Home | Anime | Movies | Soundtracks | Graphic Novels

Exploiting Online Games: Cheating Massively Distributed Systems
Publisher: Pearson Education

The topic of software security is much like a good gun collection. People are going to be more interested in the power of a piece than the moral impetus of the persons wielding it. Much in the same way, the whole argument of "Black hat" and "White hat" hackers, truthfully, is a side note to the much more important consideration of the potency of an attack or the skills of the attacker. Taking that into consideration, the world can be divided into two groups: those who are familiar with security and software exploits and those who aren't. That and the fact that the Internet stands at the ready as a font of information and a hacker's playground would indicate that the only way to improve software security and, in particular, MMO security, is to make the ways of exploiting the code common knowledge so that game developers can improve their code and secure their software.

Or, something like that. This seems to be the statement that the authors of Exploiting Online Games: Cheating Massively Distributed Systems are trying to make. While the philosophy of publicizing exploitable issues in order to bring about more secure software is worthy of its own book(s), Exploiting Online Games: Cheating Massively Distributed Systems does provide some useful knowledge and interesting insight, regardless of the color of your current hat.

So, who does it take to write a book like Exploiting Online Games: Cheating Massively Distributed Systems? Well, first, you have Greg Hoglund, self-taught hacker whose interest in security has led him to start several Security companies, hack World of Warcraft, Asheron's Call, EVE Online and Vanguard and write books and operate a website on Rootkits. It also has led him to obtain and execute multi-million dollar security contracts with the U.S. government. This guy must have an interesting hat collection, in quite a multitude of shades. Secondly, you have Gary McGraw, CTO of Cigital, Inc., a software security and quality consulting firm that has "provided services to some of the world's best-known companies for a decade." Gary is highly involved with the security scene, but seems to be more white-hat than his cohort and co-author, Greg.

Exploiting Online Games: Cheating Massively Distributed Systems provides an interesting look at the security built into MMO games, from concept to practical knowledge, and this book explains how data can be manipulated and used, why the data is ever at risk in the first place and details some of the escalation in the MMO hacking wars that have gone on, with mods and anti-mod measures and anti-anti-mod measures, etc.

First, Exploiting Online Games: Cheating Massively Distributed Systems looks at the basics of MMO security and an analysis of exactly what is considered cheating. It's interesting to see how the lines between black and white can be muddied when games' license agreements disallow things such as using keyboard macros and even simply using the game without connecting to the developer's game server.

One of the above-mentioned anti-hacking measures is, quite frankly, frightening and is an excellent example of how the "good guys" can be doing wrong. This particular anti-cheating measure is, in fact, one of their reasons behind the creation of Exploiting Online Games: Cheating Massively Distributed Systems. I am speaking of "The Warden," an anti-cheating measure that is shipped with World of Warcraft and was discovered and "outed", if you will, by one of the authors - Greg Hoglund. In response, Greg created a program called, "The Governor," that allows WoW players to watch what "the Warden" is up to; the source for this program is included in the book. The problem with the Warden is that it doesn't only snoop on files related to World of Warcraft; it snoops through your whole system, capturing data that could be confidential in nature.

Exploiting Online Games: Cheating Massively Distributed Systems discusses bugs in games that are exploitable, giving generic types of exploitable issues and following up with concrete examples from current MMO games. Beyond this, the book goes into more technical activities, such as using a software debugger (a common programmer's tool) to modify an MMO game's client code, as well as ways that current MMO games attempt to thwart this type of meddling... and how to get around these attempts. This is interesting stuff, but not for the faint of heart... or anyone not technically-inclined; there is a pretty good amount of code in this book.

If you're looking for a primer on the current state of MMO security, Exploiting Online Games: Cheating Massively Distributed Systems is not a bad place to start. There is a decent amount of detail on a lot of topics here, from creating bots to DLL injection. If you're looking for a book that will tell you everything you could ever want to know about a single one of these topics, you may be disappointed. Exploiting Online Games: Cheating Massively Distributed Systems goes more in-depth than a simple overview, however, and is bound to have useful information for anyone interested enough in MMO security to read this far.



-Geck0, GameVortex Communications
AKA Robert Perkins
Related Links:


This site best viewed in Internet Explorer 6 or higher or Firefox.