XBox Gamerscore Hacking And The Underground Economy

| | Comments (1)
"Achievements are really just slaps on the back with an assigned point value; the amount of points isn't truly what's important, but it's nice to see." - Ten Achievement Commandments

When Microsoft released their XBox360, they came up with the idea of "Achievements" - unlockable badges that display your prowess in a game. Kill 50 bad guys? Achievement! Run through six levels without dying once and throw the final boss off a cliff with your eyes closed? Achievement! Press the start button? Achievement! (No, seriously).

Some would say it all went horribly wrong when Microsoft decided that achievements should come with "Gamerscore points". These entirely useless numbers assigned to achievements traditionally give little else other than bragging rights's it.

However, an unforeseen consequence of gamerscore points is this:

1) Accounts with high gamerscores (generally anything over 30,000GS) become valuable targets for hackers & phishers - a high score generally means lots of valuable ingame items / bonuses are associated with the account such as Level 50 Halo 3 characters, unlocked rare items & skills, high ranking Call of Duty multiplayer characters etc. You can then sell or trade these accounts for other accounts, credit cards or anything else you feel like. Here's an example of someone getting ready to sell a tampered account with a Gamerscore that weighs in over 130,000k:

2) It's incredibly easy to find people with high gamerscores and make them a target - you simply need to browse the official XBox forums and see who has what, or jump over to a site such as Mygamercard or similar sites where it's the easiest thing in the world to line up your bullseye painted victims. If gamerscores didn't exist, it'd be a lot more time consuming to dig out profiles that had a large amount of achievements attached to them because there would be no obvious signifier that the account was worth pursuing.

3) This also means that any method of artificially inflating your gamerscore means a fast track to selling (what appears to be) a high scoring profile. There has been dabbling in this area for some time (here's an article from 2006 where the first shots are being fired by Microsoft in response to cheating; here's another from 2008) and programs used for this cheating have been (for the most part) kept close to the chest of those using them.

One reason for this is that the programs that actually work cost a lot of money - there's one program that can go for anything from $150 to $200 in the right circles.

However, that's all changed in the last month or so as one of the most well known programs (that apparently sells for around $50) has been cracked and made available to all and sundry, for free. It's no coincidence that Youtube is suddenly awash with videos offering Gamerscore tampering services and that EBay sellers are popping up with auctions like these:

Gamerscore hacking on EBay, originally uploaded by Paperghost.

Want to see some of the auction details? Of course you do.
Gamerscore hacking auctions, originally uploaded by Paperghost.

Full aftersale support, originally uploaded by Paperghost.

"Why pay someone else to do it when you can do it yourself and when you have these programs you can sell 40,0000+ gamertags on ebay and make ????????"

...oh dear. We'll be paying the above EBay seller a visit a little later on, so keep "Da1truehomie" in mind.

The program currently being thrown all over the place on underground sites (and poorly worded EBay auctions) would be this one:

XBox Profile Editing Progam, originally uploaded by Paperghost.

Editing the gamerscore & achievements is simply a case of hooking the XBox up to the PC (with a transfer cable you can obtain free from Microsoft...whoops) then tampering with the data using the required programs.

Once you go looking on sites away from the underground such as Youtube & other video sites, it's clear that this problem is now going mainstream. Is there anything Microsoft can do to stop this? Who knows, but people determined to alter their profile details should know the following:

1) Microsoft are very good at spotting tampered profiles, and swinging the appropriate banhammer. You might get away with it for a while, but eventually it's going to go horribly wrong. Remember EBay seller "Da1truehomie"? Here is his XBox profile, note the message at the bottom:

Caught! Can I get a witness?, originally uploaded by Paperghost.

He can expect to have his score reset and be hit with a possible ban. On reflection, perhaps having the same username for both his XBox and EBay accounts wasn't a smart idea.

2) The program that so many people are sending around went a bit bonkers when it was cracked and made available for everyone to download. Namely, it doesn't unlock the achievements correctly, labels online specific achievements as having been unlocked offline and various other things that fairly scream "shenanigans".

I still say Microsoft should remove Gamerscores altogether, however. For the tiny amount of worth they bring (not much), it's greatly outweighed by the desire of scammers to both obtain it by phishing and inflate it by hacking. Stolen XBox profiles are now big business, and you can typically expect to pick up an account with a credit card attached to it for as little as $4.

The act of Gamerscore tampering also pretty much makes legitimate gamerscores even more worthless than they are now - spent three years building up your total via hours of gameplay? Too bad, that large collection of guys over there unlocked six billion points in a week. It also presumably makes it much more difficult for game developers to keep track of statistics such as these (stats which many companies often use to tweak difficulty settings in future releases), so everybody loses out.

Bragging rights - who'd have thought they'd cause so much trouble?


Oh, just to clear this up (because I just got an amazingly angry email just now with a lot of yelling and capital letters):

I have no issue with achievements at all, in many cases they can squeeze some extra life out of a game. I'm not saying to remove achievements at all.

However, when talking about *Gamerscores* all I can do is give my own opinion on them, which is that they're a completely useless score that eventually makes you a target for hacking, social engineering and / or phishing.

To me, there is absolutely no benefit to that whatsoever and they'd be better off removed. But if you enjoy having a high Gamerscore, fine - whatever floats your boat.

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on July 27, 2009 10:00 AM.

"Free Points" Phish was the previous entry in this blog.

Fake Retweets Lead To Spam is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.