Hacker admits stealing $12m worth of chips from Zynga A UK-based IT expert has admitted hacking into the servers of game developer Zynga and stealing $12m worth of gaming chips, according to news reports. Ashley Mitchell, 29, of Paignton, Devon, pleaded guilty to five charges on Wednesday in Exeter Crown Court. Judge Philip Wassall told him: “It is inevitable you are going to …
You can actually buy Zynga poker chips (you can also "earn" them by signing up for spam and buying crap from other websites through cross-promotions), although the chips themselves are not redeemable for cash, as I suppose such a transaction would then make Zynga poker an online gambling operation of sorts. You have to admire the evil genius - Zynga have created a pseudo-gambling operation where people can spend money, but never make it back, and then they can rationalise this by arguing that purchasing chips is merely optional. Sometimes I wish that I had the moral bankruptcy required to devise and capitalise on such ideas. It seems that having a conscience is indeed a financial liability.
I do call into question the prosecution's estimate that it would cost an individual $12 million to acquire 400 billion in Zynga poker chips. By my own calculations, the cost comes up shy of $1.8 million (perhaps Zynga poker chips are on sale at the moment?). And yes, I did count my zeroes just to be sure (personally I'm just surprised they give people the option to spend so much on what is essentially the electronic equivalent of Monopoly money).
While the bloke should indeed be punished for the unauthorised access of Zynga's systems and for trying to sell the chips he obtained, but describing the whole enterprise as theft doesn't sit well with me. What Mr Mitchell has done more closely fits the crime of fraud rather than theft in my (legally inept) opinion, and I suspect that is how it is being treated by the court.
The data breach at Zynga underlines the importance of a strong identity management system and clear policies for creating and protecting access credentials. Of particular concern in this instance was that the infiltrator was able to gain unfettered access by impersonating and using the credentials of a legitimate systems administrator.
Were it not for the fact the individual stole a considerable amount of valuable data, in the form of virtual poker chips, then got caught trying to sell the data for a fraction of its face value, this breach may never have been noticed. Clearly there is room for improvement in Zynga’s identity and access management (IAM) regime. Any company trading in highly valuable data and virtual commodities such as online credits must ensure their systems are as tightly secured as any other financial institution.
This guy didn't do anything wrong. He showed up, acted important, and they gave him the keys to the place. That's not hacking. At worst, it's social engineering. It's like showing up to the Playboy mansion with a nice suit and drinking all their beer.
What's worse is the fact that anyone at Zynga can apparently create 400 billion artificial credits out of thin air. Why would you invest into an economy where the government body can fiat money at that magnitude and whim?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
