As we’ve covered previously, there are threats to Collegiate venues and game developers that are unique to the Esport industry. However, the largest growing segment of victims is the athletes and streamers themselves.
Aside from the issues common to competitive sport – such as doping – athletes and streamers are at additional risk of online criminal exploits; brute force password attacks, phishing, and ransomware, to name a few. In 2020, web application attacks reached over 10 million incidents in a single day. 2021 saw a 167% increase in application attacks. Criminals use hijacked accounts to make fraudulent purchases and transfer valuable in-game assets to fence accounts to resell for real-world currency. Additionally, by injecting application code or changing account settings, criminal actors may influence athlete inputs to influence a competition’s outcome. In recent years, this practice has grown – partly due to the rise in Esport betting.
Physical venues are also at risk of cyber-crimes, uncommon to traditional sporting arenas. While venues typically have comprehensive physical site security, with ticketing and access controls, few consider digital security. Publicly available Wi-Fi networks are no longer the risk that they posed years ago, with encryption practices becoming the norm for most Wi-Fi devices. However, the physical cables providing venues with their internet connections are still open to Man in the Middle (MITM) attacks. These can expose attendants’ account details and personally identifiable information (PII) or alter competitors’ inputs to the server hosting the match. The risk is heightened in regions where public actors have direct access to the digital infrastructure and have an intelligence interest in accessing private data; such as in Saudi Arabia, where the government has invested in the digital infrastructure and hosted events to develop their “Esport City”.
As most Esports must communicate with servers outside the control of organizers and competitors, game integrity is largely based on the integrity of the servers hosting the game. The 2023 Le Mans Virtual suffered multiple disconnections across the two servers hosting the races when hackers launched a Distributed Denial-of-Service (DDoS) attack on the online game. This resulted in standing World Champion Max Verstappen losing their first-place standing and the likelihood of a $250,000 grand prize.
For personal data, good web hygiene is the best defense: using unique passphrases for each account you hold, remaining vigilant for unsolicited files, hyperlinks, or downloads, and regularly running a trusted antivirus on your system files. Others’ data, however, complicates the duties of hosts and competitors.
Authors: Barrett Ziegler and Michael Pahira, Team Leader, Professional Sports and Esports | [email protected]
Contact Us
For more information on this topic, reach out to Withum’s Esports Services Team today.
