The video game industry is a rapidly growing economic sector that includes the development of video games and associated software. A recent VanEck study has shown that the industry hit around 179.7 billion dollars in revenue for 2020. With that kind of money, it is no wonder gaming becomes a magnet for tricksters and frauds. 

Technology loopholes

Most gaming scams come from developers’ errors and oversights. Cheaters can take advantage of the fact that developers "trust" players too much. For instance, if game logistics primarily takes place on a player’s side, an attacker may be able to access private game information and learn more than they should about their enemy’s army.

Fraudsters also often play on glitches and loopholes. Some teams leave the game when they realize that they will probably lose. By doing so, they can avoid the detection of their defeat and keep their scores high. Another way to outsmart the system is through in-game time, for example, by reducing the time of others’ turns or skipping them altogether. 

What else may make a game a scam paradise is the absence of authentication on servers or poorly protected hosts, which makes it possible for fraudsters to steal players’ accounts and alter the configurations of gaming servers. 

A year ago, Call of Duty introduced two-factor authentication, thus having reduced the amount of fraud in the game. Credit: ixbt.games

A year ago, Call of Duty introduced two-factor authentication, thus having reduced the amount of fraud in the game. Credit: ixbt.games

Specialized software and cheat codes

Not only perpetrators have specialized software. Ordinary users, too, turn to cheat codes to make games less challenging, turn on a god mode, or instantly obtain needed resources and equipment. However, it can also be a powerful tool to intervene in game infrastructure. Take graphic design software. It can be easily used to cover up some visual elements such as obstacles. 

Another trick, which is most common for esports competitions, is the so-called denial-of-service (DoS) attack. Such attacks are typically aimed at game servers or individual players. With their help, perpetrators can intentionally bring a game to an end by restarting its servers a moment before the results of the session are recorded. 

Specially-made programs also give hackers a way to intercept bad encrypted connections and thus learn more about certain players, their teams, a current situation, and amend this data before it forwards to servers. 

Artificial intelligence took scams to a whole new level. With the dawn of cutting-edge technologies, hackers learned to make use of the latest technological achievements for their own ends: for instance, by letting AI-based systems develop strategies, as well as predict all the possible outcomes and the next steps of other players for them. 

OpenAI Five is an artificial intelligence system trained to play Dota 2. In April 2019, the bot became the first AI to beat the world champions at The International. Credit: cybersport.metaratings.ru

OpenAI Five is an artificial intelligence system trained to play Dota 2. In April 2019, the bot became the first AI to beat the world champions at The International. Credit: cybersport.metaratings.ru

Human-made mistakes

Most often people fall for the tricks of fraudsters due to carelessness and ignorance. And this is true for other fields, too. People frequently use weak passwords (compromised passwords) or can be a little too trusting and distracted at times (social engineering).

There are, however, other human factors. Sometimes gamers choose to use third-party assets. These include cheats not only for games like GTA and The Sims but also serious esports contests. 

It also may happen that employees of developer companies use their powers to grant privileges to certain users or interfere in the course of competitions, for example, changing plot details or the map. As it was in Free Guy (2021), for example. 

In 2015, the Mail.ru team developed MRAC (Mail.ru AntiCheat) to fight cheating in Warface

In 2015, the Mail.ru team developed MRAC (Mail.ru AntiCheat) to fight cheating in Warface

Why doesn’t one simply eliminate fraud?

While systems can be fixed and human errors – reduced, third-party software is a different story.

To begin with, it is not always possible to detect frauds even using anti-cheat software. Today, hackers usually employ several tricks at once, which also worsen the situation. And what’s more, developers need to do more than just fix all bugs, they should come up with efficient security systems. It is no problem with specialists in information security on board yet if none, companies can always outsource the task. 

Learn more about cheating methods in multiplayer games in this article by ITMO students Nikita Kolesnikov and Sergei Shcherbin.

Back to top