Games companies targeted by hackers—EA latest June 2021

Toggle sidebar Toggle sidebar
Brian Boru

Brian Boru

King of Munster
Moderator
Aug 25, 2020
12,789
21,142
50,070
Visit site
Last year—2020—the BBC reported an organized crime drive 'to target the video games industry in particular' aimed at 'firms in the US, France, Japan, Singapore, and South Korea':
www.bbc.com

Chinese and Malaysian hackers charged by US over attacks

Five Chinese and two Malaysian men are charged by the US over separate alleged hacking plots.
www.bbc.com www.bbc.com

Since then, there have been at least 3 significant attacks.

Capcom late 2020:

Update Regarding Data Security Incident Due to Unauthorized Access | Press Release | CAPCOM

株式会社カプコンは、第三者からのオーダーメイド型ランサムウェアによる不正アクセス攻撃を受け、当社グループが保有する個人情報流出の発生を確認いたしました。 また、この攻撃により、当社が保有している個人情報・企業情報が流出した可能性があることを確認しましたので、併せてお知らせいたします。
www.capcom.co.jp www.capcom.co.jp

CD Projekt Red early 2021:
www.bbc.com

Cyberpunk 2077 makers CD Projekt hit by ransomware hack

The hackers claim to have obtained game source code.
www.bbc.com www.bbc.com

And now today—June 2021—a report of an attack on EA:
www.vice.com

Hackers Steal Wealth of Data from Game Giant EA

The data includes source code for FIFA 21 and the Frostbite engine.
www.vice.com www.vice.com

I expect it's only going to get worse, especially as long as companies pay the ransoms for ransomware attacks, and countries offer safe harbor to criminals who target other countries.

What do you think?
 
  • Like
Reactions: Umbu Irfan, kuy game, Agnesoctavia and 15 others
Zloth

Zloth

Community Contributor
Jan 13, 2020
5,933
16,384
35,070
Visit site
Organized crime of the decade. Maybe two decades. It's hardly the only crime where nations will look the other way as long as you only perpetrate against other nations, though. Remember when France, Spain, and GB were financing pirates to attack each other's shipping? OK OK, I'm not THAT old. Maybe I should point at drug trades, instead.

Getting people to not pay ransoms could work but there's a few serious problems there. First of all, these hackers have NO qualms about going after life & death situations. They were all over COVID research and regularly hit hospitals. If we go that route, it's going to cost many, many lives - maybe more than COVID has taken. Second, desperate people will cheat. Such people aren't going to go to law enforcement about their issue, making it harder for anyone official to deal with the problem. To make this work, you're going to have to spend resources finding and punishing these people. Punishing people for saving other people's lives, even if the long term effect is negative, is going to be rough.

Better technology helps but we've got to make it worth the business' time/money to put it in. We can do that with carrots and sticks (here is a tax break for doing it, and a jail sentence if you don't). It will only help, though. Most of this stuff seems to be psychological now, tricking people into divulging their passwords. If they haven't started bribing people for passwords yet, I'm sure they will if the cheap tricks ever stop working.

Something I've been wondering for a long time: what if the internet wasn't anonymous? There's going to be some really bad effects from that, especially with people trying to fight oppressive governments. In fact, I'm not sure if it's even possible to make a new internet that can track exactly where every signal is coming from. However, all this subterfuge (criminal and legal) would sure be a lot harder.
 
  • Like
Reactions: Umbu Irfan, kuy game, akh_done and 13 others
Brian Boru

Brian Boru

King of Munster
Moderator
Aug 25, 2020
12,789
21,142
50,070
Visit site
Zloth said:
It's hardly the only crime where nations will look the other way as long as you only perpetrate against other nations, though
Click to expand...
Oh of course, that's been going on since organized society with competition for resources began.

Zloth said:
there's a few serious problems there
Click to expand...
Indeed. Organizations can be picked off one-by-one, since it's almost always in the org's own interests to pay. Classic Tragedy of the Commons situation.

Zloth said:
tricking people into divulging their passwords. If they haven't started bribing people for passwords
Click to expand...
A little bit of good news, passwords should be gone sometime this decade for all organizations—I assume insurance companies will demand it before they'll offer cover—and most consumers.

Zloth said:
what if the internet wasn't anonymous?
Click to expand...
It's not anonymous, it's only potentially anonymous for bad actors who put a big effort into hiding.

Anonymity is comparable to what you have offline when walking around town or at a football game—nobody knows who you are, but you'll probably be caught if you snatch someone's handbag. Same if you do bad stuff on the internet.

These bad hackers are similar to offline organized crime—somewhat anonymous because they make the effort. But you probably saw the police sting a few days ago around the world which arrested ~800 people.
Zloth said:
make a new internet that can track exactly where every signal is coming from. However, all this subterfuge (criminal and legal) would sure be a lot harder
Click to expand...
That might work in the East, but would be a hard sell in the West—a dictator's dream.
 
  • Like
Reactions: kuy game, akh_done, alzabar1703 and 3 others
Colif

Colif

Moderator
Jan 2, 2020
10,542
20,448
50,080
Visit site
nice if hackers released the fifa source code and showed how much the chances of winning anything are in that game without spending a fortune first.

I don't condone hacking but that would be a nice outcome.

EA making money off gambling, organised crime might see that as invasion of turf. the only difference between machines found in casinos and mobile phones now is the interface.
 
  • Like
Reactions: kuy game, Fazrinah, akh_done and 6 others
Zloth

Zloth

Community Contributor
Jan 13, 2020
5,933
16,384
35,070
Visit site
Brian Boru said:
A little bit of good news, passwords should be gone sometime this decade for all organizations—I assume insurance companies will demand it before they'll offer cover—and most consumers.
Click to expand...
I really doubt that. I assume you're talking about biometrics like finger prints or face recognition? Maybe 20 but not 10. It's going to take a pretty long time to get the infrastructure out there to support that sort of thing.

Quick semi-relevant aside: It's been thoroughly established that pass phrases are better than passwords. People can actually remember them without writing them down and can remember more of them so they don't need to repeat the same few all over the net. Yet we can't use them at work. We've got contracts with far too many clients that specifically say our passwords must have a mix of upper and lower case plus a digit. {sigh}
 
  • Like
Reactions: Umbu Irfan, kuy game, akh_done and 5 others
Brian Boru

Brian Boru

King of Munster
Moderator
Aug 25, 2020
12,789
21,142
50,070
Visit site
Zloth said:
I assume you're talking about biometrics like finger prints or face recognition?
Click to expand...
Yes eventually, but simpler solutions in the meantime like 2FA—Two Factor Authentication—and device authentication, ie you can only login from a device you've previously gotten authorized.

Zloth said:
It's going to take a pretty long time to get the infrastructure out there
Click to expand...
Well Windows Hello is already built into Win10 and fingerprint readers are widely available for $25 to $100—so the basics are already in place. Anything more sophisticated, I agree it'll be next decade before widespread adoption.
Zloth said:
pass phrases are better than passwords
Click to expand...
"Better" as in easier to remember? Sure, but they're easily broken by standard dictionary attacks.
Zloth said:
our passwords must have a mix of upper and lower case plus a digit
Click to expand...
And ideally a symbol also. That's so they're nearly immune to dictionary attacks.
 
  • Like
Reactions: Alixmaster, Umbu Irfan, akh_done and 3 others
Brian Boru

Brian Boru

King of Munster
Moderator
Aug 25, 2020
12,789
21,142
50,070
Visit site
Zloth said:
they already are immune to dictionary attacks …
If it's a phrase of 5+ words, though, now it's a dictionary to the 5th. The number of guesses needed is exponential
Click to expand...
More difficult yes, but immune, no.
If the phrase is a quote or similar—ie fulfilling the 'easy to remember' requirement—then it can probably be broken in a few seconds. Example…
"IamtheCapitanofthePina4"
…can be broken in 4 seconds.

A phrase with random—ie unrelated—words is much better, especially if it contains 1+ words not in any dictionary and some numeric characters. Such might be uncrackable in practice, and definitely way better than a short password. But then the problem is, how usable—ie memorable—for the average user?

More info in the sources quoted here:

Passphrase - Wikipedia

en.wikipedia.org en.wikipedia.org
 
  • Like
Reactions: Alixmaster, Umbu Irfan, kuy game and 4 others
Zloth

Zloth

Community Contributor
Jan 13, 2020
5,933
16,384
35,070
Visit site
<quote>An MD5 hash of this passphrase can be cracked in 4 seconds using crackstation.net, indicating that the phrase is found in password cracking databases.</quote>
It's getting cracked super fast because it has been used enough to get into the password hacker databases. I think they are trying to tell anyone looking for a good password to not use their example. The do the same later for "Now is the time for all good tqbfjotld to come to the aid of their country ."

Very good article!
 
  • Like
Reactions: Alixmaster, Umbu Irfan and kuy game
B

Brainphrozen

Aug 7, 2021
3
6
10
Visit site
Brian Boru said:
Last year—2020—the BBC reported an organized crime drive 'to target the video games industry in particular' aimed at 'firms in the US, France, Japan, Singapore, and South Korea':
www.bbc.com

Chinese and Malaysian hackers charged by US over attacks

Five Chinese and two Malaysian men are charged by the US over separate alleged hacking plots.
www.bbc.com www.bbc.com

Since then, there have been at least 3 significant attacks.

Capcom late 2020:

Update Regarding Data Security Incident Due to Unauthorized Access | Press Release | CAPCOM

株式会社カプコンは、第三者からのオーダーメイド型ランサムウェアによる不正アクセス攻撃を受け、当社グループが保有する個人情報流出の発生を確認いたしました。 また、この攻撃により、当社が保有している個人情報・企業情報が流出した可能性があることを確認しましたので、併せてお知らせいたします。
www.capcom.co.jp www.capcom.co.jp

CD Projekt Red early 2021:
www.bbc.com

Cyberpunk 2077 makers CD Projekt hit by ransomware hack

The hackers claim to have obtained game source code.
www.bbc.com www.bbc.com

And now today—June 2021—a report of an attack on EA:
www.vice.com

Hackers Steal Wealth of Data from Game Giant EA

The data includes source code for FIFA 21 and the Frostbite engine.
www.vice.com www.vice.com

I expect it's only going to get worse, especially as long as companies pay the ransoms for ransomware attacks, and countries offer safe harbor to criminals who target other countries.

What do you think?
Click to expand...
I think EA's customer service stinks. They expired my password to my account and as I hadn't changed the email address to my new email address they are penalizing me and making me jump through hoops at the moment.
 
  • Like
Reactions: Alixmaster
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Share this page

COMPANY
RESOURCES
FOLLOW