Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
IT

Hacker Says They Banned 'Thousands' of Call of Duty Gamers By Abusing Anti-Cheat Flaw (techcrunch.com) 21

An anonymous reader shares a report: In October, video game giant Activision said it had fixed a bug in its anti-cheat system that affected "a small number of legitimate player accounts," who were getting banned because of the bug. In reality, according to the hacker who found the bug and was exploiting it, they were able to ban "thousands upon thousands" of Call of Duty players, who they essentially framed as cheaters. The hacker, who goes by Vizor, spoke to TechCrunch about the exploit, and told their side of the story.

"I could have done this for years and as long as I target random players and no one famous it would have gone without notice," said Vizor, who added that it was "funny to abuse the exploit." TechCrunch was introduced to Vizor by a cheat developer called Zebleer, who is familiar with the Call of Duty hacking scene. Zebleer said he had been in touch with Vizor for months, and as such had knowledge of the exploit, which he said he saw Vizor using.

Hacker Says They Banned 'Thousands' of Call of Duty Gamers By Abusing Anti-Cheat Flaw

Comments Filter:
  • by gweihir ( 88907 ) on Thursday November 07, 2024 @02:03PM (#64928473)

    Old story. And as makers of security software seem to be getting progressively more incompetent, probably an important topic in IT security for the rest of the decade at the very least.

    • Can't be competent if you allow the players to bring their own hardware to the match sight unseen through out. Imagine if other sports did this.

      "Yeah, the linebacker made 13 touchdowns in his mother's basement during the last 5 minutes to beat the opposing team. We're just taking his pigskin's word for it. He's an NFL champion!"
      • by gweihir ( 88907 )

        Bullshit. I advise a look into the Crowdstrike disaster or just a week of security alerts for security products like firewalls. Those screw-ups have nothing to do with the hardware things run on.

  • Corporate entities lie as a matter of habit; The bigger the corporation, the more likely that their public claims that would incur liability are purposely lacking in detail; leaving out facts, understating the breadth of faults and understating the severity of faults they have been responsible for.

    This should be a rule of thumb.

    • by 2TecTom ( 311314 )

      omission is also a sin, Epic Games, for instance, never publishes information about banned players or how many thye ban

      it's impossible to gauge the severity of the problem, there may be a lot more cheating going on than people realize or admit to

  • now can an hack mess up an esports event by doing this?
    and will some one get banned live? and if so do they auto lose with no review?

  • Has a similar, but thankfully not as severe bug, where cheaters can trick other players' games into thinking BattleEye Anti-Cheat needs an update, so it boots them from the session and refuses to let them join another until they restart the game.

    Of course there's another exploit to just crash the games of everyone in a session entirely which is the only thing that prevents this from being a big deal.

    • Has a similar, but thankfully not as severe bug, where cheaters can trick other players' games into thinking BattleEye Anti-Cheat needs an update, so it boots them from the session and refuses to let them join another until they restart the game.

      Of course there's another exploit to just crash the games of everyone in a session entirely which is the only thing that prevents this from being a big deal.

      I love how after 10 years they finally roll out anti-cheat for GTA 5. Obviously its in preparation for GTA 6, but it will prove to be as equally pointless as pretty much all cat and mouse games.

      • So long as they get rid of the idiotic server crash cheat and complete lack of IP obfuscation, which should never have been possible in the first place and wouldn't have been if it wasn't for the fact that GTAO was originally just an afterthought that they had no idea would blow up as big as it did, little to no players would really give a damn about cheaters in GTAO. They would be a minor annoyance at worst. R* obviously would because cheaters don't buy shark cards and are likely to toss out money like can

        • IP obfuscation

          That's just BS. In order for your system to know where to send your inputs to it needs to know the IP addresses of the other players. That's matchmaking 101. No matter how hard a developer tries to hide it, a hacker will find it simply by sniffing the raw IP headers from the ethernet cable.

          The best you could do would be to have a relay server that all of the other players had to go through. That would make it so that the only IP known to the attacker was the publicly known relay server, but because the "

          • by Anonymous Coward

            Server costs used to be higher, p2p matchmaking is more an artifact of older eras where such service was costly (centralized battle.net being a groundbreaking concept) centralized "relay" hosts are the common method now (and yes, because they want executive control over everything)

            It's rarer to see direct p2p now, it's rarer that you're sending your traffic directly to other players now, it's rare that corpos skimp on the costs of equipment that their studios already have anyway...

            ...unless you're

          • by mysidia ( 191772 )

            In order for your system to know where to send your inputs to it needs to know the IP addresses of the other players.

            Nah. Your system needs to know the IP of a peer, but the peer can be a proxy node. It does not have to be another player's IP address.

            There are several hundred carrier-neutral colo facilities in the US. The game dev just needs to rent a couple rack units of space plus connectivity in 200 or so facilities to provide a Proxy server for their game client, designed node routes messages for t

  • I think there is a special place in the underworld for people like this causing mayhem, pain and collateral damage to many...for the lolz, and maybe showing off how someone or some company made a mistake or poor implementation even though they has best intentions (eg banning cheaters). Trolls be trolls, but I hope a comeuppance is on the way. Shame this person didn't learn any of those lessons on the playground. Same vein as a doxxer.

  • The exciting part (Score:4, Interesting)

    by Qwertie ( 797303 ) on Thursday November 07, 2024 @07:23PM (#64929265) Homepage
    is the fantastically dumb way the anticheat works:

    Vizor said they could simply send a private message [...] that included one of these hardcoded strings, such as "Trigger Bot," and get the player they were messaging banned from the game.

    "I realized that Ricochet anti-cheat was likely scanning playersâ(TM) devices for strings to determine who was a cheater or not. This is fairly normal to do but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives," said Vizor, referring to how the game was effectively scanning for banned keywords, regardless of context.

    • by AmiMoJo ( 196126 )

      I wonder how many were wrongly banned but not unbanned? Typically when you get banned there is no way to appeal it, so all you can do is return the game as defective if possible. Chargeback on your credit card is another option, but you have to be careful because some online services will cut off your access if you do that. It's even more of a mess if they ban your console and you have to return that as well.

  • No matter how you cut it, the actions of this person or group have ruined things for a lot of people. You can blame the developer for implementing lame anti-cheat, but if they did nothing then cheaters would ruin it. If they used rootkits and real-time smart or dumb monitoring, that's makes things less enjoyable for players and even still cheaters will try to cheat and evil hackers will try to just cause trouble for everyone. There are no good, easy solutions for fixing human selfishness.

    • by vivian ( 156520 )

      A sledgehammer to the nuts of anyone caught cheating, to be administered by the game's senior security dev, would go a long way to some social justice at least, and sharing of pain that the security team have to endure in trying to beat these guys.

If all else fails, lower your standards.

Working...