The gaming industry has come a long way since I got my start in gaming with Diablo and Counter-Strike in the late ’90s. With the advent of virtual reality and the proliferation of virtual currencies, the gaming experience has evolved into something far greater in recent years. We no longer just have games, we have entire worlds — and real economies inside of them.
This is perhaps illustrated most famously by last summer’s World of Warcraft gold-stealing script incident. As gaming becomes more connected to the real world, so too do the consequences of bad actors looking to turn a quick profit. Just last week, hackers were back in the industry’s crosshairs with Microsoft’s move against Chinese hackers charged with stealing virtual currency.
As an industry, we have a lot of work to do if we want to keep the gaming experience and our respective community thriving. In particular, we must do more to prevent malicious hacking in modern gaming — and, importantly, we must find ways to do it without undermining the hacker culture that has existed at the very core of our community since the beginning. This hacker culture can offer significant benefits to the industry.
In the early days of gaming, hacking meant something far different than it does today. Long before the likes of Oculus and Vive, gamers’ eyes like mine were instead focused on the possibility of hacking games to beat whatever challenge was ahead — finding cheat codes, exploiting bugs, modding, and so forth. When games went online, the urge to hack them in this fashion only intensified.
Finding a bug in a game meant you could exploit it to beat your live opponents on the other side of the globe or steal digital objects and sell them for cash to other gamers on eBay or in underground forums. For proof, look no further than UnKnoWnCheaTs, a forum which surfaced back in the early days and has since grown to nearly two million members who swap game hacks and cheats.
For the gaming companies, this was great. The bigger and more engaged their community, the better. It was a sign of success. However, while internet-accelerated growth created amazing new opportunities for these companies, it also brought about new challenges they were not even remotely prepared for — chief among them, keeping their systems buttoned up while also keeping up with explosive demand.
In a nutshell, an increasingly competitive gaming market means that game makers and console manufacturers are under more pressure than ever to push new products and code updates out the door faster. Getting games in players’ hands can make all the difference in retention and profits. As such, gaming companies are forced to meet shorter and shorter time-to-market cycles — and this speed has some nasty side effects, like buggy games that hackers (both the good kind and the bad) can cash in on.
With hacking threats across virtually every industry reaching all time highs as well as a global gaming market that is now forecasted to top $23.5 billion annually, the stakes are higher than ever. Luckily, some gaming companies are getting ahead of the curve and learning to play well with hackers of every kind. Here are a few of their hacks and cheats that every gaming company should consider:
If you can’t beat them, join them
While it may sound defeatist, gaming companies that stop trying to fight off the hackers have a better chance at coming out on top. Nintendo, Riot Games, and Rockstar Games are just three companies that understand that gamers and hackers are equally curious people who will do whatever they can to beat an opponent or solve a puzzle. These companies also realize that exploiting a bug is a game in and of itself.
As a result, they’ve all launched bug bounty programs to give players a legal place to not only report a bug but to also get paid for doing it. Gaming companies can either punish the curiosity and persistence of gamers by banning them, or take control back and even improve their products by paying the hackers to report the bugs and thus keep news of the exploits from spreading and profits from circulating on the underground. (Protip: savvy gamers who get blocked will always find another way back in. That’s the curiosity I mentioned.)
Get into the underground
In line with not trying to beat the hackers at their own game, it’s important for gaming companies to dig in deep — I mean dark-web deep. Hire people who, like me, used to hack games for personal enjoyment and bragging rights and who understand and operate in forums like UnKnoWnCheaTs. In order to get the hackers to report the bugs directly to the game makers instead of the underground, it’s important for them first to know that a legitimate disclosure program even exists, and that they can get paid for responsibly disclosing. Having a community manager that’s nonstop, in-the-trenches connected and working with these hackers is critical for creating trust, responding to feedback and reacting to incoming bugs before they turn into gamers’ cheats.
Pay hackers a fair rate
Everyone wants to be compensated fairly, and hackers are no different. For game makers to make headway on the issue they must invest in this talent pool. One way to determine bounty rewards is by having entrenched community managers trolling the forums and dark web and interacting to see how much bugs are selling for. Understanding what a bug is worth on the underground and offering a bounty that is competitive with the market rate will show hackers that game companies are taking it seriously and not just providing a good-in-theory disclosure system.
As the gaming experience continues to evolve at a breakneck pace the gaming industry needs to embrace the hacking that’s happening in the community in order to successfully tackle whatever new gaming tech and techniques lie ahead. And while vulnerability disclosure programs are an important first step, that’s only a piece of what gaming companies need to do to ensure hackers aren’t gaming the system.
Justin Calmus represents a community of more than 100,000 hackers as Vice President of Hacker Success for HackerOne.