Feeds

Everything you ever wanted to know about Xbox hacking

Cracking gameplay laid bare

Providing a secure and efficient Helpdesk

Tamper tantrums

Hardware tampering forms the second class of hacking activity. Hackers tamper with the data on their hardware via hex editing, rehashing and resigning to obtain digital items and products without payment. The tactic is used to artificially inflate account stats, making manipulated IDs a more valuable as a trading item in the underground economy.

"Because you can hook the Xbox up to your PC, people have created custom built tools to not only view the data on the Xbox hard drive, but alter the data through basic hex editing, rehash it (so the console thinks the files are legit) and resign it (which allows someone to use files that are tied to another profile)," Boyd told El Reg. "Not wanting to risk phishing themselves, some hackers will artificially inflate their Gamerscore and then try to sell the accounts on underground forums and even sites such as eBay."

This type of hardware tampering can also be harnessed in phishing attacks, impersonation, and other malfeasance.

"A recent exploit involved tampering with data on the Xbox hard drive which allowed you to join game sessions with a temporary name. The trick allowed phishers to impersonate game developers (whose gamertags are viewable on sites that list the gamerscore data) and ask for logins. By all accounts, the phishers did a roaring trade until this was fixed," Boyd explained.

Another (now closed) flaw involved exploiting Microsoft's Marketplace to obtain items for free. After making just one purchase, hackers developed a technique that involved changed just one line of code which allowed them to unlock every other item without paying for it. Microsoft soon put a kibosh on the ruse, but it does illustrates the fertile environment for hacking that the online gaming environment has become.

Lastly, online gaming environment can be beset with malicious disruption, as the result of hacking tools. Distributed denial of service attacks from botnets can kick players out of online game. It's also possible to purchase hardware that allows the unethical to cheat in games.

"Network disruption is a big part of certain areas in console modding and hacking scene," Boyd explained. "As most games are peer to peer with one gamer being the host, anyone can hook their Xbox to their PC via Internet Connection Sharing then use a combination of tools such as Zone Alarm to place IP addresses into trusted zones and network monitors to see the IP addresses in the first place. From there, they fire up a 'host boater' (which is basically a bonnet command program) which targets port 3074 - the port you need open for Xbox Live to work.

"They hit the flood button, and the hosts connection is flooded out by an army of infected PCs. As the attack targets the IP of the gamer directly and not the Xbox live service, it's very hard to do anything about these attacks," he added.

Choosing a cloud hosting partner with confidence

Next page: DDoS for hire scams

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.