Virtualization Technology News and Information
How Fighting Bad Guys in Video Games Prepared Me to Fight Real-World Hackers


Written by Kevin Gosschalk, CEO, Arkose Labs

Gamers are very determined to beat a game, defeat an enemy and be the best at what they do. This is the same mindset hackers have when attempting to compromise a company's attack surface. In 2004, the US gaming industry was worth $10.3 billion and online multiplayer gaming was in its early stages, led by the release of the massively multiplayer online role playing game (MMORPG) World of Warcraft.

At the time of its release, World of Warcraft had 1.5 million subscribers and in October 2010 the game peaked at 12 million subscribers. Growing up, I was guiding a team of 40 players through intense virtual battles as a member of one of the best guilds. Leading a guild at the world stage with a team of completely remote players is very difficult and I learned valuable lessons that prepared me to be the founder and CEO of a cybersecurity firm fighting against real-world enemies.

Surprisingly, many of them today are targeting the gaming industry.

In 2016, there were more than 2.5 billion gamers in the world and by 2021 the global gaming market is expected to reach $174 billion. More people are joining the gaming community daily - including hackers - and online games are now threatened by sophisticated attacks. Examples of attacks the industry sees today include account takeover and game hacking through Single Requests Attacks (a family of protocols that attackers use to synthetically manipulate each request they make for the explicit purpose of avoiding detection at scale).

As the CEO of Arkose Labs, an online fraud prevention company, I leveraged my experience and passion for video games to develop a gamified challenge-response mechanism that humans are able to quickly solve - but bots and automated agents cannot. This technology is now being used against real-world enemies to protect the companies who developed the games I grew up playing. And while the enemies may have changed, there are three skills I learned from gaming that has helped shape my career as a cybersecurity CEO.

Understanding the mindset of an attacker

Once a hacker succeeds in breaking into a company to extract value, they'll continue to do so. This is especially true when there is a monetary incentive involved - until the economic viability of the attacks are broken. Companies today are playing a hacker's game and they are losing, as exemplified by the 437 data breaches reported in 2019. Our approach to beating a hacker is to force them to play by our rules by authenticating their request with our gamified security mechanism. In doing so, hackers must play a quick game that requires them to solve challenges they can't complete with automation tools. The challenges we present are seamless for humans, but demand large investments in computer vision technology from attackers seeking to exploit them. Hackers ultimately can't afford to automate the challenge-response mechanism at scale because the cost is higher than the possible reward that can be extracted by way of the attack.

By making an attack more expensive, hackers are no longer motivated to attack a game and eventually become frustrated and move on. When this happens, it means we've succeeded in thwarting the attack in the long-term.

Leading separate departments to achieve a common goal

World of Warcraft requires teams to work together toward the goal of defeating a common enemy. Each enemy has its own unique abilities and a different team strategy is needed to defeat them - requiring players of the game to fill different roles and work together to be successful.

The same applies today in my role leading a cybersecurity company in the fight against cyber criminals. Protecting companies against hackers requires different teams within our company to constantly communicate to be successful. For example, the data science team continuously monitors traffic coming into our system and is watching for spikes in suspicious traffic. The product team is working to develop proprietary challenges that authentic traffic can solve, but inauthentic (i.e. enemy) traffic cannot. And finally, the engineering team incorporates all of these insights to ensure our product is better prepared for the next attack.

Leading teams of players in different roles within a video game has prepared me to lead employees across different departments - and regions - to make sure we are all working together to make an attack more expensive than the value extracted.

Collaboration across a remote workforce

Companies must be aware that hackers are everywhere and technology has allowed hackers many channels to break through a company's attack surface, which can happen at any time. Gamers grow up playing with other players they've never met, who are located all over the world and effective communication is a necessity. Leading one of the top World of Warcraft guilds has helped me - especially as our company continues to expand - when leading teams spread across different countries and 17 time zones.

The rise of eSports facilitated rapid growth in the gaming industry. Companies are now tasked with protecting players from other players who cheat in games by using bots and scripts to enhance their performance - resulting in a poor player experience. Companies must also simultaneously protect their ecosystem from hackers breaking into player accounts to commit fraud for their own real-world monetary gain. I founded Arkose Labs by combining my two passions - gaming and cybersecurity - to solve multimillion-dollar fraud problems by protecting companies against online fraud and automated abuse with gamification techniques. The years I spent playing games is helping Arkose Labs stay one step ahead of cyber criminals and it's a unique approach in the industry stopping hackers in their tracks.


About the Author


Kevin Gosschalk is the CEO and Founder of Arkose Labs, where he leads a team of people focused on telling computers and humans apart on the Internet. Before Arkose Labs, Kevin worked on gaming hardware for the intellectually disabled at the Endeavour Foundation and built a unique device incorporating Microsoft's Kinnect Camera technology. Noted for his involvement in interactive development and machine vision, Kevin then turned his expertise to automated abuse and human verification - often regarded as the Internet's impossible problem. Today, Arkose Labs has transformed the irritating chore of comprehension into an SLA-guaranteed technology that prevents automated abuse for brands like Electronic Arts, Singapore Airlines, and Roblox.

Published Friday, June 07, 2019 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2019>