Posts Tagged

hacks

The EA Hack

Elizabeth Uncategorized November 19, 2021

The EA hack isn’t a special case. Not anymore. Hack, after hack, after hack, data leak after data leak, stolen game engine and asset, one after another. Game companies are being targeted deliberately for IP and code theft because it’s one of the few things that hackers can still steal with relative ease.

EA’s Track Record

This hack was due to a mix of authentication fraud and social engineering – it also seems to be their first major hack, if the lack of news about anything else is any evidence. Even Wikipedia doesn’t have much to say about past security instances. The one chance hackers had to get customer data was sealed off back in 2019, when a white-hat hacker group discovered the vulnerabilities and then alerted them that a sufficiently capable team would be able to get in, and then steal all of their customers’ payment data. EA’s record is cleaner than the industry average.

EA has a good track record with overarching security – many companies in the same worth bracket, including other game companies, can’t say that! Fellow gaming company Capcom got dinged with Ragnar ransomware, and while it “only” lost about 350,000 people’s worth of account data, it also lost its internal logs and couldn’t tell if they also lost credit card data. Blizzard, another big company with a good track record, suffers from persistent bot plagues that they’re unable to clear out. Human players then lose their data to particularly conniving bots and data thieves directly, no middleman hacked server necessary.

This Particular Hack

This hack was especially devious. A hacker used authentication cookies (cookies that “remember” the device or browser being authenticated with a code) to get into an EA slack channel, and then socially engineered their way past IT into the company’s internal network.

From there, downloading stuff was easy.

More than 780 GB of data (most of it source code) was captured, but the hacker group states that they couldn’t find a buyer. Source code is often trademarked, after all, and the consequences of buying another company’s coding aren’t worth having it. Many hackers would much rather have payment personal info than code. They then tried to extort EA by promising to release it, and uploading a little bit of the next FIFA game as proof that they were capable. After EA refused to pay the ransom, they released the remainder of the code as promised. Once again, using another company’s source code just doesn’t make sense in the long run, so it’s unclear what the long-term consequences will be for the company. However, they’re not the first ones to get extorted in this way: CD Projekt Red’s failed ransom should have served as a warning!

The CD Projekt Red Hack

CD Projekt Red, the game studio that created such classics as CyberPunk 2077 and Witcher 3, was hacked early last year. At that time, the hacker group responsible stole their game engine, and not much else – their customers were surprisingly uncompromised after the incident. The hacking team seemed to have a personal grudge against Projekt Red, so I can only assume the customer information was better-secured than the game engines themselves: who wouldn’t steal customer data if they were trying to completely trash a company’s reputation?

EA similarly partitioned customer data away. This is a good thing! Sort of like in a cruise  ship, separating data means that the entire company isn’t compromised as long as a gate somewhere stops the water from getting into other rooms.

And Other Examples

A Blizzard hack snatched emails (but not the unscrambled passwords) of an estimated 12 million players in 2012. This was easy to recover from – resetting the password was good enough for most accounts, but having those emails made the players unfortunately vulnerable to password stuffing attacks in the long run.

In 2011, an even bigger attack on Sony’s Playstation Network compromised the details of approximately 77 million users. This one stands out because both encrypted and unencrypted data was taken – credit card information that was encrypted wasn’t theoretically unscramble-able, but Sony, even with a week-long delay, couldn’t determine how much a hacker could actually squeeze from that data. Unencrypted data, which was basically all of the other personal details that could be attached to a player, was useable as soon as the hackers obtained it. Events like these served as warning for Blizzard, who encrypted much more, and then eventually for Xbox, Microsoft, CD Projekt Red, etc. as hacks became more prevalent.

Sources:

https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/

https://www.newsweek.com/electronic-arts-ea-origin-account-takeover-hacking-cybercrime-check-point-cyberint-1445976

https://www.ea.com/security

Why Can’t You Tape a Cord Back Together?

Elizabeth Uncategorized September 13, 2021

Have you ever wondered why just taping a cut cord back together doesn’t fix it? Well, there are a number of reasons!

“My Phone Only Charges at Certain Angles”

This is one of the most annoying aspects of broken or frayed cables, so I’ll put it first. How do you fix it? Unfortunately, the answer is usually replacing the cable, or stopping it before it happens. This is a very general article, so I’m not going to link tutorials – many cords have their own tricks anyway. If you’re looking for a specific tutorial, now’s the time to tune out.

Now, onto the ‘why’!

The area where the cord plugs into the phone receives the most stress. Power outlets are usually down low, and desks or nightstands are up higher. It’s almost never the plug-in part that fails, as a result – it’s usually either where the cable connects to the charger’s box or where the square plastic part of the plug-in side meets regular cable.

A cord, with the weak point underneath the phone’s plug-in side pointed out.

Engineers have been trying to fix this for years. What we have now is the best they have at a low price, until cordless charging really gets off the ground. The design is sturdy: the cord would simply bend the phone’s plug-ins if it weren’t reinforced at the end with the little plastic bit. However, they can’t just reinforce the entire cable, so the next part under the most stress, where the reinforced bit hits regular cable, is the next most-likely place to fail. That’s the spot that bends the most if the phone’s right at the edge of the table. The inside of the cable begins to suffer from metal fatigue after moving in and out of the same position day after day, year after year, and some of the copper lines building up the core of the cable snap. Pulling on the cable instead of the plastic reinforcement at the end hurts over time as well. When you, the user, move your phone in certain ways, the two frayed sides get to touch again. Sometimes there isn’t even visible damage on the outside!

You could try DIY reinforcing the cable by just slapping some cello-tape around the bit that breaks the connection when it moves, but ultimately, that’s a temporary fix (assuming it works at all. It might not!). If the cable is fairly new, it might also be the port that’s the problem – shine a light into your phone’s plugin, and if it’s looking a little dirty, you could try some compressed air. Particularly bad cases should be taken to an expert, though, as the pins are easily bent but not easily fixed.

Pins

A diagram of the ‘pin-out’ for an Apple charger, via TechInsights

The pins at the end of the charging cable each have a specific purpose. They can’t all perform their purpose via the same cable, so functions are split into several individual threads inside said cable.

Right here is why you can’t just slap tape onto your frayed cable – it’s also why frayed cables can sometimes still charge, but can’t transfer files anymore, or vice versa. The best thing to do is to prevent fraying in the first place, which mostly happens from material fatigue, i.e forcing the cable into odd positions over and over. However, Apple chargers sometimes just… do this under regular stresses, unfortunately. In that case, you could purchase some low temperature heat-shrink wrap, and double-reinforce the problem areas! Tutorials are scattered all over the web, so I’m not going to link a particular one; the ones I’ve used as a source are below, but I’m not endorsing them specifically. I will say to aim for low temp heat wrap, the kind that a hair dryer can set. Anything higher might damage the charger’s plastic.

As a sidenote, it’s really disappointing that Apple held such a monopoly on their lightning cable, only to drop their manufacturing standards and leave users constantly replacing cables, or DIY-ing their own repairs. The plastic isn’t particularly good on the outside, leading the charging head to sometimes snap off entirely if it isn’t treated delicately. 3rd party manufacturers aren’t doing much better.

However, phone chargers are not the only cable out there! Many others are in similar positions. HDMIs can’t just be copy/pasted back together, ethernet cables, printer cables, power cables, headphone cables, all of them are as good as dead if the cord is broken. They all follow similar methods for data transfer, where individual threads each do their own thing.

Is it possible to fix?

Well, yeah, depending on a number of factors. A frayed cable isn’t always dead, and sometimes heat-shrink or electrical tape is enough to fix it for another couple of months. On many other cords, you really, really shouldn’t try to DIY it. Especially high-powered ones, or ones that lead to delicate machinery. As I said before, the best thing you can do is prevent those cables from fraying or snapping in the first place by reinforcing their protective sheathes, but if you can’t, lower-powered cables do have tips and tricks to get them to work again (although you might have better, safer results with a pro).

On bigger cords, or cords to house appliances? Don’t touch that! It is technically possible to patch cables together yourself… however, with bigger appliances, that also greatly increases the risk of serious personal injury, fires, and shorts, both in the house’s circuit and your item’s. Assuming you don’t screw up at the starting line and mix and match two separate threads accidentally where it counts, i.e. a phone cable. If you’ve never done it before, if you doubt your ability to do it, or if you’re missing materials to do it safely, go to an electrician or a tech repair place. What’s cheaper – 70$ for a cord repair, or 700$ for a PC stand?  Plus, the ~danger~ factor!

House power is very dangerous. Electricians are paid mint for a good reason! While any number of kids have stabbed a fork into the electrical socket and survived, the fork isn’t carrying the full potential of the shock, and a number of people die doing that anyway. A cable would be. Never plug in a damaged or broken extension cable. 120 V of pure house power could be channeled across you if you touch the exposed part while power is flowing.

Flubs

Some people with more skill than wisdom assemble cords for things they think they need. You will never see a mass manufactured male-to-male three prong plug-in, for example. You could burn your house down, current is meant to go out of those plugs, not in. You’ll also never see A USB Male-to-A USB Male, because those almost always come powered, and transferring data to another computer is much less risky with a simple USB drive or Bluetooth transfer. You’d explode your computer with the male-to-male. If the computer manufacturers wanted you to have access to the forbidden plug-in, they would have made an adaptor for it. Do not make one yourself even if you have the technical skill to attach two cords to each other. It will end in a housefire. I’m not joking. You do not need a male-to-male plug.

Sources:

https://www.androidauthority.com/what-is-usb-type-c-594575/

https://acworks.com/blogs/ac-works-connector/male-to-male-extension-cords-adapter-dangers

https://www.techinsights.com/blog/systems-analysis-apple-lightning-usb-cable