June 9, 2020by Cybersixgill

Gaming the Game: Cybersixgill Report Shows eSports Fraud Spiking

Esports is big business. Professional video game players can earn hundreds of thousands of dollars per year. Professional streamers - people that play video games live on platforms like Twitch - can earn even more.

Perhaps it’s no surprise that tools to game the system are widely available on dark web marketplaces. These tools include bots that can give players an edge in competition or inflate viewership on online streaming platforms.

And while these tools might seem harmless when compared to the massive business disruption and financial fraud services that typically dominate dark web marketplaces, the use of the dark web for relatively minor offenses might serve as a gateway to larger criminal endeavors.

These findings are detailed in our new report, “In It To Win It! eSports On the Underground: Hacks, Exploits & Fraud,” which documents dark web activity around gaming. Some of the key takeaways from our research:

Dark web chatter with references to “aim bots” and other esports cheats spike significantly around major tournaments. In 2018, when competitors were vying for entry into a Counter-Strike: Global Offensive tournament with a $4 million prize pot, mentions of such hacks more than doubled.


Histogram of spike in chatter during 2018-2019 CS:GO tournament season

Amazon’s purchase of the Twitch streaming platform may have signalled to streamers and fraudsters alike that the gaming space represented a serious money-making opportunity. The statistics on chatter covering “viewer bots” used to inflate traffic illustrate the point. After Amazon purchased Twitch in 2014, the term “viewer bot” was used on the dark web approximately 60,000 times annually, up from about 1,600 instances previously.

Seven of the underground sources that we monitored for esports-related fraud had a combined 280,000 posts selling compromised credit card accounts, access to online accounts, or other fraudulent activity. The proximity of these topics - esports and financial fraud - indicates that the esports fraud may serve as a training ground for bigger schemes.

Bots designed to imitate viewers for the Twitch platform can be bought for as little as $5 per 1,000 and can deploy sophisticated counter-measures to avoid Twitch’s attempts at detection.


A threat actor selling a twitch viewer bot on an underground market

Threat actors are able to counter anti-cheating measures with alarming speed. Hackers were able to release “aim bots,” which make it easier to target competitors, for Riot Games’ hot new title “Valorant”  within a month of its release, and while it was still in beta. Rampant cheating tends to decrease player interest in a game, and is thus a threat to the game studio’s profits.

Notoriety and fame are the largest rewards for those that manipulate eSports venues. For any young minds, these rewards outweigh the penalties. An account may be banned if caught cheating, but that is easily circumvented. One merely has to create a new account. Unfortunately, the light punishments may make it seem that fraud is risk free. Some young people introduced to cheating through the dark web may think the penalties are equally light for larger schemes involving stolen credit card accounts.

Security experts should stay abreast of trends in the eSports fraud scene. Additionally, major vendors of these tools may help researchers identify and map emerging fraud networks.

To read the full report, click here.

You may also like

A close-up, detailed, and vibrant image of a microscopic cell with numerous tentacle-like extensions, depicted in shades of pink and purple against a blurred blue background.

May 15, 2024

Black Basta's Devastating Attack on a US Hospital System: Lessons Learned and Protective Measures

Read more
Screen showing a malware alert

May 09, 2024

New 'Latrodectus' Malware Linked to Notorious 'IcedID' Developer: A Deep Dive into Targets, Potential Impact, and Remediation Steps

Read more
Chris Strand-Thumbnail

May 07, 2024

Enhancing Security Posture with Cyber Risk Intelligence Part 2

Read more