Exploiting Online Games: Cheating Massively Distributed Systems

Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you dont want to be the last person to attack your own systemyou should be the first.The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. Its their only hope of staying only one step behind the bad guys.Aviel D. Rubin, Ph.D.Professor, Computer ScienceTechnical Director, Information Security InstituteJohns Hopkins UniversityEveryones talking about virtual worlds. But no ones talking about virtualworld security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be.Cade MetzSenior EditorPC MagazineIf were going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when youre facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge.Edward W. Felten, Ph.D.Professor of Computer Science and Public AffairsDirector, Center for Information Technology PolicyPrinceton UniversityHistorically, games have been used by warfighters to develop new capabilities and to hone existing skillsespecially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the hacking game, and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge.Daniel McGarveyChief, Information Protection DirectorateUnited States Air ForceLike a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each others games, but ran up against copyprotection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.With the thriving economies of todays online games, people not only have the classic hackers motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. Thats a combination thats hard to stop. The first step, taken by this book, is revealing the techniques that are being used today.Greg Morrisett, Ph.D.Allen B. Cutting Professor of Computer ScienceSchool of Engineering and Applied SciencesHarvard UniversityIf youre playing online games today and you dont understand security, youre at a real disadvantage. If youre designing the massive distributed systems of tomorrow and you dont learn from games, youre just plain sunk.Brian Chess, Ph.D.Founder/Chief Scientist, Fortify SoftwareCoauthor of Secure Programming with Static AnalysisThis book offers up a fascinating tour of the battle for software security on a whole new front: att