Criminal hacking is not a game worth playing

A lot of people still see the internet as a bit of a Wild West - a semi-civilised frontier where you can do or say pretty much under the cover of anonymity. A bit like the western outlaw, the idea of the hacker has ridden the wave of pop culture for a long time. From Matthew Broderick in WarGames, to Neo in The Matrix, all the way through to your bespoke character in a Fallout game - where hacking terminals can bring a hostile environment under your control - we tend to root for the plucky vagabond.

So you face a bit of an image problem if, like me, you work for the National Cyber Crime Unit (NCCU), a department of the National Crime Agency, with a responsibility for protecting the UK from cyber criminals. We’re not expecting the big studios to make a game about us any time soon, but every day we’re working to prevent people from being exposed to the world of cyber-crime - whether as victim or perpetrator.

So where do videogames and cyber-crime intersect?

Over the last few years, we’ve been interviewing convicted cyber-criminals and people handed Cease and Desist orders for activities teetering on the edge of cybercrime (where possible we believe in prevention and intervention of crime rather than prosecution). Through these, we’ve learnt that cybercrime often starts off in places as innocent as modding communities and gaming forums, where small minorities of skilled - usually teenage - gamers get together in search of online kicks that they may or may not know are illegal.

The most common types of cyber-crime are Distributed Denial of Service (DDoS) attacks, account takeovers and cracking. A lot of the young people we interviewed said that they didn’t carry out these attacks for financial gain, but treated it like a victimless crime - a high-stakes game where they could earn some kudos among their online peers, and show off their coding mettle.

The problem is that there are victims, and it is a crime. Those attacks I mentioned above are punishable by criminal records and prison sentences under the Computer Misuse Act. You may not have heard of this until now, but if you’re someone who enjoys dabbling in coding, computer security and white-hat hacking, you should take it on yourself to read this condensed version of the Computer Misuse Act that we’ve written up. There’s probably a lot more to online law than you think, and if you want to stay on the right side of the law, then it’s pretty handy to know what that law actually is.

Besides, if you are a tech-savvy gamer or coding prodigy, then why would you want to waste your talent and time hacking Steam accounts when you could put your skills towards cracking challenges that could ultimately lead to a really well paid job? Like ethical hacking competitions, cyber security or, best of all, making videogames.

How to protect yourself from cybercrime

*     The best way to protect your gaming account is with some regular password tradecraft. Use three random words to create a strong, separate password for each of your accounts, numbers and symbols can  be added for extra security if needed For example 3redhousemonkeys27

*     Use a password manager to store a vast repository of secure, randomly generated passwords (which you can easily sync across devices).

*     If a game service or website offers two-factor authentication (2FA or MFA), use it. That way, any time someone tries to access your account from an unfamiliar browser or IP, a verification code will be sent to your phone or email address. This  should ensure that only you can log into that account and notify you if an outsider is trying to get in.

If you think you’ve been targeted by cybercrime:

If you think you’ve been targeted by cybercrime:

If you suspect that your site has been hit by a DDoS attack, or that someone is accessing your account without consent, you should report it via the Action Fraud Website. This site does not carry out investigations itself, but acts as a gateway, directing your report to the most appropriate law enforcement agency.

If you are a business, charity or other organisation which is currently suffering a live cyber attack (in progress), call 0300 123 2040 immediately.

If you have a payment card linked to a gaming account you suspect has been breached, call your card issuer as soon as possible, also keep an eye on your statements for suspicious transactions.

Hopefully this article makes the internet and the laws surrounding it a little clearer for you. We’ll be at EGX later this year, so if you want to come over and say ‘hi’, or challenge us to a game, we’ll be waiting!

Stay safe online, and happy gaming from the NCCU.