Cybersecurity Issues Affecting the Burgeoning eSports Industry
The concept of eSports has been around for many decades, as far back as the early 1970s, when the Intergalactic Spacewar Olympics was held. Nevertheless, few could have predicted the industry’s meteoric rise in recent years. Revenues have soared to $696m, according to Newzoo and they too predict that revenues will surpass the $1bn barrier towards $1.5bn by the turn of the next decade.
eSports draws attention of crowds, as well as cybercrime
eSports has become a global phenomenon, of that there is no doubt. Who would have thought that tens of thousands of people would cram into indoor arenas and stadia to watch fellow gamers do battle on giant computer screens? The Dota 2 annual gaming tournament received total viewing figures of more than 20 million, along with a prize pool of $24m-plus, the largest ever prize fund in eSports tournament history to date. Amazingly, that prize pot is already twice the money on offer at golf’s U.S. Masters!
Nevertheless, with the scale and importance of eSports rising tenfold, that brings with it altogether new challenges for the industry to overcome. Some people predict that eSports and online gaming as a whole is at serious risk of coming under attack from the next generation of cyber-criminals looking to cause data havoc.
Steam gets targeted
It wasn’t so long ago that one of the world’s leading online gaming distribution platforms encountered a host of damaging malware attacks. Steam, which is a platform boasting more than 125 million gamers who download games, extra content and patches online, has been the victim of two different types of malware attack. The first is distributed through phoney websites attempting to market themselves legitimately and the second is via direct messages distributed through Steam’s online platform privately to its members.
Cybersecurity firm Kaspersky Lab has intimated that cybercriminals using malware are becoming increasingly sophisticated in their attempts to gain unlawful access to player accounts on Steam. Over 1,200 different malware tools have been discovered attempting to steal Steam logins and sensitive player data which could be used to make unauthorized purchases elsewhere online. One way to combat this particular issue and many other login-based security threats is to utilize two-factor authentication which creates an additional, tougher barrier to break through to sensitive information.
ESEA defies ransom attack
One of the biggest bodies in eSports is the eSports Entertainment Association (ESEA), whose Pro League attracts players and viewers alike. In fact, Season 4 sold out the Sao Paulo arena and reached 15 million views online, according to Esports Marketing Blog, sponsored by major tech and gaming brands such as Intel, digital payment provider Paysafecard and online bookmakers Betway – who also provided betting on the event. Earlier in 2017, the ESEA experienced a cyber-attack which placed 1.5 million of its gamers’ and fans’ sensitive data at risk. The cyber-criminals attempted to hold the ESEA to ransom of $100,000, but were met with stiff resistance from the powers that be at the ESEA. Rather than accepting the hackers’ demands, they simply informed all affected gamers of the situation and gave them assistance to mitigate potential damage before the data could reach the public domain, as Mashable reported.
With the spotlight very much increasing on eSports as an industry, it’s perhaps unsurprising that it’s attracting greater attention from cybercriminals. The impact of live streaming on the eSports and online gaming community also means that prominent pros and gamer personalities see more of their private lives exposed online, becoming high-profile targets in the process.
The threat of hardware tampering
The other main security issue the eSports industry has to combat is the threat of cheating within its own community. Admittedly, the chances of players being able to download cheats to assist them in eSports tournaments is remote, given that the computers involved are connected only to a local network overseen by tournament admin. In addition, USB ports are disabled, so the use of a cheat-filled portable hard drive is out of the question too.
It is in fact one piece of hardware which two cybersecurity researchers, Mark Williams and Rob Stanley discovered to be open to tampering, as presented at DEFCON 25. eSports gamers are permitted to bring their own professional mice and keyboard setups that they use at home – due in no small part to the industry’s existing sponsorship commitments with leading hardware companies, namely Razer and Logitech. However, these researchers found that eSports players could gain a crucial advantage by using their own gaming mice.
The discovered that by tampering with the mice’s own microprocessor and memory it was possible to get a gaming computer to recognize the mouse as a keyboard instead. This would enable the mouse to write and execute cheat codes for use in a game. The codes could be as minor as modifying the direction of a gunshot by a small number of pixels to inflict greater damage on the opponent – fine margins but huge rewards given the prize money on offer today.
Risk vs Reward
As the prizes become greater, there is a danger that the size of the risks people are willing to take will grow too. The eSports industry must be flexible in the months and years ahead to accept its security challenges and meet them head on, increasing the security and integrity of its infrastructure as well as the integrity of its hosted tournaments.