Emerging cyberworld attack vectors: Modification, customization, secretive communications, and digital forensics in PC video games

Complexity of customization in video games threatens to provide people with malicious intent a new vector for the secretive transmission of messages as well as data. This paper explores six different games including some of the most popular games of early 2013: World of Warcraft (WoW), League of Legends (LoL), Defense of the Ancients 2 (DotA 2), StarCraft 2 (SC2), Battlefield 3 (BF3), and Garry´s Mod (GMod). Our research has shown that each of these games have at least one feature that an attacker may exploit in order to transfer information. Since video game forensics is still in an infantile stage, an investigator may not suspect video games and their data files as accomplices to crime. Within this paper, we will describe methods and methodology for hiding, displaying, and transferring data in video games and their related applications. Additionally, we will offer recommendations on how an investigator might search for any hidden data such as comparing hashes of unaltered game files to the altered game files on a suspect´s machine. To the best of our knowledge, this is the first systematic research on the modification and forensics of popular games.