Xbox 360 Hoaxes, Social Engineering, and Gamertag Exploits
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
2013 46th Hawaii International Conference on System Sciences
Xbox 360 Hoaxes, Social Engineering, and Gamertag Exploits
Ashley Podhradsky, Dakota State University
Rob D’Ovidio, Drexel University
Pat Engebretson, Dakota State University
Cindy Casey, DeSales Univeristy
Abstract primarily utilized by teenagers (PEW Internet Project,
In its most basic form, social engineering can best be 2008) who do not possess the same reasoning
summarized as the art of manipulation. By convincing capabilities as adults (Monisha Pasupathi, Vol 37,
another individual to divulge sensitive information or May 2001).
permit access to a restricted location, the hacker’s According to the Pew Research Center’s Internet
ruses unsuspecting participants to achieve their goal. and American Life Project, as of 2008, 97% of all
In his book, The Art of Deception, Kevin Mitnick, the teenagers (under 18 years-old) and 53% of adults (over
infamous hacker and one time FBI fugitive, asserts that 18 years-old) played video games on a regular basis
humans are the biggest threat to security. So, if [4]. Additionally, of the 97% of teens who played
humans are the Achilles’ heel or weakest link in video games, 89% did so via gaming consoles such as
security, it is only logical that when trying to gather Microsoft’s Xbox 360 or Sony’s Playstation 3 (PEW
information or gain access, taking advantage of Internet Project, 2008). In a public game room, an
unsuspecting humans is the best place to begin. This adult may be more cautious when disclosing personal
research will discuss how the Kevin Mitnick style of information, while a teenager might be more apt to
social engineering might not be needed when most of announce that his family is leaving for vacation that
the personally identifying information is online. Social upcoming Friday so that everyone listening knows his
engineering might not be able to obtain the same type residence will be unoccupied. Conversely, being over
of information from Data at Rest (DAR) and Data in 18 is no guarantee that a user will not fall prey to a
Motion (DIM). Furthermore the paper will analyze the social engineering scam or unwittingly reveal personal
privacy and identity disclosure in virtual societies, information which will place him at risk.
specifically the Xbox 360. Swatting, stolen accounts, In a 2005 study of more than 4,000 Carnegie
kicking, and identity theft will be discussed. Mellon University students who utilized social
networking sites, Gross and Acquisti found that 89%
1. Introduction of all participants used their true names, 90.8% posted
Although social engineering does not need to be an identifiable image on their profile, and 98.5% used
complex, and in some instances is merely a matter of their correct date of birth (Acquisti, 2005).
“asking and ye shall receive” (Kevin D. Mitnick,
2002), what if there were easier ways for hackers to 2.0 Swatting
obtain sensitive information or make their social On March 6, 2012, Pennsylvanian East Allen
engineering attacks more fruitful? When targeting township resident, Lisa Yagerhofer and her family
newer technologies such as gaming systems, the were eating dinner when a state trooper showed up at
weakest link may no longer be humans per se, but their front door with his gun drawn and a response
rather how humans are required to use these new team of approximately fifteen law enforcement
technologies. Like a hexadecimal Hegelian circle, vehicles on her front lawn(Swatting Hacker Uses Xbox
technology and humans are an infinite loop which to Trick Police, 2012. The police were responding to a
continually return upon each other. distress call sent to the local 911 system via an instant
Human emotions such as trust, willingness to help message which read in part: "Please help. My dad just
others, conformity, fear of getting reprimanded, and killed my 4 year old sister. He slit her throat. She's
personal gain, are often cited as the primary reasons bleeding to death" (Swatting Hacker Uses Xbox to
social engineering techniques are so successful (Kevin Trick Police, 2012). This is just one of dozens of
D. Mitnick, 2002) (Mosin Hasan, Vol.2, No.2, June accounts of Xbox swatting which have made headlines
2010) (Charles E. Lively, 2003) . However, this in recent months (Goodin, 6) (Allen, 2012) (Couts,
premise attributes some level of reasoning on the part 2011). Anyone who uses the gaming console can fall
of the individual being hoodwinked which may not be prey to swatting, as one high-profile Microsoft Xbox
applicable when applied to gaming consoles which are
1530-1605/12 $26.00 © 2012 IEEE 3237
3239
DOI 10.1109/HICSS.2013.633
Live executive found out when he was victimized last fail to boot. Forensic analyses of Xbox 360 hard drives
September (Heeringa, 2011). revealed that while propriety data was signed and
Cyber swatting is a potentially dangerous ruse encrypted, user data was not (Ashley Podhradsky,
where 911 emergency services are tricked into 2011).
dispatching emergency response services such as the
Special Weapons and Tactics (SWAT) team. Swatting 4.0 Stolen User Accounts
typically involves some form of caller ID spoofing According to a recent report by Luke Plunkett,
which enables the hacker to display a number which is contributor at Kotaku Open Forums, there has been a
not affiliated with the victim’s service (FCC, 2012. In surge over the past few months in hijacked Xbox 360
the Yagerhofer case, the hacker acquired the Personal user accounts(Plunkett, 2012). Victims are unaware
Identifying Information (PII) necessary to perform his that they have been targeted until they are unable to
attack from Yagerhofer’s 16-year-old son as he was access their accounts (Plunkett, 2012). One such
playing an online Xbox 360 game (Swatting Hacker victim, Susan Taylor, started a blog titled Hacked on
Uses Xbox to Trick Police, 2012), however, not all Xbox to fight back after her Xbox Live account was
cases of swatting involve hacking. Swatting can also hijacked earlier this year (Taylor, 2012). On her blog,
be carried out via the telephone provider’s Instant Taylor encourages other victims to share their stories
Message Relay Service which enables the hearing as well (Taylor, 2012). To date, out of the fifty-nine
impaired to communicate with an operator through cases posted, only eight have been resolved by
instant messaging (Siciliano, 2010) (AT&T, 2012). Microsoft (Taylor, 2012). There is no shortage of
Moreover, with nothing more than a player’s gamertag, reports on other gamer sites as well, including
enough information could be successfully obtained Microsoft’s official Xbox Forums, from victims
from the Internet to carry out such malicious hoaxes. looking for assistance (Microsoft , 2012) (Rubin,
2012). Susan Taylor, who promptly reported the
3.0 Xbox 360 Architecture incident to Xbox requesting that they suspend her
While several popular gaming consoles exist, account, found herself completely helpless because the
Microsoft’s Xbox 360 is the most popular among hijacker had changed her password and security
American consumers, selling 14.9 million consoles in question (Rubin, 2012). Not only did Microsoft fail to
2011, eight million more than their top competitor the lock her account as promised enabling the thief to
PS3 (Todd Bishop, 2012). The Xbox 360 enables continue withdrawing money from her PayPal account,
users to play games and chat with others, instant but to pour salt to her wound, the thief actually added
message, surf the Internet, download game trailers, himself to her buddy list (Taylor, 2012).
demos, games, and gaming accessories from When Microsoft was questioned by Dan Crawly,
Microsoft’s Live Marketplace, rent movies from staff writer for Gamesbeat, regarding the theft of his
Netflix, watch movies or television shows with Hulu Xbox Live account in December 2011, a spokesperson
Plus or Comcast’s Xfinity on demand, access and post for Microsoft responded that:
on social networking sites such as Twitter and “Customers who use the same identity and log-in
Facebook, and even save to, or retrieve games from, details across multiple online sites and services are
the cloud (Microsoft, 2012). Xbox 360 is even capable more vulnerable against these everyday Internet
of writing its own blog about the user’s daily activities threats” (Crawley, 2011) .
(Meer, 2008). Microsoft’s spokesperson further stated that:
The Xbox 360 is not only similar to a personal “As ever, we advise customers to be vigilant, and
computer - it is actually more powerful than most provide further advice on account security across
average personal computers. The file data format used Xbox 360, Internet websites and email…” (Crawley,
in Xbox is the FATX , an offshoot of the more familiar 2011).
FAT32 found on most legacy computers (David These types of statements suggest that the
Becker , 2001). Unlike the FAT32 however, the FATX compromised accounts are everyone’s responsibility
does not contain the typical backup boot or file system except for Microsoft. They further imply that if users
information sectors found in FAT32. One reason for exercised more caution by utilizing different passwords
this variation in file formatting is that the Xbox was and identities for their PCs and gaming consoles, they
designed solely for entertainment as opposed to might not fall victim to these types of incidents.
productivity. Thus, redundancy and legacy support are Conversely, if Microsoft earnestly believes that these
forfeited in order to increase the system’s speed. hijackings should be attributed solely to the Internet or
Another reason is to protect proprietary data. careless users, it appears rather contradictory then that
Microsoft accomplishes this by signing all of Xbox they would direct their customers to the Internet to
360’s executable files so that if altered the files will manage their billing accounts as outlined in the Xbox
3240
3238
Live Terms of Use (Microsoft , 2011). Furthermore, or policies, control the amount of user access to Live
how careless was Xbox Live’s Policy and Enforcement services. The ports used are UDP (User Datagram
executive, Stephen Toulouse, when his Xbox Live Protocol) ports 3074, 5060, and 5061 (CAI Networks,
account was stolen (Ferro, 2012)? 2000). Considering that UDP is a connectionless
The only apparent link between the victims of these protocol, this could provide hackers with additional
account hijackings is that they utilized Xbox Live vulnerabilities to exploit, recalling that the hacker is
(Ferro, 2012). Exactly how they are being selected as targeting the player’s internet connection not the actual
targets is unknown at this time. However, malicious gaming console, such as UDP 5060 and weak SIP or
hackers are not the only individuals users need to be Brute Force Attacks. Thus, when gamers who are not
wary of. The Xbox Live Terms of Use clearly state that familiar with NAT or VoIP weaknesses change their
by using Xbox Live consumers are consenting to settings in an effort to host games with other players,
permit Microsoft to automatically upload data about they are unknowingly introducing more vulnerabilities
their computers as well as how they use the service into their systems.
(BBC, 2009). What is even more discerning is that
users are also giving their consent to allow Microsoft
to share data about them, including but not limited to,
their name, gamertag, motto, avatar, and any other PII
provided(BBC, 2009)” with Microsoft’s “affiliates,
resellers, distributors, service providers, partners,
and/or suppliers (BBC, 2009)”.
5.0 Kicking
Kicking is a quasi-hacking technique where an
Xbox user is “kicked” off of Xbox Live by another
player in the room. Utilizing free tools such as OXID’s
Cain and Able (OXID, 2012) password recovery tool,
Image 1 – Sniffing the network with Cain and Abel, the
the hacker is capable of gaining access to another
Xbox is detected (Microsoft)
gamer’s IP and MAC addresses which he then exploits
to repeatedly kick the gamer off every time he tries to
connect to a game room (Images 1-3). Although
typically viewed as merely a form of malicious
harassment, the information obtained can be used to
perform more serious spoofs and attacks and should
not be taken lightly. Once the attacker has gained
access to the target’s IP address, he can then ascertain
what city and state the player is located in, the name of
their service provider, send a virus directly to the
target’s machine, or employ further reconnaissance
techniques using tools such as Nmap (Nmap.org,
2012) to secure even more sensitive data. Image 2 – Selecting IP Address to poison
These booting services are also being sold to
players who are seeking to get revenge on other gamers
(BBC, 2009). What is problematic about this type of
attack is that it does not target Xbox directly, but rather
the victim’s internet connection (BBC, 2009). For
approximately $20.00, some hackers are even willing
to remotely access their customer’s PC and set these
hacking tools up for them permitting the client to target
players independent of the hacker (BBC, 2009). For an
even larger fee, these hackers will add the
compromised machine to a botnet enabling them to
perform more powerful buffering or Denial of Service
attacks against the targeted IP address (BBC, 2009).
Microsoft defines three categories of NAT on their
consoles- open, moderate, and closed. These attributes,
3241
3239
purchasing used gaming systems from online auction
sites, identity thieves gain somewhat of an additional
advantage – the seller’s name and mailing address
appears right on the package when it arrives. Likewise,
if acquired from a classified forum such as craigslist
(Craigslist , 2012) unscrupulous individuals can amass
the seller’s name, telephone number or email address,
and various other tidbits of information by way of
social engineering.
Typically, when an individual decides to sell or
trade their Xbox console or hard drive they delete, or
erase their personal data and history believing the
information is permanently gone. However, this
common practice does not technically remove data
Image 3 – All of the IP and MAC addresses of the
players in the room appear (bottom window). To kick a from the console - it merely alters it (Podhradsky,
2011). When data is deleted, it is not really erased; in
player off, right-click and delete from list. 1
fact, it is not even necessarily moved. In most cases,
the information or file stays exactly where it was. What
Repeatedly Kicking a player out of a game room
changes is the path and filename of the data known as
primes the victim so he can be easily manipulated by
the hacker. Either by posing as a Microsoft employee the directory entry. The first letter of the file is
who can assist in “fixing” the connection problem or as modified and marked with a character indicating it is
available to be rewritten. There it will stay intact until
a helpful gamer who just happens to be computer
new data is written over the existing data (overwriting).
savvy, the target may naively provide personal
More knowledgeable Xbox users may opt to
information or even permit the “good Samaritan”
reformat the console’s hard drive in order to destroy
access to his system to fix what he might believe is a
technical problem. Although an adult might not fall sensitive information. Theoretically, when an Xbox
drive is reformatted, every available block of space is
prey to these types of ruses as easily, an adolescent,
filled with zeros, or ASCII NUL bytes (0x00).
who does not have the same reasoning abilities as an
Successfully overwriting a drive is not only contingent
adult, or may fear he has done something to his system,
upon both the logical and physical condition of the
may be easily swayed (Monisha Pasupathi, Vol 37,
drive, but the methodology utilized as well. It would be
May 2001).
problematic at best to say, with any degree of certainty,
that all information can be eradicated.
6.0 Identity Theft and Used Consoles
According to Microsoft’s Online Xbox 360 Support
With the continual emergence of new gaming
tutorials, once the Xbox console is reformatted, “…all
bundles and sleeker systems, more users will be selling
of the information saved on that device is erased and
or trading their current consoles either because they are
outmoded or to financially offset the cost of acquiring cannot be recovered (Microsoft , 2012).” However, this
a newer system. In addition to selling the system in its is rather misleading.
entirety, some users may elect to sell or swap the hard
drive independent of the console. Oftentimes, after
acquiring numerous games, storing countless media 7.0 Preparing Hard Drive for Examination
Researchers took a new Xbox 360 Elite containing a
files, or amassing a plethora of other data, the user may
seek to change a drive out of necessity because a larger Hitachi 120 GB hard drive and created two Xbox Live
gamertags. This was in addition to the automatically
drive is required.
assigned gamertag Microsoft provides new users (i.e.:
A quick look on eBay provides a small snapshot of
Player1). Two of these user profiles, including the one
how many systems are sold daily. As of the date of this
automatically assigned, were deleted. The third
report, there were over 3,705 Xbox 360 gaming
remained intact. Each of the two profiles created were
systems for sale in the United States alone (eBay,
2012). These listings are subject to change by the used for a brief period of time to play games and
access Xbox Live services. All the deleted gamertags
minute and do not include Xbox hard drives being sold
were removed following Microsoft’s
without a console.. It is relevant to note, that when
recommendations:
1
No players were disconnected from the game room during this
demonstration. 1. Go to Settings, select System.
3242
3240
2. Select Storage. Using Modio, the hard drive was then opened to see
3. Select All Devices. if either of the deleted user names could be recovered.
4. Select Gamer Profiles. Modio can be extremely handy for viewing image files
on the fly without needing to export them first using
5. Select the gamertag that you want to delete.
another program. Because hardware write blocking is
6. Select Delete. necessary when utilizing Modio as data can be
7. Select Delete Profile and Items (this option overwritten with software write blocking,
deletes the profile and all saved games and Thermaltake’s BlackX docking station with hard write
achievements affiliated with that profile) blocking capabilities was employed.
(Microsoft , 2012). Upon opening the drive, three players were noted.
The two deleted accounts, which were represented by
strings of zeros (Image 4) were discovered. The third
7.1 Imaging the Drive gamertag, HakinLuger was present, complete with the
The current standard for authenticating evidence is user’s avatar. A preliminary examination of player
to preserve the original hard drive by imaging, or HakinLuger’s downloads reveals games (Kinect
creating a bit-by-bit copy of the drive to work from Adventures, Halo, and Call of Duty) as well as the
(Nelson, 2008). This ensures that the original evidence services he utilized through Xbox Live such as Netflix
has not been accidently altered or tampered with. and Hulu Plus (Image 5).
However, when working with the Xbox 360 drive, this
can be rather challenging.
Some of the complications encountered when trying
to image an Xbox 360 drive can be attributed to the
drive’s FATX file format as well as the unknown or
proprietary structure of the drive. The hard drive was
imaged with DrDD, FTK Imager, and in Linux. All
three utilities yielded illegible sectors. Thus, in order to
view the the hard drive, researchers utilized gamer
modification tools. By employing modification utilities
the HD could be opened directly and files of interest
extracted and examined in a hex editor.
7.2 Hash Checksums
In light of the difficulty in obtaining a forensically
sound image of the drive to work from, repeated MD5
and SHA-1 checksums were performed to ensure the
integrity of the study drive. Using both FTK Imager
and Linux, checksums were continually recorded.
While this is not atypical in an examination to ensure Image 4– Accounts either active or deleted on the hard
the validity of any evidence discovered, it was also drive
necessary in this case to monitor the dependability of
non-forensic tools utilized as well.
8.0 The Investigation
While there were several groups of nulls, the drive
did not exhibit signs of being overwritten as there were
no large sections of zeros in non-program specific files.
It is always problematic at best however to
declaratively state that an Xbox drive has not been
reformatted without further studies as each operating
system has its own unique way of performing this
process and while the Xbox does share some
similarities with a PC, it cannot truly be measured
using the same criteria (Computer Gyaan, 2010).
3243
3241
David Collins, a computer scientist at Sam Hoston
State University in Texas and distributed by Protowise
Labs (Protowise Labs, 2011). XFT 2.0 features both
FATX and XTAF (derived from MS-DOS) file system
recognition, file hashing, displays deleted files (but
does not recover them), and file type identification. It
is designed to run on Windows operating systems and
features a user-friendly interface, although when tested
on both Windows XP and WIN 7, the utility did not
run as smoothly on the later (Dr. Ashley Podhradsky,
2011). In order to examine the drive with XFT 2.0, the
HD first had to be imaged with DrDD. Unfortunately,
although XFT recognizes the FATX file structure, the
host machine running Windows does not.
Image5- HakinLuger’s Downloads
Utilizing XFT, the second gamertag, which was
created, used, and then deleted, was revealed (POD H
A quick search for HakinLuger at
RAD SKY). Because XFT does not recover deleted
XboxGamerTag.com (Xbox Gamertag, 2012) confirms
files, researchers were unable to obtain detailed data
the games found on the drive and reveals that our
about the gamertag by examining the drive. However,
gamer had a preference for sports games (Image 6).
the user’s profile was available at XboxGamerTag.com
Xbox GamerTag is a free gaming search engine that
(Image 7). The second deleted gamertag which was
enables visitors to obtain anyone’s profile, including,
automatically created by Microsoft was never
but not limited to, recent games played, achievements,
recovered. This might be due to the fact that it was
game scores, and avatar (Xbox Gamertag, 2012).
never utilized.
From an investigative purpose, because the site
provides the date and time a game was last played, it
could be used in collaboration with other data when
trying to place, or eliminate, a suspect in the same
game room with the victim. From a social engineering
perspective, these types of databases provide a
multiplicity of data to exploit making their job easier.
Image 7– Player POD H RAD SKY’s profile at
XboxGamerTag.com
While examining the hard drive with XFT 2.0,
another deleted gamertag was found (Reaver95) which
researchers did not create (Image 8). Reaver95 was a
guest who logged on to our Xbox using his own
gamertag to play. With nothing more than his
Image 6– HakinLuger game plays and scores at gamertag, researchers performed an internet search and
XboxGamerTag.com within twenty minutes a remarkable amount of
personally identifiable information was ascertained on
Although some of the games played by our first Reaver95’s (Image 9) including:
deleted player were noted upon initial examination of 9 Favorite Xbox 360 game, scores, and last
the drive, researchers had to employ XFT 2.0 Game
logon date (Microsoft , 2012)
Console Forensics Toolkit. XFT 2.0 was developed by
9 Location (Microsoft , 2012)
3244
3242
9 Real Name (Microsoft , 2012)
9 College and collegiate activities(DSU,
2005)(Dakota State University , 2012)
(NDSU, 2007)
9 Ebay activities (items sold and purchased)
(Ebay, 2012)
9 Wife’s name(Washington High School,
2011)
9 Child (name and age) (Zach Jones, 2006)
9 Photographs (Zach Jones, 2006) (DSU,
2005)[
Image 9– Reaver95’s profile showing his last name,
location, and date he last logged on to Xbox Live
(Microsoft , 2012)
What is so alarming about this is that there was no
need to hack an account or employ social engineering
techniques to amass this information. With as little as a
gamertag, enough PII was gathered to either steal
Reaver95’s identity, perform an extremely
sophisticated social engineering attack, or to sell his
identity on the black market (Ferro, 2012).
Another gamertag found on the hard drive was
BryanOban1701 (Image 10). This player was not on
our gamer’s buddy-list or in a cache file which would
indicate that he was playing in the same game room
with HakinLuger, but was located in a Dashboard file.
An Internet search of gamertag BryanOban1701
revealed that he and HakinLuger shared a mutual
buddy on Xbox Live named Maliki67 (Image 11)
(Xbox Live Score , 2012). This finding suggests that
parallel to Facebook, Linked-in, and other social
networking sites, Microsoft connects users who share
something in common with one another.
Image 8– Deleted guest user, Reaver95, viewed in XFT
2.0
Image 10– gamertag BryanOban1701
3245
3243
adult permits anyone to access the player’s game
history, online status, and friend’s list (Microsoft ,
2012).
Xbox Live subscribers should not use the same
username or email address for their Xbox Live
accounts as they do for other membership based
accounts. Creating separate Hotmail and Messenger
accounts exclusively for Xbox Live may deflect
reconnaissance activity. Because PayPal is linked to
the user’s bank account and credit card, using PayPal
should be avoided. Although Microsoft details how to
change default settings to protect player privacy on
their website, it appears to be geared more toward
protecting minors (Microsoft , 2012). Finally, to deter
hackers from listening in on conversations users should
Image 11- BryanOban1701 and HakinLuger on set up private game rooms (referred to as parties) and
Maliki67’s profile utilize the privacy settings on their headsets.
9.0 Requested: Safeguarding PII
10. 0 Future Work
As society continues to have a greater dependency
on non-traditional computing devices, including virtual In May of 2012 Microsoft announced that it was
worlds and social networking, there are new risks testing a version of Internet Explorer with the goal of
introduced. Social networking and virtual world have integrating the browser directly into the Xbox
become a popular medium for both communication and platform. (Murph, 2012). While many gamers view
hackers who want to employ social engineering tactics. the additional applications and functionality as a
By employing social engineering schemes, criminal benefit, there may be a potential downside. GFI
activities are more successful because it affords higher recently published a list of the most vulnerable
rates of success and considerably lower chances of applications. (Florian, 2012). The list was compiled
getting caught and prosecuted. by reviewing the 3532 vulnerabilities reported to the
One way users can protect themselves is by using National Vulnerability Database (NVD) in 2011.
prepaid Xbox Live membership cards as opposed to Internet Explorer was number 11 in the list of “the
using credit cards or PayPal. Unfortunately, accounts most targeted applications in 2011”. The NVD utilizes
that do not enter a credit or debit card are unable to the Common Vulnerability Scoring System version 2
utilize Microsoft’s 2 year Xbox Live Gold subscription (CVSS) to label vulnerabilities on a Low, Medium, or
as pre-paid cards and PayPal are not accepted forms of High scale. Scores range from 0-10. Vulnerabilities
payment (Microsoft , 2012). A 2-year Xbox Live Gold scoring between a 7.0 and 10.0 are labeled as “High”.
subscription enables Xbox Live users to rent movies Of the 45 Internet Explorer vulnerabilities reported to
through Netflix, chat, watch shows with Hulu Plus, and the NVD, 31 were designated as “High” (Florian,
participate in multiplayer gaming at substantial 2012). The continual expansion of Xbox platform and
discount (Microsoft , 2012). inclusion of applications like Internet Explorer are sure
Like their counterpart in Virtual World, Microsoft’s bring additional security concerns.
Xbox points can be traded-in by users to enhance their
gaming experiences. On Xbox, points can be used to
rent movies, download game extras such as maps, 11.0 References
levels, vehicles, and purchase avatar accessories, In
lieu of purchasing Microsoft points through the Swatting Hacker Uses Xbox to Trick Police. (2012, 3
console using a credit card, a safer alternative is for
users to purchase a Microsoft points cards from their 7). Retrieved 6 1, 2012, from Acttion News:
local video store. http://abclocal.go.com/wpvi/story?section=ne
As with any technology, users should always check, ws/crime&id=8571101
and if necessary, change, their device’s default
settings. Interestingly, Xbox Live safety and privacy Acquisti, R. G. (2005). Information Revelation and
default settings are automatically set according to the Privacy in Online Social Networks (The
birthdate entered by the user when setting up his Facebook case). ACM Workshop on Privacy
account (Microsoft , 2012). The default settings for an
3246
3244
in the Electronic Society (WPES) (pp. 71 - 80 from Digital Trends:
). Alexandria: ACM. http://www.digitaltrends.com/gaming/hacker-
hijacks-xbox-360-sends-swat-team-to-home/
Allen, J. (2012, 2 13). Call Of Duty Game Leads To
Prank Lewisville 911 Call. Retrieved 6 1, Craigslist . (2012). Craigslist U.S. . Retrieved 5 23,
2012, from CBS News: 2012, from Craigslist Online Community:
http://dfw.cbslocal.com/2012/02/13/call-of- http://www.craigslist.org/about/sites#US
duty-game-leads-to-prank-lewisville-911-call/
Crawley, D. (2011, 12 4). How I was hacked.
Ashley Podhradsky, R. D. (2011). Identity Theft and Retrieved 5 24, 2012, from
Used Gaming Consoles: Recovering Personal http://venturebeat.com/2011/12/04/how-i-
Information from Xbox 360 Hard Drives. was-hacked-a-tale-of-hijack-xbox-live-and-
AMCIS 2011 Proceedings. Detriot. fifa-trading-cards/
AT&T. (2012). Standard TTY. Retrieved 6 1, 2012, Dakota State University . (2012). Trojan Football
from AT&T Relay Services: Individual Records. Retrieved 6 7, 2012
http://relayservices.att.com/content/2/im_rela
y_3.html DataRescue. (2012). DrDD - DataRescue's DD
freeware. Retrieved 5 1, 2012, from
Baker, J. A. (2006). Xbox 360 System Architecture. DataRescue:
IEEE Micro, 27-35. Retrieved from Microsoft http://www.datarescue.com/photorescue/v3/dr
. dd.htm
BBC. (2009, 2 20). Hackers target Xbox Live players . David Becker . (2001, 1 6). Microsoft got game: Xbox
Retrieved 5 22, 2012, from BBC News: unveiled. Retrieved 5 4, 2012, from CNET
http://news.bbc.co.uk/2/hi/technology/788836 News: http://news.cnet.com/Microsoft-got-
9.stm game-Xbox-unveiled/2100-1040_3-
250632.html?tag=untagged
CAI Networks. (2000). Strict, Moderate, and Open
NAT - Load balancing Xbox Game Servers . Digiex. (2011, 11 14). Party Buffalo Drive Explorer
Retrieved 5 4, 2012, from CAI Networks: 2.0.0.9 Download Xbox 360 FATX Hard
http://www.cainetworks.com/support/how-to- Drive & USB Explorer. Retrieved 5 4, 2012,
NAT-strict-open.html from Digiex.com:
http://digiex.net/downloads/download-center-
Charles E. Lively, J. (2003, 12). Psychological Based 2-0/xbox-360-content/apps/7328-party-
Social Engineering. Retrieved 5 22, 2012, buffalo-drive-explorer-2-0-0-9-download-
from SANS: xbox-360-fatx-hard-drive-usb-explorer.html
http://www.giac.org/paper/gsec/3547/psychol
ogical-based-social-engineering/105780 Dr. Ashley Podhradsky, D. R. (2011). A Practitioners
Guide to the Forensic Investigation of Xbox
Computer Gyaan. (2010, 11 2). Disk formatting and 360 Gaming Consoles. The 2011 Conference
Data recovery. Retrieved 5 3, 2012, from on Digital Forensics, Security, and Law
Computer Gyaan: (ADFSL). Richmond: ADFSL.
http://www.muamat.com/classifieds/174/even
ts/2010-12- DSU. (2005). DSU Academic, leadership and Athletics
30/11663_Disk_formatting_and_Data_recove Honors in 2005. Retrieved 5 5, 2012, from
ry.html Dakota State University :
http://www.departments.dsu.edu/student_servi
Couts, A. (2011, 7 1). Hacker hijacks Xbox 360, sends ces/honors/2005/default.htm
SWAT team to home. Retrieved 6 1, 2012,
3247
3245
Ebay. (2012). eBay My World: reaver95. Retrieved 5 Microsoft . (2011, 9 30). Managing my Xbox LIVE
16, 2012, from Ebay: account. Retrieved 5 29, 2012, from Xbox
http://myworld.ebay.com/reaver95 Forums :
http://forums.xbox.com/xbox_forums/xbox_s
eBay. (2012, 6 7). Xbox 360 Consoles . Retrieved 6 7, upport/f/12/t/97215.aspx?PageIndex=3
2012, from eBay U.S. :
http://www.ebay.com/sch/Systems- Microsoft . (2011, 12). Xbox LIVE Terms of Use.
/139971/i.html?_nkw=xbox+360 Retrieved 5 22, 2012, from Microsoft :
http://www.xbox.com/en-US/legal/livetou
FCC. (2012). Caller ID and Spoofing. Retrieved 6 1,
2012, from Federal Communications Microsoft . (2012). Article ID: 906502 - How to format
Commission: an Xbox 360 Hard Drive or Memory Unit.
http://www.fcc.gov/guides/caller-id-and- Retrieved 6 1, 2012, from
spoofing http://support.microsoft.com/kb/906502
Ferro, M. (2012, 1 8). Thousands of hacked Xbox Live Microsoft . (2012). Download, move, or delete your
accounts up for sale on black market. Xbox LIVE profile. Retrieved 5 30, 2012,
Retrieved 6 6, 2012, from Gamer.Blorge: from Xbox Live: http://support.xbox.com/en-
http://gamer.blorge.com/2012/01/08/thousand US/xbox-360/settings-and-initial-
s-of-hacked-xbox-live-accounts-up-for-sale- setup/profile-move-delete
on-black-market/
Microsoft . (2012). Manage your Xbox LIVE payment
Game Tuts. (2012). Modio Download. Retrieved 5 5, options. Retrieved from Xbox:
2012, from Game Tuts: http://www.game- http://support.xbox.com/en-US/billing-and-
tuts.com/community/modio.php subscriptions/manage-payment-options/add-
edit-xbox-live-payment-option
Goodin, D. (6, 30 2011). Xboxer SWATTED by armed
cops after online spat. Retrieved 6 6, 2012, Microsoft . (2012). Reaver95's Profile. Retrieved 6 1,
from The Register: 2012, from Xbox: http://live.xbox.com/en-
http://www.theregister.co.uk/2011/06/30/xbox US/Profile?GamerTag=Reaver95
_swat_police_rait/
Microsoft . (2012). Xbox Live Membership Overview.
Heeringa, C. (2011, 9 11). 911 hoax in Sammamish Retrieved from Xbox:
leads to major police response. Retrieved 5 http://www.xbox.com/en-
22, 2012, from Sammamish Review: US/live/join?xr=shellnav
http://sammamishreview.com/2011/09/08/911
-hoax-in-sammamish-leads-to-major-police- Microsoft . (2012). Xbox LIVE online safety and
response privacy. Retrieved from Xbox Live:
http://support.xbox.com/en-US/xbox-
Kevin D. Mitnick, W. L. (2002). The Art of Deception: live/online-privacy-and-safety/online-
Controlling the Human Element of Security. safety#ec4193e4c26143f18e1960c08f2ed876
Indianapolis : Wiley.
Microsoft. (2012). Store your saved games in the
Meer, A. (2008, 9 11). 10 Xbox 360 tricks Microsoft cloud. Retrieved 5 22, 2012, from
won't tell you. Retrieved 5 22, 2012, from http://support.xbox.com/en-US/xbox-
Techradar: live/game-saves-in-the-cloud/cloud-save-
http://www.techradar.com/news/gaming/cons games
oles/10-xbox-360-tricks-microsoft-wont-tell-
you-464200 Monisha Pasupathi, U. M. (Vol 37, May 2001). Seeds
of wisdom: Adolescents' knowledge and
3248
3246judgment about difficult life problems. Protowise Labs. (2011). XFT 2.0 Game Console
Developmental Psychology, 351-361. Forensics is Released. Retrieved 5 22, 2012,
from XFT 2.0 Game Console:
Mosin Hasan, N. P. (Vol.2, No.2, June 2010). Case http://protowise.com/?tag=xft-xbox-forensics
Study on Social Engineering Techniques for
Persuasion . International Journal on Rubin, B. P. (2012, 1 9). Xbox Hacks Continue: Gamer
Applications of Graph Theory in Wireless ad Exposes Microsofts Fraud Prevention
hoc Networks and Sensor Networks, 17-23. Problems. Retrieved 5 23, 2012, from Inside
Daily Gaming :
NDSU. (2007, 9 25). Wrestling Bio. (Gobison.com) http://www.insidegamingdaily.com/2012/01/0
Retrieved 6 1, 2012, from North Dakota State 9/xbox-hacks-continue-gamer-exposes-
: microsofts-fraud-prevention-problems/
http://www.gobison.com/ViewArticle.dbml?D
B_OEM_ID=2400&ATCLID=659643 Siciliano, R. (2010, 7 16). What is “Swatting” And
How Do I Protect My Family. Retrieved 6 1,
Nelson, B. (2008). Guide to Computer Forensics and 2012, from Infosec:
Investigations, Third Edition. Boston : http://news.cnet.com/8301-17852_3-
Cengage Learning. 57377796-71/xbox-360-threat-leads-to-swat-
team-raid/
Nmap.org. (2012). Nmap . Retrieved 5 3, 2012, from
Nmap.org: http://nmap.org/ Taylor, K. (2012). Hacked on Xbox. Retrieved 5 29,
2012, from Hacked on Xbox:
OXID. (2012). Cain and Abel Passowrd Recovery
http://www.hackedonxbox.com/
Tool. Retrieved 6 1, 2012, from OXID.com:
http://www.oxid.it/cain.html Todd Bishop. (2012, 2 3). Xbox 360 tops Wii and PS3
for 1st time in yearly global sales. Retrieved 5
PEW Internet Project. (2008, 12 9). Nearly All US
28, 2012, from Geek Wire:
Teens, 53% of Adults Play Video Games.
http://www.geekwire.com/2012/xbox-360-
Retrieved 5 22, 2012, from PEW Research
tops-wii-ps3-1st-time-yearly-global-sales/
Center:
http://www.marketingcharts.com/interactive/n Washington High School. (2011, 4 17). Classmate
early-all-us-teens-53-of-adults-play-video- Updates. Retrieved 6 6, 2012, from
games-7114/ Washington High School Class of 2001:
https://sites.google.com/site/whsclassof01/cla
Plunkett, L. (2012, 5 25). Report: How Scammers Are
ssmateupdates
Stealing Xbox Live Accounts, and the Few
Things You Can Do to Protect Yourself. Xbox Gamertag. (2012). Search Xbox Live Gamertags.
Retrieved 5 29, 2012, from Kotaku: (Xbox Community Developer Program
http://kotaku.com/5913228/report-how- (XCDP)) Retrieved 5 23, 2012, from Xbox
scammers-are-stealing-xbox-live-accounts- Gamertag: http://www.xboxgamertag.com/
and-what-they-do-with-them/
Xbox Live Score . (2012). Maliki67. Retrieved 6 5,
Podhradsky, D. A. (2011). Data sanitization policy: 2012, from Xbox Live Score :
How to ensure thorough data scrubbing. http://www.xboxlivescore.com/profile/Maliki
Retrieved 6 6, 2012, from 67
SearchSecurity.com:
http://searchsecurity.techtarget.com/tip/0,2894 Zach Jones. (2006). DSU Freshman Year. Retrieved 5
83,sid14_gci1526403,00.html 5, 2012, from ZachJones.com:
3249
3247http://www.zachjones.com/Picutesoffolks/DS
UFreshmanYear.html
Murph, Darren. (2012) Internet Explorer Coming to
Xbox 360 this year, Kinect/Voice Integration
and All. Retrieved 8 30, 2012, from
http://www.engadget.com/2012/06/04/internet
-explorer-coming-to-xbox-360-kinect-
integration-and-all/
Florian, Cristian (2012). The Most Vulnerable
Operating Systems and Applications in 2011.
Retrieved 8 30, 2012, from
http://www.gfi.com/blog/the-most-vulnerable-
operating-systems-and-applications-in-2011/
3250
3248You can also read
