November 28, 2021

Hackers Target Videogame Publishers for Ransom, Source Code

Gamers have struggled for years with hackers who cheat and take over accounts. Now, videogame studios are coming under serious attack, prompting them to step up their cyber defenses.

Electronic Arts Inc.

said Thursday it was breached by hackers recently, confirming an earlier report by technology news outlet Motherboard. That followed a disclosure by Polish game developer CD Projekt SA in February of a ransomware attack and a similar invasion of systems at

Capcom Co.

Ltd. last November.

Each attack involved data theft, with schedules for coming Capcom releases posted on darknet forums for games including Resident Evil Village and Street Fighter.

Hackers claim to have pilfered the source code for popular games such as EA’s FIFA series and CD Projekt’s Cyberpunk 2077, and the libraries of code and digital assets known as game engines used to create them.

Rather than demanding ransom to not publish the source code, the hackers have instead said they would auction it on the darknet.

“When you have the keys to the kingdom, and you understand how the code is being written and how the applications are being used, that’s obviously more visibility than I think anybody would want,” said

Mark Ostrowski,

head of engineering at

Check Point Software Technologies Ltd.

, a cybersecurity provider that has worked with videogame companies on their security, including EA.

In response to the ransomware attack, CD Projekt said in a statement on June 10 that it redesigned its core information-technology infrastructure, upgraded firewalls, expanded its internal security team and engaged third-party specialists to assist with cybersecurity. A spokeswoman for the company didn’t respond to a request for comment.

A spokeswoman for EA said the company lost a limited amount of game source code and related tools during its attack, and it doesn’t believe player data was at risk. EA has a full-time internal penetration testing team in place, she said, and is following best practices such as those outlined in President Biden’s May 12 executive order on cybersecurity.

Capcom said in an April 13 report that it had upgraded its technology and created a committee to oversee cybersecurity. A spokeswoman for Capcom referred queries on the attack to the company’s report.

Videogame studios, however, face a number of challenges unique to their industry. The need to consistently stream large volumes of data into and from servers, which power online gaming, means security tools are often customized for a studio.

Additionally, the digital nature of prized assets, such as source code, means that were a hacker to break in, crucial intellectual property can be targeted and stolen.

MORE FROM WSJ PRO CYBERSECURITY

“There’s not a single gaming company out there that does not focus on asset protection in some way,” said

Steve Ragan,

a security researcher at cybersecurity company

Akamai Technologies Inc.

who specializes in the videogame market.

High turnover of staff in the videogame industry, where entire teams can be hired for contract work or laid off after a project is completed, means that managing user access to sensitive systems can be challenging, said

Eric Milam,

vice president of research and intelligence at technology company

BlackBerry Ltd.

That increases the risk that accounts with access to sensitive data may remain open, or that disgruntled former employees may present insider risks, Mr. Milam said. “Just because they let those people go doesn’t mean those people forget about how to access certain things,” he said.

Hackers could sell source code or use it to launch attacks in a number of ways, according to researchers. For instance, by tapping into the core functions of a game, hackers could build tools that let them pose as support staff and then send phishing email to gamers to gain access to accounts to exploit or sell on the darknet, said

Hank Schless,

a senior manager at cybersecurity company Lookout Inc.

Additionally, alternate versions of games containing malware could be distributed to gamers, Mr. Schless said. Popular app stores such as

Alphabet Inc.’s

Google Play and

Apple Inc.’s

iOS App Store have strong protections, but such impostor versions of games could sell on third-party platforms with weaker oversight, he said.

Criminals may also be able to develop tools that wreak havoc on games, Mr. Ragan said. “If you’re in the market for selling cheats and cracks for a certain game, the source code is going to help you identify ways to bypass protections. That’s the really big fear,” he said.

While cheating disrupts enjoyment from gaming, it also puts growing revenue from esports at risk if sophisticated tools become widespread.

Gaming research company Newzoo International B.V. estimated in March that revenue from the esports market will top $1 billion in 2021 for the first time, with a global audience of 474 million people. The videogame industry as a whole generated revenue in excess of movies and U.S. sports combined in 2020, according to estimates from market research company International Data Corp.

Ongoing updates, subscriptions and in-game economies, known as live services, also provide a lucrative source of revenue for games far beyond their initial sale value, and could be vulnerable to hackers through attacks on gamers or attacks engineered by analyzing a game’s source code.

EA’s live services accounted for 71% of its net revenue, at just over $4.01 billion, in its 2021 fiscal year, according to regulatory filings. Around $1.62 billion of that came from FIFA’s Ultimate Team mode.

EA’s spokeswoman said the company doesn’t expect the recent attack to have a material impact on its games or business.

Write to James Rundle at james.rundle@wsj.com

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

in Tech
Related Posts

Tesla Addresses Safety Issue in More Than 285,000 Vehicles in China

June 26, 2021

June 26, 2021

Tesla Inc. is addressing a safety issue in more than 285,000 passenger vehicles in China—including more than 90% of locally...

The Apps and Websites You Need for International Travel During Covid and the Reopening

June 27, 2021

June 27, 2021

Now that Covid-19 restrictions are easing for vaccinated tourists in Europe and elsewhere, you might have your sights set on...

Supercomputer Embarks on Effort to Help Map the Universe, Dark Energy and All

June 4, 2021

June 4, 2021

A national laboratory in California, armed with a powerful supercomputer, is set to create a highly detailed, three-dimensional map of...

Why PCs Are Turning Into Giant Phones

June 19, 2021

June 19, 2021

Your next laptop will be like a smartphone—only bigger, more powerful and more capable. It’s a reversal of almost a...

Lobbyists for Silicon Valley Giants Like Facebook Find Glory Days Are Over

June 17, 2021

June 17, 2021

WASHINGTON—President Biden’s decision to name the progressive antitrust crusader Lina Khan to lead the Federal Trade Commission is a stark...

Food Giant ADM Bolsters Its Defense Against Hacks, CEO Says

June 24, 2021

June 24, 2021

Agriculture company Archer Daniels Midland Co. ADM 0.70% is shoring up defenses against what it views as inevitable cyberattacks, its...

Bitcoin Creator Satoshi Nakamoto Could Be Unmasked at Florida Trial

November 14, 2021

November 14, 2021

A seemingly run-of-the-mill trial is playing out in Florida: The family of a deceased man is suing his former business...

10 Expert Ways to Get More Instagram Followers: A Summer Experiment

June 2, 2021

June 2, 2021

WHY WOULD ANYONEwant more Instagram followers?” sighed a friend two summers ago. “Mine just plague me with emojis in the...

China Steps Up Antitrust Pressure on Internet Firms

June 17, 2021

June 17, 2021

SINGAPORE—Chinese regulators have intensified scrutiny of dozens of domestic internet companies for possible antitrust violations, people familiar with the matter...

Activision Shares Tumble on Game Delays

November 2, 2021

November 2, 2021

Activision Blizzard Inc.’s shares tumbled in after-hours trading Tuesday after the company said it is delaying the launch of two...

TikTok Owner ByteDance’s Annual Revenue Jumps to $34.3 Billion

June 17, 2021

June 17, 2021

SINGAPORE—ByteDance Ltd., the owner of popular short-video app TikTok, told employees that its revenue last year more than doubled to...

Jobs for the City of Tomorrow

June 7, 2021

June 7, 2021

The Future of Everything covers the innovation and technology transforming the way we live, work and play, with monthly issues...

Meet Wall Street’s Crypto Artist

May 22, 2021

May 22, 2021

Sarah Meyohas’s work at the intersection of art, technology and finance earned the contemporary artist fame with financiers and tech...

Apple and the End of the Car as We Know It

May 22, 2021

May 22, 2021

Now that the car is evolving into essentially a smartphone on wheels, it’s no wonder Apple is kicking the tires....

China’s Next-Generation Tech Firms Hit Hard by Market’s Pullback

May 25, 2021

May 25, 2021

A chill has fallen over China’s new generation of tech giants, with stock in former market darlings such as Meituan,...