Feeds

Everything you ever wanted to know about Xbox hacking

Cracking gameplay laid bare

Combat fraud and increase customer satisfaction

Tamper tantrums

Hardware tampering forms the second class of hacking activity. Hackers tamper with the data on their hardware via hex editing, rehashing and resigning to obtain digital items and products without payment. The tactic is used to artificially inflate account stats, making manipulated IDs a more valuable as a trading item in the underground economy.

"Because you can hook the Xbox up to your PC, people have created custom built tools to not only view the data on the Xbox hard drive, but alter the data through basic hex editing, rehash it (so the console thinks the files are legit) and resign it (which allows someone to use files that are tied to another profile)," Boyd told El Reg. "Not wanting to risk phishing themselves, some hackers will artificially inflate their Gamerscore and then try to sell the accounts on underground forums and even sites such as eBay."

This type of hardware tampering can also be harnessed in phishing attacks, impersonation, and other malfeasance.

"A recent exploit involved tampering with data on the Xbox hard drive which allowed you to join game sessions with a temporary name. The trick allowed phishers to impersonate game developers (whose gamertags are viewable on sites that list the gamerscore data) and ask for logins. By all accounts, the phishers did a roaring trade until this was fixed," Boyd explained.

Another (now closed) flaw involved exploiting Microsoft's Marketplace to obtain items for free. After making just one purchase, hackers developed a technique that involved changed just one line of code which allowed them to unlock every other item without paying for it. Microsoft soon put a kibosh on the ruse, but it does illustrates the fertile environment for hacking that the online gaming environment has become.

Lastly, online gaming environment can be beset with malicious disruption, as the result of hacking tools. Distributed denial of service attacks from botnets can kick players out of online game. It's also possible to purchase hardware that allows the unethical to cheat in games.

"Network disruption is a big part of certain areas in console modding and hacking scene," Boyd explained. "As most games are peer to peer with one gamer being the host, anyone can hook their Xbox to their PC via Internet Connection Sharing then use a combination of tools such as Zone Alarm to place IP addresses into trusted zones and network monitors to see the IP addresses in the first place. From there, they fire up a 'host boater' (which is basically a bonnet command program) which targets port 3074 - the port you need open for Xbox Live to work.

"They hit the flood button, and the hosts connection is flooded out by an army of infected PCs. As the attack targets the IP of the gamer directly and not the Xbox live service, it's very hard to do anything about these attacks," he added.

Combat fraud and increase customer satisfaction

Next page: DDoS for hire scams

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.