Identifying Potential Risk, Response, and Recovery during Gaming Software Development
Bandon Wilson
Professor Ali Abedin
CIS 333
November 25, 2014 Internet bots, also known as web robots, WWW robots or simply bots, are software applications that run automated tasks over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. The largest use of bots is in web spidering, in which an automated script fetches, analyzes and files information from web servers at many times the speed of a human. Each server can have a file called robots.txt, containing rules for the spidering of that server that the bot is supposed to obey. In addition to their uses outlined above, bots may also be implemented where a response speed faster than that of humans is required for example, gaming bots and auction-site robots or less commonly in situations where the emulation of human activity is required, for example chat bots. Recently bots have been used for search advertising, such as Google AdSense. (Juusi, 2012) Internet bots are also commonly used in games such as RuneScape, despite the fact that it's not allowed. RuneScape has now known bots as illegal and you will receive a fine of $500-$2,500.
Another, more malicious use of bots is the coordination and operation of an automated attack on networked computers, such as a denial-of-service attack by a botnet. Internet bots can also be used to commit click fraud and more recently have seen usage around MMORPG games as computer game bots. A spambot is an internet bot that attempts to spam large amounts of content on the Internet, usually adding advertising links. There are malicious bots and botnets of the following types:
1. Spambots that harvest email addresses from internet forums, contact forms or guestbook pages
2. Downloader programs that use up bandwidth by downloading entire web sites[citation needed]
3. Web site scrapers that grab the content of web sites and re-use it without permission on automatically generated doorway pages.
4. Viruses and worms.
5. DDoS attacks.
6. Botnets / zombie computers; etc.
7. File-name modifiers on peer-to-peer file-sharing networks. These change the names of files (often containing malware) to match user search queries.
8. Automating the entry of internet sweepstakes or instant win games to get an advantage.
9. Automating tasks on promotional web sites to win prizes.
10. Votebots which automatically cast votes for or against certain forms of user-contributed content such as videos on YouTube or reader comments on blog pages. (Juusi, 2012). Bots are also used to buy up good seats for concerts, particularly by ticket brokers who resell the tickets. Bots are employed against entertainment event-ticketing sites, like TicketMaster.com. The bots are used by ticket brokers to unfairly obtain the best seats for themselves while depriving the general public from also having a chance to obtain the good seats. The bot runs through the purchase process and obtains better seats by pulling as many seats back as it can. Bots are often used in massively multiplayer online role-playing games (MMORPG) to farm for resources that would otherwise take significant time or effort to obtain; this is a concern for most online in-game economies (Ki, 2014). As such, players are often banned from their respective MMORPG for going outside the programming and "cheating" as bots are not typically allowed because they give an unfair advantage (Ki, 2014).
It is my recommendation that we approach the preceding malicious attacks and threats with a hybrid of risk mitigation and avoidance policies. The following methods and steps would position the company to be successful.
Minimizing the security system's vulnerabilities and weaknesses that were determined in a previous assessment is the first step in developing effective security policies and controls. This is the payoff of the proactive strategy. By minimizing vulnerabilities, security personnel can minimize both the likelihood of an attack, and its effectiveness, if one does occur. Be careful not to implement too stringent controls because the availability of information could then become a problem. There must be a careful balance between security controls and access to information. Information should be as freely available as possible to authorized users. (Microsoft Corporation, 2012)
There should be a plan per type of attack and/or per type of threat. Each plan consists of a set of steps to be taken in the event that an attack breaks through the security policies. The contingency plan should:
•Address who must do what, when, and where to keep the organization functional.
•Be rehearsed periodically to keep staff up-to-date with current contingency steps.
•Cover restoring from backups.
•Discuss updating virus software.
•Cover moving production to another location or site. (Microsoft Corporation, 2012) Software updates are not done just for fun. Make sure you have the latest security patches for the products you use. Read the release notes, and upgrade your software. News about security holes will be exploited faster than speed of light, so make sure your software won’t be the problem. Although a security strategy can save the organization valuable time and provide important reminders of what needs to be done, security is not a one-time activity. It is an integral part of the system lifecycle. The activities described in this document generally require either periodic updating or appropriate revision. These changes are made when configurations and other conditions and circumstances change significantly or when organizational regulations and policies require changes. This is an iterative process. It is never finished and should be revised and tested periodically.
References
Tips Against Malicious Attacks. Retrieved November 25, 2014, from Gameproducer.net: http://www.gameproducer.net/2012/02/06/3-tips-against-malicious-attacks/
Security Strategies. Retrieved November 25, 2014, from Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc723506.aspx
Identifying Spreaders of Malicious Behaviors. Retrieved on November 25, 2014, from Conference.org: http://www.conference.org/2014