Hackers have breached computer game maker Electronic Arts (EA) & stolen source code & related tools for the company’s extensive game library, the company has confirmed.
Many other proprietary game data & related software & developer kits were also stolen in the unspecified attack, which the company is now investigating.
Game Developer
EA stated it’s investigating “a recent incident of intrusion into our network where a limited amount of game source code & related tools were stolen,” according to a statement published in numerous online reports. The long-time game developer is known for titles such as The Sims, Madden NFL & FIFA 21.
“No player data was accessed, & we have no reason to believe there is any risk to player privacy,” the company commented. EA did not immediately return an emailed request for comment on Fri. morning.
Vice Motherboard
Despite EA’s downplaying of the incident, the initial source that reported it suggested the breach was indeed quite serious.
A report in Vice Motherboard published Thurs. claims hackers posted on a dark web forum that they have taken the source code for EA’s FIFA 21 as well as code for its matchmaking server, in addition to many other company assets.
Much Stolen Information
That post seems to be available via a Google cached web page from Jun. 6 that has the headline “We sell the FIFA 21 full src code & tools,” asking for a price of $28m for the 780Gb data dump.
The webpage lists much stolen information, including the FIFA 21 matchmaking server, FIFA 22 API keys & some SDK & debugging tools; & the source code for Frost Bite, the engine that powers other EA games, including Battlefield, as well as related debugging tools.
Hackers also claim they have code for “many proprietary EA games, frameworks and SDKs,” as well as other EA proprietary code & API keys. “You have full capability of exploiting on all EA services,” they wrote in their post.
Attack Vector
The hackers are selling the data on a number of underground hacking forums, states Motherboard, which claimed to have viewed various posts for its sale.
EA has not disclosed how attackers breached its network. The company explained it already has made unspecified security improvements after it discovered the breach & does not expect the incident to impact its games or its business, according to the statement.
One security expert speculated that attackers probably exploited an unpatched, known vulnerability in EA’s network, which is an all-too-common way attackers use to infiltrate corporate servers.
Zero-Day Vulnerability
“It is unlikely that the attackers found a zero-day vulnerability & created their own exploit against a popular used software,” observed Candid Wuest, VP of Cyber Protection Research at data protection firm Acronis. “It would be more likely that EA did not patch a known vulnerability, as we have seen with many other companies & the Microsoft Exchange ProxyLogon vulnerability in Mar.”
A misconfigured and exposed service also could have been the culprit that allowed attackers to gain access, he explained. “Overall, it highlights that a comprehensive cyber protection strategy is required in today’s threat landscape,” Wuest added.
EA is currently working with law enforcement & other security experts as part of an ongoing criminal investigation into the attack, the company observed.
Monetisation
If a significant chunk of the company’s intellectual property (IP) has indeed fallen into the wrong hands, the breach could pose long-term problems for EA, giving threat players numerous options for future exploitation of the data they have stolen, security experts informed.
“This sort of breach could potentially take down an organisation,” Saryu Nayyar, CEO of security & risk analytics firm Gurucul, warned via email. “Game source code is highly proprietary & sensitive intellectual property that is the heartbeat of a company’s service or offering.”
Capitalise Financially
With access to EA’s IP, there is a lot an attacker can do to capitalise financially on the breach beyond selling it on the dark web–from finding bugs in applications, to directly pirating software, another expert observed.
“In modern cyber-criminal enterprises, we’re seeing a lot of advanced monetisation strategies,” explained David “Moose” Wolpoff, CTO & co-founder of attack surface management firm Randori. “In the case of this EA attack, I’d wager that we’ll see the attackers parsing out access to maximise profits.”
https://www.cybernewsgroup.co.uk/virtual-conference-june-2021/