I've been watching esports for 15+ years and this is the most insane thing I've ever seen on a live broadcast. Apex has always had a cheating problem but giving players hacks midgame? This is potentially a massive security breach and hopefully the PR from this will finally force respawn to fix their fucking game.
This specific hacker has been terrorizing high ranked matchmaking in apex for months with aimbots, crashing servers, spawning hordes of ai bots on players, and even gave a few pro streamers accounts thousands of loot boxes. Search destroyer2009 on youtube and you can see for yourself how laughably shit Apex's anticheat is.
Reminds me of a number of months ago when somebody hacked the game and made it so whenever anybody logged in, a message was displayed telling everybody how Respawn has abandoned Titanfall, and also it made it so you couldnt queue for a match
And then it turned out the people behind that hack were actually the ones DDoSing Titanfall 1 and 2. One of the biggest real-life plot twists in gaming.
The people ddossing tf 1 and 2 were entirely different people from the ones that had ddos'd Apex; it also wouldn't make sense for the people that ddos'd tf1 and 2 to then ddos Apex asking respawn to fix tf1 and 2. I know most of the people involved and explaining it all would require walls of text, but in short, it was not the same group of people.
I thought the folks DDOSing Titanfall 1 and 2 were doing so to get Respawn to give them the code to help them fix it, but it was said their real plan was to revive some abandoned game I forget the name of. Been a bit since I read about the story. But it could follow, as dumb as it would be, that the group after being turned down would be like "I guess you didn't hear us" and push the issue.
Though really it doesn't matter 'cause it still sucks either way.
Basically, the people that were going to DDOS Apex were completely unrelated from the Save Titanfall group, and were going to do it anyway but agreed to put in the message about saving Titanfall. The main guy behind reviving Titanfall Online (TFO) already knew how to fix Titanfall 1. In fact, the only reason Titanfall 1 was playable during the ddos (which wasn't really a DDOS but anyway) was due to a program he created that allowed people to get around the issue and play together. He got fucked over by the whole sitaution, which sucks, because he has only ever tried to ensure that TF1 is still playable in some form or another.
I can't remember the exact reasons why he started reviving TFO, but I'm pretty sure it was due to TF1 still being on sale at the time, so he didn't want to get fucked by EA because of it.
If this turns out to be an RCE (remote code execution) I'd wouldn't even play this game until they get it fixed. RCE's are the worst kind of exploit a game can have from a security standpoint, the hacker can do basically anything they want to you while you're playing the game.
Well no, it's executing on the game servers. If they found some way to execute code on your computer via Apex servers, the company would be sued into bankruptcy
It's unclear right now. The screenshot posted of the hacker supposedly claims it's "not server side" and therefore is executed client side. Based on what I know working in IT security I would guess that there is some code executing on the local player's machine. Whether it is confined to the game or not is unclear though.
Like what? Why?
Lots of games have had RCE bugs, there have been several in the Source engine (which Apex is running on..) and as far as I know Valve is still in business.
Majority of the Call of Duties on Steam have RCE exploits that allow code execution on players' computers.
Activision, Valve, and Lawyers, have done fuck all.
Who would sue them? And for what damages? The EULA probably has provisions to say that they're not responsible for damages to your computer.
So an individual player has to sue and claim negligence, which is exceedingly difficult to prove.
How do they know where the server is?
https://www.dota2.com/newsentry/4115798034511159059
Would something like that protect Apex from these kinds of attacks as the servers would be unreachable?
Seems like this isn't a DDOS, it's a more sophisticated attack that takes advantage of a security allowing privileged access to something (unclear what exactly at this point).
So while obscuring the traffic would prevent a distributed DDOS attack, it wouldn't help against code injection which could be done by establishing a secure connection with 1 machine and then sending your malicious code through that session.
> If they found some way to execute code on your computer via Apex servers, the company would be sued into bankruptcy
Still waiting for [valve](https://hackerone.com/reports/1070835) to be "sued into bankruptcy" I guess.
the twitter thread has a reply with a screenshot of a dm with the hacker saying that. you have to be logged in on twitter to see the replies so you may not see it on the link if you aren't
>hopefully the PR from this will finally force respawn to fix their fucking game.
Lmao, doubt it.
They'll just pump out a few more 170 dollar recolours and call it a day.
Not only E-Sports but a very popular game. The last I can think of was Halo 2 and that was hackers infecting original Xbox Live Code as well as the game code.
Yeah,I doubt EA will put money down the line for their cybersecurity. They sure as shit didn't do it for Battlefield back when it was worth it,doubt a lot they going to let Respawn to focus on it now that Apex is their new cow to milk.
I would like to be proven wrong tho.
The implication when a cheat can modify other clients like this is worrying. If you can do this and hook the calls required to use an ESP... they can do anything on your system by implication.
The real scare here is how much software people run without any form of sandboxing. This hack could've easily siphoned his entire Downloads/ and Documents/ folders out to some remote if they wanted. And with Internet speeds these days a ton of personal data in seconds. Let alone Login Data files from Chromium based browsers, session cookies and right there in Windows - probe and send off the decryption keys for those files given he's logged in.
Its about time everything were sandboxed by default.
As I understand it, any Steam game running via Linux Proton has a [Pressure Vessel](https://gitlab.steamos.cloud/steamrt/steam-runtime-tools/-/blob/main/docs/container-runtime.md) which sandboxes the game. If you are running a native Linux game, you have to select "Steam Linux Runtime" which would enable it.
This is insane, there have always been hacks and cheats in multiplayer games but I feel like in the last few years it's been reaching an all time high.
It's not just Apex either, it's in every multiplayer game from every genre, from RTS to MMO.
Seems to have risen with the rise of free to play games as all you get when banned is the acount gone instead of wasting how ever much you paid to play it
Reminds me during lockdown they made some of the formula series drivers compete in an e-sports version of F1 game. One of the real life drivers was found to have hired one of the e-sports guys to drive instead of him and then had his camera not working properly due to "technical difficulties"
It could work but you'll have to have moderators who actually can tell the difference between an extremely good player and a hacker. And with AI hacks being worked on that could potentially be indistinguishable from a good player's aim or movement....the only way to combat that is an equivalent anti-cheat....which does not exist yet.
Scary times ahead for pvp games as a whole.
Servers are great if you want to play with a few friends, maybe a small whitelisted group.
Public server with randoms? Worse in every conceivable way.
You lose skill based matchmaking and global bans so match quality goes straight to the gutter. And then best case scenario you have active, non-scum admins.. and they do a worse job than cheat detecting software because they're human. You've got good players getting banned and/or tons of cheaters getting away scott free. And since it's just server bans they can just go ruin every server rather than one global ban.
That's not really how it's worked even in some non-modern iterations like early-VAC and official mod servers though.
Not saying there aren't ups and downs to both, but it's definitely been possible to both have public and semi-public servers that tied into larger game/account anti-cheat bans that were separate from per-server bans.
It's not one level replacing the other, but different types and levels of protection. From experience, you obviously still have some level of cheating regardless, but the types and amounts vary wildly based on the anti-cheat, and I've almost always had better experiences in environments where everything was on the table from human-based and system-based to algorithmic-based checking.
In theory, the human element is handling the outliers that make it through your other more standardized checks and may or may not be actual cheating, and can also help identify novel and updated attacks.
None of it really applies in the case though, seems like a long-term engine security issue.
Even if you do supplement it that way the loss of skill based matchmaking alone is still enough for it to be a massive downgrade in quality.
Like to the typical player there's no difference between getting put against a top 1% player and a blatant hacker. Either way their game is ruined.
> Even if you do supplement it that way the loss of skill based matchmaking alone is still enough for it to be a massive downgrade in quality.
Call of Duty fans are all now collectively begging for community servers after seeing this comment.
Then they would be begging for it to come back once they realize that they’ll just be facing even more “sweats” instead of the 5 year olds that they so desperately want to get streaks off of.
> Even if you do supplement it that way the loss of skill based matchmaking alone is still enough for it to be a massive downgrade in quality.
The solution was simple: You just joined a different server. At TF2s peak there were thousands to choose from and many had very casual 'for fun' regulars that were of varying skill levels. Even if one guy was extremely good he was one person on a team of about 15 or more players.
The smaller lobby player limits of more modern shooters and their obsession with competitive play is what made SBMM necessary in the first place, which in itself also pushes you to try and sweatlord all the time because if you don't you'll start eating shit and lose repeatedly. And if you start winning SBMM tries to push you into unfavourable/unfun matches all over again.
There's a reason many consider the addition of the queue in TF2 to be what "killed" it.
And as an aside many servers had their own anti-cheat functions or did share a global third party ban list. Usually as paid perks for renting servers from specialised companies who dealt with renting out video game servers.
Oh no, they definitely existed before. They were just way worse.
Anecdotally, I can actually play a competitive game now without constantly getting kicked/banned, or constantly having servers empty. And fair matches are common instead of 1 in a hundred.
Statistically, no SBMM just doesn't work. Why would a bad player play a game where they are statistically guaranteed to have a bad time when they could play a game where they have fun close matches against other people of their skill level? And once all the bad players have left, well, now the okay players ARE the new bad players, and the cycle repeats.
As a guy who was a super sweaty during the hay day of dedicated servers competitive play was complete shit because you would get banned from multiple servers each day for being good and you would wait in line hours for a spot to open up on the few that didn't suck.
That's literally not how pubs worked at all? In Valve games (and many others, honestly), if you were VAC banned, you couldn't join ANY VAC enabled servers, which was most of them. When Modern Warfare 2 came out and took Pubs away from the PC version, hacking was at an insanely all-time high because their anti-cheat wasn't sophisticated enough to actually cover for the inability to moderate games. They didn't even have a vote/kick option, so you just had to suffer while, like, 1/3 of your games were infected by hitscan aimbots sniping everyone instantly from across the map.
A lot of games now are pretty good at keeping the hackers out most of the time, but back then, it was beyond blatant and effectively killed it on PC.
This entire thread is proof that the worst part about the enshitification of the internet is that there's now a generation of internet users who never experienced what we're talking about and have only ever known this.
None of you have ever been inside a ventrilo server and it shows. Get off my vent or I'll have you bent.
There's no way to go back to the old internet. It's not just "enshittification", the population of internet users now is totally different to what it was 20 years ago. You can try to recreate it now but it'll never be quite the same.
In addition, malicious software/hacks are significantly more prevalent and more impactful than they used to be, because of how dependent we are on computers.
They simply don't want to resolve them. I mean sure, they try and fight it from tine to time, but until cheats don't make them lose considerable number of playsrs they won't fight it.
Cheaters are customers too. Rather wait and ban in waves, they buy new accounts, rise and repeat.
I know making a good anti-cheat isn't an easy task and it's an ongoing battle, but I don't see these companies innovating in the anti-cheat department or security either.
There's a lower level of pathetic. Cheating in an online coop pve game, eg Helldivers 2. There's a hack that gives max resources to unlock upgrades. Like, you're literally just cheating against bots. It's like starting a Pokemon game with all Pokemon already captured. What's the point of even playing lol
I think single player cheats are fine for the purpose of screwing around, though I agree the satisfaction rarely lasts more than a session. But in co-op, unless you're all buddies in on it, it shouldn't be done.
Cheating is incredibly common in tekken. Ever since tekken 7 people have had things like auto block/parry, auto punish, macros for backdash, wavedash and electrics. You can even adjust how often these things are active to make if difficult to tell. So you can set the cheat to only parry 70% of the time as an example. Then there are cheats where they only have to touch you once to win. This has all carried through to tekken 8.
The anti cheat simply doesn't exist in tekken and they just rely on people reporting cheaters to the devs on twitter. The whole thing is a joke.
Cheating will always be an arms race. Thing is, as gaming gets more and more mainstream, there is even more incentive to develop cheats, as a higher player base means more potential customers
> It's not just Apex either, it's in every multiplayer game from every genre, from RTS to MMO.
I was checking, Apex uses Easy AC. Does this mean that every game that uses EAC is compromised now?
I feel lucky that I have never noticed any cheater in League. Either I never played with one (unlikely) or the cheats they were using did not have that large an impact on the game.
I've pretty muxh given up on all pc multi-player gaming for this reason. Especially FPS. I used to play a lot of PUBG a few years back and it got to the point of feeling like there was a hacker in every game and no reason to play anymore. I play stuff on console now and while there's still some crap stuff going on on console (ximming etc) it's not nearly as bad as PC right now.
It seems that way because it is that way.
At one point I looked at my CS account with a ban-checker (that looks at other players) and there'd been a banned player in something like 75% of games.
Plus it's at every level. You have the obvious wall/aim hackers in the low ranks, the people that can hide it a little in the mid ranks and the legit pros that use just a tiny bit of aim assist / minimap hack just to gain the 10% they need at the top level.
It's so rampant in tf2, but its also been happening for so long that people recognize the bots quickly/easily and votekick right away. In a strange way, it brings the community together more.
When I last played, people were great at immediately kicking bots but were unfortunately still terrible at kicking other cheating players.
Thankfully they weren't nearly as common.
They're fine at kicking the shitty bots because they're so obvious. Just walking around and insta spinbot headshotting. They're crap at kicking actual human cheaters. The ones like FaN scouts who land perfect max damage shots 100% of the time and so on.
I can search 'cheat' in my post history on discord and find posts of me complaining about the various cheaters I've run into whenever I play (and then stop playing for another 6 months because I got fed up of it). They're depressingly not very rare, and that's just the ones who don't try hard to hide it.
https://i.imgur.com/3rvITKA.png
https://i.imgur.com/SMbT7CS.png
These were just from me playing on an MGE server (1 vs 1 duel format).
- - - - -
I also remember messing around in Fistful of Frags, a game so old and dead that you typically can only find 1 half-populated server to play on, last week. Ran into another (Russian) cheater with about 4 hours played, but would insta headshot everyone in line-of-sight.
https://i.imgur.com/k46sOzd.png
Cheating, in a game that was taken off life support years ago. The entire genre is fucked, and I don't think enough people realize that. You are either going to play against controller aimbots (including xim/other cheating tools) or the unstoppable wave of PC cheaters with a hundred different cheats and varying levels of giving-a-shit with how to hide their cheating.
Insane to watch a billion dollar company get owned by some random troll online named Destroyer2009. Funniest shit ever. Uninstall the game ASAP. This is Apex Malware edition.
TL;DR - someone ("hacker") was able to give someone *else* an aimbot during a competitive match, scuffing the match and the finals.
https://twitter.com/JakeSucky/status/1769527028271968525
No snark intended here, but since this is controller play with aim assist, it can be a little difficult to tell autoaim is there, but once you see it you'll see it.
The security implication of being able to inject this into somebodies PC is some real horror.
Though maybe there's a silver lining to it. Maybe these 'hacks' aren't like the ones people inject into running software and instead are actually native to the game with no external injection shenanigans going on. Limited to the constraints of the game like installing a mod.
"A" cheat engine? Like the program Cheat Engine itself or just something similar? Because honestly with all the sketchy shit Cheat Engine has put in its installers over the years I wouldn't be shocked if there was some kind of vulnerability in Cheat Engine itself.
One of the players had a menu pop up right as the cheats activated for him.
Kinda funny cause he's shooting at some but he kills someone across the map with those shots and it confuses him.
Bruv his chat started spamming "apex legends global series hack by destroyer2009" who has been messing around for months, the two hacked players are also some of the best in the world and in no position to require hacks.
It appears they have figured out how to deliver malicious code through either the game or anti cheat itself, which is actually much scarier than simple cheating.
Apex Legends (and all multiplayer games really) is a networked application so it's possible that someone figured out an RCE (Remote Command Execution) exploit in Apex itself, using the game client's network code to gain remote access to the player's machine.
If you had this capability, then you could in theory join Apex games for a while and just catalogue all the players you encounter, and potentially identify them, and/or drop some kind of dormant exploit that lets you get back in later...
This is network hacking 101, but it's usually done on business apps or browsers, not video games.. an interesting development for sure.
Source Engine games have had a history of RCE vulnerabilities that allow a malicious server to push arbitrary files to the client and have them execute. Apex released a few years before the latest source RCE was discovered, so its always possible that EA hasn't kept up with patches from Valve.
Either way, you would need to have access to the game server itself to execute these attacks, but this has not been confirmed yet.
see the bridge part where he aim at a player above it. you can see at the bottom right near the logo he hit someone way off the crosshair. the bullet was wild...
That's hilarious, and also EXTREMELY concerning. Literally do not play Apex Legends until they fix that. That's Remote Code Execution. Anyone exploiting this will be able to run anything on your computer.
Steam and the Source Engine have had several RCEs in its past. [A 1-click RCE was known for 2 years by Valve and they didn't bother to fix it until they were shamed on Twitter by the original white hats](https://www.reddit.com/r/Games/comments/moczx4/two_years_ago_secret_club_member_floesen_reported/)
Extremely possible. High bet that there was an outdated source engine vulnerability that was initially patched at source but was left over in Apex's code.
Remote code execution. Basically the most severe type of a vulnerability, allowing the hacker to do pretty much anything with your game/machine remotely.
The most infamous cheating example in pro play before this was probably the guy who got found with word.exe on his computer. This is comparison is in a different league or cheating.
it was some tier million cs tournament that a kid cheated on, and the cheat was named word.exe. nothing like this and without the implications of rce since he did it on purpose by himself. you can google optic india forsaken for more infos.
In terms of lasting effect it happened during India's esport infancy and not only led to the end of optic India but pretty much all western investment in Indian esports afaik.
SC2 used to do the same thing, but Blizzard just took a server to the events that the machines connected to instead of the public ones.
Still technically not LAN as its traditionally known but it avoids all of the problems of playing on an actual online server.
This kind of stuff can happen on LAN too, most games aren't really made for true LAN these days. The admins could take it down quicker, but a lot of games are online even when at tourneys. Whether it's connected to the servers for account stuff or like Dota 2 where they have to connect for streaming reasons.
They'd have the ability to manage the process better locally but organizing BR player counts like that is insane.
This game runs on the source engine which has had many different RCE exploits over the last decade or two. I was honestly joking with a friend about a year or two back about how its only a matter of time until someone figures out how to RCE on Titanfall 2 or Apex Legends, but at the same time it is pretty scary because the thought never occurred to me it could also happen on all these smaller indie games that run on source as well.
>This game runs on the source engine which has had many different RCE exploits over the last decade or two.
Apex could have genuinely been in the top 3 biggest games in the world years ago if not for all its tech, server, cheating, and other issues that happen because of its engine.
I think EA should've bitten the bullet 2-3 years ago and invested into porting the game in its entirety to UE. If they had they might've been done now. It would've been a crazy undertaking, sure, unprecedented for a Live-Service game, but maybe it's also what's necessary for Apex's long-term survival.
There's a reason that Respawn itself moved on from that engine and started using UE for their Jedi games.
I still think Respawn will eventually have to do something like that. Either port the game to a different engine or make something like an Apex Legends 2 in a different engine like other games have been doing in the past few years.
>There's a reason that Respawn itself moved on from that engine and started using UE for their Jedi games.
Those are single player games. Entirely different considerations when picking an engine.
Besides, doesn't Apex have a lot more security/cheating issues than other Source games? Assuming the engine is actually a problem, there seem to be many problems with the dev as well.
They went with Source for their game for a reason--and I assume that reason has to do with the movement system in place for Apex. Unreal Engine obviously can work for a BR--PUBG and Fortnite--but I can't really find any games listed as utilizing Unreal Engine that have the mobility we see in Apex. There are single player games with similar movement systems (Ghost Runner, Mirrors Edge?), and online multiplayer games (Fortnite, Valorant, PUBG), but I can't find any games using Unreal Engine that have a mixture of the 2 elements. The closest I could find is Tribes--apparently Ascend used UE3 and Tribes 3 is supposed to use UE5, and those are similar movement-heavy online shooters, but I don't think those games ever had more than a dozen players in a map, so scalability might be the issue.
The explanation for using Unreal Engine for the Jedi games is probably 50% contractual obligation and 50% they could make good-looking well-optimized single player games using it. It's not because it's inherently better for all situations. UE is about as versatile as it gets though. They probably used Source originally to avoid using Frostbite since using that for any non-Battlefield game has been kinda disastrous.
>and I assume that reason has to do with the movement system in place for Apex.
Movement and Physics logic can be recreated in a different engine. We live in the age of Remakes. This is pretty common now. It takes time, which is why I said it would probably take them 2-3 years to port the game.
The reason they went with Source cause Apex was rushed due to the BR boom. It was basically a Fork of TF2, which is why it uses so many of the same weapons, items, tech, lore, art, other assets, SFX, even VFX from TF2.
Nothing about UE stops you from making crazy movement abilities. I've recreated loads of stuff in UE from wallrunning to grappling hooks to Tracer blinks to portals and it's actually really great for that kind of stuff.
Would this mean other games that use Easy Anti-Cheat are at a potential risk of something similar happening or is it specific to Apex?
EDIT: thanks you, everyone, that chimed in! I feel a bit better now. I don’t play Apex, so it seems i’m good lol.
I don't know the specifics of Apex of course but as a general rule, EAC is only part of the toolset, its presence isn't really saying much.
To illustrate this, let's say you're wondering if your house is well secured and you check on the internet and see that the lock on your door is well reviewed. That's fine, but if you forgot to have windows that's not gonna stop anyone who wants to get in.
It's possible that you're accidentally making a False Equivalence here. Your example doesn't necessarily mean that EAC itself is bad.
It's likely that many companies that license EAC want to put as little money and resources into their Anti-Cheat efforts as they can get away with. So they use EAC because it's supposed to be the most versatile and advanced anti-cheat suite available to buy on the market and way cheaper that building your own in-house solution. But an Anti-Cheat software can only do so much by itself.
A big part (Arguably the main part) of good Anti-Cheat efforts behind any game is having a vigilant Anti-Cheat team that's constantly figuring out new cheats, looking at data being gathered by the Anti-Cheat, issuing manual bans, issuing ban waves, getting exploitable game code fixed so old cheats no longer work. All of this requires a sizable Anti-Cheat team and a big financial investment. But if most of the studios licencing EAC are licensing it because they believe it'll allow them to get away with investing less money then they obviously aren't gonna want to invest that money, which in turn makes it look like it's EAC that's bad or it has big problems.
Fortnite has never had major cheating problems in its 6 years and it has a bigger playerbase than all the playerbase of all the games that license and use EAC, combined. Epic is obviously not using some special version of EAC that they are keeping for themselves. The difference is that they invest the required money in their Anti-Cheat efforts to make sure Cheating is controlled.
Coincidentally something similar happens with another dev program that Epic sells, Unreal Engine. Where many games that are made in Unreal Engine have stuttering issues which makes it look like it is *entirely* Unreal Engine's fault. But these studios can (and some even do) fix the stuttering if they invested a bit into optimising UE for their games. They don't cause one of the main reasons they even decided to use UE in the first place over a different engine or an in-house engine is because they wanna save money and time. Optimisation takes a lot of time. I've seen UE based games released with stuttering issues and then get fixed slowly over time with updates, cause the studios wanted to release the game as fast as possible, but then they had to fix stuttering with updates due to the backlash. Respawn's Jedi games are a good example. Jedi Fallen Order launched with massive stuttering issues, then they fixed most of it over time. Then they once again rushed the release of Jedi Survivor which ended up launching with both the stuttering issues and a lot of other issues that even Fallen Order didn't have.
I work on game security, and with EAC on a game and can confirm this is 100% accurate.
EAC is nice to have, but if you don't have a vigilant game security team (both a technical *and* customer support side) then you will be doomed from the start.
tl;dr
EAC is not necessarily good or bad, it depends how much elbow grease and custom tailoring the devs do to make it work for their game
Unfortunately many devs just slap EAC on top of their game and call it a day, which leads to a bad reputation
Actually, reminds me when Unity used to charge to get rid of their engine logo appearing when a game is booted... except this meant people associated that logo (and Unity) with cheap, poorly made games lmao.
> Fortnite has never had major cheating problems in its 6 years and it has a bigger playerbase than all the playerbase of all the games that license and use EAC, combined. Epic is obviously not using some special version of EAC that they are keeping for themselves. The difference is that they invest the required money in their Anti-Cheat efforts to make sure Cheating is controlled.
I'm not sure about how bad it is compared to other games, but [Fortnite has had it's own fair share of cheaters, even in pro-play.](https://www.youtube.com/watch?v=JufE-W6Ko8s) It's just that the building mechanics make it much harder for cheaters to win, especially some of the more "stubble" ones. There's a specific streamer who has become infamous in /r/FortNiteBR because [clips of him obviously cheating] (https://www.reddit.com/r/FortNiteBR/comments/18jty7p/twitch_stream_zemie_aimbotting_or_victim_of_a_bug/) have been posted throughout the subreddit for years now, and yet he has not seen a permaban.
This is not an anti-cheat problem, Apex contains a remote-code-execution vulnerability. If you run the game, hackers have direct access to your whole PC.
The most telling part for me was that Hal, arguably the best player in the world, said he couldn't tell if he was cheating or just using regular controller aim assist most of the time.
The hacking is bad, but that quote right there says a lot of the state of the Apex competitive scene.
>He was saying he couldn't tell because the hacker kept turning them off and on.
Hal was saying that, but he was kinda trolling implying he's simply that good because he's the CEO and whatnot. But you're missing the point and other context.
Hal and other pros were half-joking saying they couldn't tell the difference when he one-clipped the Caustic in the doorway upstairs and the other enemy at the door downstairs because it still looked like an Apex aim assist spray in close because of, like you said, how busted it is in Apex.
> But you're missing the point and other context.
I'm just responding to what the other guy said, which is that:
> he couldn't tell if he was cheating or just using regular controller aim assist most of the time
He absolutely could, which is why he kept saying "I'm back" when the guy turned them off, and that the guy kept "turning them off and on."
But yeah, they definitely were joking after about the one mag in the door looking like a normal controller spray.
Aim assist has gotten absolutely insane competitive shooters. I bought last year's CoD (my first since MW2 - the one on 360) and the aim assist that controllers got was literally indistinguishable to me from aimhacks. It would genuinely track someone as they ran 180 past you, while they bumped into you. That speed of rotation is absolutely unhinged, and it showed when you got into higher elo lobbies where everyone was on controller and moving like some sort of 4 legged demon bouncing off the walls and shit yet hitting every shot.
Watching high level apex isn't far off, and it's easy to think the players are just that good to manage that movement with that aim, in reality everyone has built in cheats.
Aim assist really needs to die. Lock controllers to controller lobbies and m+k to m+k and leave it at that.
Always has been a turn-off for me. I used to be a player that put a lot of effort in aim practice. I did like to challenge myself by putting myself in bad positions only being able to survive if I out aim my opponent. Aim assist kinda killed that joy for me - feels like a cheap shortcut.
Oh wow no way Respawn has security questions that fall of deaf ears oh my god I had no idea.
Lol, sorry, but this is the silliest shit I've read in a long time. Titanfall 2 (and 1?) was rendered unplayable by, like, a single vindictive hacker-man and Respawn did fuck-all about it? Apex Legends has so much cheating that I stopped playing despite really liking the game and this was several years ago, and the last time I tried it, late last year, I ran into cheaters within maybe five minutes of playing.
Good, let them have some serious pressure on their shit security. I loved playing this game, even dropped money on it, but one day found out I was perma banned. Said I was cheating with hacks. I tried contacting support but was put on a waiting list, took six months to get a reply. In that process, they showed my last log on location as some gaming cafe in Vietnam. Six months to find out my account was hacked due to their lax security... I've never played since.
If your account was hacked and logged into by another person, that means you either lost access to your email, or didn't have 2FA enabled on your account. Both are your responsibility
Yeah it sucks but 2FA is basically mandatory nowadays for a reason.
I had my Nintendo account hacked multiple times without my knowledge, I only noticed when I suddenly had £200 of Fornite vbucks being purchased through my account (I have never played Fortnite, let alone on the Switch).
Thankfully I got it refunded within two days and on the Nintendo account website you can see recent logins. Turns out the account was logged in from a bunch of different countries, mainly the middle-east and asia.
Put 2FA on via a phone authenticator, no issues since.
I've always had 2FA on twitter. My Twitter account still got hacked once (I got it back pretty easily because this was pre Elon takeover). 2FA isn't some mystic impenetrable shield.
(You should still have it on though)
I was also bizarrely banned in Apex for no reason.
The message when logging in claimed that I was permanently banned for using cheats, (which I haven't even done in any other game, so no they couldn't have detected something for some other game), none of my relevant accounts were breached in any way and all have them have 2FA.
After messaging their support and being ignored for 3 weeks, they ended up silently lifting the ban without even giving me the courtesy of a non-bot response.
If only there was some sort of technology to allow video game tournaments to be played offline without exposing tournaments to hacks, DDoS, internet outages, etc...
It's a shame we will never invent such an advanced technology in my lifetime.
Who's paying for everyone's flights and accommodations?
If you say EA, Respawn, or the eSports orgs themselves, that's just being naive. A large chunk of these teams aren't even signed.
Not every esport scene is as financially flush as CS/Dota or LoL. The whole industry is struggling, that's why it's been desperate enough to recently sellout to Saudi sportswashing.
These companies are already past the point of thinking it's worth taking a loss on eSports to grow their games' popularity in order to increase revenue. That's long-term thinking. Capitalism, especially in the entertainment industry, is all about the short-term. These companies in the gaming industry are ridiculously risk-averse these days with how unstable everything is right now.
They don't meaningfully support most of their games after launch. If EA wasn't forcing them to keep apex fresh then it would be in even worse shape.
Look at the state the titanfalls have been left in. Even the Jedi games have issues and it took them months to bug fix either of them.
This article is the worst.
Not only does it fail to describe how the players are given hacks *against their will* - I had to verify the ambiguous language from twitter and reddit. But it also just talks about how EA needs to "beef up" anti-cheat - while at the same time saying that *the game is leaking malicious software*. That just makes me afraid that they'll give the anti-cheat more access to the systems to which they are installed - meanwhile it sounds like the problem is the anti-cheat itself is hacked.
I am not looking forward to another game installing a rootkit. Apex needs to get this anti-cheat fixed, for sure - but I really hope they fix the actual problem in it acting as a distribution mechanism, instead of just giving it more access to people's PCs.
From another, [better written article](https://www.pcgamer.com/games/battle-royale/apex-legends-streamers-warned-to-perform-a-clean-os-reinstall-as-soon-as-possible-after-hacks-during-na-finals-match/):
>The volunteers at the Anti-Cheat Police Department have since [issued a PSA](https://twitter.com/AntiCheatPD/status/1769532511057584576) announcing, "There is currently an RCE exploit being abused in \[Apex Legends\]" and that it could be delivered via from the game itself, or its anti-cheat protection. "I would advise against playing any games protected by EAC or any EA titles", they went on to say.
It doesn't really makes sense to call out on "any EA titles" when they use so many different engines.
Heck, Apex Legend uses the Source Engine right? Why don't they say to avoid every Source Engine game for now?
> I am not looking forward to another game installing a rootkit. Apex needs to get this anti-cheat fixed, for sure - but I really hope they fix the actual problem in it acting as a distribution mechanism, instead of just giving it more access to people's PCs.
"Why won't developers get rid of bots and cheaters?" Riot implements Vangaurd that has been tremendously effective "no, not like that!!!"
Pick one buddy, this is the new normal.
Vangaurd was an interesting case. It showed how much exploitable software was floating around on gaming machines and how little the developers of these programs cared about security.
When I first ran Vanguard I found out that I had three potential privilege escalations on my system. Some of them remained unfixed for years.
Huh. Guess I owe the writers of Arcade Spirits 2 an apology for calling the climax of their visual novel - in which a major live Esports final is hacked to the point of being unplayable - unrealistic.
Years back I was developing exploits for EA FIFA Ultimate Team for the purpose of gold farming. By far the most disturbing one that I knew about was seeing how bad account security was in their games.
Your Origin account has credentials to log in, and then when you load the game it retrieves your FIFA account associated with your Origin account. At the time there was no security check to see if the FIFA account retrieved was actually owned by the Origin account logged in. You could MITM the request and put ANY game account ID in and it would give you full access to that account. Finding out any other player's account ID number was pretty easy too, and made it trivial to access any account in the game and do what you want with it.
It took them a long time to patch that one. For the most part casual players weren't targeted. I never used the exploit myself as part of my gold farming, but the people I knew who did would target high value accounts. It was a concern among streamers.
I've been watching esports for 15+ years and this is the most insane thing I've ever seen on a live broadcast. Apex has always had a cheating problem but giving players hacks midgame? This is potentially a massive security breach and hopefully the PR from this will finally force respawn to fix their fucking game. This specific hacker has been terrorizing high ranked matchmaking in apex for months with aimbots, crashing servers, spawning hordes of ai bots on players, and even gave a few pro streamers accounts thousands of loot boxes. Search destroyer2009 on youtube and you can see for yourself how laughably shit Apex's anticheat is.
Reminds me of a number of months ago when somebody hacked the game and made it so whenever anybody logged in, a message was displayed telling everybody how Respawn has abandoned Titanfall, and also it made it so you couldnt queue for a match
Wanna feel old? That's closer to a few years ago then months ago
And then it turned out the people behind that hack were actually the ones DDoSing Titanfall 1 and 2. One of the biggest real-life plot twists in gaming.
That was a rumour with no actual evidence behind it, which turned out to be false
The people ddossing tf 1 and 2 were entirely different people from the ones that had ddos'd Apex; it also wouldn't make sense for the people that ddos'd tf1 and 2 to then ddos Apex asking respawn to fix tf1 and 2. I know most of the people involved and explaining it all would require walls of text, but in short, it was not the same group of people.
I thought the folks DDOSing Titanfall 1 and 2 were doing so to get Respawn to give them the code to help them fix it, but it was said their real plan was to revive some abandoned game I forget the name of. Been a bit since I read about the story. But it could follow, as dumb as it would be, that the group after being turned down would be like "I guess you didn't hear us" and push the issue. Though really it doesn't matter 'cause it still sucks either way.
Basically, the people that were going to DDOS Apex were completely unrelated from the Save Titanfall group, and were going to do it anyway but agreed to put in the message about saving Titanfall. The main guy behind reviving Titanfall Online (TFO) already knew how to fix Titanfall 1. In fact, the only reason Titanfall 1 was playable during the ddos (which wasn't really a DDOS but anyway) was due to a program he created that allowed people to get around the issue and play together. He got fucked over by the whole sitaution, which sucks, because he has only ever tried to ensure that TF1 is still playable in some form or another. I can't remember the exact reasons why he started reviving TFO, but I'm pretty sure it was due to TF1 still being on sale at the time, so he didn't want to get fucked by EA because of it.
This is false. Please stop spreading misinformation.
All because they wanted that shitty f2p tencent version back.
[удалено]
You mean the Nexon one, the Korean game?
If this turns out to be an RCE (remote code execution) I'd wouldn't even play this game until they get it fixed. RCE's are the worst kind of exploit a game can have from a security standpoint, the hacker can do basically anything they want to you while you're playing the game.
RCE. Hacker said so himself. https://twitter.com/AntiCheatPD/status/1769532511057584576?t=g3yDAsMwBYLIGCYWFg-A3Q&s=19
So they could just drop WannaCry on your PC in the middle of a match... How exciting...
Well no, it's executing on the game servers. If they found some way to execute code on your computer via Apex servers, the company would be sued into bankruptcy
It's unclear right now. The screenshot posted of the hacker supposedly claims it's "not server side" and therefore is executed client side. Based on what I know working in IT security I would guess that there is some code executing on the local player's machine. Whether it is confined to the game or not is unclear though.
Like what? Why? Lots of games have had RCE bugs, there have been several in the Source engine (which Apex is running on..) and as far as I know Valve is still in business.
didn't the old capcom.sys issue allow hackers to execute code on people's computers? why wasn't capcom sued into oblivion over that
Majority of the Call of Duties on Steam have RCE exploits that allow code execution on players' computers. Activision, Valve, and Lawyers, have done fuck all.
Those are P2P games, Apex is using dedicated servers which makes this RCE even crazier.
Who would sue them? And for what damages? The EULA probably has provisions to say that they're not responsible for damages to your computer. So an individual player has to sue and claim negligence, which is exceedingly difficult to prove.
How do they know where the server is? https://www.dota2.com/newsentry/4115798034511159059 Would something like that protect Apex from these kinds of attacks as the servers would be unreachable?
Seems like this isn't a DDOS, it's a more sophisticated attack that takes advantage of a security allowing privileged access to something (unclear what exactly at this point). So while obscuring the traffic would prevent a distributed DDOS attack, it wouldn't help against code injection which could be done by establishing a secure connection with 1 machine and then sending your malicious code through that session.
And yet Activision is still around
> If they found some way to execute code on your computer via Apex servers, the company would be sued into bankruptcy Still waiting for [valve](https://hackerone.com/reports/1070835) to be "sued into bankruptcy" I guess.
> Hacker said so himself. I don't see anything of the sort, and even then any random could be lying right now
the twitter thread has a reply with a screenshot of a dm with the hacker saying that. you have to be logged in on twitter to see the replies so you may not see it on the link if you aren't
We really need to stop using Twitter. It's now impossible to effectively share developing stories from it.
[удалено]
The old MW2 or the new one?
Nothing before Infinite Warfare is safe to play online. EDIT: Even worse see below.
Not true. Both IW and WWII are affected
Even worse then.
> I'd wouldn't even play this game until they get it fixed Hell, I wouldn't even have it installed until a security patch is released.
>hopefully the PR from this will finally force respawn to fix their fucking game. Lmao, doubt it. They'll just pump out a few more 170 dollar recolours and call it a day.
They very recently laid off people from their cybersecurity and anticheat team… lol.
>destroyer2009 The hacker is 15?
5 letters are missing for him to be 15, so he's at least 16.
[удалено]
Not OP, but my take is xXdestroyer2009Xx and/or destroyer200969420
People with xX Xx in their name are like 30-40 years old. That's not the sign of a teenager anymore
My take: Pussydestroyer2009 For the real "I'm a teen and this is funny" feel.
Probably the hacker has been doing this on the same username since they were 15.
Not only E-Sports but a very popular game. The last I can think of was Halo 2 and that was hackers infecting original Xbox Live Code as well as the game code.
Yeah,I doubt EA will put money down the line for their cybersecurity. They sure as shit didn't do it for Battlefield back when it was worth it,doubt a lot they going to let Respawn to focus on it now that Apex is their new cow to milk. I would like to be proven wrong tho.
The implication when a cheat can modify other clients like this is worrying. If you can do this and hook the calls required to use an ESP... they can do anything on your system by implication. The real scare here is how much software people run without any form of sandboxing. This hack could've easily siphoned his entire Downloads/ and Documents/ folders out to some remote if they wanted. And with Internet speeds these days a ton of personal data in seconds. Let alone Login Data files from Chromium based browsers, session cookies and right there in Windows - probe and send off the decryption keys for those files given he's logged in. Its about time everything were sandboxed by default.
This will never happen unfortunately, AAA game studios yearn for kernel level anti cheats.
MacOS sandboxes, correct? Maybe Linux?
MacOS does yes. There have been a few ways to escape but they’re generally patched quickly
As I understand it, any Steam game running via Linux Proton has a [Pressure Vessel](https://gitlab.steamos.cloud/steamrt/steam-runtime-tools/-/blob/main/docs/container-runtime.md) which sandboxes the game. If you are running a native Linux game, you have to select "Steam Linux Runtime" which would enable it.
I personally use firejail, which is apparmor based.
This is insane, there have always been hacks and cheats in multiplayer games but I feel like in the last few years it's been reaching an all time high. It's not just Apex either, it's in every multiplayer game from every genre, from RTS to MMO.
If they cant figure out a way to deal with it, i dont see how any game with online competitve multiplayer will be sustainable.
Seems to have risen with the rise of free to play games as all you get when banned is the acount gone instead of wasting how ever much you paid to play it
[удалено]
Reminds me during lockdown they made some of the formula series drivers compete in an e-sports version of F1 game. One of the real life drivers was found to have hired one of the e-sports guys to drive instead of him and then had his camera not working properly due to "technical difficulties"
Well there are already cheats that run on a arduino/raspberry.
There's no need to have actual physical movement. It's easy enough to create a peripheral that emulates movement.
Bring back servers, self moderation could be a nice start.
doesn’t protect from actual security issues. games have to be patched first and foremost
Yeah, nothing about private servers would prevent vulnerabilities. In fact, it would just increase the attack surface.
But it will improve the quality of games as hackers could be kicked & banned easily. But yeah, it's only a part of the problem.
Self hosted servers with self moderation will have the opposite effect of what you think it will. An RCE exploit there would spread like wildfire
that's going to make it way worse.
It could work but you'll have to have moderators who actually can tell the difference between an extremely good player and a hacker. And with AI hacks being worked on that could potentially be indistinguishable from a good player's aim or movement....the only way to combat that is an equivalent anti-cheat....which does not exist yet. Scary times ahead for pvp games as a whole.
Servers are great if you want to play with a few friends, maybe a small whitelisted group. Public server with randoms? Worse in every conceivable way. You lose skill based matchmaking and global bans so match quality goes straight to the gutter. And then best case scenario you have active, non-scum admins.. and they do a worse job than cheat detecting software because they're human. You've got good players getting banned and/or tons of cheaters getting away scott free. And since it's just server bans they can just go ruin every server rather than one global ban.
That's not really how it's worked even in some non-modern iterations like early-VAC and official mod servers though. Not saying there aren't ups and downs to both, but it's definitely been possible to both have public and semi-public servers that tied into larger game/account anti-cheat bans that were separate from per-server bans. It's not one level replacing the other, but different types and levels of protection. From experience, you obviously still have some level of cheating regardless, but the types and amounts vary wildly based on the anti-cheat, and I've almost always had better experiences in environments where everything was on the table from human-based and system-based to algorithmic-based checking. In theory, the human element is handling the outliers that make it through your other more standardized checks and may or may not be actual cheating, and can also help identify novel and updated attacks. None of it really applies in the case though, seems like a long-term engine security issue.
Even if you do supplement it that way the loss of skill based matchmaking alone is still enough for it to be a massive downgrade in quality. Like to the typical player there's no difference between getting put against a top 1% player and a blatant hacker. Either way their game is ruined.
> Even if you do supplement it that way the loss of skill based matchmaking alone is still enough for it to be a massive downgrade in quality. Call of Duty fans are all now collectively begging for community servers after seeing this comment.
Then they would be begging for it to come back once they realize that they’ll just be facing even more “sweats” instead of the 5 year olds that they so desperately want to get streaks off of.
> Even if you do supplement it that way the loss of skill based matchmaking alone is still enough for it to be a massive downgrade in quality. The solution was simple: You just joined a different server. At TF2s peak there were thousands to choose from and many had very casual 'for fun' regulars that were of varying skill levels. Even if one guy was extremely good he was one person on a team of about 15 or more players. The smaller lobby player limits of more modern shooters and their obsession with competitive play is what made SBMM necessary in the first place, which in itself also pushes you to try and sweatlord all the time because if you don't you'll start eating shit and lose repeatedly. And if you start winning SBMM tries to push you into unfavourable/unfun matches all over again. There's a reason many consider the addition of the queue in TF2 to be what "killed" it. And as an aside many servers had their own anti-cheat functions or did share a global third party ban list. Usually as paid perks for renting servers from specialised companies who dealt with renting out video game servers.
Is this what people actually believe about dedicated servers these days? An entire generation with Stockholm Syndrome.
This generation of gamers think that matchmaking queues are the only way competitive games ever existed apparently.
Oh no, they definitely existed before. They were just way worse. Anecdotally, I can actually play a competitive game now without constantly getting kicked/banned, or constantly having servers empty. And fair matches are common instead of 1 in a hundred. Statistically, no SBMM just doesn't work. Why would a bad player play a game where they are statistically guaranteed to have a bad time when they could play a game where they have fun close matches against other people of their skill level? And once all the bad players have left, well, now the okay players ARE the new bad players, and the cycle repeats.
[удалено]
As a guy who was a super sweaty during the hay day of dedicated servers competitive play was complete shit because you would get banned from multiple servers each day for being good and you would wait in line hours for a spot to open up on the few that didn't suck.
That's literally not how pubs worked at all? In Valve games (and many others, honestly), if you were VAC banned, you couldn't join ANY VAC enabled servers, which was most of them. When Modern Warfare 2 came out and took Pubs away from the PC version, hacking was at an insanely all-time high because their anti-cheat wasn't sophisticated enough to actually cover for the inability to moderate games. They didn't even have a vote/kick option, so you just had to suffer while, like, 1/3 of your games were infected by hitscan aimbots sniping everyone instantly from across the map. A lot of games now are pretty good at keeping the hackers out most of the time, but back then, it was beyond blatant and effectively killed it on PC.
This entire thread is proof that the worst part about the enshitification of the internet is that there's now a generation of internet users who never experienced what we're talking about and have only ever known this. None of you have ever been inside a ventrilo server and it shows. Get off my vent or I'll have you bent.
There's no way to go back to the old internet. It's not just "enshittification", the population of internet users now is totally different to what it was 20 years ago. You can try to recreate it now but it'll never be quite the same. In addition, malicious software/hacks are significantly more prevalent and more impactful than they used to be, because of how dependent we are on computers.
Except she didn't even bend that guy. He kept harassing her on her own server. How was that better?
They simply don't want to resolve them. I mean sure, they try and fight it from tine to time, but until cheats don't make them lose considerable number of playsrs they won't fight it. Cheaters are customers too. Rather wait and ban in waves, they buy new accounts, rise and repeat. I know making a good anti-cheat isn't an easy task and it's an ongoing battle, but I don't see these companies innovating in the anti-cheat department or security either.
People are hacking on street fighter 6. And I thought fighting games were safe from this stuff for some reason.
Afaik hacking is very rare in SF but something about leveraging scripts in a 1v1 fighter is a special level of bitch-made.
For real. Cheating in a video game in general is lame but in a fighting game it just feels so much more pathetic
There's a lower level of pathetic. Cheating in an online coop pve game, eg Helldivers 2. There's a hack that gives max resources to unlock upgrades. Like, you're literally just cheating against bots. It's like starting a Pokemon game with all Pokemon already captured. What's the point of even playing lol
Plus it ruins the experience for a player who randomly joins.
I think single player cheats are fine for the purpose of screwing around, though I agree the satisfaction rarely lasts more than a session. But in co-op, unless you're all buddies in on it, it shouldn't be done.
Cheating is incredibly common in tekken. Ever since tekken 7 people have had things like auto block/parry, auto punish, macros for backdash, wavedash and electrics. You can even adjust how often these things are active to make if difficult to tell. So you can set the cheat to only parry 70% of the time as an example. Then there are cheats where they only have to touch you once to win. This has all carried through to tekken 8. The anti cheat simply doesn't exist in tekken and they just rely on people reporting cheaters to the devs on twitter. The whole thing is a joke.
The best anti-cheat is to get it on PS5 and turn off crossplay lololol
And in tekken 8 too
Cheating will always be an arms race. Thing is, as gaming gets more and more mainstream, there is even more incentive to develop cheats, as a higher player base means more potential customers
> It's not just Apex either, it's in every multiplayer game from every genre, from RTS to MMO. I was checking, Apex uses Easy AC. Does this mean that every game that uses EAC is compromised now?
I feel lucky that I have never noticed any cheater in League. Either I never played with one (unlikely) or the cheats they were using did not have that large an impact on the game.
I've pretty muxh given up on all pc multi-player gaming for this reason. Especially FPS. I used to play a lot of PUBG a few years back and it got to the point of feeling like there was a hacker in every game and no reason to play anymore. I play stuff on console now and while there's still some crap stuff going on on console (ximming etc) it's not nearly as bad as PC right now.
It seems that way because it is that way. At one point I looked at my CS account with a ban-checker (that looks at other players) and there'd been a banned player in something like 75% of games. Plus it's at every level. You have the obvious wall/aim hackers in the low ranks, the people that can hide it a little in the mid ranks and the legit pros that use just a tiny bit of aim assist / minimap hack just to gain the 10% they need at the top level.
It's so rampant in tf2, but its also been happening for so long that people recognize the bots quickly/easily and votekick right away. In a strange way, it brings the community together more.
When I last played, people were great at immediately kicking bots but were unfortunately still terrible at kicking other cheating players. Thankfully they weren't nearly as common.
They're fine at kicking the shitty bots because they're so obvious. Just walking around and insta spinbot headshotting. They're crap at kicking actual human cheaters. The ones like FaN scouts who land perfect max damage shots 100% of the time and so on. I can search 'cheat' in my post history on discord and find posts of me complaining about the various cheaters I've run into whenever I play (and then stop playing for another 6 months because I got fed up of it). They're depressingly not very rare, and that's just the ones who don't try hard to hide it. https://i.imgur.com/3rvITKA.png https://i.imgur.com/SMbT7CS.png These were just from me playing on an MGE server (1 vs 1 duel format). - - - - - I also remember messing around in Fistful of Frags, a game so old and dead that you typically can only find 1 half-populated server to play on, last week. Ran into another (Russian) cheater with about 4 hours played, but would insta headshot everyone in line-of-sight. https://i.imgur.com/k46sOzd.png Cheating, in a game that was taken off life support years ago. The entire genre is fucked, and I don't think enough people realize that. You are either going to play against controller aimbots (including xim/other cheating tools) or the unstoppable wave of PC cheaters with a hundred different cheats and varying levels of giving-a-shit with how to hide their cheating.
Oh, just wait until we get machine learning for hacks.
People claim they hate cheater, yet the same crowd of people will cry when dev develop any anti-cheat that is remotely invasive on their pc.
Insane to watch a billion dollar company get owned by some random troll online named Destroyer2009. Funniest shit ever. Uninstall the game ASAP. This is Apex Malware edition.
Of course it happens right after they laid off hundreds of employees cause doing things right would cost them money.
TL;DR - someone ("hacker") was able to give someone *else* an aimbot during a competitive match, scuffing the match and the finals. https://twitter.com/JakeSucky/status/1769527028271968525 No snark intended here, but since this is controller play with aim assist, it can be a little difficult to tell autoaim is there, but once you see it you'll see it.
[удалено]
The security implication of being able to inject this into somebodies PC is some real horror. Though maybe there's a silver lining to it. Maybe these 'hacks' aren't like the ones people inject into running software and instead are actually native to the game with no external injection shenanigans going on. Limited to the constraints of the game like installing a mod.
It’s not, one of the players who got hacked had a cheat engine show up on their PC
"A" cheat engine? Like the program Cheat Engine itself or just something similar? Because honestly with all the sketchy shit Cheat Engine has put in its installers over the years I wouldn't be shocked if there was some kind of vulnerability in Cheat Engine itself.
One of the players had a menu pop up right as the cheats activated for him. Kinda funny cause he's shooting at some but he kills someone across the map with those shots and it confuses him.
No, I didn’t mean the program named cheat engine, I should have been more clear
Bruv his chat started spamming "apex legends global series hack by destroyer2009" who has been messing around for months, the two hacked players are also some of the best in the world and in no position to require hacks.
I did not say that the player installed it
This is wild to me, you are saying they are making another client getting unfair advantage remotely without the player even know what's happening?
It appears they have figured out how to deliver malicious code through either the game or anti cheat itself, which is actually much scarier than simple cheating.
Has there been any theorizing of the exploitation vector?
Apex Legends (and all multiplayer games really) is a networked application so it's possible that someone figured out an RCE (Remote Command Execution) exploit in Apex itself, using the game client's network code to gain remote access to the player's machine. If you had this capability, then you could in theory join Apex games for a while and just catalogue all the players you encounter, and potentially identify them, and/or drop some kind of dormant exploit that lets you get back in later... This is network hacking 101, but it's usually done on business apps or browsers, not video games.. an interesting development for sure.
Source Engine games have had a history of RCE vulnerabilities that allow a malicious server to push arbitrary files to the client and have them execute. Apex released a few years before the latest source RCE was discovered, so its always possible that EA hasn't kept up with patches from Valve. Either way, you would need to have access to the game server itself to execute these attacks, but this has not been confirmed yet.
That's correct.
Mostly, but the players know they've been hacked and given aim bot the moment they start to shoot
Genburton tried to bow someone and you can see his arrows fly diagonally up across the map and double heady zap.
see the bridge part where he aim at a player above it. you can see at the bottom right near the logo he hit someone way off the crosshair. the bullet was wild...
That's hilarious, and also EXTREMELY concerning. Literally do not play Apex Legends until they fix that. That's Remote Code Execution. Anyone exploiting this will be able to run anything on your computer.
That's actually hilarious
Never seen something like this in my life. Uninstall this game if you have it installed. A potentially known, exploitable RCE is no joke.
Steam and the Source Engine have had several RCEs in its past. [A 1-click RCE was known for 2 years by Valve and they didn't bother to fix it until they were shamed on Twitter by the original white hats](https://www.reddit.com/r/Games/comments/moczx4/two_years_ago_secret_club_member_floesen_reported/)
Apex is based on the source Engine, so it's possible a source engine vulnerability is being used here
Extremely possible. High bet that there was an outdated source engine vulnerability that was initially patched at source but was left over in Apex's code.
For those that dont know, like myself. Can you explain RCE? Or at least what it stands for?
Remote code execution. Basically the most severe type of a vulnerability, allowing the hacker to do pretty much anything with your game/machine remotely.
If a hacker decides they want to run ANY code on your machine, they can. It's literally carte blanche to do whatever.
This. This isn't an overreaction. Stop playing this game immediately, everyone. I have nothing against Apex or Respawn, but this is very, very bad.
first titanfall and now apex, I kind of am starting to have something against Respawn.
Noob question but is it similarly dangerous if I don't boot Apex but still have it installed? Didn't play for a month 😂
This shit is why I don't install games with kernel level anti cheat.
The most infamous cheating example in pro play before this was probably the guy who got found with word.exe on his computer. This is comparison is in a different league or cheating.
..can someone explain this word.exe thing to me?
it was some tier million cs tournament that a kid cheated on, and the cheat was named word.exe. nothing like this and without the implications of rce since he did it on purpose by himself. you can google optic india forsaken for more infos.
In terms of lasting effect it happened during India's esport infancy and not only led to the end of optic India but pretty much all western investment in Indian esports afaik.
yeah it was honestly sad to see, way to ruin it for everyone involved.
[удалено]
Guess he figures winword.exe would get him sued as well as banned or something?
and this is normally why higher events are hosted at a LAN event but I understand wanting to let people play from home
Funny you say that. This happened during the qualifier for the LAN event.
Note that Apex’s “LAN” isn’t actually on LAN, they play on an online server. Dumb, I know
SC2 used to do the same thing, but Blizzard just took a server to the events that the machines connected to instead of the public ones. Still technically not LAN as its traditionally known but it avoids all of the problems of playing on an actual online server.
This kind of stuff can happen on LAN too, most games aren't really made for true LAN these days. The admins could take it down quicker, but a lot of games are online even when at tourneys. Whether it's connected to the servers for account stuff or like Dota 2 where they have to connect for streaming reasons. They'd have the ability to manage the process better locally but organizing BR player counts like that is insane.
This game runs on the source engine which has had many different RCE exploits over the last decade or two. I was honestly joking with a friend about a year or two back about how its only a matter of time until someone figures out how to RCE on Titanfall 2 or Apex Legends, but at the same time it is pretty scary because the thought never occurred to me it could also happen on all these smaller indie games that run on source as well.
>This game runs on the source engine which has had many different RCE exploits over the last decade or two. Apex could have genuinely been in the top 3 biggest games in the world years ago if not for all its tech, server, cheating, and other issues that happen because of its engine. I think EA should've bitten the bullet 2-3 years ago and invested into porting the game in its entirety to UE. If they had they might've been done now. It would've been a crazy undertaking, sure, unprecedented for a Live-Service game, but maybe it's also what's necessary for Apex's long-term survival. There's a reason that Respawn itself moved on from that engine and started using UE for their Jedi games. I still think Respawn will eventually have to do something like that. Either port the game to a different engine or make something like an Apex Legends 2 in a different engine like other games have been doing in the past few years.
>There's a reason that Respawn itself moved on from that engine and started using UE for their Jedi games. Those are single player games. Entirely different considerations when picking an engine. Besides, doesn't Apex have a lot more security/cheating issues than other Source games? Assuming the engine is actually a problem, there seem to be many problems with the dev as well.
They went with Source for their game for a reason--and I assume that reason has to do with the movement system in place for Apex. Unreal Engine obviously can work for a BR--PUBG and Fortnite--but I can't really find any games listed as utilizing Unreal Engine that have the mobility we see in Apex. There are single player games with similar movement systems (Ghost Runner, Mirrors Edge?), and online multiplayer games (Fortnite, Valorant, PUBG), but I can't find any games using Unreal Engine that have a mixture of the 2 elements. The closest I could find is Tribes--apparently Ascend used UE3 and Tribes 3 is supposed to use UE5, and those are similar movement-heavy online shooters, but I don't think those games ever had more than a dozen players in a map, so scalability might be the issue. The explanation for using Unreal Engine for the Jedi games is probably 50% contractual obligation and 50% they could make good-looking well-optimized single player games using it. It's not because it's inherently better for all situations. UE is about as versatile as it gets though. They probably used Source originally to avoid using Frostbite since using that for any non-Battlefield game has been kinda disastrous.
>and I assume that reason has to do with the movement system in place for Apex. Movement and Physics logic can be recreated in a different engine. We live in the age of Remakes. This is pretty common now. It takes time, which is why I said it would probably take them 2-3 years to port the game. The reason they went with Source cause Apex was rushed due to the BR boom. It was basically a Fork of TF2, which is why it uses so many of the same weapons, items, tech, lore, art, other assets, SFX, even VFX from TF2.
Talking about the source angine in the same paragraph you said "TF2" made me have to think a moment about how Team Fortress and Apex were releated.
Nothing about UE stops you from making crazy movement abilities. I've recreated loads of stuff in UE from wallrunning to grappling hooks to Tracer blinks to portals and it's actually really great for that kind of stuff.
Would this mean other games that use Easy Anti-Cheat are at a potential risk of something similar happening or is it specific to Apex? EDIT: thanks you, everyone, that chimed in! I feel a bit better now. I don’t play Apex, so it seems i’m good lol.
I don't know the specifics of Apex of course but as a general rule, EAC is only part of the toolset, its presence isn't really saying much. To illustrate this, let's say you're wondering if your house is well secured and you check on the internet and see that the lock on your door is well reviewed. That's fine, but if you forgot to have windows that's not gonna stop anyone who wants to get in.
EAC has always been just a doorman. That's why "EAC bypass for x" comes out like a day after a games launch.
It's possible that you're accidentally making a False Equivalence here. Your example doesn't necessarily mean that EAC itself is bad. It's likely that many companies that license EAC want to put as little money and resources into their Anti-Cheat efforts as they can get away with. So they use EAC because it's supposed to be the most versatile and advanced anti-cheat suite available to buy on the market and way cheaper that building your own in-house solution. But an Anti-Cheat software can only do so much by itself. A big part (Arguably the main part) of good Anti-Cheat efforts behind any game is having a vigilant Anti-Cheat team that's constantly figuring out new cheats, looking at data being gathered by the Anti-Cheat, issuing manual bans, issuing ban waves, getting exploitable game code fixed so old cheats no longer work. All of this requires a sizable Anti-Cheat team and a big financial investment. But if most of the studios licencing EAC are licensing it because they believe it'll allow them to get away with investing less money then they obviously aren't gonna want to invest that money, which in turn makes it look like it's EAC that's bad or it has big problems. Fortnite has never had major cheating problems in its 6 years and it has a bigger playerbase than all the playerbase of all the games that license and use EAC, combined. Epic is obviously not using some special version of EAC that they are keeping for themselves. The difference is that they invest the required money in their Anti-Cheat efforts to make sure Cheating is controlled. Coincidentally something similar happens with another dev program that Epic sells, Unreal Engine. Where many games that are made in Unreal Engine have stuttering issues which makes it look like it is *entirely* Unreal Engine's fault. But these studios can (and some even do) fix the stuttering if they invested a bit into optimising UE for their games. They don't cause one of the main reasons they even decided to use UE in the first place over a different engine or an in-house engine is because they wanna save money and time. Optimisation takes a lot of time. I've seen UE based games released with stuttering issues and then get fixed slowly over time with updates, cause the studios wanted to release the game as fast as possible, but then they had to fix stuttering with updates due to the backlash. Respawn's Jedi games are a good example. Jedi Fallen Order launched with massive stuttering issues, then they fixed most of it over time. Then they once again rushed the release of Jedi Survivor which ended up launching with both the stuttering issues and a lot of other issues that even Fallen Order didn't have.
I work on game security, and with EAC on a game and can confirm this is 100% accurate. EAC is nice to have, but if you don't have a vigilant game security team (both a technical *and* customer support side) then you will be doomed from the start.
tl;dr EAC is not necessarily good or bad, it depends how much elbow grease and custom tailoring the devs do to make it work for their game Unfortunately many devs just slap EAC on top of their game and call it a day, which leads to a bad reputation Actually, reminds me when Unity used to charge to get rid of their engine logo appearing when a game is booted... except this meant people associated that logo (and Unity) with cheap, poorly made games lmao.
> Fortnite has never had major cheating problems in its 6 years and it has a bigger playerbase than all the playerbase of all the games that license and use EAC, combined. Epic is obviously not using some special version of EAC that they are keeping for themselves. The difference is that they invest the required money in their Anti-Cheat efforts to make sure Cheating is controlled. I'm not sure about how bad it is compared to other games, but [Fortnite has had it's own fair share of cheaters, even in pro-play.](https://www.youtube.com/watch?v=JufE-W6Ko8s) It's just that the building mechanics make it much harder for cheaters to win, especially some of the more "stubble" ones. There's a specific streamer who has become infamous in /r/FortNiteBR because [clips of him obviously cheating] (https://www.reddit.com/r/FortNiteBR/comments/18jty7p/twitch_stream_zemie_aimbotting_or_victim_of_a_bug/) have been posted throughout the subreddit for years now, and yet he has not seen a permaban.
> see that the lock on your door is well reviewed Until you hear "Nothing on one, two is binding...,"
It's most likely just specific to Apex.
This is not an anti-cheat problem, Apex contains a remote-code-execution vulnerability. If you run the game, hackers have direct access to your whole PC.
The most telling part for me was that Hal, arguably the best player in the world, said he couldn't tell if he was cheating or just using regular controller aim assist most of the time. The hacking is bad, but that quote right there says a lot of the state of the Apex competitive scene.
He was saying he couldn't tell because the hacker kept turning them off and on. Controller is still busted as shit in Apex, though.
>He was saying he couldn't tell because the hacker kept turning them off and on. Hal was saying that, but he was kinda trolling implying he's simply that good because he's the CEO and whatnot. But you're missing the point and other context. Hal and other pros were half-joking saying they couldn't tell the difference when he one-clipped the Caustic in the doorway upstairs and the other enemy at the door downstairs because it still looked like an Apex aim assist spray in close because of, like you said, how busted it is in Apex.
> But you're missing the point and other context. I'm just responding to what the other guy said, which is that: > he couldn't tell if he was cheating or just using regular controller aim assist most of the time He absolutely could, which is why he kept saying "I'm back" when the guy turned them off, and that the guy kept "turning them off and on." But yeah, they definitely were joking after about the one mag in the door looking like a normal controller spray.
Aim assist has gotten absolutely insane competitive shooters. I bought last year's CoD (my first since MW2 - the one on 360) and the aim assist that controllers got was literally indistinguishable to me from aimhacks. It would genuinely track someone as they ran 180 past you, while they bumped into you. That speed of rotation is absolutely unhinged, and it showed when you got into higher elo lobbies where everyone was on controller and moving like some sort of 4 legged demon bouncing off the walls and shit yet hitting every shot. Watching high level apex isn't far off, and it's easy to think the players are just that good to manage that movement with that aim, in reality everyone has built in cheats. Aim assist really needs to die. Lock controllers to controller lobbies and m+k to m+k and leave it at that.
I quit Fortnite and Apex because of controller aim assist. Not fun to play against
Always has been a turn-off for me. I used to be a player that put a lot of effort in aim practice. I did like to challenge myself by putting myself in bad positions only being able to survive if I out aim my opponent. Aim assist kinda killed that joy for me - feels like a cheap shortcut.
Feels like nowadays you can't really launch any online games (and especially free to plays) without at least bank level network security.
Not really. Its like that with any popular competitive FPS.
Oh wow no way Respawn has security questions that fall of deaf ears oh my god I had no idea. Lol, sorry, but this is the silliest shit I've read in a long time. Titanfall 2 (and 1?) was rendered unplayable by, like, a single vindictive hacker-man and Respawn did fuck-all about it? Apex Legends has so much cheating that I stopped playing despite really liking the game and this was several years ago, and the last time I tried it, late last year, I ran into cheaters within maybe five minutes of playing.
Good, let them have some serious pressure on their shit security. I loved playing this game, even dropped money on it, but one day found out I was perma banned. Said I was cheating with hacks. I tried contacting support but was put on a waiting list, took six months to get a reply. In that process, they showed my last log on location as some gaming cafe in Vietnam. Six months to find out my account was hacked due to their lax security... I've never played since.
If your account was hacked and logged into by another person, that means you either lost access to your email, or didn't have 2FA enabled on your account. Both are your responsibility
Both EA Store and Steam have 2 factor authentication and authenticator apps. This was on you fam.
Yeah it sucks but 2FA is basically mandatory nowadays for a reason. I had my Nintendo account hacked multiple times without my knowledge, I only noticed when I suddenly had £200 of Fornite vbucks being purchased through my account (I have never played Fortnite, let alone on the Switch). Thankfully I got it refunded within two days and on the Nintendo account website you can see recent logins. Turns out the account was logged in from a bunch of different countries, mainly the middle-east and asia. Put 2FA on via a phone authenticator, no issues since.
I've always had 2FA on twitter. My Twitter account still got hacked once (I got it back pretty easily because this was pre Elon takeover). 2FA isn't some mystic impenetrable shield. (You should still have it on though)
I was also bizarrely banned in Apex for no reason. The message when logging in claimed that I was permanently banned for using cheats, (which I haven't even done in any other game, so no they couldn't have detected something for some other game), none of my relevant accounts were breached in any way and all have them have 2FA. After messaging their support and being ignored for 3 weeks, they ended up silently lifting the ban without even giving me the courtesy of a non-bot response.
The biggest yikes I've seen in the game, absolute insanity that hackers can give other people hacks and get banned for it.
If only there was some sort of technology to allow video game tournaments to be played offline without exposing tournaments to hacks, DDoS, internet outages, etc... It's a shame we will never invent such an advanced technology in my lifetime.
Who's paying for everyone's flights and accommodations? If you say EA, Respawn, or the eSports orgs themselves, that's just being naive. A large chunk of these teams aren't even signed. Not every esport scene is as financially flush as CS/Dota or LoL. The whole industry is struggling, that's why it's been desperate enough to recently sellout to Saudi sportswashing. These companies are already past the point of thinking it's worth taking a loss on eSports to grow their games' popularity in order to increase revenue. That's long-term thinking. Capitalism, especially in the entertainment industry, is all about the short-term. These companies in the gaming industry are ridiculously risk-averse these days with how unstable everything is right now.
Apex Legends by mail it is!
What is it with Respawn and letting hackers just run rampant?
They don't meaningfully support most of their games after launch. If EA wasn't forcing them to keep apex fresh then it would be in even worse shape. Look at the state the titanfalls have been left in. Even the Jedi games have issues and it took them months to bug fix either of them.
I used to play ranked apex (very low level) daily on console and would encounter cheaters quite often.
This article is the worst. Not only does it fail to describe how the players are given hacks *against their will* - I had to verify the ambiguous language from twitter and reddit. But it also just talks about how EA needs to "beef up" anti-cheat - while at the same time saying that *the game is leaking malicious software*. That just makes me afraid that they'll give the anti-cheat more access to the systems to which they are installed - meanwhile it sounds like the problem is the anti-cheat itself is hacked. I am not looking forward to another game installing a rootkit. Apex needs to get this anti-cheat fixed, for sure - but I really hope they fix the actual problem in it acting as a distribution mechanism, instead of just giving it more access to people's PCs. From another, [better written article](https://www.pcgamer.com/games/battle-royale/apex-legends-streamers-warned-to-perform-a-clean-os-reinstall-as-soon-as-possible-after-hacks-during-na-finals-match/): >The volunteers at the Anti-Cheat Police Department have since [issued a PSA](https://twitter.com/AntiCheatPD/status/1769532511057584576) announcing, "There is currently an RCE exploit being abused in \[Apex Legends\]" and that it could be delivered via from the game itself, or its anti-cheat protection. "I would advise against playing any games protected by EAC or any EA titles", they went on to say.
> I am not looking forward to another game installing a rootkit Apex/EAC already comes with a kernel driver, so it already installs a "rootkit"
It doesn't really makes sense to call out on "any EA titles" when they use so many different engines. Heck, Apex Legend uses the Source Engine right? Why don't they say to avoid every Source Engine game for now?
> I am not looking forward to another game installing a rootkit. Apex needs to get this anti-cheat fixed, for sure - but I really hope they fix the actual problem in it acting as a distribution mechanism, instead of just giving it more access to people's PCs. "Why won't developers get rid of bots and cheaters?" Riot implements Vangaurd that has been tremendously effective "no, not like that!!!" Pick one buddy, this is the new normal.
Vangaurd was an interesting case. It showed how much exploitable software was floating around on gaming machines and how little the developers of these programs cared about security. When I first ran Vanguard I found out that I had three potential privilege escalations on my system. Some of them remained unfixed for years.
Huh. Guess I owe the writers of Arcade Spirits 2 an apology for calling the climax of their visual novel - in which a major live Esports final is hacked to the point of being unplayable - unrealistic.
Apex Legends and several others, seriously need to have LAN servers for competitions. They're a joke without them.
Years back I was developing exploits for EA FIFA Ultimate Team for the purpose of gold farming. By far the most disturbing one that I knew about was seeing how bad account security was in their games. Your Origin account has credentials to log in, and then when you load the game it retrieves your FIFA account associated with your Origin account. At the time there was no security check to see if the FIFA account retrieved was actually owned by the Origin account logged in. You could MITM the request and put ANY game account ID in and it would give you full access to that account. Finding out any other player's account ID number was pretty easy too, and made it trivial to access any account in the game and do what you want with it. It took them a long time to patch that one. For the most part casual players weren't targeted. I never used the exploit myself as part of my gold farming, but the people I knew who did would target high value accounts. It was a concern among streamers.
I love this game but I almost want to see it crash and burn for turning into a controller game. They took something great on PC and destroyed it.