As the year comes to a close and the world looks forward to 2017, it’s important to look back on significant events that have made an impact on our industry, and to learn from them.
We’ve seen some troubling events happen in 2016, particularly as it relates to cybersecurity. From Pokémon Go getting hacked within the first two days of its release, to the FBI indicting scammers who swindled Electronic Arts (EA) for millions in in-game currency, there have been plenty of cyber attacks that have, and will continue to, affect video game developers, publishers, and players.
Reflecting on the past year, there are three major cybersecurity trends that have emerged that had an enourmous impact on the video game industry in 2016, and which will doubtless continue to do so in the upcoming year:
- Increasing awareness. When we started Panopticon Labs three years ago, Kaspersky Labs was the only organization talking about the cyber threats faced by the video game industry. Now, it is all over the news, as cyber attacks on video games increase in frequency and their resulting financial and reputational damages are realized. In fact, Trend Micro released a report in October detailing the increasing threats to the video game industry through the use of the gray market for online video game currency and items.
- The industry and media are starting to assign real money value to the losses that the industry is facing. From talking to video game publishers and through our own industry research, we have found that video game publishers lose up to 40% of their in-game micro-transaction revenue due to fraudulent and abusive activity inside of their games. However, there are many ways in-game fraud can erode video game profits – from decreased ad revenue, to increased staff costs, to server and legal fees.
- Government/legal involvement. Real money is being lost and real people are being hurt. Sooner or later, the government is going to regulate the industry in relation to fraud and protecting their customers. We are encouraging the industry to develop its own standards to avoid government involvement as much as possible.
In short, it appears that the video game industry is finally realizing what we’ve been warning publishers about since we founded Panopticon Labs in 2013. As the first in-game cybersecurity company to protect online video game publishers from the financial and reputational damage of in-game cyber attacks, we're uniquely positioned to help mitigate the threats facing publishers today and in the future, But for this to happen, executives and operations-level folks must come together, acknowledge the true size and scope of the challenges in their current fraud and risk environment, and put a pragmatic plan in place designed to neutralize bad actors' corrosive affect on the games, and the virtual worlds, we love. I know it's not an easy task, and nobody likes talking about these issues, but in our current monetization enviromnent, where an online game's financial success often depends on reviews, Let's Play videos, and continued mictotransaction sales made by players who return to compelling virtual worlds again and again, they must be addressed.
For reference, below is a detailed timeline of cyber incidents in the video game industry throughout 2016:
2016 Year In Review
MARCH 15: Valve’s Steam Platform is attacked by Steam Stealer malware, resulting in 77,000 accounts being “hacked and pillaged” each month
JUNE 3: Blizzard | Overwatch – Within the first week after release, Blizzard permanently banned thousands of players for cheating
JUNE 8: TechCrunch publishes “The gaming industry can become the next big target of cybercrime,” and heavily quotes Panopticon Labs co-founder, Matt Cook
JUNE 22: Trion Worlds – CEO Scott Hartsman “has spent more time combating fraud in the last couple years than making games”
JULY 7: Blizzard sues Overwatch cheat makers for copyright infringement, citing that they have led to a loss of “millions or tens of millions of dollars in revenue”
JULY & AUGUST: Niantic | Pokemon Go – First hack is seen within 2 days of release; the game is flooded with bots that overwhelm the servers; and it has lost 79% of paying players since launch. Niantic permanently bans players who use bots or other cheats and hacks, and threatens bot makers with legal action.
AUGUST 1: G2A is accused by TinyBuild of selling $450,000 worth of stolen game keys
AUGUST 11: Riot | League of Legends – Riot sues LeagueSharp for making LoL cheats, alleging that its cheats disadvantaging its 67 million monthly players and calls it is an “enormous threat.”
OCTOBER: Akamai releases results of “Gaming Trends and Challenges” Customer Survey, which cites account hacks and content theft as 2 of the top four security challenges facing game companies and improving customer retention as their #1 business challenge
OCTOBER 5: Valve | Counterstrike:Global Offensive – Washington State Gambling Commission orders Valve to take actions to ensure that CS:GO skin gambling is halted and threatens criminal prosecution for failure to stop the behavior. Commission cites that one company alone made around $1 billion by facilitating gambling in 7 months’ time
OCTOBER 10: TrendMicro releases “The Cybercrimal Roots of Selling Online Gaming Currency” report, which explicitly connects the gray market with the larger cybercrime ecosystem
OCTOBER: Panopticon Labs co-founder, Matthew Cook, presents “The Online Video Games Gray Market: What? Why? And How?” at Akamai Games Summit and participates in National Cybersecurity Alliance NASDAQ Cybersecurity Summit. He is quoted in Scientific American (also picked up by Salon), The Guardian, MarketWatch, and IEEE Spectrum
OCTOBER 31: CCP | Eve Online – Bans in-game gambling and removes an estimated 30-40 trillion Isk (equivalent to $650 million) from the in-game economy prior to adding a free-to-play option to the game
NOVEMBER 14: Electronic Arts | FIFA – Hackers steal $15M to $18M in coins over 2 years; FBI gets involved; hackers go on trial
NOVEMBER 18: Sony attributes a rash of Playstation account hacks to phishing scams.
DECEMBER: South Korea passes a law that makes developing and selling of hacks and cheats that are not allowed by video games’ Terms of Service illegal, with a punishment of up to 5 years jail time or $43,000 in fines.
DECEMBER 7: PCGamer publishes an article titled “Why is it so hard to stop cheating in videogames?” which provides an in-depth discussion about the difficulties publishers face in beating hackers and cheaters.