Info@NationalCyberSecurity
Info@NationalCyberSecurity

Apex Legends Players Hacked Live During Tournament, Should You Be Worried? | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


Two top Apex Legends players were hacked live during this weekend’s ALGS Playoffs. In case you somehow missed it, serial winner Phillip ‘ImperialHal’ Dosen and fellow pro player Noyan ‘Genburten’ Ozkose were on the receiving end of hacks midway through the high-stakes competition. ImperialHal suddenly had aimbot switched on his account, and Genburten saw a cheat overlay appear on-screen, as well as the outlines of every player in the lobby showing as clear wallhacks. The hacker also posted a message in Genburten’s chat, saying “Apex hacking global series by Destroyer2009 & R4ndom”.




The competition was halted and postponed, ImperialHal appeared to receive an automated ban, and the whole event has sent shockwaves through the Apex community. Conspiracy theories are flying, people are accusing the two top players of cheating, and buzzwords like RCE are being posted to online communities. But what actually happened, and is your PC at risk if you load up Apex in the coming days?


The Context For The Apex Legends Hacks

Destroyer2009 has been hacking Apex Legends for a while now. A month ago, they hacked into ImperialHal’s Predator-level ranked lobby, filling it with AI-controlled bots named Destroyer2009.


In the past, they have also gifted thousands of packs to top players. ImperialHal and Mikkel ‘Mande’ Hestbek received 2,500 and 4,000 packs respectively, which should have cost thousands of dollars. The hacker also bypassed the five gifts per day limit, and presumably isn’t on either players’ friend list.

It’s worth noting that the hacker has targeted the biggest streamers and hottest events. ImperialHal, Genburten, and Mande, all command the biggest viewerships in Apex streaming, other than maybe Disguised’s Timothy ‘iiTzTimmy’ An. While Genburten has faced cheating accusations in the past, something he touched on in his interview with TheGamer ahead of DarkZero’s tragic performance at the ALGS Championship in Birmingham.


“I also had cheating accusations,” he told me last year. “I had so much pressure to perform at Championships – I had to win, genuinely, I had to. I couldn’t come second or everyone would still talk sh*t about me.”

He put the accusations to bed back with incredible in-person performances in 2022, but the fear on his face as the hacker put cheats into his game this weekend showed that he was terrified the allegations would resurface.

Was It RCE (Remote Code Execution)?

Here I’m going to defer to the knowledge of Jason ‘Thor’ Hall, the CEO of game developer Pirate Software and a 20-year veteran of the hacking community who has worked for Blizzard, Amazon Games Studios, and the United States Department of Energy. A self-proclaimed “giant nerd”, he knows all about hacking and what it means when games are hacked.


Interestingly enough, when Thor first saw the clips of ImperialHal and Genburten being hacked, he immediately assumed that cheats were installed on their machines. Whether this was through malware or malpractice he couldn’t say, but the only thing saving Genbruten’s blushes were the messages the hacker posted in his chat. A normal cheat would not broadcast that the player is cheating.

apex legends season 20 legends fighting over a death box-1

Then he was shown some old clips of Hal’s hacked ranked lobbies. This was a big change, and for Thor, more worrying. If two players’ machines are compromised, it’s one thing. If a hacker can spawn units into a public match, it’s another entirely. Still, it doesn’t prove it’s RCE.


“Based on what we have, I don’t think that the hacker has individual access to Apex players’ machines,” he said on stream. “I do think that [the hacker] has access to the server in some capacity, whatever that capacity is.”

This is reminiscent of the Titanfall hack that affected the game in July 2021. Apex was unplayable for days, with the only available game mode being one named ‘Save Titanfall’.

I recommend watching Thor’s stream from the 8 hour 41 minute mark to get the full picture, as his explanations are clear and well-reasoned.


Thor believes that it’s unlikely an issue with Easy Anti-Cheat, the company that provides anti-cheat frameworks for hundreds of popular games. His question is, if the hacker has access to EAC, why only target Apex Legends players? It’s the same question when discussing if client-based RCEs are in play: if the hacker could hack everyone, why aren’t they? A few select players were targeted, meaning the hacker is likely self-aggrandising and trying to seem like they have more access than they do.

However, the introduction of bots into public ranked lobbies, as well as the gifts of Apex Packs and bans, suggest that the Apex Legends server has a vulnerability.


“This also doesn’t prove that [the hacker] has remote code execution on that end person’s machine,” Thor says to Mande in a conversation on stream. “It’s easy for us to assume that he has downloaded something onto that person’s computer, run a cheat on that person’s computer, and then that person got banned by the automatic Easy Anti-Cheat system. But if [the hacker] has server-level access, [they] could just be like, ‘Oh, you’re flagged as a cheater’.”

“It sounds like you’re grieving for a game that you already know is dead,” – Jason ‘Thor’ Hall, hacker and Pirate Software CEO.

As the conversation goes on, and Thor takes over an hour to look at all the evidence in great depth, he becomes more certain that the Apex servers have a vulnerability that Destroyer2009 is exploiting.


“Most likely possibility: this dude has server-level access, 100 percent,” Thor ascertains. “The second possibility is that he doesn’t have direct server-level access. There may be a compromised employee’s machine, and that is also very likely. Because, if you have a compromised employee machine, you would get the same level of access as if you had a vulnerability directly in the server.”

Are Laid Off Developers Destroyer2009?

apex legends season 20 conduit boosting gibraltar's shields with a burst of blue energy-1

“It’s probably not a fired employee,” Thor says when Mande reminds him of Respawn’s recent layoffs. This is likely because of the timescales, and the fact that Destroyer2009 started popping up over a month before the layoffs were announced.


He also reiterates that players should be on the same side as the developers right now. Thor’s been on both sides of the fence, and he’s got an important message for players: “It feels like the devs are lazy, it feels like the devs don’t care. But I guarantee you, there’s a bunch of developers trying to solve this and they can’t right now. […] It’s so easy to fall into the trap where you are adversaries with the devs when they are already fighting these guys. Work with them as much as you can. Report as many of these pieces of sh*t as possible.”

While he urges players to stand by the devs and support them, Thor has a heartbreaking response to Mande’s complaints about the game. Mande talks about the rampant cheaters in ranked, poor communication from the developers, and a lack of support. “It sounds like you’re grieving for a game that you already know is dead,” Thor responds. It’s a devastating sentence, but perhaps one to think about going forwards.


Are You At Risk?

apex legends season 18 revenant kills bloodhound

“It is unlikely that [the hacker] has individual access to each player’s client,” Thor explains, based on what Destroyer2009 has done so far. There is “no indication” that the hacker is in your PC. He also still doesn’t rule out that Genburten and ImperialHal’s specific machines are compromised. However, he notes there’s certainly no risk in taking two days off the game. It’s a game, after all, there are plenty of others to play.

The most important thing that Thor says, however, is to avoid speculation. Don’t jump to conclusions, don’t expect the worst, don’t shout about RCEs when there are other possibilities. “If you can’t prove it, don’t repeat it,” he advises. But maybe take a week off from playing.


Next: How Pro Player ShivFPS Plays Apex Legends With His Mouth

——————————————————–


Click Here For The Original Story From This Source.

.........................

National Cyber Security

FREE
VIEW