Securing Azeroth: A Discussion of

Information Security Issues in

World of Warcraft
Richa Mehta

Department of Computer Science,

Kentucky State University

Abstract
World of Warcraft is a massively multiplayer online role-playing game (MMORPG) with
a current player base of more than five and a half million subscribers. With a virtual
economy that often has real-world parallels, it is susceptible to several cybersecurity
issues common to other massively distributed client-server systems. These include, but
are not limited to: compromised account security from spyware, malware, and phishing
attacks, denial of service attacks, and in-game cheating and commercial fraud in the
form of spambots. This paper discusses the security issues that are inherent to
massively distributed games using World of Warcraft as a specific case study, and
includes the attacks that the game is known to have fallen prey to, countermeasures
taken to address these attacks, preventive measures implemented against security risks,
and any additional recommendations that can be used to avert further attacks.

Introduction

Whats going on?

Over the course of years, video games have evolved from single-terminal, single-user
video games, to locally networked multiplayer games that boasted a few dozen
players, to online multiplayer games played simultaneously by thousands of people
over massively distributed systems.

At the same time, video games have transformed from laboratory experiments to
clunky arcade machines, to disk-based computer and console games and are now
effervescing into the cloud [1]. Massively multiplayer online role-playing games
(MMORPGs) are a product of this continuing evolution.
1

Securing Azeroth: A Discussion of Information Security Issues in World of Warcraft

Richa Mehta

Set in the fictional world of Azeroth, World of Warcraft is an MMORPG created and
introduced by Blizzard Entertainment in 2004. Typical of MMORPGs, the game allows
players to control an in-game character and interact with other player characters and
non-player characters (NPCs) while they explore the game world. Since its release,
the game has seen great commercial success, at one time receiving the Guinness
World Record for being the Most Popular MMORPG in terms of subscribers, with a
reported player base of 10 million subscribers in January 2008 [2]. Despite the
number dropping to 5.6 million subscribers as of the end of the second quarter of
2015, World of Warcraft still remains the worlds most subscribed MMORPG even
today, 11 years after its initial release [3].
The game is not free-to-play, requiring a monthly subscription paid either by
redeeming prepaid game-time cards, or by setting up regular payments using credit
or debit cards. Players can also pay for their subscription with in-game gold. With 10
million documented subscribers in 2008, each shelling out ~$15/month to play, the
game generated approximately $1.8 billion annually from the monthly subscriptions
alone, not including revenue from people who had to purchase the game. As in any
game, players are often competitive, including obsessive gamers, who will go to great
lengths to achieve their in-game goals [4].

A game that regularly generates revenue in the millions of dollars automatically

becomes a lure for criminals and vulnerable to security exploits. In addition, the
virtual, collaborative environment of World of Warcraft is built around a massively
distributed system architecture, and because of this, it is inherently at risk to the same
security and privacy concerns as any other massively distributed system.

1.1

The Information Security Angle

The ultimate information security goals in any information technology system are to

protect confidentiality,
ensure integrity, and
maintain availability.

These three attributes, defined as the CIA Triad, define the primary information
security goals in World of Warcraft as well. In addition, cheating and manipulation of
the gaming system is also a concern that must be taken into account. Hu et al
acknowledge that the characteristics of an MMORPG render it vulnerable to cheating
and game procedure attacks [5]. Thus fairness is also a relevant security goal.
Significant research exists on security issues in and around online gaming. In
particular, cheating in online games, especially in MMORPGs, has attracted the
attention of researchers.
Additional research also exists around the identification of security issues in
collaborative virtual environments (CVE). As an MMORPG, World of Warcraft is an
example of a CVE and security for such a system can thus be defined based on the
information flow in the network [6].
2

Securing Azeroth: A Discussion of Information Security Issues in World of Warcraft

Richa Mehta

World of Warcraft, in particular, is an interesting case study for several reasons. The
thousands of constant interactions between the players (client) and the game server
in real-time leave the game vulnerable to network threats that can intercept and
change the data being exchanged and directly affect the game [7].

Players are also involved in active trading and wealth accumulation in-game, leading
to a comprehensive virtual economy being formed in game, which translates to realworld economic value [8]. In a game that is as popular as World of Warcraft, with the
large numbers of players in a networked environment, all these factors combine to
make it a fertile ground for attackers to subvert the system.

Given these factors, World of Warcraft is susceptible to, and has on occasion
succumbed to, a variety of attacks that compromise the security of the game. Further,
in World of Warcraft, this has a two-fold effect, since it requires the implementation
of security policy to protect World of Warcraft from malicious attacks, and protect
both game and user data from security threats.

1.2

Research Goals

In this paper, I will discuss some of the attacks that have affected World of Warcraft
and define them within the parameters of the CIA Triad.

I will also attempt to analyze some of the countermeasures that were put in place, and
touch upon some preventive measures, if any, that have or could have been
implemented to address these security issues.

1.3

Definitions and Nomenclature

For the remainder of this paper, I will use some specific terms and these are defined
as follows:

World of Warcraft, also referred to in the paper as WoW, the game, game
software or system is the information system for which we will evaluate
security risks in this paper.
Blizzard Entertainment, Inc., also referred to as Blizzard, game developer, or
game owner, is the entity that owns the game and is the organization
responsible for enforcing any security policies to protect the game and its
users, and all associated data.
Players, also referred to as users, gamers, or subscribers are the people who
play the game.
Battle.net, also referred to as Bnet, is Blizzards online gaming and digital
distribution platform.
Account refers to the accounts which are required to play the game. Account
security thus is the security of players Bnet accounts. WoW account and Bnet
account are used interchangeably in this paper.
Attacker, also referred to as hacker, or scammer is used to refer to people or
organizations that target the game with malicious intent to disrupt the
integrity or availability of game services or gain access to confidential
information.
3

Securing Azeroth: A Discussion of Information Security Issues in World of Warcraft

Richa Mehta

Security Issues

Its not safe out there.

Attacks that compromise the information security of the game can be classified into
the following broad categories, based on the part of the game system they put at risk:

2.1.1

Account Security
Game Integrity
Game Availability

Attacks on Account Security

These attacks compromise the security of player accounts and their personal
information. Such attacks can take on various forms, including but not limited to:

2.1.2

Intrusion or hacking
Trojan horse (spyware or malware)
Social engineering (phishing/spoofing)

Attacks on Game Integrity

These attacks compromise the integrity of game data. Within the virtual economy of
World of Warcraft, even virtual assets have real-world value and lead to security
exploits for gathering virtual gold and even money laundering. Games are also
susceptible to a different kind of threat in terms of abuse of the system by players or
cheating using third-party applications, such as using bots.

2.1.3

Attacks on Game Availability

These mainly consist of denial-of service attacks, but also include in-game incidents
arising from glitches in the game software that put entire servers of player population
at risk of exploitation.

Attacks on Account Security

If you build it, they will come.

In World of Warcraft, the keystone of each game experience is the gamers user
account. The user account holds all the personal information about each player and
provides access to their game character, including not only all of their virtual assets,
but often accessibility to real-world payment options like credit cards. Like with any
other networked system, if it is there, a hacker will find it, or at least try.

Compromising a user account can be used for any number of malicious actions,
including but not limited to auctioning virtual assets for in-game gold (or real
currency), account trading, or misusing hacked personal information for financial
gains.

Securing Azeroth: A Discussion of Information Security Issues in World of Warcraft

Richa Mehta

3.1

3.1.1

Known Attacks and Issues

Account Hacks

In 2012, the Battle.net service was hacked, with attackers accessing users email
addresses, security answers, and encrypted passwords. Players on North American
servers were asked to update their account information, including their security
questions, even though Blizzard claimed at the time that the data stolen was not
enough to access user accounts [9].
Again, in 2013, Blizzard issued a security warning after their website and their mobile
companion app saw multiple unauthorized login attempts. The in-game auction
house was hacked during this breach, and several users reported that their accounts
had been compromised and in-game currency had been used to buy trivial items as a
form of money laundering, with the hacker receiving the profits of such illegitimate
sales [10].

In both cases, several users reported their accounts were hacked despite the presence
of a mobile authenticator for two-factor authentication.

3.1.2

Social Engineering Attacks

Blizzard accounts have often been targeted in phishing/spoofing attacks that prompt
them to reveal account information. Since 2011, in at least seven separate userreported emails, attackers employed various tactics to direct users to log into their
Blizzard accounts to verify their login credentials, by following a masked link
provided in the email [11]. Such links usually lead users to spoofed sites that look
similar to the original Blizzard website, but are actually set up to record the entered
information.

Another common trend is for attackers to use the in-game chat system to influence
players to give up sensitive information or lead them to spoofed sites. In some
instances, attackers even try to lure players with the promise of a free, usually rare,
in-game item [12]. In a game where several players are under the age of 18, this is
particularly dangerous because children might be easily fooled, or may not realize the
dangers of giving their account information to strangers, especially when they pose
as figures of authority like game masters or Blizzard representatives.
Users who do fall prey to these attacks severely compromise the security of their
accounts since the attacker now has access to their account information, and could
transfer assets out of their account.

3.1.3

Trojan Horses

Malicious Trojans that hijack accounts are a common threat to the security of most
online systems. MMORPGs like World of Warcraft, where accounts are valued in realworld currency, are popular targets for attackers [13].
In early 2014, players were affected by a Trojan that hijacked accounts by posing as
an installer for Curse, a legitimate add-on (an approved third-party application that
improves or enhances in-game experience) for the game [14]. The malware was
hidden in a working version of the add-on.
5

Securing Azeroth: A Discussion of Information Security Issues in World of Warcraft

Richa Mehta

Once these trojanized versions of the add-on were installed on a players computer,
user accounts were hijacked despite the presence of two-factor authentication. This
was particularly dangerous since the Trojan could intercept not only user names and
passwords, but also the unique authentication code generated by an authenticator
fob.

In a similar incident, in 2006, keylogging attacks compromised the account security

of several players. The keylogging software was first planted on fake gaming advice
websites, and spread through infected emails, user chats, and game forums. Windows
users whose computers did not have virus and malware protection were vulnerable
to the infection [15].

3.1.4

Other Issues

In 2010, Blizzard decided to enforce the use of real names on the official World of
Warcraft forums known as Real ID. Players objected vehemently to this move.
When a Blizzard employee chose to reveal their real name on the forum in support of
the idea, their personal information was leaked to show how having someones real
name available on the forum could potentially be used to harass a person in real life,
and could even be dangerous. In the face of all the opposition, the idea was rejected.

On a different note, character or account sharing is explicitly disallowed according to

the games terms of use, but players may still share their account passwords with
friends, partners, or siblings. Although not an active breach in the sense that there is
no hacker in this scenario, simply allowing another person to have their password
compromises players account security.

3.2

Countermeasures

With respect to the data breach of 2012, Blizzard asserted that passwords would not
be easily available to the hackers because of the use of the Secure Remote Password
(SRP) protocol used to encrypt them [9]. SRP is a secure password-based protocol
for authentication and key-exchange. SRP improves the security of a system by
eliminating the need to transmit plaintext passwords and enabling encryption with
its secure key-exchange system [16]. However, despite the apparent security of the
encryption mechanism, Blizzard advised North American users to change their
passwords and security questions.
The introduction of two-factor authentication was also a step towards improving the
security of Battle.net accounts. The Battle.net Authenticator is available as a physical
device or as a mobile application. The authenticator generates a unique 8-digit code
players must enter when logging into the game or accessing account management
screens. This is a one-time code that is valid for a limited time [17]. Blizzard officially
stated in 2008 that they had no confirmed reports of any successful attacks on
accounts that have attached authenticators [18].

However, it has since come to light that the authenticators can be bypassed using a
"man-in-the middle attack" method in which malware installed on a players
computer intercepts user names, passwords, and the 8-digit authenticator code.
6

Securing Azeroth: A Discussion of Information Security Issues in World of Warcraft

Richa Mehta

Since the code is valid for a limited time, an attacker is able to intercept and block the
players login attempt, while the attacker himself is able to successfully log into the
account [13]. To combat this issue, a modification to the way the authenticator works
may prove effective. For example, if the generated code can only be used once,
whether for a successful or failed login attempt, then an intercept attack may not be
successful.

Blizzard also recommends the use of SMS protect, to receive notifications if any
account information is changed

In addition to these countermeasures, it is important for players to safeguard their

own computers using antivirus and antispyware software for their protection.
Regular scans can detect potentially malicious Trojans. Practicing caution when
approached by strangers when in-game and not clicking on suspicious links in emails
is also a good practice. Furthermore, being judicious in choosing what third-party
add-ons players use to alter the game, or even not using any at all, would greatly limit
their exposure to malicious code.

Attacks on Game Integrity

Never trust the client.

In the client-server model followed by World of Warcraft, enforcing game rules and
ensuring information security is the sole responsibility of the server. In such an
environment, it is not always easy to implement strict controls on player behavior
that may compromise the integrity of the game.

4.1

4.1.1

Known Attacks and Issues

Botting

Botting refers to using an external application to play the game instead of the player,
often with barely any human intervention required at all [13]. Glider was a popular
application in use to cheat the gaming system in World of Warcraft. The application,
or bot, performs tasks by using preconfigured information set, which included map
coordinates, and various other options such as levels of monsters to fight. When the
bot is working, it controls the players game character, killing monsters based on the
preconfigured criteria and collects the virtual loot without the player having to lift a
finger [19]. Use of such software is against Blizzards Terms of Use for World of
Warcraft and essentially is a form of cheating since it gives the player an unfair ingame advantage.

4.1.2

Real Money Trading

Account trading sites exist where people can buy or sell their Battle.net accounts for
varying sums of real money, depending on the kind of progression their game
characters have achieved in-game. Player Auctions (www.playerauctions.com) and
Account Warehouse (www.accountwarehouse.com) are just two of several such sites.
7

Securing Azeroth: A Discussion of Information Security Issues in World of Warcraft

Richa Mehta

Game accounts are available for sale at prices ranging from $35 to over $2000, despite
the World of Warcraft Terms of Use explicitly stating that account trading is against
the terms of their agreement [20].

Power leveling is also available as a service on such sites. Players can hand over
their account information to such a service provider, and in exchange for a payment,
their game characters are leveled up by people in the employ of the service provider,
with often more than one person playing through the players account [4]. Many such
service providers also engage in gold farming the acquisition of in-game currency
through repetitive in-game actions. In-game currency is then sold online at varying
prices driven by an exchange rate. (At the time of writing this paper, the going rate
was 50,000 gold for $26.99.)

All of these activities are explicitly banned by the games Terms of Use. Essentially,
breaking these rules is effectively a security breach [5]. These activities, known in the
gaming world as Real Money Trading (RMT), are a security issue because of the
consequences of RMT, which include influencing the virtual economy, intentional ingame harm to players to gain access to their items, and encouraging cheating through
the use of bots or illegally accessing other players accounts [21]. However, these
activities fall into a legal gray area and are difficult for Blizzard to monitor or control.

4.2

Countermeasures

Blizzard includes a software called Warden with its Battle.net client. Warden runs in
the background when World of Warcraft is running on a players computer, and is
used to detect third-party botting software if it is running on the same machine.

Several other methods for countering bots have also been proposed over the years.
These include using input monitoring systems to filter out bot responses from human
responses since bots usually have a much sharper response pattern than humans [19]
[22]. Captcha tests initiated at random intervals while the game is running may also
be an effective countermeasure.
Identifying RMTers is more of a challenge since these are actual humans playing the
game. One of the methods to counter RMT in the game, is to identify groups of
characters who trade closely with each other. According to Fujita et al, RMTers
develop dense relationships with each other and trade with each other a lot more
than with general players. Thus, identifying one RMTer can lead to easy detection of
other such accounts [21].

Another method to combat RMT is to allow official trading of in-game items for rela
currency. For example, it is possible to buy some pets and mounts, and even gold,
from the World of Warcraft official in-game shop. Once these items are no longer an
exclusive commodity on the gray market, the demand for them should decrease,
reducing the profitability of RMT.
In addition, since in-game trades may often be the result of someone misusing a
hijacked account, enforcing a delay between the time an in-game sale is made and the
time the payment is credited to a players account might give game administrators
time to detect possible mischief [13].
8

Securing Azeroth: A Discussion of Information Security Issues in World of Warcraft

Richa Mehta

Attacks on Game Availability

Take a break.
Speaking as a gamer, a break is usually the last thing a gamer wants to take. The very
nature of an MMORPG like world of Warcraft fuels a drive in players to constantly
stay connected and it is known to even be potentially addictive [23].

However, attacks on game availability thwart the ability of players to connect to the
game, usually by causing a disruption in the network.

5.1

5.1.1

Known Attacks and Issues

Distributed Denial of Service (DOS) Attacks

Battle.net is periodically subjected to DDoS attacks, with the latest attack occurring
in August 2015 [24]. Several servers were taken offline and players reported not
being able to log into their accounts during the attack.
In early 2010, in a different attack, players on a European server reported being
disconnected from the game repeatedly. With some investigation, it was discovered
that a single player had used an in-game macro to overload the server [7].

Since most DDoS attacks originate from multiple host computers, usually hijacked
without the computer owners knowledge, they are harder to track down and prevent
[25].

5.1.2

Software Glitches

Bugs are ubiquitous in any software, and game software is no exception. However,
sometimes, while not exactly an attack, software glitches are still security issues since
they cause unexpected situations and lead to unpredictable responses within a
games environment.

In 2005, Blizzard introduced a new raid. During the boss fight in this raid, players
were affected by a contagious spell called Corrupted Blood, which drained the
characters health. The spell, which was intended to last only seconds and function
only within the confines of the raid instance, spread across the entire game world
because of a bug in the software. With low-level player characters dying due to the
effects of the spell, and everyone that came near an infected player also getting
infected, the incident resembled a real-world epidemic, and had similar in-game
responses, with players abandoning cities, and programmers imposing quarantines
[26].

The Corrupted Blood incident as it came to be known would reportedly not have
spread far without the malicious efforts of griefers or online terrorists, which
resulted in people not being able to play the game either because they would die from
the infection whenever they tried to play, or because they were severely restricted in
their movements within the game.
9

Securing Azeroth: A Discussion of Information Security Issues in World of Warcraft

Richa Mehta

5.2

Countermeasures

DDoS attacks can be perpetrated using botnets by instructing bots to flood a specified
target server. For a successful attack, a large number of compromised machines is
required. While Blizzard continually monitors their servers, and maintains
infrastructure that can combat high volumes of server traffic, a strong DDoS attack is
hard to prevent. Monitoring systems that can identify the remote controller of an
attack by tracking botnets and shut it down can be effective in thwarting DDoS attacks
[27]. In addition, players ensuring that their computers are malware-free also ensure
their machines arent hijacked and contributes to keeping the network relatively
secure.

Conclusion

Thats all, folks!

In summary, security issues are an unavoidable part of the World of Warcraft
experience [28]. Over the years, the frequency of malicious attacks has decreased as
organizations get smarter about protecting their data. The classic terms of the CIA
Triad remain integral to identifying security risks within the game, but in addition to
that the abundance of opportunities for cheating require a fourth criteria, fairness, to
be evaluated as well [7].
With respect to these security goals, while the game developer remains largely
responsible for maintaining availability and monitoring service interruptions, the
other aspects of information security in the game environment appear to also the
responsibility of the player.

For example, despite all manner of encryption enforced server-side, if a player is

careless about the security of their account information or duped by a phishing attack,
there is little Blizzard can do to keep such a compromised account secure short of
trying to recover it after the fact. Thus the confidentiality of information in the game
can be compromised by a lapse in security on either side of the gaming system. Game
integrity, too, is secured subject to fair practices by players, and stringent monitoring
by the game developer.
While countermeasures to combat threats are constantly being implemented, new
research in the area makes it possible for organizations like Blizzard to improve their
security through newer methods. As long as players and game developers work in
cohesion, security threats, even in a vulnerable system like World of Warcraft, will
remain minimal.

10

Securing Azeroth: A Discussion of Information Security Issues in World of Warcraft

Richa Mehta

References

[1]

M. Overmars, "A Brief History of Computer Games," 30 January 2012. [Online]. Available:
http://www.cs.uu.nl/docs/vakken/b2go/literature/history_of_games.pdf. [Accessed 6
December 2015].

[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]

M. Langshaw, "Guinness announces gaming world records," 6 June 2009. [Online]. Available:
http://www.digitalspy.com/gaming/e3/news/a158552/guinness-announces-gaming-worldrecords/. [Accessed 6 December 2015].
"Activision Blizzard Announces Better-Than-Expected Second Quarter 2015 Financial
Results," 4 August 2015. [Online]. Available:
http://www.businesswire.com/news/home/20150804006820/en/#.VcH_ZJNwvAI.
[Accessed 6 December 2015].

J. Dibbell, "The Life of the Chinese Gold Farmer," The New York Times Magazine, 17 June 2007.
J. Hu and F. Zambetta, "Security issues in massive online games," Security and Communication
Networks, vol. 1, pp. 83-92, 2008.
A. Y. Gital, A. S. b. Ismail and S. Subramaniam, "On consistency and security issues in
collaborative virtual environment systems," International Journal of Physical Sciences, vol. 8,
no. 33, pp. 1646-1654, 2013.
R. v. Summeren, "Security in online gaming," (unpublished), 2011.

G. Hoglund and G. McGraw, Exploiting Online Games, Addison-Wesley, 2007, pp. 67-72.

C. Albanesius, "Blizzard's Battle.net Servers Hacked, User Info Stolen," PC Magazine Digital
Edition, 10 August 2012.

[10] J. Peel, "Blizzard confirm World of Warcraft auction house hackings," PCGamesN, 13 June
2013.

[11] "Scam Reports," [Online]. Available:

http://www.scamtrends.com/?s=world+of+warcraft&x=0&y=0#sthash.9pRR4buc.qf19OKqM
.dpbs. [Accessed 7 December 2015].
[12] M. Osena, "World of Warcraft Scams: Free Gifts and Fake Account Suspension Threats,"
TrendLabs Security Intelligence Blog, 28 September 2010. [Online]. Available:
http://blog.trendmicro.com/trendlabs-security-intelligence/world-of-warcraft-scams-freegifts-and-fake-suspend-account-threats/. [Accessed 9 December 2015].
[13] D. Jiang, "Security Issues in Massively Multiplayer Online Games," (unpublished), p. 3, 2011.

[14] D. Goodin, "World of Warcraft users hit by account-hijacking malware attack," Ars Technica, 6
January 2014. [Online]. Available: http://arstechnica.com/security/2014/01/world-ofwarcraft-users-hit-by-account-hijacking-malware-attack/. [Accessed 9 December 2015].

[15] J. Leyden, "Warcraft gamers locked out after Trojan attack," The Register, 29 September 2006.
[Online]. Available: http://www.theregister.co.uk/2006/09/29/warcraft_trojan_attack/.
[Accessed 9 December 2015].
[16] Network Working Group, "RFC2945: The SRP Authentication and Key Exchange System,"
September 2000. [Online]. Available: https://www.ietf.org/rfc/rfc2945.txt. [Accessed 9
December 2015].
11

Securing Azeroth: A Discussion of Information Security Issues in World of Warcraft

Richa Mehta
[17] Blizzard Entertainment, Inc., "Battle.net Authenticator," 25 November 2015. [Online].
Available: https://us.battle.net/support/en/article/battlenet-authenticator. [Accessed 9
Decemebr 2015].

[18] M. Schramm, "WoW Insider Interview: Blizzard speaks about Authenticator security," 09
September 2008. [Online]. Available: http://www.engadget.com/2008/09/18/wow-insiderinterview-blizzard-speaks-about-authenticator-secur/. [Accessed 9 December 2015].
[19] S. Gianvecchio, Z. Wu, M. Xie and H. Wang, "Battle of Botcraft: Fighting Bots in Online Games
with Human Observational Proofs," CCS, 2009.
[20] Blizzard Entertainment, Inc, "World of Warcraft Terms of Use," 22 August 2012. [Online].
Available: http://us.blizzard.com/en-us/company/legal/wow_tou.html. [Accessed 8
December 2015].

[21] A. Fujita, H. Itsuki and H. Matsubara, "Detecting Real Money Traders in MMORPG by Using
Trading Network," in Proceedings of the Seventh AAAI Conference on Artificial Intelligence and
Interactive Digital Entertainment, 2011.
[22] T. Schluessler, S. Goglin and E. Johnson, "Is a Bot at the Controls? Detecting Input Data
Attacks," Netgames, 2007.

[23] J. Billieux, J. Deleuze, M. D. Griffiths and D. J. Kuss, "Internet Gaming Addiction: The Case of
Massively Multiplayer Online Role-Playing Games," in Textbook of Addiction Treatment:
International Perspectives, Springer Milan, 2014, pp. 1515-1525.

[24] A. Holisky, "World of Warcraft is under a DDoS attack right now," Blizzard Watch, 19 August
2015. [Online]. Available: http://blizzardwatch.com/2015/08/19/world-of-warcraft-isunder-a-ddos-attack-right-now/. [Accessed 9 December 2015].
[25] F. Lau, S. H. Rubin, M. H. Smith and L. Trajkovic, "Distributed Denial of Service Attacks,"
(unpublished), 2001.

[26] R. Lemos, "Digital plague hits online game World of Warcraft," 27 September 2005. [Online].
Available: http://www.securityfocus.com/news/11330. [Accessed 10 December 2015].

[27] F. C. Freiling, T. Holz and G. Wicherski, "Botnet Tracking: Exploring a Root-Cause Methodology
to Prevent," in 10th European Symposium On Research in Computer Security, Milan, Italy, 2005.
[28] E. J. Hayes, "Playing it Safe: Avoiding Online Gaming Risks," 2008. [Online]. Available:
https://www.us-cert.gov/sites/default/files/publications/gaming.pdf. [Accessed 9 December
2015].
[29] ISO/IEC 27000-2014: Information technology Security techniques Information security
management systems Overview and vocabulary, Geneva, Switzerland: International
Organization for Standardization, 2014.
[30] W. Jansen and T. Grance, Guidelines on Security and Privacy in Public Cloud Computing,
Gaithersburg, MD: National Institute of Standards and Technology, 2011.

12