Hackers who stole "FIFA 21" invested just $10 in the attack


The attackers based their intrusion into EA on social engineering. By: REUTERS

Last week, video game company Electronic Arts were the target of a computer attack that violated the company's confidential information. On the occasion, cybercriminals stole more than 780GB of data from the US studio, including the source code of FIFA 21 and tools from the Frostbite graphics engine that underpins many of the firm's games, including Battlefield.

As the progress of the investigation, the story adds a new chapter. A representative of the hacker group told motherboard that for this attack they invested just $10. Strictly speaking, they paid that sum to get hold of cookies that were sold online and used them to gain access to a Slack channel that EA employees use for internal communications.

// The ten keys to avoid falling victim to a virtual scam

"We are investigating an intrusion incident into our network where a limited amount of game source code and related tools were stolen," the company said shortly after the breach was disclosed and reported that the hackers did not access player data.

After the incident, we apply security enhancements and do not expect any impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation," they added.

More details of the EA hack

Now, how did they "turn those cookies (data that account for a user's online activity) into a key to access information as valuable as the FIFA 21source code? At this point, social engineering came into play, a practice that consists of obtaining confidential information through the manipulation of people and not directly of systems, in the belief that users are the weakest link of any computer infrastructure.

According to the cited source, once inside the internal communication platform the hackers sent a login token to an Electronic Arts employee, who fell into the trap and opened the link. In this way, it opened the door to private systems.

In this instance, cybercriminals found a developer service, which EA uses to compile games. They designed a virtual machine and downloaded the game code, as well as information from Frostbite.

// Did I inherit a fortune or do they want to rip me off? The least sophisticated fraud is still alive and kicking

"Once inside the chat we sent a message to the company's support and alleged that we had lost the phone at a party," said one of the hackers, who shared screenshots confirming instances of the intrusion, including conversations on the Slack platform. In addition to the aforementioned information, the representative of the cybercriminals showed the material to reveal that they got data from PlayStation VR and artificial intelligence tools that EA includes in the title as FIFA 21.

Post a Comment