'Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first.
Explore a preview version of Exploiting Online Games: Cheating Massively Distributed Systems right now. O’Reilly members get unlimited access to live online training experiences, plus books, videos, and digital content from 200+ publishers. Exploiting Online Games: Cheating Massively Distributed Systems by Greg Hoglund; Gary McGraw. Paperback - Secondhand Book - Very Good Condition. And this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it.
'The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys.'
--Aviel D. Rubin, Ph.D.
Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University
'Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be.'
'If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge.'
--Edward W. Felten, Ph.D.
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
'Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional.
'Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge.'
Chief, Information Protection Directorate
United States Air Force
'Like a lot of kids, Gary and I came to computing (and later to computer security) through games. At first, we were fascinated with playing games on our Apple ][s, but then became bored with the few games we could afford. We tried copying each other's games, but ran up against copy-protection schemes. So we set out to understand those schemes and how they could be defeated. Pretty quickly, we realized that it was a lot more fun to disassemble and work around the protections in a game than it was to play it.
'With the thriving economies of today's online games, people not only have the classic hacker's motivation to understand and bypass the security of games, but also the criminal motivation of cold, hard cash. That's a combination that's hard to stop. The first step, taken by this book, is revealing the techniques that are being used today.'
--Greg Morrisett, Ph.D.
Allen B. Cutting Professor of Computer Science
School of Engineering and Applied Sciences
'If you're playing online games today and you don't understand security, you're at a real disadvantage. If you're designing the massive distributed systems of tomorrow and you don't learn from games, you're just plain sunk.'
--Brian Chess, Ph.D.
Founder/Chief Scientist, Fortify Software
Coauthor of Secure Programming with Static Analysis
'This book offers up a fascinating tour of the battle for software security on a whole new front: attacking an online game. Newcomers will find it incredibly eye opening and even veterans of the field will enjoy some of the same old programming mistakes given brilliant new light in a way that only massively-multiplayer-supermega-blow-em-up games can deliver. w00t!'
Principal Consultant, Cigital
Coauthor of Network Security with OpenSSL
If you are a gamer, a game developer, a software security professional, or an interested bystander, this book exposes the inner workings of online-game security for all to see.
From the authors of the best-selling Exploiting Software, Exploiting Online Games takes a frank look at controversial security issues surrounding MMORPGs, such as World of Warcraft™ and Second Life®. This no-holds-barred book comes fully loaded with code examples, debuggers, bots, and hacks.
This book covers
Why online games are a harbinger of software security issues to come
How millions of gamers have created billion-dollar virtual economies
How game companies invade personal privacy
Why some gamers cheat
Techniques for breaking online game security
How to build a bot to play a game for you
Methods for total conversion and advanced mods
Written by the world's foremost software security experts, this book takes a close look at security problems associated with advanced, massively distributed software. With hundreds of thousands of interacting users, today's online games are a bellwether of modern software. The kinds of attack and defense techniques described in Exploiting Online Games are tomorrow's security techniques on display today.
|Spouse(s)||Penny C. Leavy|
Michael Gregory Hoglund is a recognized author, researcher, and serial entrepreneur in the cyber security industry. He is the founder of several companies, including Cenzic, HBGary and Outlier Security. Hoglund contributed a great deal of early research to the field of rootkits, software exploitation, buffer overflows, and online game hacking. His later work focused on computer forensics, physical memory forensics, malware detection, and attribution of hackers. He holds a patent on fault injection methods for software testing, and fuzzy hashing for computer forensics. Due to an email leak in 2011, Hoglund is well known to have worked for the U.S. Government and Intelligence Community in the development of rootkits and exploit material. It was also shown that he and his team at HBGary had performed a great deal of research on Chinese Government hackers commonly known as APT (Advanced persistent threat). For a time, his company HBGary was the target of a great deal of media coverage and controversy following the 2011 email leak (see below, Controversy and email leak). HBGary was later acquired by a large defense contractor.
Hoglund has founded several security startup companies which were still in operation today:
As an author, Hoglund wrote Exploiting Software: How to Break Code, Rootkits: Subverting the Windows Kernel and Exploiting Online Games: Cheating Massively Distributed Systems, and was a contributing author on Hack Proofing Your Network: Internet Tradecraft. He was a reviewer for the Handbook of SCADA/Control Systems Security. He has presented regularly at security conferences such as Black Hat Briefings, DEF CON, DFRWS, FS-ISAC, and RSA Conference, among others. Hoglund drew the attention of the media when he exposed the functionality of Blizzard Entertainment's Warden software, used to prevent hacking in the popular game World of Warcraft.
HBGary found controversy in 2011 after corporate emails were leaked from the now defunct sister company HBGary Federal. Of particular note, the founder of HBGary Federal, Aaron Barr, had authored a draft Powerpoint presentation on information warfare (IW) that was the subject of much interpretation by online reporters and bloggers. It outlined controversial information warfare strategies and techniques, including background checks to discredit online reporters/bloggers, OSINT monitoring of detractors, and disinformation to discredit Wikileaks. This presentation was never shown to be used, and the supposed customers of this work were never actually customers of HBGary Federal, and further stated they were not aware of the presentation.
After the incident in 2011, several hackers branded the attack on HBGary as the work of Anonymous. Later, this branding was abandoned and replaced with the hacking group LulzSec. At this time, the identities of the hackers behind LulzSec were not known. In an interview after the attack, Hoglund characterized the group as criminal hackers and revealed that he had recently refocused HBGary's attribution team, previously used to hunt down Chinese APT (Advanced persistent threat), to instead discover the identities of the Lulzsec hackers. Less than six months later, the leader of LulzSec, Hector Xavier Monsegur (aka Sabu), had been secretly arrested by the FBI and turned into an informant against the rest of Anonymous. HBGary admitted to working closely with law enforcement, and was later given credit for their assistance to the FBI in the investigation that lead to the arrest of the LulzSec leader Hector Xavier Monsegur (aka Sabu).
Hoglund also founded and operated rootkit.com, a popular site devoted to the subject of rootkits. Several well known rootkits and anti-rootkits were hosted from rootkit.com, including Jamie Butler's FU rootkit, Hacker Defender by HF, Bluepill by Joanna Rutkowska and Alexander Tereshkin, ShadowWalker by Sherri Sparks, FUTo by Peter Silberman, BootKit by Derek Soeder (eEye), and AFX Rootkit by Aphex. A complete list can be found on the wayback engine for rootkit.com Last snapshot of rootkit.com on Wayback. Rootkit.com's original site administrators were Greg Hoglund, Fuzen_Op (Jamie Butler), Barns (Barnaby Jack), Caezar of GhettoHackers (Riley Eller), Talis (JD Glaser of NTObjectives), and Vacuum of Technotronic. At its peak, rootkit.com had 81,000 users.
Rootkit.com was compromised in 2011 via Social engineering (security) as part of the LulzSec attack by Hector Xavier Monsegur (aka Sabu) and the user database was leaked. The leaked user database was then used for research against the Chinese Government-sponsored hacking group commonly known as 'APT1'. The rootkit.com site since remains offline.
Hoglund was an early pioneer in the research and development of physical memory forensics, now considered standard practice in computer forensics in law enforcement. He saw the physical memory as a complex snapshot of interrelated structures and data arrays, instead of just a flatfile full of strings. The original application was not forensics, but rootkit detection and process hiding – showing how physical memory forensics grew partly from rootkit development. With the release of HBGary's product Responder in 2008, Hoglund was one of the first to deliver OS reconstruction to the market, pivotal in the use of physical memory to reconstruct software and user behavior. Responder PRO continues to be a staple tool for law enforcement and incident response today.