back to article Everything you ever wanted to know about Xbox hacking

Hacking and phishing threats that PC users have suffered for years are now becoming part and parcel of the online gaming experience for users of Microsoft's Xbox console. Chris Boyd (AKA PaperGhost) - who recently joined Sunbelt Software as a security researcher and is a long-time dedicated gamer - has studied the growth of …


This topic is closed for new posts.
  1. Stu Kennedy


    Isnt as painfull as having a care package stolen on MW2

  2. Anonymous Coward
    Anonymous Coward

    And then...

    ... some government shows up and requires you to use your real name for all online presence. Then what?

    Meaning that even government ID increasingly needs to match citizen use of any ID, not government wishes. Like, alias-IDs soon will be needed commonplace. And good ones, government backed and all that. Not cheap mossad fakes.

  3. Neur0mancer

    I don't understand

    Are lots of people bothered by gaming scores on XBL then? Is it that prestigious to have a high gamer score? I don't even know what my gamer score is.

  4. Jason Bloomberg Silver badge

    Hacking ?

    Not so much hacking as cheating.

  5. Anonymous Coward
    Anonymous Coward

    social engineering attacks on Xbox

    Same as social engineering attacks in any computing - the users that fall for these stunts simply will not be told that there is no such thing as a free lunch, and will frankly click on just about any bogus carrot the perp tells them to.

    As for the genuine exploits - at least given a single platform it should be relatively easy to close some of the doors. If the will is there, it should even be possible to run some basic statistical analysis and identify the users who have obviously been scoring at even theoretically impossible rates and ban their sorry backsides permanently - or at least until they buy a new console.

  6. Anonymous Coward
    Anonymous Coward

    Stop the DoS XBOX live

    Its quite easy to stop the DoS.

    XBox live already monitor's line quality when starting an on-line game.

    Most developers should know in advance how much data will be transmitted between players in-game so to speak.

    Armed with this data, a simple in-game algorithm to check what the line quality was, is during in-game, typical data transfer for the game in question and obviously a small attenuation line margin the game should automatically boot offending players off.

    I am sure after several in-game boots the offenders in question would soon get bored of it...

    1. Gulfie

      Read the article...

      The DoS attack doesn't neccesarily come from the user that instigated it, it may come from a botnet. A better solution would be to whitelist the IP addresses of the players and other known legit in-game traffic and block the rest to stop DDoS combined with your suggestion to look for suspiciously high traffic from a whitelisted IP.

  7. asdf

    nah M$ protects us all

    Woot no worries for me as I got the ban hammer and don't have to take the risk of going online and actually spending money on Xbox live ever again. Instead I pawned off the RROD bomb in waiting on me brother as a gift (he doesn't go online and loves the free games). Instead I went for the best system for the money the PS3 and its free online play. If I have to buy the games why not get a system that doesn't need multi discs to play the latest hits (lol please swap disc now, so 1994). Oh well no skin off anyones nose as the Xbox division has always been a sea of red ink and other than the PS3 controller not being as good imho I still enjoy my online fragging (MAG 256 player war anyone?).

    1. Anonymous Coward


      To quote..."I'm sorry sonny, I don't speak 'child'. Can someone translate?"

    2. asdf

      my whole point

      Look my whole point was not which system is better. In many ways they both suck. My point is piracy was actually very profitable for M$ (why I bought my xbox in the first place and why later I bought a wii for the kids). I used to spend $30+ a month on DLC even for games I pirated. That is pure profit with super low overhead for M$. M$ then decided to suck the d_ck of greedy publishers and ban a million gamers. I am betting I am not the only one that actually was a good DLC customer. M$ was counting on desperate people to go out and buy another xbox so they could pump their sales number for xmas. I said F U and if I have to buy another system and the games anyway (flashing new xboxes a total bitch) might as well go with another company. I would be curious to know how much DLC revenue they lost. It is their right to do so but hey its my right to pick a better system as well.

    3. Chris Pollard

      1994 again

      New gran turisimio = 3 blurays. sooo 1994.

  8. Anonymous Coward
    Anonymous Coward


    Oh no! My uber top secret important XBL details... the coveted XBL gamer score.... man this is tooo funny. Are most people actually this brainwashed and shallow now that things as benign and meaningless as a `gamertag` or points earned in a game are actually this important!?

    Nobody really cares if you are really good at games, apart from you, and maybe some people you play the game with. One day you'll grow up, and have a family, and all kinds of interesting and exciting hobbies (if the government/corps haven't made every activity illegal by then apart from buying and watching their sh*t).

    Work futile thankless job for a mega corp that couldn't give ha'penny fuck about you or your family. Give half of money earned to rich parasites. Buy their stuff, play their video games, watch the idiot lantern, go back to sleep.... rinse, repeat.

    “Disobedience is the true foundation of liberty. The obedient must be slaves.”

    Henry David Thoreau.

  9. Anonymous Coward

    and then...

    * Never give someone your login details in exchange for anything.

    * Avoid game cheats and other items sold on Youtube videos. This is a risk because many cheat sellers are malicious.

    * Remove credit card details from accounts registered with gaming companies. Avoid signing up for automatic renewal.

    * Use pre-paid cards to pay for accounts, where possible, rather than personal debit or credit cards.

    * Try to use aliases - not your real name - when you sign up for online gaming accounts.

    missed one:

    find old lady (prefrably a grandmother) , insert egg into mouth, instruct said geriatric lady on the way to suck inserted egg.....

  10. Sub Wrath

    Not really...

    "find old lady (prefrably a grandmother) , insert egg into mouth, instruct said geriatric lady on the way to suck inserted egg....."

    not exactly teaching people to suck eggs, given that so many people continue to fall for console related scams. Everyone I know (and see on xbox forums) that says they've saved their CC dets into the system for things like renewals etc always use their main card, and tend to save them in the system.

    and if you want proof of how many people continue to fall for incredibly basic phishing scams, go look at the number of hijacked account posts on the official forums, or see how many phish links are floating around youtube and elsewhere. just because you're aware of the danger doesn't mean the people most likely to fall for these scams are, or else there'd be no need to warn people about these threats in the first place.

  11. Marco Alfarrobinha
    Thumb Up

    Missing the whole point of gamerscore.

    I can see that most of the comments are from people who seem to despise both gamerscore and people that play for gamerscore.

    Of course they do, that is their right.

    Now, I am 33, I have a family and a life, a job, I am not a fan-tard but I like playing for achievements. Does this fact make me a bad person? Of course not, but some some of you see gamerscore whores and start insulting.

    I have manged to get to 91,000 and yes, I will go to the end of the world to protect my XBL login details. I found this article very informative and interesting. Thank you, Register.

    P.S. Is it required for people that insult gamerscore whores to have poor spelling and grammatical skills?

    1. D@v3


      I see nothing wrong with trying to protect your gamerscore, you've played for it and earned it, so fair play to you.

      What i dont understand is what real benefit you get from buying someone else's gamertag.

      "Live IDs with high point scores attached to them can retail for 10 times as much as ordinary accounts"

      So you can boast to your friends, "ooooh, check me out, iv got 100M GP" to which they respond, "great get a life"

      As I said at the start, I've no problems with people who play for score, I've been known to replay games a few times trying to clean up the last few points myself, but that provides enjoyment for me. However if you buy a gamertag with a hugely inflated score, you don't get any of the pride of having completed the games, and I would imagine that it would be fairly obvious to anyone you know, that the score isn't truly yours.

      I know that if my gamerscore increased by a factor of 10 overnight (and my tag changed) any of my friends that actually cared enough to comment would say something along the lines of, "who d'ya nick that off then?"

  12. Ivor Biggen


    Awww this is so sad. You'd think a service you pay for would be secure and safe......

    Best go with the free service that works - or it could just be the users aren't stupid cheating loosers!

    1. Anonymous Coward

      Gamers! Tch!

      If you put as much effort into school/college as you do into gaming, you would know the difference between "lose" and "loose". Let's not even get into "their", 'there" and "they're", or "your" and "you're"!

  13. Tarthen
    Gates Horns

    What, has it been two years?

    I haven't seen any PS3 hacks yet.

    Oh wait, Sony designed the PS3 with security in mind. Unlike Microsoft, who seemed to design the Xbox 360 with nothing in mind (hell, they even have a 3-core /clone/ of the PS3's chip in the 360 - you see the Xenon? Well, that's a Cell Broadband Engine derivative).

    1. Peter Gathercole Silver badge

      Not copied, sold by IBM.

      Xenon and Cell are both mainly designed (and manufactured) by IBM. Just shows you how good the IBM Chip design and foundry businesses are at attracting high volume customers. And they also provide the CPU for the Wii, although this is more like a standard PowerPC.

      BTW. The Xenon is not a Cell derivative. It has modified PPE processors (3). The PPE is only part of the Cell, and the Xenon has no SPE's. Not really much of a comparison.

      1. Tarthen

        It's derived from research

        It's more or less based on Cell research, yes? If so, it could be called a derivative.

        1. SynnerCal


          Tarthen wrote: "It's [the Xbox360's 'Xenon' processor] more or less based on Cell research, yes?"

          No actually, both Cell and the Xenon are based on PowerPC research. As far as the docs I've got here imply, IBM developed PPC respins for various uses. Sony asked them to develop the Cell and the Cell-PPE is based on one of these respins.

          When MS approached IBM for a processor for the 360, IBM offered them a triple core version of the PPE.

          So, as far as that goes, Xenon and Cell are stepkids, with the PPC in the Wii being some kind of "country cousin"

          I like/respect the PS3 as a technical achievement, but I still think that the '360 is the better overall gaming package at the moment.

          Meanwhile, that was a good article, I'll be double checking tonight what sensitive information is being stored on my 360.

          1. Tarthen

            I tip my hat

            You're right there.

            Although, my understanding is that IBM, Sony and Toshiba all developed the Cell, from ~2003, working together. So it's not "just" IBM who made it; there are others too :).

            I really wish they didn't cancel the project though. I wanted a Cell in my laptop :( .

  14. Insane Reindeer

    Flame me!

    Look, the flame icon! What I am saying is purely designed to be flamed! I don't have an XBox of any sort and I don't have a PS3 either, but please, I have used the flame icon so flame away...

    1. John H Woods Silver badge

      oh do FOAD you bastard

      ... does that feel any better?

    2. The Fuzzy Wotnot


      I too have nothing meaningful to add to this discussion, but your attitude is just disgusting! People like you should...,should...., well I dont know, do something else! Nazi Germany started like this you know!

      ( See, pointless and a pathetic attempt to drag Godwin into it too! )

  15. Anonymous Coward

    social engineering attacks on Xbox

    It's pretty easy on Xbox Live$$ purely because of the number of retards on there willing to PAY for a inferior but well marketed service (It's hillarious that they really believe their money is paying some some magical service that's you get in exactly the same form, if not better, for free on other better consoles and even take the word of Microsoft as being proof of that).

  16. IHateWearingATie

    PS3 4Tehwin

    Hah xbox rubbish noway games on xbox bettre thn ps3 will pwn u shld u b unwse 2 ply me on MW2 nw lvl70 hv all the wpons 4 serious pwnage...

    ... sorry, I seemed to be channelling a gametard there for a minute. The thought of losing those online accolades sent me all funny :)

    Seriously though, even if I had no financial loss I'd be gutted if I lost my PS3 login as I've got many hours of Modern Warefare and MW2 hours invested in it to get some decent weapons for the multiplayer games.

  17. Michael 82

    So what...

    I play so badly I cant be bothered with gamerTag lol

    STEAM_ID:0000000000 cant be bothered to look it up!

  18. Adam Williamson 1

    not buying them for the points

    D@v3: read the article more carefully. People don't buy accounts with high gamer scores in order to boast about the score. They use the score as an indicator that the account will have access to a lot of bonus content, high-level items etc.

This topic is closed for new posts.

Other stories you might like