Security

Cyber-crime

Cyberattack gifts esports pros with cheats, forcing Apex Legends to postpone tournament

Virtual gunslingers forcibly became cheaters via mystery means


Updated Esports pros competing in the Apex Legends Global Series (ALGS) Pro League tournament were forced to abandon their match today due to a suspected cyberattack.

In the early hours of Monday morning, two professional Apex Legends players competing in two separate matches were forcibly given cheats on their accounts – events that have seen the tournament temporarily shut down. 

Noyan Ozkose (whose alias is Genburten) of the Dark Zero team was suddenly given the ability to see all opponents through walls, while Phillip Dosen (alias: ImperialHal) of the TSM team was also suddenly gifted the ability to aim automatically at his opponents without any manual application to the controller – an "aimbot."

Do not insert coin: Uni of Utah to dish out scholarships to ace video game players

READ MORE

ImperialHal remained in the game server until organizers shut it down, but was issued a ban by the game itself after it detected a cheat system running. Teammate Evan Verhulst (alias: Verhulst) also received a ban.

There is no suggestion the players were anything but horrified at being gifted the sudden "hacks," as the panicked audio in the linked Twitter feeds attest.

The community suspects that the attacker responsible for the intrusion exploited an unpatched remote code execution (RCE) vulnerability in the Apex Legends game.

This was backed up by messages sent from the alleged attacker to the individual behind AntiCheatPD, an X account that gathers information about video game cheats, claiming that the incident was caused by an RCE exploit.

The messages didn't specify the component of the game that was allegedly exploited. The community has been debating whether it could be in the Apex Legends game client itself or in the game's built-in anti-cheat mechanism (Easy Anti-Cheat).

Another possibility being discussed is that the vulnerability was in Valve's Source engine, a heavily modified version of which powers the game.

However, the scant communications from Apex Legends, developer Respawn Entertainment, or publisher Electronic Arts (EA), haven't answered anything in terms of technical specifics. It's still early days, after all.

"Due to the competitive integrity of this series being compromised, we have made the decision to postpone the NA finals at this time. We will share more information soon," Xeeted the Apex Legends Esports account.

El Reg asked EA's comms team for more information about whether a suspected RCE was exploited, or when a further update would arrive, but it didn't reply.

The incident - where competition was disrupted as a result of outside interference - is a rarity in the esports world.

In 2015, professional matches in DOTA 2 and League of Legends were also forcibly abandoned after DDoS attackers knocked players offline, rendering them unable to compete. This type of attack is more common against game servers themselves, rather than individuals, but it's not unheard of for professional esports players or streamers to get the same treatment.

Given that all major esports matches are freely streamed online, the disruption can be seen in real time. Also taking into account that bets can be placed on matches with major, legitimate bookmakers, there is entertainment and potentially financial incentives to carry out such attacks. Reputational harm to a player and/or the game could also be a motivator.

Cheating in esports has largely come from the players themselves, introducing cheat software to their systems to give themselves a competitive advantage.

There have been countless cases over the years that have led to professionals being banned from their respective games for varying lengths o time. Some, like former StarCraft world champion Lee Seung-hyun, were banned for life. 

Although he didn't use a technical, software, or hardware-based exploit, Lee was found guilty of taking payments to fix matches and subsequently banned from StarCraft esports forever.

Using illegal cheats has long been on the radar of video game professionals and made security shop Trend Micro's top three concerns for pro players back in 2019, alongside ransomware and information stealers.

"After analyzing esports underground markets and seeing the services and technology available, there is no doubt that the esports industry will be heavily targeted by malicious actors going forward," Trend Micro said at the time.

"Luckily, gaming companies and tournament organizers are already aware of their status as targets, and are always on the lookout for new cheating techniques and tools. There are also new security features being developed for the industry, as well as different anti-cheat services dedicated to keep esports fair. 

"But, for all the targets involved, there needs to be a more comprehensive awareness on the specific threats involved in these competitions. This can help them build better defenses and find more effective security solutions." ®

Updated at 14.59 on March 18, 2024, to add

Easy Anti-Cheat, the anti-cheat software used by ApexLegends, said in a statement on X: "We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat. At this time - we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed."

Send us news
6 Comments

Interpol nabs thousands, seizes millions in global cybercrime-busting op

Also, script kiddies still a threat, Tornado Cash is back, UK firms lose billions to avoidable attacks, and more

RansomHub claims to net data hat-trick against Bologna FC

Crooks say they have stolen sensitive files on managers and players

America's drinking water systems have a hard-to-swallow cybersecurity problem

More than 100M rely on gear rife with vulnerabilities, says EPA OIG

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Amazing that these two bugs got into a production appliance, say researchers

Man accused of hilariously bad opsec as alleged cybercrime spree detailed

Complaint claims he trespassed, gave himself discounts, and sorted CCTV access…

D-Link tells users to trash old VPN routers over bug too dangerous to identify

Vendor offers 20% discount on new model, but not patches

Crook breaks into AI biz, points $250K wire payment at their own account

Fastidious attacker then tidied up email trail behind them

Perfect 10 directory traversal vuln hits SailPoint's IAM solution

20-year-old info disclosure class bug still pervades security software

Severity of the risk facing the UK is widely underestimated, NCSC annual review warns

National cyber emergencies increased threefold this year

Major energy contractor reports 'limited' access to IT after ransomware locks files

ENGlobal customers include the Pentagon as well as major oil and gas producers

Zabbix urges upgrades after critical SQL injection bug disclosure

US agencies blasted 'unforgivable' SQLi flaws earlier this year

Another 'major cyber incident' at a UK hospital, outpatients asked to stay away

Third time this year an NHS unit's IT systems have come under attack