XboxCrimesWeb.jpgGaming system secrets: Not just part of the game

Gaming systems are used for fun and entertainment, but the secrets they hide may put you and your family in danger. With the use of online gaming systems like Xbox, PS3 and Wii, the public needs to be aware of the dangers of sharing and storing information that may result in the infiltration of their privacy, or worse.

With Microsoft’s Xbox 360 as the most popular gaming system among American consumers, selling over 39 million consoles, Dakota State University assistant professor, Dr. Ashley Podhradsky, recognized the need for research in the popular consumer product when dealing with crimes. “I have been working on forensically investigating the Xbox 360 when the device is involved in a crime or misuse event,” says Podhradsky.

“I chose this topic because I recognized the need for forensic practitioners to be able to analyze nontraditional devices, specifically gaming consoles.  As our society continues to use non-traditional devices in the same capacity as computers, the crime and misuse activities seen on computers are become very prevalent on gaming consoles, such as the Xbox 360.”

This gaming system is not only similar to a personal computer – it is actually more powerful than most average personal computers. Video game consoles have evolved from single-player embedded systems with basic processing and graphics capabilities to multipurpose devices that provide users with parallel functionality to modern desktop and laptop computers. 

Besides offering video games with rich graphics and multiuser network play, today's gaming consoles give users the ability to communicate via email, video and text chat, transfer pictures, videos, and files, and surf the Internet.  Given the advanced hardware, high storage capacities and online access, the Xbox 360 has become a favorite medium for cybercrimes.

Cybercrimes are committed in numerous ways via the gaming consoles including cyber swatting, a scam where 911 emergency services are tricked into dispatching emergency response vehicles; kicking, a quasi-hacking technique where an Xbox user is “kicked” off of Xbox Live by another player in the room which targets the victim’s internet connection; and stolen X-box user accounts, which the victims are unaware that they have been targeted until they are unable to access their accounts.

The crimes even extend to the unimaginable; when playing games with other people over the Internet, children often find themselves immersed in environments devoid of the traditional guardians who serve to protect them in the physical world. Media reports have linked gaming consoles to the victimization of children in cases of rape, child pornography, online harassment/bullying, and child sexual solicitation.

With the evolving gaming technology, something bigger and better is always being presented to consumers. Instead of just collecting gaming systems, people decide to sell their old systems to subsidize the price of a new unit.  According to Podhradsky’s research, there were over 3,705 Xbox 360 gaming systems for sale in the United States on Ebay in 2012, and that number did not include Xbox hard drives being sold without a console. The sellers of the used gaming systems may be giving identity thieves the upper hand in their criminal escapades.

When purchasing used gaming systems from online auction sites, identity thieves gain somewhat of an additional advantage – the seller’s name and mailing address appears right on the package when it arrives. Likewise, if acquired from a classified forum such as craigslist unscrupulous individuals can amass the seller’s name, telephone number or email address, and various other tidbits of information.

Typically, when an individual decides to sell or trade their Xbox console or hard drive, they delete or erase their personal data and history believing the information is permanently gone. However, this common practice does not technically remove data from the console – it merely alters it. When data is deleted, it is not really erased; in fact, it is not even necessarily moved. In most cases, the information or file stays exactly where it was. What changes is the path and filename of the data known as the directory entry. The first letter of the file is modified and marked with a character indicating it is available to be rewritten. There it will stay intact until new data is written over the existing data. More knowledgeable Xbox users may opt to reformat the console’s hard drive in order to destroy sensitive information.

When asked what this research means for consumers, Podhradsky says, “There are a few outcomes that I see for this research; one major outcome is sharing the research with the practitioners who conduct forensic investigations on gaming consoles throughout the country. My partners and I actively work with investigators in local and federal law enforcement agencies.”

“Another outcome we have is creating an automated investigative tool to analyze the gaming console. We have a considerable amount of time mapping investigative data, and analyzing the types of recoverable data.  We would like to create a software tool that is able to recover the data to help prosecute criminals who conduct their crimes using the gaming consoles as their medium.”

Because of her extensive research into the Xbox and its use during criminal activity, Podhradsky was invited by UC Berkeley to present her research at their TRUST Autumn Conference, and also received a travel fellowship to do so, last fall. She was amidst other faculty presenters from Carnegie Mellon, Cornell, Stanford, Berkeley, Vanderbilt and San Jose State.

Podhradsky has received many awards for her research of the gaming console:

  1. Casey, Podhradsky, D’Ovidio. “XBOX 360 Forensics. Drexel University Research Day Winner. April, 2011. (Computational and Modeling Non-Bio).
  2. Awarded Women in Science and Engineering Fellowship 2012 TRUST. UC Berkeley; Award amount, $3100
  3. Awarded Women in Science and Engineering Fellowship 2011 TRUST. Carnegie Mellon University; Award amount, $3100
  4. Awarded DSU Faculty Research Initiative, 2012.;Award amount, $2000
  5. Awarded Travel Fellowship for TRUST Autumn Conference, 2012 UC Berkeley; Award amount, $3500
  6. Awarded  SD Board of Regents Performance Improvement Fund, 2012; Award Amount, $60,000  

Below are some of the citations, invited presentations, and awards directly related to this specific work.  

  1. Invited Presenter, The Pennsylvania State University, 2012
    Crime in Virtual Worlds: A Forensic Investigation of an Xbox 360
  2. Invited Presenter at Drexel Universities Cybersecurity Research Forum, 2011
    Digital Forensics on Non-Traditional Devices
  3. Invited Presenter at Department of Justice CyberCrime Symposium, 2011
    Philadelphia, PA

 Below are publications that have included Podhradsky’s research.

  1. Podhradsky, D’Ovidio, Engebretson, Casey (2012). “Xbox 360 Hoaxes, Social Engineering, and Gamertag Exploits.” Hawaii International Conference on System Science. In Press.
  2. Podhradsky, D’Ovidio, Engebretson, Casey (2013). “Xbox 360: Maping Investigative Data.” International Conference on Digital Forensics and Cyber Crime. In Press.
  3. Podhradsky,  D’Ovidio, Casey (2012). “The Xbox 360 and Steganography: How Criminals and Terrorists could be “Going Dark.” The Conference on Digital Forensics, Security and Law. May 2012. Richmond, VA. In Press
  4. Podhradsky, D’Ovidio, Casey. (2011): “Identity Theft and Used Gaming Consoles- Recovering Personal Information from Xbox 360 Hard Drives.” Proceedings of the America’s Conference on Information Systems.  Paper 54. August, 2011, Detroit, MI, ISBN 978-0-615-50707-1
  5. Podhradsky, D’Ovidio, Casey (2011). “The Practitioners Guide to the Forensic Investigation of Xbox 360 Gaming Consoles.”  The Conference on Digital Forensics, Security, and Law (ADFSL). May, 2011, VA. ISSN 1931-7379 pp 173-191
Last Updated: 3/28/13