Fortnite Teen Hackers 'Earning Thousands of Pounds a Week'

Uploaded on 2019-01-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Children as young as 14 are making thousands of pounds a week as part of a global hacking network built around the popular video game Fortnite. The game has more than 200 million players. About 20 hackers told the BBC they were stealing the private gaming accounts of players and reselling them online.

Fortnite is free to play but is estimated to have made more than £1bn through the sale of "skins", which change the look of a character, and other add-ons. This fuels a growing black market. Hackers can sell player accounts for as little as 25p or hundreds of pounds, depending on what they contain.

The items are collected as in-game purchases but are purely cosmetic and do not give gamers any extra abilities. Fortnite-maker Epic declined to comment on the investigation but said it was working to improve account security.

Felt Horrible

One British hacker said he got involved at the age of 14 earlier this summer, when he himself became the victim of a hack. Speaking from his bedroom via a video chat, wearing a baseball cap and bandana to hide his identity, the teenager said he had spent about £50 of his pocket money to build up a collection of skins, when he had woken up to a message that changed everything.

"The email said that my password had been changed and two-factor authentication had been added by someone else. It felt horrible," he recalled.

Two-factor authentication meant his account could only be accessed by entering a code sent to an email address or app registered by the perpetrator.Like many victims, he turned to Twitter to vent his frustration. That was where he saw new accounts containing even better items on sale.

"I was approached by someone who said I could buy an account for 25p and I could clearly see the account was worth a lot more," he recalled.

I Bought it!

He knew he was playing on a stolen account but with so many others doing it online and making lots of money, he was soon drawn into the world of "Fortnite cracking".

"I was approached by a cracking team and they told me what it was and all about 'combos', 'proxies' and I guess they showed me how to crack," he said.

Lucky Dip

He said they showed him where to find the vast lists of usernames and passwords published online from other data breaches over the years. They showed him where to buy "off-the-shelf" hacker tools needed to input those credentials into the login page of Fortnite. Once inside an account, they showed him how to take it over and then sell it to the hungry online community.

He insisted that he only carried out one cracking session. But in that single day he managed to access more than 1,000 Fortnite accounts.

"It's lucky dip basically, you either get a good account or you don't. People like the rarity of the 'skins' and it's about the look of them and showing off to friends."

The hacker said he was now a middleman for other crackers, selling on accounts he knew to be stolen. In his first few weeks, he made around £1,500 and bought himself some games and a new bicycle. He said he knew what he was doing was illegal, but his parents were aware of his activities and had not stopped him. Offences like this fall under the Computer Misuse Act and carry a possible prison sentence of two years.

Some hackers show no signs of remorse or concern. One of the most prolific is a 17-year-old from Slovenia, who sells through his own website. "You can't get caught, nobody checks it," he told the BBC from within the game.

Amidst the gunfire and wall-building, he said he had made £16,000 in the seven months that he had been cracking.

He said his mother was an accountant who was helping him save for a first car. He sent screenshots of his PayPal accounts and Bitcoin wallets to confirm his business was real. Another hacker showed proof of earnings ranging from £50 a day to almost £300. The 15-year-old from France said his best week netted him £2,300.

"Yes I have done other stuff but nothing too big," he added, referring to identity fraud among other cyber-crimes.

The National Crime Agency says there is a long-standing link between video games and hacking, and that publishers need to do more to prevent players being tempted into crime.

"What we want to see these companies do is not look at this from a purely technical standpoint," said the agency's lead on gaming, Ethan Thomas.

"What we'd like... is the gaming industry engaging more with law enforcement and looking at early intervention messaging on their platforms to divert [youngsters] on to a more ethical and legal path."

Debbie Tunstall runs rehabilitation days for low-level hackers who have been caught. She is concerned about networks like Fortnite's cracking community.

"We know that these sorts of activities are linked to organised crime and we know that they are being egged on by more dangerous people behind the scenes," she explained.

"There is definitely cyber-crime grooming taking place and if we don't act they could easily get taken down that route."

The issue of account hacking on Fortnite was first brought to the attention of Epic in March, when it said it was looking into the problem.

Hackers say it makes it extremely hard for them to access an account if players add two-factor authentication to their own accounts.Epic encourages the security measure by rewarding those who adopt it with in-game accessories but has opted not to make the step mandatory.

BBC:

You Might Also Read:

Hackers Are Targeting Young Video Gamers:

« Quantum Computing – Advantage Or Security Threat?
Cybercrime Gangs Continue To Innovate »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Ambersail

Ambersail

Ambersail provide Penetration Testing and Cyber Security Compliance services.

Tech Mahindra

Tech Mahindra

Tech Mahindra is a global leader in IT solutions, BPO, business consulting services & digital technologies.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NeuShield

NeuShield

NeuShield is the only anti-ransomware technology that can recover your damaged data from malicious software attacks without a backup.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

Cynalytica

Cynalytica

Cynalytica deliver pioneering cybersecurity and machine analytics technologies that help protect critical infrastructure, securely enable Industry 4.0 and help accelerate digital transformation.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

Akamai Technologies

Akamai Technologies

Akamai's leading security, compute, and delivery solutions are helping global companies make life better for billions of people, billions of times a day.

Fivecast

Fivecast

Fivecast is enabling a safer world. We help organizations around the world explore masses of data to uncover actionable insights.

Apex

Apex

We aspire to make the AI revolution run faster, securely, for the benefit of all. We are purposely built for the new AI era and are creating capabilities to safely enable AI.

US Insider Risk Management Center of Excellence (US-InRM)

US Insider Risk Management Center of Excellence (US-InRM)

The US-InRM Center of Excellence is a nonprofit organization dedicated to promoting private, public, and academic partnerships to foster knowledge sharing and resources to mitigate insider risk.

Quantum Dice

Quantum Dice

Quantum Dice is an award-winning venture-backed spinout from Oxford University’s world-renowned quantum optics laboratory.

Cloudbox

Cloudbox

Cloudbox build and maintain a highly secure, compliant IT infrastructure for our clients – with total peace of mind – so they can focus on the market.