‘Surprise stealing mechanics’ made short work of network perimeter security
Gareth CorfieldFri 11 Jun 2021 // 12:25 UTC
EA Games, publisher of Battlefield, The Sims and FIFA, has admitted to a “recent incident of intrusion into our network” in which attackers reportedly stole game source code and software development kits.
The company acknowledged the breach while downplaying its impact, saying no personal data of players had been taken and claiming the amount of game source data and tools taken was “limited”.
The breach was first reported by Vice’s Motherboard offshoot, which said it had been shown screenshots of posts on cybercriminal forums by the apparent thieves, boasting about what they had helped themselves to.
“You have full capability of exploiting on all EA services,” said one message quoted by the news website. Source code for football game FIFA 21, as well as EA’s cross-platform Frostbite game engine and various software development kits for other titles are said to have been stolen, with around 780GB having been copied from EA’s servers.
- EA Games’ Origin client contained privilege escalation vuln that anyone with user-grade access could exploit
- Red-faced, sweating and still in your chair: Welcome to eSports
- EA boots Linux gamers out of multiplayer Battlefield V, Penguinistas respond by demanding crippling boycott
- Days Gone PC: Melting pot of open-world influences makes for one of the more immersive zombie slayers out there
- Can The Register run Crysis Remastered? Yes, but we don’t see why you would want to
Nothing in Vice’s story suggested a ransomware attack, while the attackers are said to be trying to sell the stolen files to their fellow criminals. No details have yet made it into public about how the attackers got into EA’s networks.
EA Games did not immediately respond to The Register‘s questions but said in a statement reproduced by other news outlets that “no player data was accessed, and we have no reason to believe there is any risk to player privacy.” The firm added that it has made unspecified “security improvements” and is working with “law enforcement and other experts” to investigate the intrusion.
Game source code is valuable because makers of big-ticket titles go to some lengths to obfuscate their code in order to deter cheaters from giving themselves an unfair advantage in online multiplayer sessions.
ESET security specialist Jake Moore commented: “Attacks on games publishers are usually for other reasons such as cheat making or underground community kudos. Gaming source code makes a popular target for cheat makers and their communities, so protection must be watertight.”
In a chat with Bleeping Computer, people claiming to be the attackers said “full capability of exploiting on all EA services” would be handed over for $28m.
With millions of dollars being up for grabs in e-sports tournaments, the integrity of the game is critical. Nobody is interested in an unfair tournament – though some countries are very interested in subtly skewing internationally regarded tournaments in their favour.
Tom Van de Wiele, principal security consultant at F-Secure, added: “The EA source code and tools have a surprisingly high value to any company that operates in the shadows and want to get a leg up in competing with the bigger game development companies. Being able to steal an algorithm, approach, or game assets themselves and integrate them fast means not having to develop them on your own and means money and effort is saved that can be directed somewhere else.”
If indeed the source for EA’s Frostbite engine has been stolen, the potential would exist for cheat developers to build hacks for upcoming titles as well as ones currently on the market.
The effects of the data grab may be seen as embarrassing for EA, but the knock-on effects for that company’s position in the e-sports market may take a little longer to be felt. ®