[state of the internet] / security
Volume 6, Issue 2
GAMING_
You Can’t Solo Security
Photo: DreamHack
Table of Contents
Letter from the Editor — Gaming
Straight from the Gamers
Introduction
Protecting the Servers
Playing the Game
Perfectly Balanced
Dealing with Attacks
Additional Resources
Closing Thoughts
Methodologies
Appendix
Credits
2
3
5
7
14
17
21
24
25
27
30
37
Photo: DreamHack/Joe Chuang
2[state of the internet] / security Gaming — You Can’t Solo Security: Volume 6, Issue 2
We’re gamers too.
Whether it’s digging for diamonds in a virtual sandbox, playing the role of a hero in a
massively multiplayer online role-playing game (MMORPG), or looking for the perfect
place to set up an ambush in a first-person shooter (FPS), gaming is how many of us
let off a little bit of steam at the end of the day. Or maybe in the middle of the day
when there’s a dead space in the calendar, now that we’re all working from home.
Don’t tell my boss.
So when a game server goes down, or a gaming company’s network has increased
latency due to a Distributed Denial-of-Service (DDoS) attack, or an account is
compromised and digital goods are stolen, we feel the pain both as professionals
and as gamers. Much of the data we work with is generated by the teams directly
protecting many gaming companies from these attacks. Which means that we have a
pretty decent idea of the stress some of these organizations are under.
For this issue of the State of the Internet / Security report, Akamai is highlighting a
survey of gamers about their thoughts on security in partnership with the esports
production and broadcasting organization DreamHack. More than 1,200 gamers
from across Europe responded, and the results are, as you’ll see, very interesting.
While surveys aren’t the type of data we usually deal with in our reporting,
understanding how gamers picture security and how that relates to the types of
attacks game companies see on a daily basis made for some very thought-provoking
discussions within our team.
The team enjoyed having a chance to research the topic of gaming from so many
different angles. We know how we feel when our favorite games are under attack.
We understand the pressure defenders are under to keep these systems online and
running despite the attackers’ best efforts. What we hadn’t examined before was how
gamers themselves feel about the security of their games and their gaming accounts.
If you take nothing else from this issue of the State of the Internet / Security report,
please, please, please, remember not to reuse passwords, and take advantage of
the tools gaming companies make available to secure your accounts. Now, if you’ll
excuse me, I need to go order a two-factor authentication (2FA) token or two.
Martin McKeay
Editorial Director
Letter from the Editor — Gaming
3[state of the internet] / security Gaming — You Can’t Solo Security: Volume 6, Issue 2
Straight from the Gamers
3[state of the internet] / security Gaming — You Can’t Solo Security: Volume 6, Issue 2
We asked gamers who responded to the DreamHack & Akamai survey who
they thought should be responsible for security and what their personal
experiences have been. Here are just a few of their responses:
“Everyone is responsible for managing the security
correctly…I should make a strong and secure
password, [and] the gaming companies should [offer]
two-step verification and similar added security…”
— Frequent player who has not been hacked
“Everyone has an equal responsibility, and
should always, to the best of their ability,
ensure everyone is safe and protected online.”
— Frequent player who has not been hacked
“…[Security] must be a joint effort. The gaming
companies must provide a secure solution, but
I need to live up to them and use them…”
— Frequent player who has had their account hijacked in the past
4[state of the internet] / security Gaming — You Can’t Solo Security: Volume 6, Issue 2
“…One attempt through my business email got me,
and I had my Twitch, Twitter, Instagram, and most
likely Steam login leaked. Login attempts were
made, but luckily my 2FA saved most of them…”
— Professional streamer who was hacked
“I would say that I am responsible for my end. But gaming
companies are responsible for their games not getting
used as a back door.”
— Non-frequent player (plays a few times per week) who has been hacked
“Everyone is responsible for upholding the needed
security. [Players] should always try NOT to be the
weakest link since it’s there the attackers look.”
— Frequent player who has not been hacked
4[state of the internet] / security Gaming — You Can’t Solo Security: Volume 6, Issue 2
“You shouldn’t share any information, or use the same
passwords. The gaming company should always have
[2FA] and make sure everything is safe…”
— Frequent player who has not been hacked