Recent cyberattack raises intellectual property concerns within the gaming industry

Earlier this month, news broke that the video gaming giant Electronic Arts (EA) — the maker of FIFA, Battlefield, The Sims, and a number of other popular games — was hacked, resulting in the theft of hundreds of gigabytes of source code. In contrast to other recent cyberattacks, hacks resulting in the theft of intellectual property raise unique cybersecurity concerns.

Many of the most recent high-profile cyberattacks have employed ransomware, a strategy in which hackers break into and encrypt databases before demanding exorbitant ransom payments in exchange for the decryption key.

Cybersecurity experts believe that ransomware attacks on American municipalities and infrastructure systems have become increasingly enticing due to their vast holdings of often poorly managed data. Some of the most high-profile ransomware attacks include the 2019 hack of the City of Baltimore, the 2020 SolarWinds hack, and earlier this year, cyberattacks that targeted the Colonial Oil Pipeline and meat processing conglomerate JBS.

On June 10th, Vice News reported that hackers had accessed the source code for a number of EA’s most popular games — amounting to a whopping 780GB of stolen data, which was found listed for sale on an underground hacking forum last week. In a statement that followed, an EA representative confirmed that only proprietary information was accessed and reassured users that their personal identifiable information (PII) had remained secure.

For video game producers — as well as film, TV, and media companies more broadly — intellectual property theft on this scale threatens the lifeblood of a company. In the aftermath of the EA hack, the source code was uploaded to forums from which it could be illicitly purchased and downloaded — rendering it a possibility that the code underlying some of the company’s most popular games could end up in the possession of competing game developers.

In contrast to a “ransomware” attack, this type of cyberattack relies on the existence of an online platform that can store or host the stolen data, enabling hackers to monetize it. Since the data is stored somewhere, copyright owners such as EA (or their authorized designated DMCA agents) have the ability to file DMCA takedown claims with the platform in question in an attempt to prevent further illegal distribution of their source code.

Since the onslaught of the COVID-19 pandemic, attacks of this nature have become increasingly common. For example, In December, it was found that a Russian cyber espionage attack targeting American software company SolarWinds resulted in the theft of a vast quantity of proprietary information and IP.

Leading cybersecurity experts attribute this uptick to the pandemic. As a result of the unexpected and in many cases hectic transition to remote work, companies were forced to expand digital access to a greater quantity of employees, leading to increased vulnerability to cyberattacks.

The Lumen Database reveals a handful of DMCA takedown notices filed by major video game developers including Nintendo and Square Enix. The majority of these notices pertain to copyrighted game characters or storylines that were used without the developer’s consent. Thus far, despite the fact that IP piracy is an increasingly prevalent phenomenon, there are relatively few DMCA notices requesting the removal of hacked materials have been logged in the Lumen Database.

In the event that remote work continues rendering companies vulnerable to cyberattacks targeting valuable IP, tracking and documenting the illicit spread and sale of stolen information will become increasingly necessary.

If more gaming platforms and other internet companies began sharing copies of the DMCA removal requests that they send to alleged infringers with the Lumen Database — or alternatively, began sharing them publicly via standardized transparency reports, or both — this would provide more clarity in understanding how intellectual property law applies within the context of cyberattacks facing the gaming industry.

—

About the author: Anna Callahan is a graduate of the University of Pennsylvania, where she majored in Communications and minored in Computer Science. She wrote her thesis on how social media platforms moderated disinformation in 2020 and is passionate about examining the implications of tech policy on democratic norms. Anna is spending her summer as a research assistant on the Lumen team at BKC. In her spare time, she can be found behind a camera, listening to music, or exploring New York City.