White Hat Hackers and What They Do in Gaming

Who is the figure characterised by a person in a hoodie with the face covered in front of a PC? You guessed it. It’s a hacker. But are all hackers bad? The term hacker has a certain negative connotation attached to it because the work we often associate with being done by a hacker is of illegal provenance. Attacks on personal data, phishing, taking down servers and many more illegal stuff transformed the term hacker into a negative word. However, in the correct definition, a hacker is someone skilled in computer technology who can achieve goals by non-standard means. One can argue that there are more “bad” hackers (the ones that use illegal means and obtain illegal information) than “good” hackers but there are “good” hackers out there, to these, we call White Hat Hackers. In this text, we will focus on the work produced by this class of hackers and how they can help the gaming environment.

Definition

White Hat Hackers… picture old western movies, do you remember the colour of the good guy’s hat? Even if you are not familiar with old westerns you guessed it, the good guys wore white hats to remind the audience of their purity and lawful and ethical actions. The main difference between white hat hackers and hackers is that the first ones, search for exploits or vulnerabilities only when they are legally permitted to do so. White Hat Hackers are hackers that a company specifically hires to test their security on multiple fronts. This is the main description of a white hat hacker’s work. To achieve these objectives, the white hat hacker can explore different possible exploits, such as:

• Pen Testing: this is used when the hacker tries to identify entry points to a determined system. This is a particularly complicated way of doing things because of legal concerns. Sometimes when testing the security of a company’s system, the hacker can try and enter the said system through a client/partner of the company. If said client/partner did not authorise or was unaware of the testing, they can identify it as an attack by a black hat hacker and legal problems can be the outcome of this test. This is the fine line where white hat hacking and black hat hacking sometimes converge;
• Denial-of-Service Attack (DoS Attack): this type of attack temporarily shuts down a service or network, this is used to test the response to these types of attacks;
• Vulnerability Scans: use of automated tools to identify security weaknesses. This will search for misconfigurations and outdated software versions that black hat hackers could harness;
• Email phishing: email phishing is when a recipient of an email is tricked into giving sensitive information or clicking on a malicious file or link so, the white hat hackers simulate phishing emails to evaluate the performance of the employees of a company on identifying these types of behaviours;
• Wireless Security Testing: white hat hackers use tools that can capture and analyse wireless traffic to detect rogue access points and also crack weak encryption, ensuring a safe network;
• Social Engineering: these hackers can use behavioral techniques to test security. This is done by taking advantage of human nature to make employees perform illegal activities such as breaking security protocols or giving away sensitive information;
• Reverse engineering: by the use of tools like disassemblers, debuggers and decompilers, reverse engineering is used to identify potential vulnerabilities in software, hardware or firmware;

This list is continuously changing with the creation of new forms of exploitation and/or new systems to analyse and protect.

Need for Security in Gaming

The gaming industry, one of the most profitable industries in the world being mainly built on the digital world, is the perfect target for attacks and the perfect environment for the appearance of white hat hackers. From the protection of data to the security of software and servers, there are a lot of areas where the expertise of white hat hackers can be used to protect this industry.

White Hat Hackers in Gaming

There are not many publicly known cases of white hat hackers in gaming, one of the main reasons being that large companies are too large to expose that they are under such trials or that they search for these types of hackers, sometimes, silence is the best ally on security and others because they are not supposed to come public. However, there are a few public examples of white hat hackers that did work on gaming. Usually, this type of work arrives when a studio or publisher announces Bug Bounty Programs. These programs attract white hat hackers from beginners to professionals to help these companies find bugs or exploits in their defenses. Microsoft, Sony and also Ubisoft, Electronic Arts and Activision Blizzard have enrolled in such programs and they do this regularly.

With more and more security concerns, from cheaters to black hat hackers acting in all sorts of ways, the gaming industry will need white hat hackers committed to keeping their games secured we all know that gaming communities can be toxic but when hard times come, the love for gaming prevails and much more good will come of it.

Let’s finish this text by saying that, although sometimes white hat hackers can aspire to something good if they are not authorised to conduct searches on a company’s defences or system they too are breaking the law and the colour of the hat might change, white hat hackers always have the “go to” order from companies or are enrolled in test phases or bug bounty programs.

Bug Bounty Program examples (these links may disappear as the program ends): - Microsoft (Xbox): https://www.microsoft.com/en-us/msrc/bounty-xbox?rtc=1

- Sony (PlayStation): https://hackerone.com/playstation?type=team

- Nintendo: https://hackerone.com/nintendo?type=team

- Rockstar: https://hackerone.com/rockstargames?type=team

- Riot Games: https://hackerone.com/riot?type=team