returnreturn
Follina a silent Client-Side

By:
Mariano Quintana
CYBERSECURITY TRAINER & RESEARCHER

SHARE

Twitter Facebook linkedin

Cyber Security guide for gamers

Every day we face several cyber risks without realizing it, some of them just go unnoticed because there was no one who had the intention of taking advantage of the moment, or as we usually say, there was no one who had a reason. If there is no such reason, there is no attack and if there is no attack people usually do not change their behavior. All this is enhanced if we do not have the correct computer education from the beginning, which, like "learning to use Excel", should be in the top ten of knowledge necessary to develop in life, precisely because life as we know it is increasingly more present in cyber areas than before.

One of the main areas is the Gaming, scene, which without taking into account social networks and other cybernetic ecosystems groups, adds up to 3.1 billion people in the world,, that is, approximately, 40% of the world population.


What do we want to achieve?

A large part of the public is used to minimizing the intentions of attackers. Then questions occur that lead us to not have the need to increase our level of awareness regarding these issues, questions like; Who is going to attack me? Why does an attacker want my data? How are they going to think of getting into a gaming platform? Etc etc. The lack of the stated need means that most people in the scene are not motivated to learn about information security on a personal level. But as the great Aristotle said when he used his PC“Nothing happens until it happens” I don't know if Aristotle said it or not...), since when an incident occurs, everyone runs after a professional to recover the lost information, when in most cases it's usually too late.

Therefore, to avoid inconveniences with our integrity, confidentiality or availability in the most frequent computer fields, it is necessary to follow a series of tips that can help us to prevent any situation that compromises us, with the clarification that no technique is completely infallible, but if we begin to understand the risks, to have less appetite for it and thus minimize the attack surface.


What is an attack surface?

An attack surface is, in a nutshell, what the attacker can see and know the result of a previous exploration. Where the points of interest are revealed. We can find a clear example, associating this with the uncovered area of the map;


What is Risk?

Defining what is something risky can be contradictory, since among all people there are different perceptions of it. It can be risky for a person who knows how to swim, swimming in the sea, for example, but for an expert open water swimmer, the task may be easier than it seems. What does this have to do with? Specifically, it is about the risk appetite of each person, calculated based on awareness of all the factors involved in carrying out that action, eg, the expert swimmer knows the behavior of the sea, when it is safe to jump into the water and in which areas it is more likely to offer less resistance to the strokes. Not having this kind of knowledge, we usually find ourselves running towards a point without any sense and with a double-edged sword in hand.


Therefore, as we take more information from the environment, we can choose to "risk" more or less to perform a certain situation. The equivalent to the behavior of the sea in our Gaming environment, refers to the possible attacks that the attackers can cause, on the lack of knowledge of people under certain circumstances.

⦁ Do not reveal your private or personal information

It is a simple idea, if it is not a safe and professional environment, why are we going to provide our information to a stranger who just played an online game with us if it is not necessary? Less is more.

What are the biggest challenges?

Within the foci where some information can escape us, we must pay special attention to the following points:

  • Choice of NickName/Alias: We must try so that the attacker cannot identify us easily. eg; If your name is John Doe, do not use johndoe in your name and change it to something cooler like N00bKiller.
  • Horizontal data security: We must not repeat data or names that we use on other websites and if it is possible, also use another email address to register the account.
  • Information included in the profile: Take special care regarding the data that we add to our player profile when configuring our account.
  • Linking with Social Networks: Avoid linking your gaming account with your own social networks.
  • Minimize interaction: Most of the social networks associated with gaming allow you to interact with other players, share achievements, number of hours of play, what they are doing at the moment and a long etcetera. That is why configuring the security of our Platform to the maximum is usually very helpful.
  • Avoid commenting personal information: When interacting with our network friends, we should avoid commenting on their profiles any type of personal information, given that many people have their profiles public therefore anyone can access that content.

⦁ Unbearable Cyber-Harassment

Just as in real life, in the Gaming environment there are toxic games. Games in which we find ourselves immersed in a waterfall of insults that becomes unbearable when it comes to continuing to concentrate. Therefore, at this point we must not only stop the situation, but, although it is difficult, we must give more importance to our emotional state than to the achievements of the game, which is why it is recommended that;

  • Report CyberBully; If a participant has attacked you, use the game's mechanisms to report their harassment, most online games in the professional field have well-oiled reporting mechanisms to prevent these situations.
  • If a colleague is attacked, do not join: It is very common to join the jokes of other players to make the harassment stronger, so do not do what you do not like to be done to you.
  • Prioritize state of mind vs game progress: Some platforms penalize you if you leave the game. If you are being a victim of cyberbullying, always putting yourself ahead of achievements helps our self-esteem not be affected, leave the game.
  • No to discrimination: Aim for zero tolerance regarding any attitude of discrimination within the game. Stopping the wheel many times also depends on ourselves.

⦁ Grooming, a growing danger

All the most terrible atrocities of the human being are transferred to the internet, online sexual abuse too and luckily in several countries it is already punishable. Particularly characterized by a crime by an adult against a child or adolescent. Within the game you have to be especially careful if we are facing an attempt of grooming. We generally find 5 stages that are associated with this process.

  • Deception: Contact through a fake profile, pretending to be your age
  • Trust: A link is generated that appears to be safe for the victim, this toxic link requires and clarifies that everything must be kept secret.
  • Sexual component: They no longer talk about topics of interest, but instead requests for photos are made or inquires about the sexual life of the victim.
  • Extortion: The stalker appeals to the victim's fear that if he does not continue with the relationship, the whole world will find out about the matter.
  • Physical contact: The stalker tries to generate a physical encounter with the victim.

In response to these issues, if you are being a victim of these situations, ask the nearest adult for help, do not be afraid of what can happen. One has to take care and not worry about it. If you are on the adult side and have adolescents or children in charge, some type of monitoring of their behavior is almost mandatory in order to detect these situations in time. If your child today has a cell phone and access to this virtual world, it is equivalent to the child being in a disco surrounded by adults and talking about any topic.

⦁ Phishing, the same as always but different

On gaming platforms today, there may be real treasures valued at thousands of dollars that can arouse great envy in our opponents. Therefore, these platforms are not exempt from the phishing attacks.

A common phishing attack is based on the faithful imitation of a web page. But when we talk about gaming it goes a little further than a simple imitation. One of the most frequent attack vectors is the type of attack called Browser-in-the-browser (BiTB), mainly affecting users of the Steam platform in competitive and professional fields. As we can read in a post made by Bleeping Computer, the method to obtain our data is based on a page mounted in a popup browser (in the best ClickJacking style) exactly emulating the login form of Steam, Such pop-up browser has a “certificate” that makes it look legitimate.


This browser in the browser, are not pop ups, although they seem so. Rather, they are elements that are part of the attacker's own website. In short, the methods to protect ourselves are always the same;

  • Do not click anywhere.
  • Do not fill the data in forms with dubious provenance.
  • Do not get carried away by false inscriptions, review the sources
  • Configure the 2FA whenever possible on all platforms.
  • We can notice phishing through BiTB if we observe the amount of open browser instances. We only have one open browser instance.
  • Be very careful and think 4 times before putting our data in a form.
  • When in doubt and if it is not possible to determine, consult the support of the platform, so that they determine whether or not the redirection carried out is trustworthy.
  • Never trust suspicious senders or strangers.

⦁ Protect Your Data on Shared Computers

In the environment, the computer is also shared (it is not my case because I do not lend my computer), but if at any time this need occurs. We have to pay special attention to the data that we place in the forms and/or browsers. Therefore, the following recommendations could be followed;

  • Log out when finished playing.
  • Do not save our passwords by default.
  • Use incognito mode if possible when accessing an account through the browser.
  • If you ignored the previous option, make sure to clear the cache of the computer (a good option is the Ccleaner portable)
  • Always have 2FA activated, linked to our phone.

If we were to make an analogy, think of a shared PC, like a room for rent. A room where we bring our things and when we have to leave, we check 20 times if we forgot something, since it must be left clean and in the same condition in which we acquired it.


⦁ Reality vs Virtuality

Those of us who play daily know that the level of immersion felt while playing or immersed in a game's story mode makes us lose our sense of time and space. So I know separating reality from virtuality, balancing time between the digital and physical world, becomes a more than important task.

Finding this correct balance leads us to have to designate game times to prevent it from becoming something harmful to the human being.

"If it keeps up, man will atrophy all his limbs but the push-button finger." –Frank Lloyd Wright

If playing is your profession, a good way to maintain this balance is to complement the task with good exercise, take care of your eyes and hands, since they are your work tools. We must not move to the virtual world. In the event that it is your job, the principle is the same, a correct balance between work (gaming) and real life.


⦁ Connect to trusted wireless networks

It is important that we always connect to trusted networks. No one pays attention to points like this, since in most cases the need to play over security urges us, and as we well know, security is the enemy of availability. Just as we have to take the necessary time to review an email, we must also be absolutely sure of the networks we are using to access the jungle of the Internet. Therefore, we recommend that the following points be taken into account:

⦁ Do not connect to any public or unknown network.

Although the short recommendation is a bit funny, the idea is always that we trust our internet access. If something happens, it is that any modification in this type of network is usually out of our reach, that is where we return to the risk appetite that we talked about above. If I am not aware of its security, why risk it, right?

Although sometimes there is usually no other alternative, in that case Security always starts with you. Within the councils, applying the appropriate sanitation to our computer, to our account and to our data, will give us greater chances of success against the risk we face (our data getting captured).


Conclusion

The story is always often repeated, the human being makes a copy-paste of their behavior in real life vs virtual life. Sometimes it is always better to think about how to solve the usual problems of carelessness, and then move it to a more complex or simple field, depending on which perspective we look at it from. As we have seen, most of the issues refer to people's carelessness, lack of knowledge or the ability to put ourselves on a kind of eternal autopilot.

“The real danger is not that computers will begin to think like men, but that men will begin to think like computers..” – Sydney Harris

That's why we must internalize and, if we work with technology, emphasize understanding it, not panic without reason, understand the situation and take care of our information and ourselves..