert wagering attention from real sports to virtual sports - thereby reducing the temptation to corrupt the game as both professional football (soccer) and tennis have found.

Of course the real question is whether the game is fair or being manipulated by the providers.... an interesting question once money is on the line. It would also be interesting to see how gambling regulators react to these games.

The games are played as fixed odds events... it would seem to me that a parimutuel system (where players compete with each other) would make the most sense and reduce incentives for the providers to manipulate the games.

This type of game, as well as cybersports with wagering and original online gambling games, are three new interesting areas in online gambling that we are just beginning to see emerge. Game designs, as well as regulatory and security issues, are going to be very fascinating challenges for everyone involved... but the opportunity is potentially massive.

"GexTech And SIS Agree Fantastic League Deal", http://www.igamingbusiness.com/article-detail.php?articleID=21394

Governance in Virtual Worlds and Online Games - Read Lawlessness and Economics - Totally Hardcore - Book Review

ceo@secureplay.com (SecurePlay) — Thu, 09 Jul 2009 07:49:07 -0700

Some book tiles just leap out at you and beg you to open them. "Lawlessness and Economics" is such a title and the book far exceeds whatever expectations a reader might have.

... OK, not if you were expecting a book about our ongoing economic meltdown.

This is a book anyone serious about online game and virtual world governance and social game design must read.

But it is not an easy read. I've read it once and it is on the very short list of books that I am very serious about reading again.

The full title is "Lawlessness and Economics: Alternate Modes of Governance" and the book is a "mere" 154 pages (with additional references and index materials).

Alternate modes of governance is the magic.

How does one govern (or how does governance emerge?) in a world without laws? This is a particularly important requirement for online communities. Our sole recourse seems to be "banning" players, but this has little credibility as we can only really ban accounts.

It is also tremendously expensive to monitor an online community. Game masters flit around playing "morality police" as much as helping customers with problems.

The "real world" has faced a similar problem (well, not the anonymity of the Internet, but lack of laws) and there are several categories of solutions that have evolved to address governance without laws:

1. Relation-based Contract Enforcement
2. Profit-motivated Contract Enforcement
3. Private Protection of Property Rights

In game terms:

1. Guilds
2. Formal Contracts (Eve Online is the game that has used this most extensively)
3. Protection Rackets - (The Mafia) / Bounty Hunters (played with in Ultima Online, but I don't think this mode has been used extensively)

The book does not focus on the unique problems of online communities, but examines the issues from the perspective of human environments where there is no effective legal framework to govern relationships.

The thought process and analysis of each of these modes of governance without government is well-worth reading and contemplating. In addition, and here is where the book gets really hard core, Professor Dixit uses game theory to model the performance of each of these governance methods as well as discussing their scalability and how and why they work and fail. This is invaluable (and where I'm going to have to relearn some dusty math).

The book does not provide easy answers to the problem of online governance, but it should give designers some serious food for thought in how to construct systems to facilitate the smoother operation of online services and understand where, why, and how things break down.

Promotions Contest cheated at Yonkers Raceway Casino in New York - Insider Attack!

ceo@secureplay.com (SecurePlay) — Wed, 08 Jul 2009 08:00:20 -0700

The head of promotions at the Yonkers Raceway Casino in New York has been charged with fixing contests for her friends and family.

The total stolen was around $100,000 in at least 75 manipulated contests over 2 years from 2006 to 2008.

The scam consisted of conspirators playing certain slot machines at certain times, inserting a contest entry ticket and "magically" winning.

IMPORTANT: The crooks did not actually compromise the slot machine, but seem to have taken advantage of the player tracking system which was used for the promotion.

This is particularly important as slot machines are being used for more than just playing slots, but for promotions, marketing, and other value-added services and thus are going to be targets of more and more "interesting" attacks.

If only they'd used SecurePlay to protect the random draws (as well as some of the wacky attacks in Ocean's 13 which I watched recently).

The group also targeted raffles, but the method of attack was not explained.

The charges were for grand larceny and fraud and could lead to 5 to 15 years in prison.

J. Fitzgerald (2009), "DA says contests at NY casino were fixed", http://www.newsday.com/news/local/wire/newyork/ny-bc-ny--casinocharge0707jul07,0,5765143.story