Referring to the domestic online games that have performed well in recent years, Mihayou's open world adventure game "Original God" must be one of the dazzling ones.
According to data released by Sensor Tower, an app store data analytics platform, as of May 2022, the total revenue of "Original God" in the App Store and Google Play has exceeded $3 billion. In its list of overseas revenue of domestic mobile games from January to April 2022, the overseas revenue of "Original God" has also steadily won the championship.
Beneath the glamorous data, it seems hard to imagine that it is facing cybersecurity concerns. In fact, this online game with a global audience is under threat from private servers. Hackers have even uploaded the method of building private servers to overseas open source platforms, and criminals have begun to use "Original God" private servers for profit.
However, the private service problem encountered by "Original God" is only the "tip of the iceberg" in the security challenges encountered in the game's sea. In the process of going to sea, plug-ins, cracked versions, DDoS attacks and other issues are still plaguing a large number of game manufacturers.
Private server threats
One day in April this year, a project called "Lawn Mower" was quietly uploaded to an overseas open source platform.
The information contained in the project, while not directly related to the name "Lawn Mower," is heavy enough that any user with database-related knowledge can use the code presented in the project to set up the Protoss server themselves.
According to the information in the platform, there are 10 members participating in the project, from Brazil, Australia, Indonesia, Vietnam and other countries. According to the project manager's demonstration, in the private server can achieve unlimited number of card draws, any customized game props related parameters, play part of the copy and other functions, the completed private server can be built on the PC side and mobile terminal.
However, after in-depth study of the source code displayed in the project, the 21st Century Business Herald reporter found that the logic of the project to set up a private server is quite direct - through the "man-in-the-middle attack", hijacking the data packets that the game client originally wanted to transmit to the official server and transmitted it to the privately set server, thereby "deceiving" the client, making the client mistakenly think that it is transmitting data to the official server, and finally realizing the function of the client login to the private server.
It is reported that the "man-in-the-middle attack" mentioned above is to virtually place a computer controlled by the intruder between two communication computers in the network connection through various technical means, and this computer is called "middleman". This is a common attack method used by hackers, and it is also the main way that most game private servers operate at present.
"A man-in-the-middle attack is like a 'slip of the paper'. For example, if you ask Zhang San to help you pass a note to Li Si, Zhang San becomes this 'middleman'. When he gets the note, he can open it and take a look at the contents, or he can secretly tamper with it, or even directly hijack it, but neither you nor Li Si knows it. A senior cybersecurity engineer from Zhuhai described the principle in a conversation with a 21st Century Business Herald reporter.
On the recent private service problem, the relevant person in charge of Mihayou was interviewed by the 21st Century Business Herald reporter. "Some time ago, the relevant information of the overseas private servers of "Original God" did appear on the Internet, and we are safeguarding our legitimate rights and interests through technical measures and legal procedures." Miha said.
The person in charge further pointed out that setting up, operating and maintaining private servers and making profits from them is suspected of infringing copyright and even constituting illegal and criminal acts. The advent of private servers will not only cause harm to the creative team, but also the ensuing security risks may also cause players to suffer losses. Regarding how to deal with the issue of private servers, the person in charge said that Mihayou will safeguard its legitimate rights and interests by strengthening internal management to improve the level of information security, actively cooperate with external parties and legal processes.
Tip of the iceberg
However, the above-mentioned private server problem is only the "tip of the iceberg" in the gray and black production of the sea, and game manufacturers are also facing a series of security challenges such as plug-ins, pirated copies, cracked versions, DDoS attacks, and account collision theft in the process of going to sea.
For example, the "Chicken Leg" plug-in of "Peace Elite" that was once "famous" made game manufacturers and players feel quite headaches at that time. It is reported that if the "chicken leg" plug-in is turned on during the running of the game, it can achieve automatic aiming, perspective and other functions that disrupt the balance of the game. At that time, the plug-in also opened a special official website to sell the software to the world through agents.
In January 2021, after the Suzhou Kunshan police successfully destroyed the black industrial chain of hundreds of millions of "chicken legs" plug-ins, the world's largest plug-in organization behind it was also exposed to the sun.
Feng Cheng, an expert of the Tencent Guardian Program security team who personally experienced the crackdown, pointed out in an interview with the 21st Century Business Herald reporter that many criminals will sell it through multi-level agents after completing the development of plug-in software. "In this process, the plug-in team has formed a very complete 'black industrial chain'. If you want to eliminate such plug-in gangs in one net, you must strip away the entire chain of interests, and it is very difficult to crack down. ”
It is worth noting that the difficulty of game manufacturers to combat overseas black and gray production lies in its concealment. Zhuo Hui, head of mobile security at NetEase Yidun, told the 21st Century Business Herald that at present, many overseas hackers will develop "offline hooks", which can run without starting the official client program, and can simulate normal game clients to send and receive packets to the game server. "Unless you can grab a sample of it, it's hard to confront it directly through technical means." He said.
In recent years, the domestic game categories that go to sea have become more and more diverse, and the safety problems faced by different categories of games are different. Tencent game security product expert Li Xin told the 21st Century Business Herald reporter that games with "strong competitiveness" such as FPS (first-person shooter games), ACT (action games), RAC (racing games) are the "fat sheep" that are most easily targeted by plug-in software and cracked versions in the process of going to sea.
"The core gameplay of these types of strong competitive games lies in the orderly and fair competition within the game. The core function of the plug-in software is to make some players who use it above the original rules of the game, thus breaking the balance of strong competitive games - players who use plug-ins can easily win, and the in-game experience of normal players will be seriously damaged. He pointed out that the more competitive the game, the more obvious the difference between using and not using plug-ins, which also means that the greater the income from using plug-ins. Therefore, plug-in developers and users can easily gather in the above categories of games.
Check in the bud
Behind the threat of private servers faced by "Original God", it reflects the epitome of thousands of game manufacturers struggling to fight against the security problem of going to sea.
The "2021 Game Going To Sea Safety Report" released by the overseas service agency "Sail out to sea" mentioned that 78% of the game manufacturers who participated in the survey of the report have encountered game plug-ins or piracy problems in the past year.
Why do game companies frequently encounter security challenges when they go to sea?
Li Xin pointed out that the core point of this problem is that for hackers, there are huge economic interests behind the gray and black production of the overseas game market.
The 2021 Global Game Market Report released by Newzoo, a game market research and data analysis organization, estimates that after a strong growth period in 2020, the global game market will generate a total revenue of $180.3 billion in 2021, an increase of 1.4% over 2020.
"The global game market share is still amazing, which means that the room for profit from the entire game market through the production of plug-ins, pirated copies and other game black and black production will also be very considerable." This has a strong attraction for hackers with certain skills, prompting them to make this part of the money through illegal means. Li Xin said.
On the other hand, the lack of security awareness of some game manufacturers going overseas is also one of the factors that lead to the entry of gray and black production. Zhuo Hui told the 21st Century Business Herald that many overseas manufacturers will think that overseas hacker attacks are relatively few before releasing games in overseas markets, so they will not protect game packages, servers, etc. accordingly. "For game development teams, if the security measures are inserted too late, they may have to be remedied at a higher cost." He confessed.
Several security experts interviewed this time also suggested that game manufacturers should explore the security issues they may encounter in advance before pushing their games to overseas markets.
Zhuo Hui pointed out that at the time of the establishment of the game project, the project team can have a basic understanding of the security problems it may encounter according to the type of game. For example, in the process of developing a game, some of the data in the communication between the game client and the server can be encrypted in advance.
For the protection of game data communications, he further pointed out that there will be different security risks when choosing different game engines. "If the game uses the Unity3D engine and uses the programming language C#, although il2cpp is now commonly used, it is still possible that hackers can successfully decompile the script code." He suggested that game makers should understand the risks associated with the resource files and delivery code for these engines so that they can protect them.
Li Xin put forward relevant suggestions on how small and medium-sized game companies going to sea can resist security threats. He believes that on the issue of security protection, unlike the head game manufacturers can invest a lot of manpower and material resources, small and medium-sized game manufacturers do not have the ability and do not have enough need to invest in high costs. "In view of the fact that many small and medium-sized game manufacturers are vulnerable to DDoS attacks at the beginning of the launch, they can use the 'cloud anti-D' related products for early deployment and defense, and repair the 'city wall' before the official launch to actively defend against hacker attacks." He said.
For more information, please download the 21 Finance APP