Home > Articles > Security > Software Security

  • Print
  • + Share This
This chapter is from the book

Lurking (Data Siphoning)

Much valuable gaming data can be gleaned simply by watching other players play the game and learning how they behave. This is true for sports, of course, where watching your opponents play in order to understand their play is an invaluable aid. The same kind of technique works for online gaming, from actions in an MMORPG to hands in online poker.

Online Statistics

Services like Thottbot help users collect and use statistics about the game.15 For example, Thottbot can tell you exactly where to find the vorpal sword of heinosity, provide you with a map to it, and let you know what your chances are of obtaining it once you're there. Thottbot works by sucking up as much information as it can from cooperating gamers and then republishing that information after it has been properly organized. For more on Thottbot, see Chapter 3.

Poker Statistics

Online poker is just as big as if not bigger than MMORPGs, though the recently passed legislation in the United States will put a big crimp in the market.

A number of third-party vendors create and sell software packages to help analyze hand history data and build a database of information about players and their tendencies. Serious poker players use these statistics to check for weaknesses in their play and uncover weaknesses in the play of others. Using these tools is extremely common, and all serious players (including an entire class of professional online poker players) use them.

As usual, academics and mathematicians have entered the fray. One interesting paper titled "Game Theory and Poker" by Jason Swanson can be found at <http://www.swansonsite.com/W/instructional/game_theory.pdf>. Be forewarned, though—this paper includes real math!

Figure 2-4 shows the GUI from a typical online poker third-party application. This application helps a player understand poker statistics and what to do next. It generates statistics, win percentages, hand probabilities, and useful tactical information for the game of Texas Hold 'em Poker.

Figure 2-4

Figure 2-4 An online poker helper application. (From <http://www.frayn.net>; reproduced with permission.)

In any game that involves money, it should be clear that your adversary will tool up. Online poker cheats and stats trackers are destined to become much better over time. Perhaps one day the bots will be good enough to beat even the best humans consistently.

Auction Manipulation

Cheaters also like to cheat in auctions. Though only tangential to online gaming, online auctions share many of the same "instant riches" lure that online games do. Considering some of the tactics that cheaters in online auctions resort to may provide some insight on cheaters in general.

Probably the most obvious tactic in auction manipulation is shill bidding. The idea behind shill bidding is to place a bid on an item only to inflate the final value. Of course, it's also against the law and a felony in the United States (you see, shill bidding existed long before online auctions). Auction houses like eBay track IP numbers to try to defeat shill bidding. They also monitor bidding activity over time to look for suspicious patterns. Sound familiar?

Another common cheating technique in online auctions is interfering in a transaction through out-of-band communication. This can take place through e-mail or any other channel. Colluding in an auction can be just as unfair as colluding in a poker game, and just as hard to detect.

A third form of cheating involves interposing near the end of an auction to try to intercept payment. By simply dashing off a quick e-mail to the winner as if the attacker were the seller and asking for payment, the attacker can sometimes dupe the poor winner into paying the wrong person. Traceable payment systems help make this attack less prevalent than others.16

Finally, there's a way to cheat in head-to-head auctions, applicable when things begin to heat up at the end. The competing parties (A and B) may be bidding against each other for the last few minutes, when A carries out an attack to deny service to B. One simple technique involves A attempting to log in as B unsuccessfully several times in a row so that B is temporarily locked out of the account.

  • + Share This
  • 🔖 Save To Your Account