Despite having recommended the Darknet Diaries podcast way back in Edition #150, I fell behind in my listening and have just started catching up. This week I listened to a fascinating two part story about Manfred, an online game hacker who earned a living from his hacking for 20 years! Manfred found and exploited insecurities in pretty much every online game going, except World of Warcraft, for years.
Most exploits he found were integer overflow bugs that allowed him to increase the amount of virtual currency in the game (test your edge cases people!). He then sold these virtual assets an eBay first, then other marketplaces after eBay banned the sale of virtual goods. In one game he found a duplicate exploit, which allowed him to login twice without logging out, effectively doubling his in game assets, that's compound interest on steroids!
He only used exploits that did not effect the other players and moderators of a game, and only when that game did not offer its own in-game purchases, effectively offering after-market services without disrupting the business model of the game. After 20 years of raking in the cash, most games now have in-game purchases, so he has hung up his black hat in exchange for a security consultant's white hat.