US charges Chinese hackers behind ‘unprecedented’ attacks on gaming companies
Hackers targeted multiple video game companies to generate and sell virtual currency online, the Justice Department said.
James Martin/CNET
Video games are a billion dollar industry, and hackers are starting to take notice, the Justice Department warned on Wednesday. The agency announced charges against five Chinese hackers and two Malaysian tech executives over a six-year campaign against multiple video game companies.
The five hackers, Zhang Haoran, Tan Dailin, Qian Chuan, Fu Qiang and Jiang Lizhi, are allegedly responsible for hacking more than 100 companies, including social networks, telecommunications providers, universities and non-profit organizations. While these are common targets for nation-state hackers, the attacks on video game companies raise a new concern for the Justice Department.
“We see this as unfortunately a new area in which hackers are exploiting, and it’s a billion dollar industry,” Michael Sherwin, the acting US attorney for Washington, DC, said at a press briefing. “There’s a lot of coins, tokens, digital currency involved in a lot of these online games.”
Video game purchases drive billions in sales every month, reaching $1.2 billion in July. Fortnite, which is a free game, earned $2.4 billion in revenue off of in-game purchases in 2018. For hackers, it’s an industry prime for profits through cyberattacks.
“This is a new target rich environment in which hackers are targeting,” Sherwin said, calling the scope and sophistication of these attacks “unprecedented.”
The hacking campaign began in June of 2014, and had been going on up until this August, Justice Department officials said. It affected video game companies based in the US, South Korea, Japan and Singapore.
The group of Chinese hackers would gain access through multiple methods, including brute force attacks, spear-phishing and supply chain attacks. Brute force attacks are when hackers guess all the possible passwords until something works.
One video game company, based in California, was breached after the hackers sent an email pretending to be a former employee, with a malware-laced resume attached, according to the court documents.
The FBI’s wanted poster for the five Chinese hackers.
FBI
Justice Department officials also noted that the supply chain attacks didn’t just affect the video game companies, and reached multiple corporations around the world. The Chinese hackers would compromise software used by major companies, and gain access through malicious backdoors they created, officials said.
Once the hackers had access to a video game company, they would modify its databases to generate certain items or virtual currency for themselves and then sell it through a marketplace called SEA Gamer Mall, a company based in Malaysia.
Its CEO, Wong Ong Hua and its chief product officer, Ling Yang Ching, are accused of working with the Chinese hackers to sell the virtual items on their platform. Malaysian police arrested the two on Monday and the US government is seeking an extradition.
The company didn’t respond to requests for comment.
Prosecutors said that Ling joined a Facebook group labeled as a black market for one of the hacked games, which he used to promote selling the virtual items.
It’s unclear how profitable the effort was, but investigators found 3,779,440 in an unknown currency transferred to one hacker’s bank account in 2014.
In July 2017, the hackers started targeting games based in the US and Europe after finding low revenue on games based in Southeast Asia, according to court documents.
While having access to the video game companies’ internal network, the attackers were also able to stay a step ahead of their fraud detection. The hackers monitored their protections and frequently worked around them to continue their campaign, Justice Department officials said.
The hackers had access to 25 million records of customers’ names, addresses, password hashes, emails and other personal information.
According to court documents, the hackers also used their access to sabotage their competition in video game sales.
Deputy attorney general Jeffrey Rosen said the agency worked with Google, Microsoft, Facebook, Verizon and other tech companies to stop their hacking campaign. That includes shutting down fake pages designed to look like Google and Microsoft logins, and taking down virtual private networks that the hackers used to hide their tracks.
“We have used every tool at the department’s disposal to disrupt these APT 41 activities,” Rosen said.