Search This Blog

Showing posts with label Gaming. Show all posts

Counter-Strike: Global Offensive (CS:GO) — Money Laundering Prompts Valve to Shut Down In-Game Key Sales


Counter-Strike: Global Offensive (CS: GO) was being targeted by criminals for money laundering, according to the US video game developer, Valve. In a statement, the makers told that the aim of the attackers is to "liquidate their gains".

Developed by Valve and Hidden Path Entertainment, CS: GO is a popular multiplayer, first-person shooter game in which two teams go against each other strategically completing given objectives such as diffusing bombs and rescuing hostages.

The game allows players to earn cosmetic upgrades for their guns and avatars in loot containers, normally these boxes can only be opened via a key that players have to buy from Valve. However, the makers observed that "worldwide fraud networks have recently shifted to using CS: GO keys to liquidate their gains. At this point, nearly all key purchases that end up being traded or sold on the marketplace are believed to be fraud-sourced." The fraudsters exploited the loot gathering systems in the game to trade keys which further allowed them to unlock rewards for real money.

As a security measure, the company has updated the game in a manner that shuts down the ability to transfer new loot box container keys among users in the game.

"CS: GO container keys purchased in-game can no longer leave the purchasing account. That is, they cannot be sold on the Steam Community Market or traded. Pre-existing CS: GO container keys are unaffected–those keys can still be sold on the Steam Community Market and traded," the blog read.

In the blog post, the company also expressed concern for the effect this would have on legitimate players but also emphasized the need to combat fraud which they have on priority.

While the total amount of money laundered through the Steam marketplace remains ambiguous, hundreds of thousands of loot containers along with keys have been traded by the criminals via the online marketplace. Notably, the boxes and keys were traded for a few dollars each.

In the past seven years of its existence, CS: GO amid gaining massive popularity has unfortunately also attracted a number of disputable scenarios including illegal gambling and hidden business interests for social media influencers.

The Rise of the DDoS Attacks and the Abuse of the WS-Discovery Protocol


A new type of attack that feeds on vulnerabilities in the usage of the Web Services Dynamic Discovery protocol has been discovered recently by analysts from Akamai's DDoS mitigation service Prolexic.

The attackers here are said to have had used a moderately new strategy—one that can possibly yield more than 15,000 per cent rate of return for the junk data it heaves at a victim.

Since WS-Disclosure provides devices on a similar network a chance to communicate, and guides them all to ping one area or address with insights concerning themselves, attackers can control WS-Discovery by sending uniquely crafted pernicious protocol requests to vulnerable devices like CCTV cameras and DVRs, which is extremely simple for them to do as WS-Discovery is intended to be utilized internally on local access networks and Akamai gauges that approximately 800,000 gadgets exposed on the web can receive WS-Discovery commands.

“There's a huge pool of vulnerable devices sitting out there waiting to be abused” says Chad Sailor, senior specialist on Akamai's security insight reaction group.

"DDoS attacks abusing the WS-Discovery protocol have increased," says security researcher Troy Mursch.
 "The notable thing here is the amount of vulnerable hosts that can be abused and the large amplification factor that enables crippling attacks."

Video game platforms are the most well-known targets for DDoS attacks, during the beginning of September, for instance, Blizzard's hugely famous World of Warcraft Classic went down sporadically for a considerable length of time as a result of a DDoS attack.

"With gaming, they are one of our most frequently attacked industries," Akamai's Seaman says. "We have a handful of different gaming customers that we protect and we basically see the full gamut of all the different attack vectors and exploratory attacks through them. So it’s not surprising to see them being the first ones being targeted with a new vector."

In any case the dread about WS-Discovery DDoS attacks, however, is that the gaming industry won't be the last target as the researchers caution once more that the industries should be prepared for greater versions in the future.


EA Origin Security Flaw Exposed over 300 Million Gamers to Account Takeovers



In the wake of the discovery of an EA based vulnerability, EA origin has been forced to re-examine its module for security and safety as the flaw could have potentially exposed millions of gamers to account takeovers.

As per the findings and research of specialists at Check Point and CyberInt, the vulnerability affected over 300 million gaming enthusiasts playing online games namely FIFA, Madden NFL, NBA Live and Battlefield.

The vulnerability relied on an alternate authentication method known as, Access Tokens which are like passwords; by stealing a Single Sign-On authorization token, the security flaw would have given complete authority into the hands of the hackers, who further would have been able to hijack player's accounts without needing the login or password.

Stealing 'Access Tokens' can be a bit more complex than stealing passwords, however, it still is possible. It's because users have been enlightened against providing passwords on dubious websites, hackers now resort to accessing access tokens rather than the passwords. Moreover, it can be carried out behind the scenes without needing any active participation from the user.

On Wednesday, commenting on the matter, Oded Vanunu, head of products vulnerability research for Check Point, told, "EA's Origin platform is hugely popular, and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users' accounts,"

Referencing from the statements given by Alexander Peleg in an email in the regard, "We had the vulnerabilities under control so no other party could have exploited them during the period it took EA to fix," 

Hacker Group make Nintendo Switch a Linux machine

As reported earlier this month, Hacker Group fail0verflow had tweeted a picture showing that they had managed to run Linux on Nintendo Switch. That was February 6; now, 12 days later, they have released a video on their account, providing proof of the same.

The video shows a Switch console running a Linux-based desktop environment KDE Plasma, with full touchscreen support and a web browser, something which the gaming console did not originally have.


While usually people hack into gaming consoles to play cracked versions of games, some people just enjoy running whatever kind of software they want on them. This seems to be one of those cases.

Fail0verflow is a hacking group that focuses its hacking efforts on gaming consoles and has recently taken up Nintendo Switch, as have many others.

While the hacking group has still not made public their exact method and code, it reportedly involves exploiting a flaw in the boot ROM of the Switch’s Nvidia Tegra X1 chip. As they revealed last time, the video maintains that the flaw can’t be patched up by Nintendo on current devices but allegedly can be discussed in future production.

Hackers run Linux on Nintendo Switch

Last week, hacker group fail0verflow shared a photo on Twitter, showing that they had managed to run Linux on the Nintendo Switch.


This tweet followed after a previous one in January where they explained that their Switch coldboot exploit is a boot ROM bug, which as suggested in the name, is a piece of code containing instructions about the booting process stored in a read-only memory.

They also revealed that it is not possible to fix the flaw using patches in the current Switches.


Earlier, they had also tweeted a scroller for the Switch.

While they have teased the exploit to the public, it may be a while before fail0verflow publicly release the details and code for their hack, as evidenced by the PS4 exploit that they demonstrated in 2016 and only revealed the details of over a year later.

Meanwhile, the Switch hacking community continues to make progress. After the 34C3 conference which left the console’s security wide open, it seems that it’s going to be easier for hackers to create homebrew software for the Switch and even pirate games, which could mean serious financial repercussions for Nintendo.

For those with technical knowledge who prefer the white hat route, however, Nintendo is still offering bounties on reports of vulnerabilities.


Is AI allegedly hacking users’ account?

Recently the leak of a few documents online seems to reveal insight into the computer gaming industry's use of Artificial Intelligence (AI) to increase advertising revenue and gaming deals. The classified documents showed up on Imgur two days back, and have been doing the rounds on Twitter. The leaked documents, if genuine, uncover the startling lengths that the computer game industry will go to with a specific end goal to snoop on gamers using AI.


The archives state that reconnaissance data is accumulated to order detailed profiles about users. As indicated by the reports AI focused on the users' smartphones and utilized inactive listening innovation/technology to connect with the smartphone's microphone, phones are checked to see whether they (users) stay in a similar area for eight hours or more. On the off chance that this is observed to be genuine the subject is set apart as "at home". 

The unsubstantiated documents at that point go ahead to clarify the detailed observing or monitoring that happens inside a user’s home:
 “When in home, monitor area of common walking space. Pair with information about number of staircases gathered from footfall audio patterns. Guess square footage of house.”

A part of the document marked "Example Highlight" at that point goes ahead to clarify how it was chosen that "high bonus gaming sessions during relaxing times are paradoxically not the time to encourage premium engagement."

Around then, users are focused with free rewards, bonuses and "non-revenue-generating gameplay ads." As per the leak, at these circumstances "the AI severely discourages premium ads.”
As though this wasn't sufficient, the AI additionally listens in, for catchphrases as well as for "non word sounds." Examples include microwave sounds and notwithstanding biting and chewing noises, which are utilized to figure whether packaged meals have been consumed.

A section marked "Calendar K" clarifies how psychological manipulation is utilized to coerce users into making purchases. AI may sit tight for players to be tired after long gaming sessions. Can turn around the shade of free and paid game titles (generally blue and red), with a specific end goal to "trick a player into making a buy unintentionally."

Unbelievably though,it gets worse. As indicated by the leaked documents the gaming business industry likewise utilizes hacked data dumps to gather additional information about users. Also a segment marked "Schedule O" even clarifies how the AI gathers side channel data.
For the present however, it remains to be seen whether this information or data dump will end up being genuine or not.


As is dependably the case, we encourage smart phone users to be careful about the applications they install. Continuously check for obtrusive authorizations before consenting to install any application or game. On the off chance that a game requests authorization to utilize the microphone, please remember that this sort of reconnaissance might happen.

As per these leaked documents, AI software may likewise be utilizing previously hacked information and data to pick up passage to outsider or third-party administrations and services. If it happens, at that point the gaming companies might break into auxiliary services to put users under surveillance and develop a detailed profile about them.


For now, these serious allegations still can't seem to be demonstrated valid. Be that as it may, the users are reminded to dependably utilize solid one of a kind passwords for the greater part of their diverse online accounts – to make it substantially harder for organizations and companies to use such practices.

Nvidia prepares GTX 1050 And GTX 1050 Ti Max-Q variants to Tackle Intel’s Kaby Lake G series

NVIDIA has apparently let known the presence or more likely the existence of the GTX 1050 and 1050 Ti Max-Q design in their most recent Linux changelog. This simply implies that the company is as of now getting ready to reveal the line-up soon and will set it against the Kaby Lake G line up's RX Vega M GL. Since Max-Q is tied in with augmenting the thermal and power envelops and furthermore even the name of the game is power efficiency, it is expected that the level of rivalry as well as competition has genuinely risen.

This change was noticed in the Linux display driver that was released recently and records not just the MX 130 and MX 110 yet in addition the 1050 Ti with Max-Q designs. A reminder for those of us who overlooked, Max-W is NVIDIA's design theory or in other words a philosophy which involves constrained TDP settings. This innovation has already been utilized as a part of an ultraportable gaming notebook so as to reduce a large portion of the GPU power consumption.

It finds the most productive trade off of execution, performance and power for the GPU. The software to be sure adjusts the work done on the CPU and GPU, at the same time upgrading the game settings and utilizing advanced system design techniques for thermal management and power regulation. It likewise presents another idea, WhisperMode. This ultra-productive mode makes the users ‘plugged-in laptop runs much quieter while gaming.
Works by intelligently pacing the game's frame rate while simultaneously arranging the graphical settings for optimal power efficiency.

The clock speed of the Maximum Q is most likely going to be somewhere around 1417 MHz to 1450 MHz, which means a hypothetical graphics execution of 2.18 TFLOPs. This puts it within spitting distance of the newly initiated Kaby Lake G series of graphics which house the Vega M. Remembering be that as it may, that while the Vega GL has a higher hypothetical (theoretical) power, AMD and NVIDIA models are not directly equivalent and as has been the situation this age, NVIDIA more often fares better even with lower theoretical FP32 execution.
Aside from this the AMD Radeon RX Vega M GL graphics chip is set to be featured on a range of 8th Generation Core i7 and Core i5 processors. These feature 20 CUs which are equivalent to roughly 1280 stream processors, 80 texture units and 32 ROPs. The Vega 20 die is clocked at a base frequency of 931 MHz and boost frequency of 1011 MHz These chips convey an evaluated single precision output of 2.6 TFLOPs which is marginally up from a Radeon RX 560 reference design that has 2.4 TFLOPs of FP32 performance. The Radeon RX Vega 20 GPU is accompanied by 4 GB of HBM2 memory and this works at 1.4 Gbps close by a 1024-bit bus interface, directing out 179.2 GB/s of data transmission. For a solitary HBM package, this is loads of accessible data transmission devoted for the GPU alone.

In any case, the Max-Q design has previously been seen in the Zephyr notebooks which include the extended keyboards and frills which apparently aren't for everybody and it remains to be seen whether this GPU will require a similar style of aesthetic and cooling. On the off chance that that is the situation, at that point it could restrain the total available market of the product since a brought down keyboard and the odd cooling style isn’t favoured by everybody.