The hacker who got into Rockstar’s servers was able to expose one of the most popular games to a tonne of cheating by disclosing server-side source code.
What, if any, effects will a serious hack this week have on Rockstar Games’ business? Just a few days ago, the game publisher’s computers were compromised in what some are calling the greatest attack in recent memory. Rockstar, a well-known developer of games like Red Dead and Grand Theft Auto, expressed its “deep disappointment” at the “illegal” hacking incident. The hacker, who also claims to be responsible for the most recent severe Uber hack, released a video showing early gameplay from the upcoming GTA 6.
Rockstar hasn’t said much up to this point regarding the effect it anticipates the cyberattack would have. We do not foresee any disruption to our live game services or any long-term influence on the development of our ongoing projects, the business said in its original statement, thus ruling out the possibility of any long-term issues as a result of the intrusion. Gizmodo contacted the game publisher to inquire further; if they reply, we’ll update our report.
Hacking into video games has increased in frequency over the past few years. The beta for the upcoming Diablo IV game was only recently leaked to Reddit. A rather serious attack that resulted in the disclosure of game source code across the internet happened to EA Games last summer. Cyberpunk 2077 and Half-Life 2 hacks and leaks in the past have caused major issues for the game publishers that created them.
A Doorway to Fraud
Whether the cybercriminal who carried out the hack will release any additional information is currently one of the main worries. The hacker claims to have stolen source code for both GTA5 (published 2013) and GTA6 (rumored release date in 2025), posted select screenshots of the code to an online forum, and has threatened to release the rest of it. For every game company, source code—the digital DNA of a program—is crucial proprietary information. What might the distribution of such code actually do, suppositionally?
It mostly relies on the type of code that was stolen, according to Ben Ellinger, vice president of software production at the Digipen Institute of Video Game Design. The professor reasoned that if the hacker was successful in stealing GTA6’s server-side code, Rockstar might then have a cheating issue.
A basic understanding of game architecture is necessary to comprehend this. Online multiplayer games today are mostly made to prevent cheating by users. The game’s code is divided into two sections: client-side code (which runs on the player’s real device, such as an Xbox or phone), and server-side code, which is executed on remote server farms owned by the corporation. While the server code controls the games itself, the client code affects the player’s user experience. The code is divided in this way out of necessity (you really can’t make an online, multiplayer environment without some sort of cloud infrastructure), but it also helps keep control of the game firmly in the company’s hands. Players send input (i.e., commands) to the server, and the server sends back an updated version of the game reflecting the player’s input.
Nevertheless, if a hacker is able to access the server-side code, they may be able to understand how the gameplay works and use that information to create new hacks. This might not appear to be a major concern, but Ellinger warned that it might develop into one very rapidly. In this particular situation, cheats have the potential to seriously impair gameplay, and if they are sold or made available to a larger group of people, the scope of the issue might rapidly expand. Do online cheats get sold by hackers? Naturally, they do.
Security Concerns
A change in a company’s security culture, according to Bellinger, is yet another adverse effect of a data breach. Businesses frequently review their security protocols after a cyberattack in an effort to prevent the next negative incidence. He added that sometimes these reevaluations can go too far and even border on psychosis.
The issue is that it’s really challenging to distinguish between human engineering and simple security flaws in this hack. Bellinger defines human engineering as “someone on the inside who is either participating in this [data leak] or is unintentionally so—they got manipulated.” Even after those cheesy anti-phishing training have been making the rounds, employees continue to be duped into allowing hackers access corporate networks.
A post-hacking culture shift, according to Bellinger, can hinder a company’s productivity and isn’t always that beneficial. He explained that businesses will go through a time of self-interrogation once something like this happens, saying that they can “create internal disruptions to the team because you now enter a state of almost paranoia.” The worst case scenario, he continued, is that you lose months due to the resulting inefficiencies.
What Is the Price of a Hack?
How much this incident will cost Rockstar is unclear. According to academic researcher Daniel Wood, who focuses on the cyber insurance market, if Rockstar had had cyber insurance, an insurer might have assisted with some of the expenditures, but it’s unclear whether they did.
Insurance might not have been too helpful in this situation, even if they had. Because they are challenging to measure, lost intellectual property or reputation loss are often not covered by cyber insurance, according to Woods. He said that he didn’t think “the financial coverage would have helped” in this case, saying that it appeared that the Rockstar hack mostly hurt IP and reputation.
There are also significant and frequently depressing restrictions on the level of security that the cyber insurance sector can offer, according to Wood. Because insurers are reluctant to offer limits in the hundreds of millions of dollars (insureds must obtain insurance from a coalition of insurers to do this), the insurance limit is frequently surpassed even when cyber insurance covers something, according to him.
It might be okay, though.
What’s the harm overall? Rockstar’s situation most likely would have been far worse if it had been a lesser game publisher. However, a corporation that consistently earns hundreds of millions of dollars in net income may get away with the occasional bit of bad press. It’s most likely not going to be a big deal, says Bellinger.
He laughed and added, “It’s alright. It’s unlikely that this will materially impede the launching of the new game, he continued. “This is Grand Theft Auto, people. Everything will be alright. People will continue to be astonished beyond belief by the game, and Rockstar will continue to reap enormous financial rewards. Ninety percent of those who play it won’t even notice that this ever occurred, he claimed.
