Extremism & Financial Fraud: How OSINT Can Rescue the Gaming World
The rise of the internet as a force for communication, information and leisure has naturally seen a boost in its use regarding criminality. Those involved in illegal activities will use whatever sources they can find to continue operating unlawfully, and that’s the sad truth.
Over the last few years, cyber-criminals have identified the gaming industry as being ripe for exploitation. From extremist recruitment to financial fraud and money-laundering, gaming platforms have seen a huge rise in criminal activity in recent times. Online fraud attempts in general increased by 16.5% in 2021. In the meantime, similar activity in the gaming world grew by 261.9% in the US alone, and 393% globally.
What is all this leading to? In the article below, we explain why gaming platforms have become such a target for criminals, look at current threats within the industry, and see how OSINT tools can provide a solution.
- Cybercrime Developments in the Gaming Sphere
- The impact of Covid-19
- Three Major Threats to Online Gaming
- Popular Gaming Platforms at Risk
- How OSINT tools offer a solution
Cybercrime Developments in the Gaming Sphere
The growth of cyber crime within the gaming industry can be put down to a couple of major factors: malicious actors are opportunists by nature, and gaming regulations are less stringent than those found elsewhere on the internet.
A recent poll suggests that the rise of crime in the gaming world is directly linked to the ease with which the source of funds can be masked. As a result, much of the crime committed relates to financial fraud and money laundering. One common act within the gaming world is for hackers to steal user accounts and sell them on to other gamers. Steve Ragan, security researcher and author of the research paper, had this to say:
“There are criminals that will sell you usernames and passwords to that game so you can walk in and play. Let’s say a criminal’s going out and they launch a credential stuffing attack, and they come back with, say, 100 accounts that are valid. They can sell those hundred for $5 a pop.”
Such activity demonstrates why the criminal fraternity is drawn towards the gaming sphere. The market is ripe for exploitation, and the potential rewards are huge.
The impact of Covid-19
The Covid pandemic has been a significant driver behind the growth of the online gaming sphere. Lockdowns created a world full of bored, pajama-clad people, unable to leave their houses and desperate for something to fill their time. This massive growth within such a short time-frame meant that security measures got left behind. With a gaming demographic of 3 billion worldwide and an industry worth $18 billion, criminals took the opportunity to test the sector for size.
A 2020 research paper by content delivery network experts Akamai, highlighted the threats faced by the gaming industry. During the outbreak of the Covid pandemic from 2018 to 2020, web app attacks in the gaming sphere soared to 415%, at a time when global growth of web attacks was down to 2% year-over-year. As a result, gaming saw more growth in attack traffic than any other industry in 2020.
Three Major Threats to Online Gaming
OSINT research has made an important contribution to the detection and prevention of online financial crime. Let’s take a closer look at the main cybersecurity threats and how OSINT can help combat them.
Troubles within the gaming sphere are not just finance-related. Given the number of online gamers worldwide, far-right extremists have recognized the gaming sphere as an immense resource for recruitment. Rachel Kowert, research director at gamer-related mental health organization Take This, found that friendships sourced from gaming “are closer, long lasting and form faster than in other spaces on the internet.”
The rise in gaming-sphere related extremism is akin to that seen on social media platforms in previous years. The Steam platform is just one site that was found to have been a breeding ground for far-right extremists. The Nordic Resistance Movement (perhaps best known for the Gothenburg bombings in 2016/17) was known to have a presence on Steam. In addition, the Discord platform became a center for organizing offline events, such as the Unite the Right rally in Charlottesville, 2017.
Furthermore, a 2019 report from the Anti-Defamation League found that 53% of online multiplayer game players who experience harassment believe "they were targeted because of their race/ethnicity, religion, ability, gender or sexual orientation." The same report found that almost one in four players, 23%, said they have been "exposed to discussions about white supremacist ideology." But the situation is such that the current measures to prevent and counter violent extremism in gaming spaces are “nearly undetectable.”
• OSINT tools can identify objects and images that suggest a user is a cause for concern. Examples might be violent imagery, weapons, and nationalist-related material such as insignia.
• Important subject information can be extracted from gaming platforms including email addresses, IP addresses, bank details and account passwords.
• Past offenses can be identified, and suspects of potential extremist plots can be red-flagged and monitored.
• Software such as SL Professional can also map online behavior across multiple platforms, so comprehensive networks can be detailed.
Fraud in Gaming Platforms
Fraud-prevention company Kount has uncovered financial fraud in the realm of buying and selling virtual currencies, character skins, weapons and armor. Such artifacts are often bought using stolen credit cards and then sold on to an unsuspecting player.
Cyber-criminals may steal credentials through a number of different methods, from phishing scams (requesting user information for non-genuine means) to buying user information over the Dark Web: an artifact-loaded account may be sold for hundreds or thousands of dollars, and cost the hacker nothing but their time.
A recent Kount survey found that nearly a quarter of all gamers have been affected by financial fraud in some way. Such a figure underscores the scale of the problem faced by the gaming industry. If one in every four gamers has been affected by fraud, anyone registering on a platform is putting themselves at risk.
• Through mapping extensive digital footprints, users can be connected to sock puppet accounts and deanonymized.
• SL Professional allows investigators to covertly search through Dark-Web marketplaces to identify users who are dealing in gaming contraband.
• Trader profiles can be linked to accounts on the surface web uncovering potential hackers.
Money Laundering in the Gaming Sphere
Some criminals take financial fraud a step further and use accounts as a means of money laundering. This may be done through a legitimate account – that isn’t subject to the same anti-money laundering (AML) spotlight that, say, bank accounts are – or a stolen one.
Many online games have their own internal currency for which genuine money can be exchanged before being spent on character artifacts. Such money is often found to have been previously obtained through credit card fraud or other criminal activities. Artifacts are then sold on through a separate trading website, with the user’s tracks well covered.
• Through the intelligent analysis of blockchains, financial networks can be detailed, and illegitimate assets flagged up.
• OSINT tools can be harnessed to peer inside cryptocurrency mixing operations, which can be crucial in identifying questionable money streams.
• Products like SL Professional can scan the datasphere to identify suspicious addresses since they tend to appear in scam reports, existing investigations, and Social Media discussions within the crypto community.
Popular Gaming Platforms at Risk
This list focuses on two of the most well-known and popular platforms for gamers to have emerged in recent years. But, to be clear, almost any such platform these vulnerable to the same threats.
Discord has seen the kind of growth leap that all business leaders dream of. From 2016 to 2020, the brand’s estimated revenue valuation went from $5 million to a staggering $3.5 billion and now boasts a usership of over 300 million, which is serious testament to its popularity.
The platform, however, is one that’s come under scrutiny on matters of extremism, financial fraud and money laundering. With no encryption, chat histories are visible to all who register on a chat topic and users who fail to switch their settings to receive private messages only leave themselves open to phishing and scams.
Discord’s founders have worked hard to identify and remove its more extreme elements. However, by its very nature as a community-style site, it’s still a place where its largely young and impressionable audience is open to manipulation. Whatsmore, hate-related material is still easy to find within the Discord network.
Steam is another gaming-related platform that has been targeted by those operating in financial fraud and money laundering. The brand revolutionized the gaming world by focusing on hard-drive downloads, at a time when purchasing physical discs for games was very much the norm. As a result, its current usership of 120 million is set to keep growing, and game creators are happy to tap into such numbers by selling downloads directly through the platform.
The app formerly accepted Bitcoin payments, until it discovered that 50% of transactions were fraudulent. Steam has also decided against pursuing NFT payments, given the number of high profile scams out there.
Furthermore, Steam has made the headlines for a high proportion of phishing scams. Users are sent a link within a private message, which leads to a site that resembles a perfect match of the app itself. When prompted to input their details, unsuspecting users are sharing their personal information with criminals. And as we’ve seen, these account details will invariably be stolen and then sold on for a fee.
How OSINT Tools Offer a Solution
Given the rise of criminality found within the gaming sphere, the use of OSINT tools has become a vital ingredient in the quest for justice. Investigators who fail to utilize the powers of open source intelligence will end up being left behind.
Without having OSINT tools at their disposal, people just don’t have the capability to extract and analyze such huge amounts of data. But by employing tools such as SL Professional, it becomes possible to scour a multitude of sources, harness AI and visualization tools to uncover and trace connections between accounts and user groups. Financial crime detection is thus made possible in real time.
OSINT tools can help elaborate digital footprints, and map links between gamer accounts and an individual’s wider online presence. Character studies can be made to assess a user’s online relationships, whether they are personal or business-related. And whatsmore, the tools do most of the legwork for you, freeing up time and headspace for the decision-making that actually drives the investigation forward.
The sheer accessibility and popularity of Discord and Steam may be a major factor in how user info gets compromised. But with the right OSINT tools in your back pocket, any platform can also become a vital source of evidence in the race to combat cyber-crime within the gaming world and beyond.
If you’d like a more detailed account of how OSINT can help fight extremism and fraud in the gaming world, watch the recording of our webinar: OSINT and the Gaming Sphere Part 2: Extremism on Discord. In the session we’re discussing a range of OSINT techniques for successfully identifying extremist or radicalist groups and individuals within Discord.