Is Blizzard Spying?

New Book Says Anti-cheating Efforts Cross The Line

In the cat-and-mouse game between online game designers and would-be cheaters, rootkits are emerging as powerful monitoring tools to ensure that players are not playing fast and loose with the rules.

But many gamers do not know that when they sign up to play in an online role-playing game they might be giving the publisher broad access to data on their hard drives.

“They usually are not aware of what the companies are doing to try to defeat cheaters,” said Gary McGraw, CTO of Cigital Inc. “That’s news to them.”

McGraw and Greg Hoglund, CEO of HBGary Inc., say it is bad news. They are raising concerns about the technology in a new book.

“The game companies are defending themselves in ways that aren’t cool,” McGraw warned.

The book, Exploiting Online Games, is scheduled for publication in the summer or fall of 2007 by Addison-Wesley Professional. The authors announced immediate availability of a PDF introduction to the book, Cheating Online Games, at the recent Black Hat Briefings in Las Vegas. They also released a tool for monitoring the rootkit used by Blizzard Entertainment to monitor players of its popular World of Warcraft.

The PDF Shortcut (available online for $9.99 at www.awprofessional.com/title/0321460723) focuses on World of Warcraft, but the book will take a broader look at the technology and issues in online cheating and the countermeasures being taken by companies.

“It’s surprising just how sophisticated the monitoring and cheating have become,” McGraw said.

The book includes details of how some cheating is done. McGraw said that disclosing these details is a concern, but said the cheaters already know the techniques.

“We’re going to be describing things that are well known to some, but not well-enough known to others,” he said.

Cyber defense always is something of an arms race, and in the current race, the big bomb is the rootkit. Hoglund discovered the Warden in World of Warcraft last year.

A rootkit is code running so deep in a computer’s operating system that it is not easily detected or evaded. It can be used by a hacker to hide malicious activity on a compromised computer. In the case of World of Warcraft, users agree in the small print of the end user license agreement to allow installation of a rootkit that runs spyware called the Warden on the client PC.

The purpose is to keep an eye out for forbidden scripts or macros that could let the player cheat the game. This is a legitimate concern, McGraw said, “and it works pretty well.”

But the Warden also reads the window text and title bar of every window open on the PC, scans all open processes, and checks out the e-mail client and URLs being visited. It reports all of this back to Blizzard Entertainment. The company says it has no intention of misusing this data, but under the terms of the license agreement there are no restrictions on how it can be used.

“We do not trust them,” the authors say.

Game developers are resorting to high technology to target cheaters because the stakes are high, for both companies and players. World of Warcraft alone, probably the most popular massively multiplayer online role playing game, has about 6 million users who have paid $30 for the client software and pay another $14 a month for access to the game servers.

These games have spawned online economies that spill over into the real world with the buying and selling of virtual goods and currencies. In 2005 an estimated $600 million in hard money was exchanged for online assets, McGraw and Hoglund said. There are professional currency traders and the Web site GameUSD.com tracks exchange rates for gaming gelt.

Unfair manipulation of online assets date back to the earliest online games. Ultima Online from Electronic Arts, one of the first widely popular multiplayer role-playing games, suffered a currency crisis in 1997 when players found a flaw in the program that allowed duplication on of goods and gold.

So there is a legitimate interest in policing the gameworlds. But, “where does such a countermeasure cross the line between legitimate copy protection and invasion of privacy?” McGraw and Hoglund ask.

McGraw, who was a philosophy major in school, admits the line can be vague. But the authors maintain that in the case World of Warcraft’s Warden, that line has been crossed.

“This is a clear invasion of privacy,” they said. “What Blizzard is doing in the name of security is unacceptable and needs to stop.”

There is little a player can do to stop Blizzard’s Warden, but there are ways to watch the watcher.

“We wrote a tool called the Governor that keeps track of what the Warden does,” McGraw said.

The Governor and accompanying libraries can be downloaded from www.rootkit.com/vault/hoglund/Governor.zip.

Share this GiN Article on your favorite social media network: