Contents -- Introduction -- Part I: The Protection Game -- 1 Game Security Overview -- What Is Game Security? -- References -- 2 Thinking Game Protection -- Independence -- Lazy, Cheap, or Stupid -- Threats, Vulnerabilities, and Risk -- Beyond Protect, Detect, React -- Asymmetric Warfare -- Process, Testing, Tools, and Techniques -- Second Grader Security -- References -- Part II: Piracy and Used Games -- 3 Overview of Piracy and Used Games -- 4 The State of Piracy and Anti-Piracy -- Determining the Scope of Piracy -- Trusted Brand Security: Nintendo and ADV -- Anti-Piracy Innovators: Nine Inch Nails and Disney -- Going Forward -- References -- 5 Distribution Piracy -- Preventing Duplication -- Detecting Duplication -- Collectables, Feelies, and Other Stuff -- Disk as Key -- License Keys -- Splitting and Key Storage -- Busted Pirate: Now What? -- References -- 6 DRM, Licensing, Policies, and Region Coding -- The Basics of DRM -- Why DRM Doesn't Work -- Types of DRM Systems -- License Policy -- References -- 7 Console Piracy, Used Games, and Pricing -- Attacking Consoles -- The Used Games Market -- Pricing Pirates Out of Business -- References -- 8 Server Piracy -- Server Piracy Trends -- Authenticating the Server -- References -- 9 Other Strategies, Tactics, and Thoughts -- Measuring Piracy -- Fighting Pirate Networks -- Multi-Player Gaming -- Rich Interaction System -- Digital Affiliate System -- Playing with Secure Digital Distribution -- References -- 10 Anti-Piracy Bill of Rights -- Basic Fair Use Principles -- Registration Options -- Installation Options -- Connection Options -- References -- 11 The Piracy Tipping Point -- Determining the Goal of Anti-Piracy Policies -- References -- Part III: Cheating -- 12 Overview of Cheating -- 13 Cheating 101 -- Cheating and the Game Industry -- Fair Play -- Cheat Codes -- The CARRDS Reference Model.

The Remote Data Problem -- Security, Trust, and Server Architectures -- Random Events -- Player Collusion -- Business Models and Security Problems -- References -- 14 App Attacks: State, Data, Asset, and Code Vulnerabilities and Countermeasures -- Memory Editors, Radar, and ESP -- Data Obfuscators -- Code Hacks and DLL Injection -- Blind Security Functions, Code Obfuscators, and Anti-Tamper Software Design -- Save Game Attacks, Wallhacks, and Bobbleheads -- Secure Loader and Blind Authentication -- References -- 15 Bots and Player Aids -- Is It "Help" or Is It Cheating? -- CAPTCHAs: Distinguishing Players from Programs -- Cheat Detection Systems -- References -- 16 Network Attacks: Timing Attacks, Standbying, Bridging, and Race Conditions -- ACID, Dupes, and SQL Attacks -- Defensive Proxies -- Hacker Proxies -- Thinking About Network Time: Act, But Verify -- Securing Time -- References -- 17 Game Design and Security -- Design Exploits -- Collusion -- Trivia Games -- Word, Number, and Puzzle Games -- Algorithmic Games, Physics Flaws, and Predictable Behavior -- Speed, Twitch, Timing, and Pixel Precision -- Strong and Dominant Strategies and Deep Game Play -- Power of People: Rock-Paper-Scissors, Poker, and the World of Psychology -- Game Play Patterns: Combat Devolved -- Designing for the Medium -- References -- 18 Case Study: High-Score Security -- Cheating in High-Score Games -- Encryption, Digital Signatures, and Hash Functions -- Client-Server Option -- Randomly Seeded Client -- Alternative High-Score Strategies -- Puzzles, Skill-Based Games, and Other Deterministic Games -- Inappropriate Player Handles -- Summary -- References -- Part IV: Social Subversion: From Griefing to Gold Farming and Beyond with Game Service Attacks -- 19 Overview of Social Subversion -- 20 Competition, Tournaments, and Ranking Systems (and Their Abuse).

Understanding Tournaments and Ranking Systems -- Lobby Attacks -- Syndicates and Bots -- Tournament and Ladder Game Play Attacks -- Abandonment: The "Game Over" Game -- Game Operator Problems -- Identity Problems -- Countermeasures -- Retrofitting Games for Tournaments and Skill Games -- Summary -- Resources -- 21 Griefing and Spam -- Communications Griefing and Spam -- Game Play Griefing -- User-Created Content -- Liability and Business Risk -- References -- 22 Game Commerce: Virtual Items, Real Money Transactions, Gold Farming, Escorting, and Power-Leveling -- Amusement Park Economics -- Alternative Models -- On Virtual Items -- Gold Farming -- Gold Frauders, Online Thieves, and Insiders -- Potential Solutions -- Power-Leveling -- Escort Services, Subletting, and Virtual Prostitution -- Summary -- References -- 23 To Ban or Not To Ban? Punishing Wayward Players -- Crime, Credibility, and Punishment -- The Cost of Punishment: Who's Being Punished? -- Possible Punishments and Credible Deterrence -- Summary -- References -- Part V: The Real World -- 24 Welcome to the Real World -- 25 Insider Issues: Code Theft, Data Disclosure, and Fraud -- Code Theft and Other Data Disclosures -- Office IT Infrastructure -- Insider Fraud -- Playing Your Own Game -- Privileging and Isolation -- References -- 26 Partner Problems -- Contracting Security? -- Security Accountability in Third-Party Development -- Security Accountability in Third-Party Licensing -- Service Provider and Partner Security Issues -- Community and Fan Sites -- References -- 27 Money: Real Transactions, Real Risks -- Payment Processing -- Inside the Payment Process: PayPal -- Anti-Fraud -- Integration for Automation -- Payment Fraud -- References -- 28 More Money: Security, Technical, and Legal Issues -- PCI-DSS and Security -- Account Security, Virtual Items, and Real Money.

Money Laundering and Illegal Payments -- Money Laundering: Legal Issues -- References -- 29 Identity, Anonymity, and Privacy -- The State of Identity and Anonymity -- The Registration Problem and Identity Management Systems -- Age Verification -- Usage Controls and Game Addiction -- Account Compromise, Identity Theft, and Privacy -- Legal Requirements for Privacy Protection -- References -- 30 Protecting Kids from Pedophiles, Stalkers, Cyberbullies, and Marketeers -- Dealing with Cyberbullies, Pedophiles, and Stalkers -- Kids' Communications, Parental Controls, and Monitoring -- COPPA -- Children and Identity -- Child Pornography -- References -- 31 Dancing with Gambling: Skill Games, Contests, Promotions, and Gambling Again -- What Is Gambling and What Is Not -- Accidental Casinos -- Skill Games -- Miscellaneous Security Issues -- Legal Considerations -- References -- 32 Denial of Service, Disasters, Reliability, Availability, and Architecture -- What Can Go Wrong, Will Go Wrong -- Denial of Service -- Scalability and Availability -- Sample Game Operations Architecture -- Disasters and Disaster Recovery -- Contingency Planning -- References -- 33 Scams and Law Enforcement -- Scams in Games -- Game Scams -- Law Enforcement -- Facilities Requirements: Potential Unexpected Laws and Regulations -- References -- 34 Operations, Incidents, and Incident Response -- Secure Operations -- Active Measures -- Incidents and Incident Response -- Public Relations and the Perception of Security -- References -- 35 Terrorists -- Virtual Terrorism -- Online Tools for the Modern Terrorist -- References -- 36 Practical Protection -- "We Have Met the Enemy and He Is Us" -- The Business of Game Protection -- In Closing -- References -- A: Selected Game Security Incidents -- B: Glossary -- A -- B -- C -- D -- E -- F -- G -- H -- K -- M -- N -- O -- P -- R -- S -- T -- W.

X -- Index -- A -- B -- C -- D -- E -- F -- G -- H -- I -- J -- K -- L -- M -- N -- O -- P -- Q -- R -- S -- T -- U -- V -- W -- X -- Y -- Z.