Volume 2, Issue 2
Winter 2007
Letter from the Editor

Bookworm Adventures Postmortem: The Good, The Not Bad & The Ugly

Breaking Ranks: Hacking Tournaments, Ladders, Contests, and Multi-Player Games

Slingo Quest Postmortem

Q&A with Richard Wienburg, Softwrap Inc.

Improving Communication with Your Sound Designer

Top 10 Data Review for 4th Quarter of 2006

Windows Vista and Casual Games Development: What developers need to know


Download a PDF Version of this issue.
Subscribe to the IGDA Casual Games SIG Mailing List
Archives:
Fall 2006
Winter 2005
Summer 2005

Breaking Ranks: Hacking Tournaments, Ladders, Contests, and Multi-Player Games

Steven B. Davis, CEO, SecurePlay (http://www.secureplay.com/)

You’ve made your game, designed it carefully… considered cheaters, hackers, avoided exploits and engine problems, and yet once your game goes “live” online everything falls to pieces.

Welcome to the world of Game Service attacks.

Cheaters and hackers are increasingly attacking the “game around the game” – not the game itself, but the other features of the online service: tournament rankings, ladders, reputation systems, contests, and anything and everything that is part of an online game service.

This paper will discuss a number of these attacks and suggest some countermeasures. The paper will not review traditional computer security weaknesses, but rather the problems specific to being an online game service – weaknesses that can occur even if you have done everything right with encryption, database protection, access control, and firewalls. Unfortunately, there are few standard solutions to these problems as the security weaknesses often are closely tied to a specific game service’s business and operational model.

Lobby Attacks

Before players enter a game, they use a lobby service to set up matches – either with opponents of their choosing, or, for tournaments, based on algorithms and procedures provided by the game service.

Tournament and Lobby Spiking – While randomized match ups are theoretically strong, it is an interesting question whether teammates, or opponents for that matter, could collude to enter the matchmaking lobby within a narrow time window and thus increase substantially their chance of being matched together. After all, if ranked games are being run continuously, there are going to be inevitable times when the ranked game lobby is going to be relatively empty. Or, even with a relatively popular game, highly synchronized lobby entry can overwhelm the randomization process. The larger the team, the more effective this tactic will be. A weighting system that adds an anti-correlation component (to ensure that players haven’t played together before) and a measure that considers how many games someone has played (to address disposable identities, see below) to the tournament score could help discount the effect of team play. Another strategy may be to allow players to play multiple games at once (this strategy works better with thoughtful, as opposed to “twitchy” games).

Boosting - Once players have been able to match up with whom they wish, either because of an open lobby, a ladder type system, or spiking, they can then “boost” the rank of a designated player or group of players. It is probably a good idea to model your tournament structure against a boosting strategy to see how many entries it would require to be effective. The other goal may be to place better in a less competitive tournament – becoming the “best of the worst” in a junior or amateur tournament rather than having to fight and likely not win in a more seasoned competition.

Tournament & Ladder Game Play Attacks

There are certain attacks that can occur against a game because it is being played in a tournament or as part of a ladder ranking system. These are not really attacks on the game but on its context. While Brain Age may be a great single player game, it would fail utterly in an online competitive environment. This problem also exists for many puzzles and trivia games. Puzzles may be able to be solved algorithmically and trivia games are vulnerable to Dictionary Attacks and

Swarming” to find the right answer. Finally, there are a number of games with optimal or strong strategies which only are a problem in competitive play.

Collusion – players cooperating together when it is forbidden by game rules. This is a problem for multi-player games in general, but can be even more problematic when tournaments or rakings are involved. For example, collusion in a two-player game is meaningless unless there is a multi-player ranking system that can be attacked.

Bots – software that automates or aids play is a widespread problem in computer games. These applications are not cheating the game itself, but are attacking the multi-player game experience. Bots that uniquely target tournament or multi-player play are LossBots that can boost the rank of their sponsoring player. There are also WinBots that use optimal or strong strategies and BoostBots that do not play the game, but act as player aids.

Game Service Provider Problems

Game service providers don’t like to think of themselves as a source of problems, but players certainly do. The most important asset a game provider has is his reputation. In order to avoid damaging PR, game service providers should be prepared for accusations from disgruntled players. Also, the industry should cooperate to establish solid standards and practices since the problems of a single company could snowball to damage the industry as a whole.

Payment Abuse / Rake Abuse – If the game service has payments involved, there are opportunities for payment abuse. A game company that shaves a nickel here, a penny there, and a quarter somewhere else can easily and stealthily earn undeserved revenues. Game providers should provide clear payment tables that are always available to players and full and detailed accounting records for the player’s review. It would be optimal to provide an independent audit on the player’s platform, but this is not always practical. An outside auditing firm in support of well-documented processes and procedures and other measures can help build a reservoir of trust.

Bias – Because of the nature of the games that they are offering, game providers often have insider knowledge that would give a favored player a real advantage in a game. Also, if there are games played vs. the provider, there can be tax advantages to reducing apparent winnings by colluding to lose to a cooperating player.

Action Hands – In games where variable payments are involved, the game provider may be able to make the game more “interesting” and hence increase payments. In this case, the game provider doesn’t really care who wins – just that there is more activity.

The “Game Over” Game

One part of the game code is the responsibility of both the game service provider and the game developer – the Game Over game code. Networked games can end for a number of legitimate reasons, but also for illegitimate ones. Dropped connections and computer failures are too common to be ignored and punished. Game developers and providers also need to be concerned about players abandoning a game to avoid a loss (Stat Guarding). However, malicious players can abuse the “game over” logic, and even the game abandonment code to their advantage. For example, depending on how the “Game Over” logic is implemented, a malicious player may be able to force the game to end when they have an advantage or to use their preferred score as the authoritative source for the game. Players may abuse the Game Abandonment System to make it look like the other player has abandoned the game – and trigger the game score system to punish them accordingly. The ideal approach is to periodically build a “certified game state” that can be used to replay or finish the game at a later date.

Players can also attempt to report false scores and delay reporting of undesirable game results to manipulate the ladder or tournament system. A final problem is when players make side wagers on game results. This is not something that a game operator can handle directly, but it is an issue that they should be aware of.
Unfortunately, there are no magic bullets for this problem – games need to be examined on an individual basis.

Identity Problems

While identity is a not really necessary for a high score service (see Security High Score Games - http://www.igda.org/casual/quarterly/2_1/index.php?id=3), it becomes much more important once one moves to a richer online game service. The simplicity of developing a casual game and hosting free games becomes substantially more complicated. Once the identity system is undermined, the remainder of online game service is compromised, as seen in the previous sections.

Invalid Licenses/IDs – Both paid and unpaid games often use a license key or platform ID as part of their identification system. For performance, storage, and business reasons, these keys are sometime not issued and validated individually, but by an algorithm. Malicious players can steal keys, duplicate them, or break or duplicate the authentication algorithm. There are ways to ensure the security of license keys and recover from compromises – but the techniques are very game service specific.

“Alt” IDs – Free online game services often permit, or do nothing to stop, the creation of multiple identities. Second Life has had particular problems with multiple accounts since it allowed them. Players can use these additional identities to increase their chances of winning or boost their rank with Lossbots. Positive incentives can be used to encourage honest registration of identity such as prizes or awards programs.

Outsourcing – Players sometimes recruit or hire other players who are good at a game to play for them to boost their score. This is offered as a service, like gold farming,  for several massively multi-player online games like World of Warcraft, but it has also been reported for ladder systems for casual games. There is not much that can be done about this.

Game Save Sharing – Some games save files or other persistent information to be stored locally. This data may be exchanged with other players to boost statistics or otherwise enhance play. This has occurred with the Xbox 360 to boost Achievements in the Xbox Live service. If such files need to be supported, they can be cryptographically tied to a specific platform or user account.

Conclusion

Game service providers are moving to provide richer player experiences to complement their games. These richer game play systems, such as tournaments, ladders, and reputation systems, bind the players to the service and keep them playing. Players do not have to attack the individual games to undermine these value-added services. They can attack the entire game service fabric.

The short history of online gaming has shown that players are willing to hack and cheat just to get the high score on a small web site for a simple Flash game. Player reputations and rankings increase the rewards for successfully exploiting these services. Fortunately, the malicious player’s ego trip usually results in the rapid, usually gleeful, disclosure of the attack. The game changes once again as game service providers support real rewards and prizes – hackers and cheaters will stop sharing and publicizing their exploits – putting a much greater burden on the game service provider’s security. 

 
   Get Involved | Contact Us
 © 2007 IGDA   

This website is maintained by the volunteers of the IGDA's Casual Games Special Interest Group. For information about the Casual Games SIG, go to www.igda.org/casual