The new book "Exploiting Online Games" by Greg Hoglund and Gary McGraw explains how cheaters are winning at online role-playing games such as World of Warcraft where millions of players compete in the virtual world to win battles or treasure that is sometimes later sold to avid game players for real money.
Tell us a little about how WOW works technically.
It
s an Internet-based client/server model. You get the World of Warcraft program to run on a PC. It displays a graphical-user interface that talks to the Blizzard server constantly. It might be the worlds largest distributed system. The problem from the technical perspective is the program and the universe of the game have the property of state. If you want to give information about the World, you cant update clients with all that information. You give them pieces of that information. World of Warcraft keeps track of where your character is by giving you 3-D coordinates. If you figure out where those coordinates are stored, you can teleport it, something thats easy to do. The technique is called ping-ponging. You can use it to gain advantage in a fight. Are you supposed to do it? No. its a problem of the state.
Wouldnt the Warden be watching?
The Warden isnt watching that carefully. Its more interested in who youre talking to, instant messaging or whether youre using some of the well-known tools, like Thottbot. Its not watching the game process itself.
So how much cheating do you think takes place?
I estimated 10% to 20% of gamers are cheating. Also, in China there are sweatshops, where you pay someone ?3 per day to play the game for you.
You point out in the book that there are middleman companies that will broker virtual items that one gamer is willing to buy from another gamer willing to sell them.
Theres a real economic incentive to cheat. If you can collect 15 bazillion gold pieces from a certain character, you can re-sell this in the middle market, and get real money. You can sell your character to concerns like IGE and get real dollars for your stuff. So you cheat as a way to duplicate items. This is a virtual world deeply connected to the real economy.
What advice would you give the operator of WOW?
The main advice involves better software security practice in the client in order to make it much harder to cheat. One example would be to imagine a way to keep track of not just every piece of state but compute some vector on top of state. Compare the state you sent before. If you character teleported, you should catch it.
Sponsor
