• Enter here for a chance to win a custom MechWarrior 5: Mercenaries themed PC powered by Intel!

    Enter here for a chance to win a $500 Steam Gift Card and a WD_BLACK D30 Game Drive SSD!

Games companies targeted by hackers—EA latest June 2021

Brian Boru

Moderator
Aug 25, 2020
805
2,153
5,770
Last year—2020—the BBC reported an organized crime drive 'to target the video games industry in particular' aimed at 'firms in the US, France, Japan, Singapore, and South Korea':

Since then, there have been at least 3 significant attacks.

Capcom late 2020:

CD Projekt Red early 2021:

And now today—June 2021—a report of an attack on EA:

I expect it's only going to get worse, especially as long as companies pay the ransoms for ransomware attacks, and countries offer safe harbor to criminals who target other countries.

What do you think?
 

Zloth

Community Contributor
Jan 13, 2020
1,591
3,264
12,570
Organized crime of the decade. Maybe two decades. It's hardly the only crime where nations will look the other way as long as you only perpetrate against other nations, though. Remember when France, Spain, and GB were financing pirates to attack each other's shipping? OK OK, I'm not THAT old. Maybe I should point at drug trades, instead.

Getting people to not pay ransoms could work but there's a few serious problems there. First of all, these hackers have NO qualms about going after life & death situations. They were all over COVID research and regularly hit hospitals. If we go that route, it's going to cost many, many lives - maybe more than COVID has taken. Second, desperate people will cheat. Such people aren't going to go to law enforcement about their issue, making it harder for anyone official to deal with the problem. To make this work, you're going to have to spend resources finding and punishing these people. Punishing people for saving other people's lives, even if the long term effect is negative, is going to be rough.

Better technology helps but we've got to make it worth the business' time/money to put it in. We can do that with carrots and sticks (here is a tax break for doing it, and a jail sentence if you don't). It will only help, though. Most of this stuff seems to be psychological now, tricking people into divulging their passwords. If they haven't started bribing people for passwords yet, I'm sure they will if the cheap tricks ever stop working.

Something I've been wondering for a long time: what if the internet wasn't anonymous? There's going to be some really bad effects from that, especially with people trying to fight oppressive governments. In fact, I'm not sure if it's even possible to make a new internet that can track exactly where every signal is coming from. However, all this subterfuge (criminal and legal) would sure be a lot harder.
 

Brian Boru

Moderator
Aug 25, 2020
805
2,153
5,770
It's hardly the only crime where nations will look the other way as long as you only perpetrate against other nations, though
Oh of course, that's been going on since organized society with competition for resources began.

there's a few serious problems there
Indeed. Organizations can be picked off one-by-one, since it's almost always in the org's own interests to pay. Classic Tragedy of the Commons situation.

tricking people into divulging their passwords. If they haven't started bribing people for passwords
A little bit of good news, passwords should be gone sometime this decade for all organizations—I assume insurance companies will demand it before they'll offer cover—and most consumers.

what if the internet wasn't anonymous?
It's not anonymous, it's only potentially anonymous for bad actors who put a big effort into hiding.

Anonymity is comparable to what you have offline when walking around town or at a football game—nobody knows who you are, but you'll probably be caught if you snatch someone's handbag. Same if you do bad stuff on the internet.

These bad hackers are similar to offline organized crime—somewhat anonymous because they make the effort. But you probably saw the police sting a few days ago around the world which arrested ~800 people.
make a new internet that can track exactly where every signal is coming from. However, all this subterfuge (criminal and legal) would sure be a lot harder
That might work in the East, but would be a hard sell in the West—a dictator's dream.
 

Colif

Moderator
Jan 2, 2020
1,002
3,267
12,070
nice if hackers released the fifa source code and showed how much the chances of winning anything are in that game without spending a fortune first.

I don't condone hacking but that would be a nice outcome.

EA making money off gambling, organised crime might see that as invasion of turf. the only difference between machines found in casinos and mobile phones now is the interface.
 

Zloth

Community Contributor
Jan 13, 2020
1,591
3,264
12,570
A little bit of good news, passwords should be gone sometime this decade for all organizations—I assume insurance companies will demand it before they'll offer cover—and most consumers.
I really doubt that. I assume you're talking about biometrics like finger prints or face recognition? Maybe 20 but not 10. It's going to take a pretty long time to get the infrastructure out there to support that sort of thing.

Quick semi-relevant aside: It's been thoroughly established that pass phrases are better than passwords. People can actually remember them without writing them down and can remember more of them so they don't need to repeat the same few all over the net. Yet we can't use them at work. We've got contracts with far too many clients that specifically say our passwords must have a mix of upper and lower case plus a digit. {sigh}
 

Brian Boru

Moderator
Aug 25, 2020
805
2,153
5,770
I assume you're talking about biometrics like finger prints or face recognition?
Yes eventually, but simpler solutions in the meantime like 2FA—Two Factor Authentication—and device authentication, ie you can only login from a device you've previously gotten authorized.

It's going to take a pretty long time to get the infrastructure out there
Well Windows Hello is already built into Win10 and fingerprint readers are widely available for $25 to $100—so the basics are already in place. Anything more sophisticated, I agree it'll be next decade before widespread adoption.
pass phrases are better than passwords
"Better" as in easier to remember? Sure, but they're easily broken by standard dictionary attacks.
our passwords must have a mix of upper and lower case plus a digit
And ideally a symbol also. That's so they're nearly immune to dictionary attacks.
 

Zloth

Community Contributor
Jan 13, 2020
1,591
3,264
12,570
Actually, they already are immune to dictionary attacks. If it were just a pass word then a dictionary attack would work. If it's a phrase of 5+ words, though, now it's a dictionary to the 5th. The number of guesses needed is exponential whether you're increasing the possible characters or the total number of characters.
 

Brian Boru

Moderator
Aug 25, 2020
805
2,153
5,770
they already are immune to dictionary attacks …
If it's a phrase of 5+ words, though, now it's a dictionary to the 5th. The number of guesses needed is exponential
More difficult yes, but immune, no.
If the phrase is a quote or similar—ie fulfilling the 'easy to remember' requirement—then it can probably be broken in a few seconds. Example…
"IamtheCapitanofthePina4"
…can be broken in 4 seconds.

A phrase with random—ie unrelated—words is much better, especially if it contains 1+ words not in any dictionary and some numeric characters. Such might be uncrackable in practice, and definitely way better than a short password. But then the problem is, how usable—ie memorable—for the average user?

More info in the sources quoted here:
 

Zloth

Community Contributor
Jan 13, 2020
1,591
3,264
12,570
<quote>An MD5 hash of this passphrase can be cracked in 4 seconds using crackstation.net, indicating that the phrase is found in password cracking databases.</quote>
It's getting cracked super fast because it has been used enough to get into the password hacker databases. I think they are trying to tell anyone looking for a good password to not use their example. The do the same later for "Now is the time for all good tqbfjotld to come to the aid of their country ."

Very good article!
 

ASK THE COMMUNITY

TRENDING THREADS