Logo
    Search

    Ep 7: Manfred (Part 1)

    en-usDecember 01, 2017

    Podcast Summary

    • Manfred's Cautionary Tale of Gaming and CybersecurityThe story of Manfred's hacking of online games warns of the risks and consequences of unethical behavior in the gaming industry and highlights the need for gamers to be aware of cybersecurity vulnerabilities.

      Manfred's story of hacking online games, told for the first time after twenty years, sheds light on the darker side of the gaming industry. It highlights the vulnerabilities inherent in online gaming systems, which can be exploited to gain wealth and power. The story points out that bad actors can flourish in the gaming world, and that there are consequences to their actions. It also shows how a passion for gaming can drive people to extreme lengths, as they strive to achieve their goals. Overall, Manfred's story is a cautionary tale that reminds us of the importance of cybersecurity, and the need for gamers to be vigilant and aware of the risks they face.

    • The Forbidden Art of Hacking Online GamesManfred's expertise in finding bugs in online games through packet analysis, reverse-engineering, and traffic manipulation is a complex skill that can lead to integer overflow and surprising results, although it's forbidden due to copyright claims.

      Manfred, an expert at finding bugs in MMOs, hacks online video games to understand how protocols talk to servers and client. He captures and analyzes packets to find ways to manipulate traffic which results in an integer overflow. The video games don't always check for the lowest amounts which allows Manfred to subtract from zero and get surprising results. This process is done at the packet level, which is similar to man-in-the-middle. Despite his expertise, his Defcon talk got taken down due to copyright claim, which makes his story rare and in some ways, forbidden. However, Manfred has been playing MMORPGs for 20 years and learned reverse-engineering games, including how servers and clients communicate.

    • The Importance of Testing and Securing Communication Systems in Online Games to Prevent CheatingGame developers should prioritize security and bug fixing to ensure fair gameplay, while experienced hackers find exploits in even the most popular and well-established games.

      Manfred, an experienced bug finder, discovered an exploit in World of Warcraft that allowed him to spend talent points without actually using them. He was able to boost his character's strength significantly with only five talent points, giving him an unfair advantage over 10 million players. Manfred achieved this by tinkering with the game client and communication system. This highlights the importance of testing and securing communication systems in online games to prevent cheating and unfair advantages. It also shows the ingenuity of experienced hackers like Manfred, who can find exploits in even the most popular and well-established games. The impact of game bugs and exploits on the player base can be massive, and game developers should prioritize security and bug fixing to ensure fair gameplay.

    • The Lessons Learned from Manfred’s Exploits in World of WarcraftProper Alpha and Beta testing are critical in catching bugs early on, and constant vigilance is necessary to prevent and fix exploits. Game developers must oversee balance and player satisfaction to keep gamers engaged.

      Manfred was able to exploit bugs in World of Warcraft to solo dungeons meant for large groups and also to reverse-engineer the client to do amazing things. He was not caught by the game developers even after using these exploits for months. This shows how a game as huge as World of Warcraft had serious oversights in its development. This also highlights the importance of proper Alpha and Beta testing to catch bugs early on. Despite being banned from World of Warcraft, Manfred was able to move on to other games. The story emphasizes the need for constant vigilance by developers to prevent and fix exploits that can potentially harm game balance and player satisfaction.

    • How Hackers Exploited Shadowbane and Caused Chaos in the GameThe Shadowbane security flaws allowed hackers to exploit the game mechanics and cause chaos for other players. This highlights the importance of stringent security measures in video games to prevent hackers from exploiting vulnerabilities.

      The video game Shadowbane had major security flaws which allowed hackers to exploit the game mechanics. Manfred and Jack were able to gain unlimited experience points, hack other players' bank vaults and gain strength and hit points. They ultimately decided to do a grand finale hack and completely alter the rules of the game which resulted in killing dozens of new and active players. The game was so full of bugs that it became unplayable and they uninstalled it. This highlights the importance of stringent security measures to prevent hackers from exploiting vulnerabilities in video games, and how easy it can be for hackers to cause chaos with such vulnerabilities.

    • Manfred's Chaos in ShadowbaneExploits in games can cause chaos and disorder but responsible disclosure can lead to positive change. However, game developers and law enforcement may not always take action against hackers.

      Manfred's exploits in the Shadowbane game caused chaos and disorder, making the entire game world a PVP area and attacking other players. The hack impacted the entire server, causing hundreds of tombstones and server rollback before the chaos began. Though some players were annoyed, others found it fun and wanted to do it again. Despite efforts to work with game developers to responsibly disclose the bugs, it always backfired. Wired wrote an article about it, and game developers promised to prosecute individuals to the full extent of the law. However, Manfred was never contacted by law enforcement, and he continues to find exploits in games and responsible disclose them.

    • The Game industry's counter-intuitive approach to HackersThe game industry's reluctance to work with hackers can create missed opportunities for both parties, leading skilled individuals to seek alternative ways to monetize their skills.

      The game industry is not interested in working with people who responsibly disclose hacks because they do not want their clients reverse-engineered. Instead of offering additional resources, they ban people who try to help them out, which is counter-intuitive. Manfred found exploits in different games and turned it into a serious full-time business with good pay and flexible hours. In this journey, he found ways to turn his virtual items into real US dollars. In Part 2 of the story, we will learn how he shifted from putting coins into the game to taking coins out of the game.

    Recent Episodes from Darknet Diaries

    146: ANOM

    146: ANOM

    In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

    This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

    Darknet Diaries
    en-usJune 04, 2024

    145: Shannen

    145: Shannen
    Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    144: Rachel

    144: Rachel
    Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    143: Jim Hates Scams

    143: Jim Hates Scams
    Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    142: Axact

    142: Axact
    Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    141: The Pig Butcher

    141: The Pig Butcher
    The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    139: D3f4ult

    139: D3f4ult
    This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

    138: The Mimics of Punjab

    138: The Mimics of Punjab
    This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    137: Predator

    137: Predator
    A new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/. We also hear from Bill Marczak and John Scott-Railton from Citizen Lab. If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Related Episodes

    Ep 8: Manfred (Part 2)

    Ep 8: Manfred (Part 2)
    Manfred found a way to turn his passion for video games and reverse engineering into a full time business. He exploited video games and sold virtual goods and currency for real money. This was his full time job. Listen to this episode to hear exactly how he did this.  Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Don't underestimate how much trouble Facebook is in right now

    Don't underestimate how much trouble Facebook is in right now
    Facebook's management doesn't seem to understand why daily use on the site is continually falling. It may be because of all of the false promises Facebook has made about fixing problems like fake news and conspiracy videos. Facebook would do well to remember the fall of Myspace and what happened to Nokia and Blackberry.  

    Learn more about your ad choices. Visit megaphone.fm/adchoices

    Trading Tech Talk 2: Hackers and Rogue Algos

    Trading Tech Talk 2: Hackers and Rogue Algos

    Trading Tech Talk 2: Hackers and Rogue Algos

    Hot Topics in Tech: Security of Financial Platforms

    Should we expect more attacks in the future? Is this the new norm going forward? What sort of realistic uptime expectations should institutional clients, end users of exchanges and vendors have in this environment? Are we approaching a point where retail clients should maintain multiple brokerage account to ensure access at all times?

    While the recent OPRA problem was limited to NASDAQ OMX, it highlights the issue of the entire industry fixating around a single point of failure. What risks does that pose to the marketplace? How do we address that as an industry? Rogue algos are not just the domain of equities and options anymore; futures are now under attack as well.

    The Inbox: We’re taking your questions

    • Question from Amac: Is there a way for small traders to see or get access to big options shows via IM? Seems like I am missing much of the picture.
    • Question from T. Norvin: What exactly is a sweep order? Can a sweep be used to lift liquidity without moving markets? I.e. Buy 10 on all vs. 100 on one exchange?

    The Lightning Round: A minute to win it

    • Should customer open multiple brokerage accounts to avoid security risks?
    • The industry will have a backup/alternate to OPRA in place by the end of 2014 - Yea or Nay?
    • Will every major derivatives exchange experience some sort of systems outage/glitch in 2014?
    • Will microwave transmission gain a foothold in the U.S. financial markets in 2014?