The subject matter here is something that hits pretty close to home for me. This is on the topic of online gaming. My boss recently asked me how hacking World of Warcraft accounts was a money making business. He didn’t see how, of course most non-gamers wouldn’t think about this. Unfortunately a lot of gamers don’t really either.
Here’s the run down of why cybercrime involving World of Warcraft and other MMO’s have become a money making business.
- Lots of people play MMO’s. WoW (World of Warcraft) alone has several million players worldwide. Last I saw WoW had over ten million players all over the world. Of course the vast majority of these players are American. If just 2/3 of all players are Americans that means that roughly 2% of all Americans play WoW. To put that in perspective, if you are American and know fifty people at least one plays WoW.
- Online gaming is a multi-billion dollar industry. If you assume all players of WoW pay on average $15 a month, that means Blizzard’s gross income per month is about 150 million US dollars. That’s 1.8 BILLION a year, just on subscription fees. That’s not including other income like character transfers, merchandising, comics, licensing and other things. I don’t know what their overhead is but 1.8 billion dollars is a lot of money regardless. Many people who play likely have enough spare cash to spend a little extra on point 3.
- There are some people who will pay a little real money to get ahead in the game. Underground sales of characters is fairly profitable. Look up level 80 characters on eBay or one of the numerous WoW auction sites. It’s ridiculous. In game gold also goes for a fair amount of money. I get spam advertising a thousand gold for $11 on some servers. People will even pay other people to level their characters. This isn’t limited to “Chinese Gold Farmers” either. I’ve bought gold from people in Canada, and the US. Eleven dollars isn’t a lot of money, and a lot of these transactions take place through legitimate services like Verisign and Paypal so there’s little risk of identity theft.
- Hacking an account and stealing gold, and items and such is the quickest way to gain these things. If you were to play a character and just farm gold it’d take a while to get a decent amount. So why not let someone else do the work? Write a virus/trojan, get it on a person’s machine. Get their account steal their hard earned in game stuff, clear out their guild banks. Delete characters to make it look malicious and you have spent 30 minutes getting what many hours would do. Best of all there are basically no repercussions for this. Your account gets hacked, you call Blizzard, they get your stuff back, hacker gets away clean and you are only mildly inconvenienced. They sell gold which probably isn’t tracked as much as Blizzard claims and everyone is happy. What I just described would cost a person maybe $8000 and a ‘guy who knows a guy’ to set up. Used to you could get the tools to do it for free.
So there you have it. It’s basically gamers willing to ‘cheat’ a little to get ahead or make things a little easier on themselves. This can be justified as “enhancing the enjoyment of the game”. If you don’t have to worry about gold, you don’t have to worry about a lot of things. New players are probably bigger targets for sales than veterans as most of us have a fair amount of gold laying around among our characters.
If you don’t think my points are valid, check out the validator device Blizzard sells. It’s basically an RSA key fob. If you haven’t seen these before, they are used for other things than gaming. They’re essentially a number generator that comes up with a new key number every x number of seconds. This key number is the only way to get into an account of some kind. It might only be good for 10 seconds. This makes things fairly hard to hack (but not impossible). I’ve worked with guys that sold pharmaceuticals and various equipment where privacy was a huge concern that carried these things. They’re selling these fairly high security type devices for a GAME, and for about $6 USD. That should tell you something. I spend more than that a week on comic books.
If you follow a few basic things to secure your account you can avoid a lot of this. The most basic thing is do not use the same e-mail address you use for your Facebook account as your WoW login. If you do, and I can’t stress how much you shouldn’t, then use a different, strong password. Six letters, one capitalized and two numbers or one number and one symbol should be secure enough for a WoW password. Don’t forget to change it fairly often too. Don’t make it something anyone could possibly guess either. I’ve used the names of friend’s children, long dead relatives and ancestors, and various other things as bases for passwords.
A good trick is to pick a couple of base passwords and then change the numbers and rotate through them. That way you don’t have a lot to remember, you can spread them out among different accounts, and if you use about three of them you can avoid a lot of lockouts for bad passwords. Make sure you change your three base passwords occasionally too.
A validator is also a good tool to have. Personally I don’t have one, but if you are concerned, it’s $7 of anxiety relief. It isn’t a perfect solution but it might deter a lot of things.
Here are a few tips for your gaming accounts to remember:
- If the game uses an e-mail address as your login name do NOT use the same e-mail address as your Paypal and Facebook accounts. Have two, if not THREE e-mail addresses, one for gaming, one for Facebook, one for Paypal. GMail is a good choice because you can easily forward multiple accounts to one inbox. In fact getting your own domain and signing up for google apps standard is a really good idea, and really inexpensive. Then you can have email@example.com, firstname.lastname@example.org, and email@example.com or some variation and have them all point to firstname.lastname@example.org. Ten dollars a year, and you have a really secure set of login methods for your accounts. I suggest changing this once a year too. WoW at very least allows this. If your game uses a normal username make sure it’s a strong username. Plus hey, cool e-mail address. email@example.com for this year, firstname.lastname@example.org for next year and so forth are ideas.
- Do not under any circumstances use the same passwords for any social networking site as you do for PayPal or your game. Keep three separate strong passwords. The reason for this is, if one of those accounts gets compromised, they all use e-mail address/password combo for login credentials, it’s a pretty safe bet you use the same e-mail/password for all three. I can verify this from experience. The last thing you want is to find your WoW account hacked, then huge charges on your PayPal account, and then find out your Facebook account has been spamming people. Not a good day.
- Change your password often. There’s no magic number for this but once a quarter is definitely not too frequent. Once a month is better, but I highly doubt it is necessary. Again if you use the Password12 method you can just change the numbers. Change the base password every so often too.
- This one is obvious, but don’t give out your password. Do not use leveling services either. If for some reason you do, refer to points 1 and 2 and don’t complain if you get cheated out of your money. Change your password after services have been rendered.
- Don’t use dubious add-ons or download any ‘cheats’ for WoW. These could be trojans or keyloggers, or who knows what else. Run an antivirus scan often. If you have Windows 7, contemplate doing a full system backup once you have your gaming machine like you want it, and then do a system restore to make sure you’re working off a clean hard drive a couple times a year.
- Make sure your username and password are not things that ever come up in conversation.
- Use a validator if you can. It’s just one more layer of security to have.
- Keep up with your games security changes. It’s boring stuff but it’s good to know what they’re doing and why.
None of this is a 100% surefire bet you won’t get hacked. I’d say the first 4 are definitely the most important, but they’re all important and good practices in general. If you do get hacked, it is not that hard to recover from.
It is just a game, but for a fair number of people that is their main hobby. If you collected gold coins you’d keep them under lock and key. If you play games online, you should do the same!