Interesting event! One of those ones that really suddenly brings back to cyberpunk decades ago and makes me feel like we're living some of it now. One comment in their comment section caught my eye though:
>"It really is incredible that they would run these finals on the live internet."
I think they were thinking in terms of doing in-person physical LAN versions, and as another reply said that's a not insignificant undertaking in terms of cost (if nothing else, just plain having potential competitors from all over make their way there), though given all the amateur traditional sports that manage it for everything from surfing to dogsledding I'm a little skeptical that it'd be that impossible for these companies. But yeah it's a jump.
However, I do wonder if there's ever been any consideration to using VPNs to that end, at least for the finals? Have players set up a WG tunnel to the mothership with all other networking disabled just for the match, that'd be about as good and if it was super easy seems like players could be onboard for it as well. It wouldn't be some big interfering kernel thing like so much anti-cheat, not anti-cheat at all in fact just security against external griefing, they could turn it right off after. Given this is clearly unusual maybe not something to worry about in general, but could be an approach if it proves a bigger problem.
Apex does hold IRL "LAN" tournaments, but allegedly they're not held through an actual local area network—instead they're held on a private local server. Or so I've heard!
> Please contact us for the relevant SDKs and to talk about the fine print. We're still working through details of how to distribute this code, and at this time we might not be able to make cross-platform support available to all partners and all games.
There's the potential that for, say, consoles this might not be sufficient at this point in time sadly.
Watched this happen in real-time last night. The stream cut to a generic "We'll be back" interstitial between rounds, which is normal, but it lasted longer than usual and eventually cut to a "Thanks for watching!" card. Stream ended. Chaos ensued.
What's interesting is that the two confirmed targets (Hal and Gen—not sure if any others were impacted) are two top dogs on the scene right now. IIRC their respective teams have a somewhat friendly rivalry going on. In other words, these are guys with lots of wins under their belt who don't need aimbots to take home cash prizes.
So I'm rabidly curious to know how the person behind the hack pulled this off, but also really want to how they chose the specific players to target or what their motivations were in the first place. Maybe they have some kind of grudge and they want to "expose" (read as: frame) these guys or just get their hands dirty.
Saw it live. Hardly believable: those kids were able to, while the game was running, install and enable hacks (xrays,walling,aim bot,etc) remotely on the msft windows of those competing electronic athletes.
I'm fascinated to find out how they pulled this off. There's been cases before where a malicious gameserver controlled by an attacker could RCE clients which connect to it, but in this case the server was controlled by a trusted party, and the attackers shouldn't even have been able to know which server they were playing on, nevermind connect to it since they weren't invited. There must be layers to this one.
Yeah, or a RCE that allowed them to directly hit each individual client, rather than coming from the server?
Seems there are mentions of Easy Anti-Cheat having a vulnerability, but I'm not sure how trustworthy that is. It's a widely used anti-cheat, if it has a vulnerability, it would be big news, bigger than the "Apex Legends final being postponed" story.
But who would blow such a 0day on ruining a competition, instead of doing something profitable and sneaky? Gotta admire that, seems it was just for "fun".
Unless something similar happens in another game with EAC I would assume it's exploit(s) in the game itself - the remote attack surface of the game is orders of magnitude larger than the anti-cheat after all.
> Yeah, or a RCE that allowed them to directly hit each individual client, rather than coming from the server?
Maybe, but Apex has dedicated servers so there isn't a great deal of client-to-client communication to potentially exploit.
What seems more likely, RCE in Apex or Easy Anti Cheat, that only targeted two players... Or that the two players, ImperialHal and Genburten had the hacks installed, and this was exploited by Destroyer2009 to prove that two top players have been hacking?
After all, given Destroyers track record posted here by someone else, they clearly have a close association with the cheat creaters. Since they have been using them for so long.
Has it been confirmed that there were no existing cheat/hack tools installed on the PC already? I'm possibly missing the smoking gun where it's definitely a remote code exploit and not just the player having cheat tools installed on their PC and accidentally activating them, then pretending to be very alarmed at what's going on.
Two players on two different teams had cheats appear simultaneously, it's quite unlikely they would both accidentally reveal their cheats at the same time.
The overlay that appeared with the "cheats" on it was full off inside jokes too and didn't look at all serious. One of the check boxes was labelled "Vote Putin".
There hasn't been any confirmation about how exactly it happened. It seems to me that the most likely scenario was these players got phished prior to the tournament and were already infected with malware.
In my mind this type of cheating can only happen one way. The client code that was being used by the players in this competition is a hacked version of the apex legends source code. What these players did not realize is that the software contained an open connection for the attacker to remotely exploit at his will.
Readit News
>"It really is incredible that they would run these finals on the live internet."
I think they were thinking in terms of doing in-person physical LAN versions, and as another reply said that's a not insignificant undertaking in terms of cost (if nothing else, just plain having potential competitors from all over make their way there), though given all the amateur traditional sports that manage it for everything from surfing to dogsledding I'm a little skeptical that it'd be that impossible for these companies. But yeah it's a jump.
However, I do wonder if there's ever been any consideration to using VPNs to that end, at least for the finals? Have players set up a WG tunnel to the mothership with all other networking disabled just for the match, that'd be about as good and if it was super easy seems like players could be onboard for it as well. It wouldn't be some big interfering kernel thing like so much anti-cheat, not anti-cheat at all in fact just security against external griefing, they could turn it right off after. Given this is clearly unusual maybe not something to worry about in general, but could be an approach if it proves a bigger problem.
There's the potential that for, say, consoles this might not be sufficient at this point in time sadly.
[1] https://www.oneesports.gg/league-of-legends/lck-spring-2024-...
What's interesting is that the two confirmed targets (Hal and Gen—not sure if any others were impacted) are two top dogs on the scene right now. IIRC their respective teams have a somewhat friendly rivalry going on. In other words, these are guys with lots of wins under their belt who don't need aimbots to take home cash prizes.
So I'm rabidly curious to know how the person behind the hack pulled this off, but also really want to how they chose the specific players to target or what their motivations were in the first place. Maybe they have some kind of grudge and they want to "expose" (read as: frame) these guys or just get their hands dirty.
Seems there are mentions of Easy Anti-Cheat having a vulnerability, but I'm not sure how trustworthy that is. It's a widely used anti-cheat, if it has a vulnerability, it would be big news, bigger than the "Apex Legends final being postponed" story.
But who would blow such a 0day on ruining a competition, instead of doing something profitable and sneaky? Gotta admire that, seems it was just for "fun".
https://twitter.com/TeddyEAC/status/1769725032047972566
Unless something similar happens in another game with EAC I would assume it's exploit(s) in the game itself - the remote attack surface of the game is orders of magnitude larger than the anti-cheat after all.
> Yeah, or a RCE that allowed them to directly hit each individual client, rather than coming from the server?
Maybe, but Apex has dedicated servers so there isn't a great deal of client-to-client communication to potentially exploit.
The article points out:
> In the Genburten clip, the streamer’s chat can be seen to read “Apex hacking global series by Destroyer2009 & R4ndom.”
So maybe some other folks had their own CTF competition concurrently. Pretty cyberpunk. Who knows what the prize was.
After all, given Destroyers track record posted here by someone else, they clearly have a close association with the cheat creaters. Since they have been using them for so long.
All they did was enable it on their live streams.
Thanks for reading