Riot Games hack could help cheaters

Share to friends
Listen to this article

Last week, the video game giant Riot Games revealed that hackers had compromised its “development environment”— the place the corporate shops its source code — with a social engineering assault.

While the corporate reassured its users that “there is no indication that player data or personal information was obtained,” the hack might nonetheless be damaging, as hackers got their arms on the source code for Riot’s widespread video games League of Legends and Teamfight Tactics, in addition to the source code for the corporate’s legacy anti-cheat system.

The theft of the anti-cheat’s source code — even an old system — might assist hackers develop higher and fewer detectable cheats, in accordance with trade consultants who spoke to TechCrunch.

“From Riot’s perspective it’s bad (beyond just embarrassing) because it makes it easier for cheat developers to understand the game and therefore easier to develop new cheats, it also makes it easier for third party league servers/clients to get made,” Paul Chamberlain, who led Riot’s anti-cheat group till September 2020, told TechCrunch.

Chamberlain said that the legacy anti-cheat hasn’t been a part of League of Legends for 5 years, however given that growing cheats is “is as much (perhaps more) about the game itself than the anti-cheat system, having access to the game source code means you don’t have to reverse engineer the released binaries (which are often also obfuscated or encrypted) and gives cheat developers better access to the intent of the game code through comments and variable/function/class names.”

“Access to an obsolete anti-cheat system is mostly a curiosity but it could give some insight into how the anti-cheat developers think and what the company prioritizes in terms of what needs protection,” Chamberlain explained.

Riot itself admitted this danger. In a tweet on Tuesday, the corporate said that “any exposure of source code can increase the likelihood of new cheats emerging,” and that its builders are working to evaluate the impact of the theft and “be prepared to deploy fixes as quickly as possible if needed.”

When reached by email, Riot spokesperson Joe Hixson declined to reply TechCrunch’s questions past the corporate’s tweets.

An trade insider with knowledge of anti-cheat programs, who requested to stay anonymous as he was not approved to talk to the press, agreed that the theft of the anti-cheat system’s source code has the potential to harm Riot and its gamers.

“They are in trouble if the anti-cheat code gets published,” he said. “If the anti-cheat source code is disclosed, cheat developers will have an easy time bypassing everything.”

The insider explained that Riot’s old anti-cheat system might be nonetheless getting used to stop a variety of cheats and dealing to detect and block them. The theft of the system might compromise Riot’s potential to determine the {hardware} utilized by cheaters—game corporations use determine and fingerprint the {hardware} utilized by cheaters to ban them—in addition to the detection programs used to seek out cheat builders, and should even require a rewrite of the anti-cheat system.

Moreover, the insider said, the source code might even be utilized by malware builders. “It will be easier to find vulnerabilities in the [game’s] driver that could be exploited by malware,” the insider said.

Motherboard reported on Tuesday that the hackers are demanding Riot Games pay a ransom of $10 million to not publish the stolen code.

“We have obtained your valuable data, including the precious anti-cheat source code and the entire game code for League of Legends and its tools, as well as Packman, your usermode anti-cheat. We understand the significance of these artifacts and the impact their release to the public would have on your major titles, Valorant and League of Legends. In light of this, we are making a small request for an exchange of $10,000,000,” learn the ransom note obtained by Motherboard.

Do you have more information about this hack? Do you do cybersecurity analysis on video video games or game consoles? Or do you develop cheats for video games or reverse engineer anti-cheat software program? We’d love to listen to from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email [email protected]

UK police arrest teenager suspected of Uber, GTA 6 hacks

Riot Games hack might assist cheaters by Lorenzo Franceschi-Bicchierai initially printed on TechCrunch


READ ALSO  A Police App Exposed Secret Details About Raids and Suspects