Video game cyber crime is a $50 billion industry: Deakin expert

Media release
10 October 2017

Cyber criminals are stealing and reselling $50 billion worth of digital swords, armour and resources from online gamers each year, a Deakin cyber security expert has found.

Deakin University School of Information Technology researcher Dr Nick Patterson said "synthetic worlds" such as those in the popular games World of Warcraft and Second Life had become rife with the disturbing new cyber theft trend.

Dr Patterson said accounts were being hacked, with in-game items and resources stolen and transferred to other accounts and online auction sites to be sold for real-world profits.

"Because of the effort involved in obtaining these digital goods, which range from rare crafting materials to weapons, vehicles or clothing used by your in-game avatar, they have a real-world monetary value - so cyber criminals are looking to steal them and resell them," he said.

Dr Patterson said cyber criminals often fenced the goods via online auction sites, raking in real cash.

"$50 billion worth of digital goods are being stolen annually - that's the monetary value of these items once they're stolen and put on auction sites," he said.

"And these companies running player auctions aren't too worried about where the items are coming from or if it's a crime to sell them, because they're also making monumental amounts of money by taking a portion of the transaction costs."

It was estimated more than a billion people globally were registered to play in synthetic worlds as of 2014, with that number likely to have increased dramatically as internet speeds and infrastructure improved, Dr Patterson said.

"It's definitely going up in terms of the revenue being made by the cyber criminals, because more and more people are joining these virtual worlds," he said.

Dr Patterson said the in-game cybercrime had serious real-world ramifications.

"The internet is the backbone of everything these days - we use it for communication, social media, entertainment, news - so we can't just dismiss this level of theft as 'not a big deal'," he said.

"These items are gathered through time and effort, sometimes over years when it comes to collecting those really hard-to-get items and resources, so in the end the victim is not only losing out financially but they're also losing out on the time and effort they've invested."

While synthetic world gamers strive to gather the flashiest or most impressive items, Dr Patterson said doing so often made them more likely to be targeted.

"What they can do is stalk people in the virtual world and take note of what they're wearing, what they're using for weaponry, what car they're driving in, and then they find out their user ID and force the way into their account or hack their system," he said.

To battle the cyber criminals Dr Patterson has developed a "two-pronged approach" for games companies to integrate into their back end servers and systems.

"The research that I've come up with is a program that's 80 per cent effective at recognising if someone has broken into your account or is stealing your digital goods, which means the provider of the virtual world environment could then lock off or suspend the account," he said.

"If cyber criminals manage to get by that somehow, if it's an elite-level hacker, there's also an inbuilt detection method to recognise if theft is occurring, so users can then suspend activity."

Dr Patterson said game developers and publishers had tried to fight the issue using two-step authentication processes and codes sent to user mobile phones, but those had been hacked as well.

"Any time there's so much money around something the hackers are always 10 steps ahead of everyone else, and they're always going to find ways around it," he said.

Dr Patterson's full research "A cyber-threat analytic model autonomous detection of virtual property theft" will soon be published in the journal Information & Computer Security.

Dr Nick Patterson's top cyber security tips for synthetic world users:

  • Have a strong account password with a minimum of eight characters, but ideally 12 characters so it's harder to brute force.
  • Close any doorways you have into your system by making sure your apps and services are patched with the most relevant updates.
  • Protect your computer with anti-malware and antivirus software.
  • Ensure your operating system (eg. Windows 10, Mac OS) is up to date.

Share this story

More like this

Media release School of Information Technology, Faculty of Science Engineering and Built Environment Designing smarter technologies Information Technology

Related News