Man arrested for robbing RuneScape virtual characters

Graham Cluley
Graham Cluley
@[email protected]

It has been revealed that British police have arrested a 23-year-old man accused of stealing virtual characters and goods from players of one of the world’s most popular online games.

The man, from the Avon & Somerset region, was arrested last Tuesday by officers of the Police Central e-Crime Unit (PCeU), after allegedly phishing the usernames and passwords used by players of RuneScape, a Massively Multiplayer Online Role Playing Game (MMORPG).

RuneScape is (appropriately for an MMORPG) massively popular, with players spending hours in a medieval fantasy world, exploring and going on quests, grabbing gold and casting spells on each other.

As the popularity of such online games has grown, so the number of active members prepared to play for many hours every night has multiplied. But if you don’t have the patience to hunt for gold, or accrue enough points to earn armour and magical spells you might be tempted to spend real money and get a helping hand in the game that way.

Sign up to our free newsletter.
Security news, advice, and tips.

And it is the greed of impatient MMORPG players of which hackers are taking advantage. Cybercriminals are actively trying to steal from other players, whether it be “cyber-money”, powerful characters or virtual belongings. They all have a value in real money.

By stealing usernames and passwords, hackers can break into these games and steal other player’s virtual identities and belongings.

This is far from the first time that crime has taken place in a virtual world – in fact there are many examples of investigations into similar illegal activity in other countries.

For instance, in July 2009 the Australian Chief Executive of a sci-fi online trading game the Australian Chief Executive of a virtual bank in a sci-fi online trading game stole 200 billion “kredits”, which he then used as a deposit on a real-world house, and in October last year a Japanese woman was arrested by police after hacking her virtual husband “to death” in the virtual game MapleStory.

Back in 2007, a gang of Dutch teenagers were arrested Dutch after almost $6000 worth of virtual furniture was stolen from players of Habbo Hotel, a chat room and gaming website aimed at teenagers.

Online role-playing games first became popular in Asia, and so it’s no surprise that much of the malware we have seen which steals information from virtual gamers originated in that part of the world. Four years ago, a group of Korean men who made large amounts of money after stealing credentials from playerrs of the game Lineage were arrested.

Some MMORPGs have responded to the growing problem by introducing hardware token devices (also sometimes distributed by real-world banks) to authenticate users are who they say they are.

Correction: In an earlier version of this blog post, I erroneously suggested that the Chief Executive of Eve Online – rather than the Chief Executive of a virtual bank inside Eve Online – was accused of stealing funds. My apologies for any confusion caused.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.