Fortnite: Gaming Vulnerabilities on a Mass Scale

Since its inception, Fortnite has taken the gaming community by storm. Fortnite is a free-to-play game that generates its revenue solely from in-game purchases. Players buy in-game currency to use upgrading their accounts. The currency allows them to purchase aesthetic enhancements such as skins, gliders, and different dances.

Fortnite depends heavily on AWS which allows the company to deliver content to its consumers on a constant basis. Without AWS, it is unclear whether games like Fortnite could exist. This is extremely important because the number of active users directly correlates with the amount of revenue the company can bring in.

Because Fortnite relies heavily on networking technology to remain active, there are numerous areas of concern that we have explored in our research. They are outlined as follows:

·      Cheating

·      Account Seizures

·      DDoS Attacks

Cheating Issues

Like many other online games, Fortnite is susceptible to cheaters and within its systems. Because of its popularity, it’s a given that this would happen. Players who participate in cheating/hacking are generally frowned upon within the community and taken seriously by Epic Games. However, there is always a niche market of players who create and share these exploits.

Bastian Suter is the CEO and lead developer of BattlEye, a service that provides protection for both Fornite and main competitor PlayerUnknown’s Battlegrounds, among other titles. He points out that one of the difficulties of finding the source of these cheaters, is that they mainly share their cheats in private, undisclosed groups. In turn, this makes it hard for anti-cheat companies such as BattlEye to get ahold of them. He says, “There simply isn’t much public stuff for [BattlEye] games out there.”

In most cases where hacks are publicly shared, they simply don’t work. In one instance, there was a scam, misleading players into thinking they were downloading real hacks over the internet. In reality, what they were downloading was disguised malware that was loaded with advertisement spam to generate revenue for the hack distributors. By the time Epic Games was made aware of this, the malware had already been downloaded over 78,000 times. An ironic case, for those looking to take advantage of Fornite’s security.

Bastian Suter goes on to say, “China is one of biggest challenges for us currently. The hacking market in China is huge. Hackers there update pretty much all the time and so it's a constant battle against them. As a result, the issue cannot be completely solved, however this also pushes us to constantly improve.”

CEO of game streaming service Rainway, Andrew Sampson proposes that Epic Games act more diligent in preventing cheating through the use of increased YouTube video moderation. Because some people show off cheats and promote their usage through YouTube, Epic Games should act quickly to take these videos down, further reducing the amount of potential cheating players.

Epic has gone on to make it apparent how strongly they care about this issue, in pursuing hackers who infringe on their service regardless of their age. In one infamous case, Epic filed a federal lawsuit against a known YouTuber with 1.7 million subscribers, known as Golden Modz. An article by Ars Technica described it as, “[A] channel [that] focuses on entertaining moments brought about with Fortnite hacks that provide players with automatic perfect aim, reveal hidden items and enemies, and more.”

“Use of those mods constitutes copyright infringement and breach of the game's EULA, Epic argues, echoing lawsuits filed against Fortnite cheaters filed last year. But the new lawsuit goes farther in arguing that Lucas is using his YouTube videos to ‘demonstrate and promote the hacks he sells, and to direct those who watch the videos to the websites where he sells them.’”

The YouTuber continues to defend his case, stating that his content falls under YouTube’s fair use policy. Whether fair or not, Epic is making its point very clear, in that cheaters are not taken lightly.

Account Hackers

Beyond in-game cheaters, a huge problem persists in Epic Games’ authentication process. Everyday, the number of victims to hacked accounts on Fortnite is increasing. An article posted by Kotaku states, “There’s no hard data on how many, but a dive into sites where Fortnite players congregate suggests the number of alleged fraud cases in the world’s most popular games is sizable.”

Hackers claim that because Epic Games doesn’t ask for a lot of verification before players make in-game purchases, there is a clear opening for their attacks. The problem has ballooned because of two main reasons: account-holders’ previously compromised account information and Epic Games’ allegedly lax security.

Hackers take thousands of known email and password combinations and load them into software that automatically enters them into Epic Game’s client. When they get a successful hit, they get into the Fortnite account through the software, which can make its request for entry seem entirely legitimate to Epic’s client - a vulnerability, according to the hackers.

Thereafter, the account infiltrators make what seem like realistic in-game purchases to Epic Games. Upon purchase, they take the codes and then list and sell them through online marketplaces, like eBay. All done through a proxy service, where hackers disguise the intrusion as legitimate IP traffic.

This causes a lot of wasted time and resources on providing customer support and returns; an issue that can be overcome if Epic strengthens their security. Even after introducing two-factor authentication, the problem persists. Although a step forward, this is now a very common and almost basic level of security with online services these days. They will have to develop new methods of strengthening their login security.

Even if leaked account credentials from other sites are out of Epic’s hands from preventing, perhaps they could still implement automated ways of recognizing a user who has been victim to these leaks, by alerting and preventing them from using the same information. Epic will have to go a step beyond if they want to reduce risk or avoid liability for these attacks.

DDoS Attacks

Distributed Denial of Service attack, or DDoS attacks are of tremendous concern to Epic Games and Fortnite. These attacks occur when servers are purposely overloaded with immense amounts of traffic that they are unable to handle. The attack is often orchestrated by a single hacker that uses tons of different systems to send the large amounts of traffic.

The problem with these attacks is that it is near impossible to stop simply by blocking one IP address. This is because the hackers use many different sources to spam servers with information. This is possible through use of botnets, which are large private computer networks that are typically infected with some sort of malware and are used as the hacker’s resources without any of the owners knowing.

This is, of course, presents a huge problem for games like Fortnite whose sole purpose is to deliver content to its consumers. Even an hour of servers being offline could cost the company large amounts of cash. Not to mention, if your servers aren’t reliable, your customer base will begin to dwindle.

In April of this year, Fortnite experienced a widespread server outage. Initially, Epic Games reported this as a database problem. It was later discovered that this was indeed the result of a DDoS attack orchestrated by a hacker. The hacker, who calls themself “Restless,” claimed that they initiated the attack to show Epic Games how vulnerable they truly are. They also recommended that they increase their DDoS security efforts as more attacks were likely to follow.

Article by Kotaku: What's Really Going On With All Those Hacked Fortnite Accounts?
Article by Wired: Fortnite has a cheating problem and it isn't doing enough to fix it
Article by Ars Technica: Fortnite, GTA V hackers face legal action for online cheating

Something to think about...
1. What's the best approach for Epic to combat its system vulnerabilities?
2. The gaming industry is one of the largest in entertainment. There is always a new and better game that can attract viral popularity. What can emerging gaming companies learn from Epic's mistakes?