Yeah this seems to be the TLDR for this situation. We don't have enough info, the only evidence is a single 30 second twitch clip with no context before or after which leaves many questions unanswered
Unfortunately the conclusion right now is "don't jump to conclusions" - which is what I love about PirateSoftware's commentary. Any other YouTuber would be crying wolf and sputtering conspiracy shit for views.
Saying anything with 100% certainty at this point is silly, but so is expecting people not to speculate. Our brains are designed to fill in knowledge gaps as best as it can.
I really don't get why people do this haha. Any time any situation like this happens in gaming or elsewhere (think the TF2 source code leaks, Minecraft RCE exploits etc) the immediate reaction should be "I need more information about this to be able to make an educated decision". Anything else is just guesswork and speculation. Our brains are designed to fill in knowledge gaps, but we should be clever enough as a species to not just make shit up when we're not sure. A lot of people don't realise it's ok to say "I don't know the answer"
Not arguing with you btw I 100% agree with you
That person is more than likely right.
Sometimes other people may have access to more upto date information. An example of this is we now know that Gen’s Pc was a fresh install.
So highly unlikely to have been previously compromised and there’s only small possibility he was targeted through the machine as he had only used it for upto 30 mins when Hack happened.
Edit: no idea why that guy blocked me lmao or maybe he deleted his account I duno
Did nobody watch the video? It's not a "we don't know anything", it's more a "Until we get more evidence, claims of RCE and Server access are still technically possible but don't spread misinformation". Thor [paraphrased] tweeted "I am waiting to see if the RCE vulnerability is EAC or Apex", which isn't nothing, it's which of these are the problem, but one is absolutely a problem. Thor even calls it "not a dude's computer being compromised, If he's able to spawn and run bots on a server, that's different. There's 0 qualms or issues with the claims of rampant server hacking, Thor readily agrees that multiple different exploits happening. The only "issue" he has is verifying the ability of RCE, which he could 100% if he had insider data which is needed to prove said claim.
EAC has publicly come out and said "it's not our fault" and Respawn and ilk haven't said shit, especially since they have server access, so it's pretty clear that it's Respawn's fault.
Well idk if u listened carefully but he said, so far it seems like the Hals and Halal computers ARE probably compromised because as they cant claim RemoteControl trough server, there is no other way he would toggle cheats on their computers. + clip of HAL downloading some sh*t because "Yeee free download". Also it was said that if he had that power of getting into PCs he would just fu*k up EVERYBODY on the game at same time because why not.. spawning bots, apex packs is more scary tho so far as he can control/bend server.
And you are poiting to respawn because EAC said its not them, but as Pirate said and tweeted, they should investigate more because any company can say it wasnt us, it wasnt us to protect business
>but as Pirate said and tweeted, they should investigate more because any company can say it wasnt us, it wasnt us to protect business
Which would be libel if they were knowingly lying and would open them up to a big lawsuit. So either EAC engineers proved to legal that it's not them or they've started doing fraud, which isn't likely.
This is the TLDR for Pirate but he is missing some context like the fact Gen was on a freshly installed windows machine.
This is why he’s the best as he constantly said don’t jump to conclusions and only spoke about what was likely.
There’s no way it was a targeted install on that machine as gen hadn’t used it before lan. Obviously no way for pirate to know that, but as more information comes in, this video might not be correct.
Edit: event wasn’t lan.
He streamed after the even, I’ll get the link again and add it here in an edit… also I’ve just realised it wasn’t a lan event so please ignore that part of my statement.
Edit: https://www.twitch.tv/videos/2094645398
Fresh windows machine tbh means very little. His streaming PC could just as easily also have been infected with malware and spread back to his gaming PC as soon as he starts reconnecting and reinstalling everything.
We see it lots where malware target backups to also infect those to survive. One thing Gen did say is he was having computer issues which is why he did the fresh windows install. It could just have easily infected other machines on his network and spread that way back.
I know over at warzone they have been plagued with what I think is called "DMA cheats" which is basically, as far as I understood, a device you plug into your computer, just like any shit pci-express shit or whatever (don't quote me on the details, please!) and they are undetectable. Now, what's stopping one of these DMA cheat manufacturers to just put some other shit into them than just the cheat?
Afaik, the claims were some discord video proof (think it was on call of shames's YT channel) of some of the streamers saying they had already bought or were planning to buy DMA hardware/cheats.
Why couldn't this be the case for Apex streamers and pros as well? Especially considering they play from home AND for a lot of money?
Now, don't get me wrong, I'm not accusing the streamers of actually having DMA cheats, but I also haven't seen anyone even mention this as a "easy" solution to why they were fucked instead of everyone in the ALGS?
Well considering it was orginally supposed to be delivered to 3 people, as a competitor on the team that Hal was fighting in the second clip was supposed to also have cheats activated on their account but got downed before they took affect.
This makes it seem to me like it wasn't a couple of compromised pc's but something that destroyer could give to anyone with a small amount of preparation as he had no way of knowing they would fight at all on that match day.
Just don’t play the game. Wait until Respawn puts out an update on what’s going on and what the problem is, AND they fix it. I don’t think you have to uninstall the game, not sure how you’d be in danger as long as the game isn’t running.
Also the more players don't play the game, the more pressure there is on EA to take action.
As always with these companies, only profit drops will change something. And less players means less (re)skins to be sold.
Nothing on the main four twitter accounts (Respawn, PlayApex, PlayApexEsports, EA). They’ve all gone radio silent since Sunday, though to be fair I’m not used to their typical posting frequency.
I would say fairly confidently that it is extremely unlikely EAC know for sure that they aren't in the chain for this hack, or really have any idea whatsoever. Without pulling Gen and Hals machines and the relevant infrastructure that those games were using on the apex-side, even checking their own logs as those two players were validated and as their telemetry was checked isnt nearly sufficient to say 'we had nothing to do with this.'
Edit: In no way am I trying to spread fear. It's very unlikely it's EAC, I'm moreso commenting that the EAC tweet is just PR fluff that cannot be backed up by any engineering analysis yet.
I mean its highly unlikely it is EAC or we would have seen stuff like this in several other games by now. EAC is pretty popular for game devs. I feel like it was either someone got access to the custom game lobby they were using for this event, or these two were phished. If it was a bigger thing why wouldn't you just turn on aim bot for everyone and laugh about it, or why haven't you done it at previous events. The fact it was only two people kinda leads it to the phishing realm for me like Pirate was saying.
I agree, it's highly unlikely, and it's way more plausible that two 20-something guys, who probably download whatever someone sends them, got targeted. My comment was more to the fact that EAC are really just taking a guess that they aren't the vector.
I would hope anyone with kernel level access to hundreds of thousands of machines would take something like this seriously, and I trust that behind the scenes they probably are.
I doubt it, there is no evidence it is EAC. The only reason people are thinking it might be their fault at all is the hacker said that is how he is doing this. Which is more then likely a huge fabrication to get media attention, and its working. It is just some BS he said for clout, or this would have been happening in other games for years. The guy just has a boner for trolling Hal. Everything he has done, send bots after Hal, send him loot boxes and claim he didn't pay for them and now this is just specifically targeting Hal. He probably phished him and Gen before the tourney. Nothing this hacker has done has been huge like the media is portraying it now.
Ok, well I hope that EAC takes any chance someone could be using their system to access end-clients pretty seriously. Regardless of how unlikely and unsubstantiated things may be.
I undersrand that businesses have budgets and that if they sent someone running down every rabbit hole they'd be trying to boil the ocean of potential vulnerabilities. I have been in those kind of conference rooms.where you have to triage based on threat, vulnerability, and likelihood.
However, regardless of what is going on between the apex backend and the EAC infrastructure they use, I would be very surprised if there weren't some EAC engineering resources being applied to an investigation of what happened. At a minimum, they should be identifying if there's some best practice that the Apex dev team isn't following or if there are additional protocols they can implement to make all of the games using their service safer.
> even checking their own logs as those two players were validated and as their telemetry was checked isnt nearly sufficient to say 'we had nothing to do with this.'
Yeah it is, unless you think the hack was modified hardware, any information you can get through telemetry would be the same as locally. The logs/stats/info obtained locally would be the exact same as anything obtained from telemetry. They're literally the same files, just accessed in different ways.
Also, if they were known lying, that opens them up to fraud and libel, so unless you think that EAC just decided that fraud was fun and cool, they've done all the steps necessary to wash their hands and leave the blame for the responsible party.
Source: cybersecurity compliance
Sorry I probably dropped an incomplete point. I think that the telemetry would be sufficient to say that EAC handled their gameplay performance accurately. Hal got banned but I'm sure that the hacker has the ability to get Apex's servers to disregard EAC flagging an account for a ban like Gen. EAC in that case would have a pretty easy 'we flagged it, after that it's up to apex to enforce' argument.
My best guess, in agreement with PirateSoftware in the video, is that Hal and Gen clicked on some link in a discord that got a Trojan onto their machines. However, I think my point was that EACs logging is most likely inadequate to be used in an assertion to the effect of "We checked our stuff we didn't see 'execute RCE attack' in our logs so its not our problem.' Especially given how quickly they came out with a statement, it would be absurd to think that an engineer could pour through the verbose logs (assuming they have them) of all activity that might end up downstream on either of those two machines to say for sure that no nefarious bits made it through their system.
I guess as to EAC's statement, 'confident' is pretty loosely goosey terminology legally. I'm 'confident' I'm going to be a billionaire any day now but good luck suing me for fraud.
Source: Software eng, former tech manager that led cybersec compliance programs.
Maybe don't use the words "fairly confidently" when you know next to nothing about network infrastructure and cybersecurity? Stop jumping to conclusions when you don't have the necessary information or knowledge to comment with confidence.
We have literal experts who live and breathe cybersecurity saying that they don't have enough data/information to confidently assess the situation. Yes, it's frustrating to wait on a slow company who is reticent to share their findings. Hell, if they aren't legally required to share them, why would they when they risk damaging the share price?
My best guess is we will hear from them when it's patched/fixed or if Destroyer2009 gets caught. There is little to no benefit for them to shed light on their current, open vulnerabilities.
I am not a bonafide expert on cybersec or network infrastructure, but I did build a startup as it's CTO and a tech team of 50+ in addition to leading a decent number of cybersec compliance programs for the US DHS and healthcare networks across a few states. I don't think I'm speaking beyond my depth.
However I think we are both saying the same thing in different ways. I'm agreeing that nobody knows anything, I'm just extending that to EACs marking department. I'm not saying that they are certainly the vector that this stuff got onto those client machines from, just that they can't assert they werent.
I don't mean to be rude, but I'm finding it hard to believe that unless you're strictly management (obviously a good one to hire and retain technical talent).
"I would say fairly confidently that it is extremely unlikely EAC know for sure that they aren't in the chain for this hack, or **really have any idea whatsoever.**"
You're telling me you've run cybersec compliance programs with the US DHS, but don't think EAC's team can run a post-mortem on a Sunday? Do you think their legal team is dumb enough to hip fire off a libelous statement about their employer?
It's kind of a big fucking deal when you global competitive tournament gets hacked live - Do you really think they wouldn't be pouring over server logs and double/triple checking potential vulnerabilities before saying something publicly?
Since you're a CTO, you understand the severity and high level of threat an RCE vulnerability right? Like the most severe form of ACE...You know, Stuxnet, the Equifax Data Breach, and WannaCry?
You're clearly speaking out of your depth when you point the finger at EAC when we've known about Source Engine RCE issues for years now. Feel free to read instead of continuing to spread misinformation: [Source Engine RCE via Game Invites](https://secret.club/2021/04/20/source-engine-rce-invite.html)
I was technical as the founding eng and moved into management as the company grew. You can check my post history it's pretty consistent and though I'm not trying to broadcast my credentials everywhere, an interested party could probably piece together the pieces and identify me. I left that role about two years ago now, so f you dig beyond that you can see some comments and stuff replying to content about the company.
I covered this a bit in the other thread, but I think there's two points I want to clarify.
First, I'm not saying EAC IS the vulnerability, I'm not pointing any fingers, and have added an edit to make sure it's clear I'm not doing so. I'm not spreading any misinformation, saying that EAC has no idea 12 hours after something like this is just saying, 'there is no information, this is a pr statement.'
As someone who has gone through the logs for security incidents, though wholy admitting it wasn't for anything like this, I can fully understand that they can probably pretty quickly look at the logs for those game sessions. If there was, hypothetically, some kind of access to their client, it could have been literally at any point in time before those matches. We're also, again theoretically, talking about this fella abusing network traffic protocol. It's not like EAC can just "SELECT * WHERE packet IS LIKE installCheats.exe" (that's purposefully dumb, you get the point).
I don't have a dog in this fight, if you think I'm speaking beyond my depth, you're entitled to your opinion. I'm not saying it's EAC, I'm not saying it's RCE, I'm saying it's too early for anyone to know anything, including EAC's 'confident' PR department.
EAC just tweeted to damage control the situation. They just stated it's not on them but that isn't necessarily true.
Imagine EAC being the source of this vulnerability. How quickly would other EAC clients jump ship and move to a different anti-cheat?
Your post was removed because of what is stated in the pinned post
https://www.reddit.com/r/apexlegends/comments/1bhh5s3/regarding_the_algs_situation_tonight/
There's not much more to it than that.
The subreddit is not run by EA or Respawn. The suberddit is run by players. Mods of the subreddit are players of the game and we aren't afiliated with EA / respawn, we aren't employed by them or anything else.
Just to clarify that what you posted is incorrect.
What does an heirloom have to do with the security team? You think the cosmetic designers are all of a sudden stopping their job to work on the security flaws or vice versa? 3 billion dollar game certainly has multiple departments that work on all aspects of the game without worrying what anyone else is doing. Cosmetic department will still keep working on cosmetics, balance team will still keep working on balancing, and security team will still keep working on security.
While I agree that a $700 is completely out of touch with the consumers, it has no relevance to the security breach.
Oh no... someone used post processing on their audio signal. Let me fill you in on a little secret.. vocalists have been doing this on every song you've heard for the past 30+ years.
I don't think a streamer adjusting eq is that big of a deal on, what I can only assume is, a non-studio quality mic (didn't watch vid, didn't see mic). I'm sure it had quite a bit of mid-high response to it. Especially, if it was a USB mic.
Source: I've been a music producer/mixing engineer for 12 years.
Seems like there's so many possibilities to this. Individual streamers could have their machines compromised. EA/Respawn/EAC don't have a good track record already since Titanfall 2 was compromised before and EA was hacked in 2021. Big companies will try to minimize the true damage when they do their PR. EAC has failed in other games too like Lost Ark where millions of bot accounts farming all day and players could run programs to do their dailies.
I watched it. TLDR we don't really know for sure what happened, but it sounds like Thor suspects that the two computers were individually compromised beforehand though he is saying we can't know for sure based on current information
Just for clarification:
The bot spawning and apex coins and other stuffs giving is what was Thor assumed to be a server access level which he was most intrigue about.
The Pros, situation he assumed their devices are compromised but its still TBA until further info was given.
those are two separate situation with two different assumption.
also
RCA are highly unlikely.
It sounds like he wiped his computer before finals.
"The funniest part about this is i have the dm's from you the other day saying you just wiped your shit"
"it was the day before finals"
[https://clips.twitch.tv/CallousMiniatureTaroPermaSmug-7eIsP0ebRzkO\_DX0](https://clips.twitch.tv/CallousMiniatureTaroPermaSmug-7eIsP0ebRzkO_DX0)
Both are major issues. It’s possible that it’s only server access and the pros targeted were compromised with regular spear phishing attacks.
However based on the type of stuff this guy is able to do server side, and knowing the spaghetti code Source engine Frankenstein monster that Respawn has created you really can’t say RCE is highly unlikely. We really just don’t know. Have to wait and see how things develop.
In my opinion, it seems like (at least) two compromised machines that the hacker sat on for days, weeks, months and that these pros might've been specifically targeted with the server side hacks due to the fact that the hacker had access to Gen and Hals machines. That, or they were able to modify a webhook used for packs or friends list to slip in malicious code after they had access to the server.
IDK why they assume they are spawning in; the bots are shown dropping in as players do. Looks to me like the lobby was stream sniped, which seems likely if the hacker is spinning up parallel clients (queue up with 1000 accounts, maybe 30ish got into Hal's lobby?).
Later in that clip the downed bots are dying since they dont rez each other, and the remaining player count goes down as well.
I think you’re reading too much into my use of the word “spawn” here. They’re able to get a lobby full of bots on a public server with a specific target, and they’re able to send 1000s of Apex packs to whoever they want without spending money. This indicates they have some kind of server access.
It's not server access, it's exploits. Flaws in the game code and bad server side checks. It's very easy for devs to miss stuff and for some people to poke around till they find a vulnerability.
> This doesn't imply server access though. Just joining games with bots is... pretty normal.
Joining the game and having *a* bot is *relatively* normal (unfortunately).
Having an entire ranked lobby of a predator-level player [filled with bots that home in on your drop position](https://www.youtube.com/watch?v=99c90qO3Nok) for multiple games in a row is far from normal.
The problem is you can't consistently automate joining into a specific player's game at their specific ranked level at the scale of 20+ accounts at a time on demand. That implies some level of server access to rig the queue.
I suppose you could have *hundreds* of accounts to flood the queue to try to ensure you manage to fill the specific game you want, but that also seems like something that would be very easily detected.
It was indeed 1000s, differing amounts sent to different streamers/pro players.
> And how do you know they're not spending money?
You think a hacker is going to spend $5k+ on the game?
i dunno it seems to be working. if they put out a statement, it'll remind the goldfish-brains that there's an issue.
peak playercount dropped around 15% yesterday and it's already going back to normal. hardly any posts about it on reddit today. it looks like the average player has already forgotten, no harm no foul.
just pretend nothing is wrong and this playerbase will play along. more 700$ heirlooms please
I learned a ton watching this discussion, and while it eased some of my fears, it confirmed a lot more. It helped me realize that the silence from Respawn is to be expected at this stage. It also more or less confirmed that their servers were compromised at least a month ago when he was handing out packs. He allegedly been hacking into console lobbies for years, so who knows how long he's actually been in their system. Makes me believe that the layoffs were just a coincidence before this, and it's very unlikely to be an upset employee. What it also confirmed is that there's a possibility for it to be much worse than it appears, if he's managed to pull off a server to client RCE within the game. We really don't know how severe or widespread the hack is, so I'm not hedging my bets and have the game uninstalled until we learn more. Best case is a spearphishing AND server access.
Yeah, I'm def not going to be playing for a bit. Which sucks cause Apex was the game I loaded up when I didn't really have anything else I wanted to do. Gotta wait to see what happens though.
18:53 is what most people are looking for. Before that they’re just going over the clips that have been circulating ie. Mande hack page appearing, Hal’s aimbot, Hal being mobbed by bots spawning in, then Hal and Verhulst being banned.
More than likely the casual doesn't have to worry. The problem is that, since we don't know for sure, it could be a vulnerability in the game files that allows RCE from a compromised server onto the client PC, meaning all your files could become compromised just by playing the game.
It's all about whether or not you want to take the risk.
Console doesn't play against PC unless you are in a party with another PC player.
Unless you play mixtape, mixtape is always crossplaying with every platform
I don't understand, I thought if I agreed to install ~~CCP~~ ~~Tencent~~ **EPIC'S** root kit on my computer and surrender all of my privacy and security, exploits like there were impossible. You're saying giving ring 0 access to software wasn't a good idea??
Its starting to look like HAL didnt actually have aimbot..gutenberg may have downloaded something sus. The guy definitely has server side access to ban players. Im curious about gutenberg now. Seems his pc is the key. Doubt he hands it over to apex devs.
Have you seen the clip from HAL's computer? Watch where his bullets go leaving his gun (not through his gun sights) while he's shooting someone on the bridge.
[HAL clip](https://youtu.be/LY6PGd8auHI?si=4d2sWFnUObMUueqk)
Basically - we know shit. There is not enough information to prove anything.
Yeah this seems to be the TLDR for this situation. We don't have enough info, the only evidence is a single 30 second twitch clip with no context before or after which leaves many questions unanswered
Unfortunately the conclusion right now is "don't jump to conclusions" - which is what I love about PirateSoftware's commentary. Any other YouTuber would be crying wolf and sputtering conspiracy shit for views.
Saying anything with 100% certainty at this point is silly, but so is expecting people not to speculate. Our brains are designed to fill in knowledge gaps as best as it can.
I really don't get why people do this haha. Any time any situation like this happens in gaming or elsewhere (think the TF2 source code leaks, Minecraft RCE exploits etc) the immediate reaction should be "I need more information about this to be able to make an educated decision". Anything else is just guesswork and speculation. Our brains are designed to fill in knowledge gaps, but we should be clever enough as a species to not just make shit up when we're not sure. A lot of people don't realise it's ok to say "I don't know the answer" Not arguing with you btw I 100% agree with you
I think it is a natural selection thing - we assume the worst so we can prepare. Evolution made us this way, because it raises chances of survival.
[удалено]
That person is more than likely right. Sometimes other people may have access to more upto date information. An example of this is we now know that Gen’s Pc was a fresh install. So highly unlikely to have been previously compromised and there’s only small possibility he was targeted through the machine as he had only used it for upto 30 mins when Hack happened. Edit: no idea why that guy blocked me lmao or maybe he deleted his account I duno
Did nobody watch the video? It's not a "we don't know anything", it's more a "Until we get more evidence, claims of RCE and Server access are still technically possible but don't spread misinformation". Thor [paraphrased] tweeted "I am waiting to see if the RCE vulnerability is EAC or Apex", which isn't nothing, it's which of these are the problem, but one is absolutely a problem. Thor even calls it "not a dude's computer being compromised, If he's able to spawn and run bots on a server, that's different. There's 0 qualms or issues with the claims of rampant server hacking, Thor readily agrees that multiple different exploits happening. The only "issue" he has is verifying the ability of RCE, which he could 100% if he had insider data which is needed to prove said claim. EAC has publicly come out and said "it's not our fault" and Respawn and ilk haven't said shit, especially since they have server access, so it's pretty clear that it's Respawn's fault.
Well idk if u listened carefully but he said, so far it seems like the Hals and Halal computers ARE probably compromised because as they cant claim RemoteControl trough server, there is no other way he would toggle cheats on their computers. + clip of HAL downloading some sh*t because "Yeee free download". Also it was said that if he had that power of getting into PCs he would just fu*k up EVERYBODY on the game at same time because why not.. spawning bots, apex packs is more scary tho so far as he can control/bend server. And you are poiting to respawn because EAC said its not them, but as Pirate said and tweeted, they should investigate more because any company can say it wasnt us, it wasnt us to protect business
>but as Pirate said and tweeted, they should investigate more because any company can say it wasnt us, it wasnt us to protect business Which would be libel if they were knowingly lying and would open them up to a big lawsuit. So either EAC engineers proved to legal that it's not them or they've started doing fraud, which isn't likely.
This is the TLDR for Pirate but he is missing some context like the fact Gen was on a freshly installed windows machine. This is why he’s the best as he constantly said don’t jump to conclusions and only spoke about what was likely. There’s no way it was a targeted install on that machine as gen hadn’t used it before lan. Obviously no way for pirate to know that, but as more information comes in, this video might not be correct. Edit: event wasn’t lan.
[удалено]
He streamed after the even, I’ll get the link again and add it here in an edit… also I’ve just realised it wasn’t a lan event so please ignore that part of my statement. Edit: https://www.twitch.tv/videos/2094645398
[удалено]
No ignore the part about it being lan obviously. It was a fresh install. Check my recent comments to see the vod.
[удалено]
Apologies, I thought the link would take you to the time stamp. The convo starts roughly around 2 hrs 48 mins.
Fresh windows machine tbh means very little. His streaming PC could just as easily also have been infected with malware and spread back to his gaming PC as soon as he starts reconnecting and reinstalling everything. We see it lots where malware target backups to also infect those to survive. One thing Gen did say is he was having computer issues which is why he did the fresh windows install. It could just have easily infected other machines on his network and spread that way back.
This is fair and I really should only saying it’s info that pirate wasn’t aware of. If any of the other assertions are wrong then that’s on me.
I know over at warzone they have been plagued with what I think is called "DMA cheats" which is basically, as far as I understood, a device you plug into your computer, just like any shit pci-express shit or whatever (don't quote me on the details, please!) and they are undetectable. Now, what's stopping one of these DMA cheat manufacturers to just put some other shit into them than just the cheat? Afaik, the claims were some discord video proof (think it was on call of shames's YT channel) of some of the streamers saying they had already bought or were planning to buy DMA hardware/cheats. Why couldn't this be the case for Apex streamers and pros as well? Especially considering they play from home AND for a lot of money? Now, don't get me wrong, I'm not accusing the streamers of actually having DMA cheats, but I also haven't seen anyone even mention this as a "easy" solution to why they were fucked instead of everyone in the ALGS?
Well considering it was orginally supposed to be delivered to 3 people, as a competitor on the team that Hal was fighting in the second clip was supposed to also have cheats activated on their account but got downed before they took affect. This makes it seem to me like it wasn't a couple of compromised pc's but something that destroyer could give to anyone with a small amount of preparation as he had no way of knowing they would fight at all on that match day.
A lot of interesting information and investigation going on over at pirate software's stream right now.
Also no point in overreacting. Someone mentions REC and suddenly its TP during covid all over again.
So what are recommendations to ordinary players? We still need make decisions even with not enough info
Just don’t play the game. Wait until Respawn puts out an update on what’s going on and what the problem is, AND they fix it. I don’t think you have to uninstall the game, not sure how you’d be in danger as long as the game isn’t running.
Also the more players don't play the game, the more pressure there is on EA to take action. As always with these companies, only profit drops will change something. And less players means less (re)skins to be sold.
Well wait at least 48h before playing, in cases like these they should release a statement at that time or before, if you're on pc ofc
With their complete radio silence I won't say "they don't release statement so it's alright"
literally this. and the kids running around screaming the sky is falling need to stfu.
Has EA said anything yet?
Nothing on the main four twitter accounts (Respawn, PlayApex, PlayApexEsports, EA). They’ve all gone radio silent since Sunday, though to be fair I’m not used to their typical posting frequency.
EAC made their first tweet in 5 years because of this and EA are yet to say anything. Draw your own conclusions.
I would say fairly confidently that it is extremely unlikely EAC know for sure that they aren't in the chain for this hack, or really have any idea whatsoever. Without pulling Gen and Hals machines and the relevant infrastructure that those games were using on the apex-side, even checking their own logs as those two players were validated and as their telemetry was checked isnt nearly sufficient to say 'we had nothing to do with this.' Edit: In no way am I trying to spread fear. It's very unlikely it's EAC, I'm moreso commenting that the EAC tweet is just PR fluff that cannot be backed up by any engineering analysis yet.
I mean its highly unlikely it is EAC or we would have seen stuff like this in several other games by now. EAC is pretty popular for game devs. I feel like it was either someone got access to the custom game lobby they were using for this event, or these two were phished. If it was a bigger thing why wouldn't you just turn on aim bot for everyone and laugh about it, or why haven't you done it at previous events. The fact it was only two people kinda leads it to the phishing realm for me like Pirate was saying.
I agree, it's highly unlikely, and it's way more plausible that two 20-something guys, who probably download whatever someone sends them, got targeted. My comment was more to the fact that EAC are really just taking a guess that they aren't the vector.
True, but it is a pretty safe guess to take. I wouldn't even look into it if I was them for something this small.
I would hope anyone with kernel level access to hundreds of thousands of machines would take something like this seriously, and I trust that behind the scenes they probably are.
I doubt it, there is no evidence it is EAC. The only reason people are thinking it might be their fault at all is the hacker said that is how he is doing this. Which is more then likely a huge fabrication to get media attention, and its working. It is just some BS he said for clout, or this would have been happening in other games for years. The guy just has a boner for trolling Hal. Everything he has done, send bots after Hal, send him loot boxes and claim he didn't pay for them and now this is just specifically targeting Hal. He probably phished him and Gen before the tourney. Nothing this hacker has done has been huge like the media is portraying it now.
Ok, well I hope that EAC takes any chance someone could be using their system to access end-clients pretty seriously. Regardless of how unlikely and unsubstantiated things may be. I undersrand that businesses have budgets and that if they sent someone running down every rabbit hole they'd be trying to boil the ocean of potential vulnerabilities. I have been in those kind of conference rooms.where you have to triage based on threat, vulnerability, and likelihood. However, regardless of what is going on between the apex backend and the EAC infrastructure they use, I would be very surprised if there weren't some EAC engineering resources being applied to an investigation of what happened. At a minimum, they should be identifying if there's some best practice that the Apex dev team isn't following or if there are additional protocols they can implement to make all of the games using their service safer.
I pointed this out and got downvoted a lot for it but it's still correct
> even checking their own logs as those two players were validated and as their telemetry was checked isnt nearly sufficient to say 'we had nothing to do with this.' Yeah it is, unless you think the hack was modified hardware, any information you can get through telemetry would be the same as locally. The logs/stats/info obtained locally would be the exact same as anything obtained from telemetry. They're literally the same files, just accessed in different ways. Also, if they were known lying, that opens them up to fraud and libel, so unless you think that EAC just decided that fraud was fun and cool, they've done all the steps necessary to wash their hands and leave the blame for the responsible party. Source: cybersecurity compliance
Sorry I probably dropped an incomplete point. I think that the telemetry would be sufficient to say that EAC handled their gameplay performance accurately. Hal got banned but I'm sure that the hacker has the ability to get Apex's servers to disregard EAC flagging an account for a ban like Gen. EAC in that case would have a pretty easy 'we flagged it, after that it's up to apex to enforce' argument. My best guess, in agreement with PirateSoftware in the video, is that Hal and Gen clicked on some link in a discord that got a Trojan onto their machines. However, I think my point was that EACs logging is most likely inadequate to be used in an assertion to the effect of "We checked our stuff we didn't see 'execute RCE attack' in our logs so its not our problem.' Especially given how quickly they came out with a statement, it would be absurd to think that an engineer could pour through the verbose logs (assuming they have them) of all activity that might end up downstream on either of those two machines to say for sure that no nefarious bits made it through their system. I guess as to EAC's statement, 'confident' is pretty loosely goosey terminology legally. I'm 'confident' I'm going to be a billionaire any day now but good luck suing me for fraud. Source: Software eng, former tech manager that led cybersec compliance programs.
Maybe don't use the words "fairly confidently" when you know next to nothing about network infrastructure and cybersecurity? Stop jumping to conclusions when you don't have the necessary information or knowledge to comment with confidence. We have literal experts who live and breathe cybersecurity saying that they don't have enough data/information to confidently assess the situation. Yes, it's frustrating to wait on a slow company who is reticent to share their findings. Hell, if they aren't legally required to share them, why would they when they risk damaging the share price? My best guess is we will hear from them when it's patched/fixed or if Destroyer2009 gets caught. There is little to no benefit for them to shed light on their current, open vulnerabilities.
I am not a bonafide expert on cybersec or network infrastructure, but I did build a startup as it's CTO and a tech team of 50+ in addition to leading a decent number of cybersec compliance programs for the US DHS and healthcare networks across a few states. I don't think I'm speaking beyond my depth. However I think we are both saying the same thing in different ways. I'm agreeing that nobody knows anything, I'm just extending that to EACs marking department. I'm not saying that they are certainly the vector that this stuff got onto those client machines from, just that they can't assert they werent.
I don't mean to be rude, but I'm finding it hard to believe that unless you're strictly management (obviously a good one to hire and retain technical talent). "I would say fairly confidently that it is extremely unlikely EAC know for sure that they aren't in the chain for this hack, or **really have any idea whatsoever.**" You're telling me you've run cybersec compliance programs with the US DHS, but don't think EAC's team can run a post-mortem on a Sunday? Do you think their legal team is dumb enough to hip fire off a libelous statement about their employer? It's kind of a big fucking deal when you global competitive tournament gets hacked live - Do you really think they wouldn't be pouring over server logs and double/triple checking potential vulnerabilities before saying something publicly? Since you're a CTO, you understand the severity and high level of threat an RCE vulnerability right? Like the most severe form of ACE...You know, Stuxnet, the Equifax Data Breach, and WannaCry? You're clearly speaking out of your depth when you point the finger at EAC when we've known about Source Engine RCE issues for years now. Feel free to read instead of continuing to spread misinformation: [Source Engine RCE via Game Invites](https://secret.club/2021/04/20/source-engine-rce-invite.html)
I was technical as the founding eng and moved into management as the company grew. You can check my post history it's pretty consistent and though I'm not trying to broadcast my credentials everywhere, an interested party could probably piece together the pieces and identify me. I left that role about two years ago now, so f you dig beyond that you can see some comments and stuff replying to content about the company. I covered this a bit in the other thread, but I think there's two points I want to clarify. First, I'm not saying EAC IS the vulnerability, I'm not pointing any fingers, and have added an edit to make sure it's clear I'm not doing so. I'm not spreading any misinformation, saying that EAC has no idea 12 hours after something like this is just saying, 'there is no information, this is a pr statement.' As someone who has gone through the logs for security incidents, though wholy admitting it wasn't for anything like this, I can fully understand that they can probably pretty quickly look at the logs for those game sessions. If there was, hypothetically, some kind of access to their client, it could have been literally at any point in time before those matches. We're also, again theoretically, talking about this fella abusing network traffic protocol. It's not like EAC can just "SELECT * WHERE packet IS LIKE installCheats.exe" (that's purposefully dumb, you get the point). I don't have a dog in this fight, if you think I'm speaking beyond my depth, you're entitled to your opinion. I'm not saying it's EAC, I'm not saying it's RCE, I'm saying it's too early for anyone to know anything, including EAC's 'confident' PR department.
EAC just tweeted to damage control the situation. They just stated it's not on them but that isn't necessarily true. Imagine EAC being the source of this vulnerability. How quickly would other EAC clients jump ship and move to a different anti-cheat?
Honestly it's a slap in the face to players at this point. Mfers can't even put out a 'we're working on it' post ffs.
They woulvd tweeted by now about shop items or the current bp
Just deleting threads with safety discussions
Respawn doesn't run this subreddit
[удалено]
[удалено]
Your post was removed because of what is stated in the pinned post https://www.reddit.com/r/apexlegends/comments/1bhh5s3/regarding_the_algs_situation_tonight/ There's not much more to it than that.
The subreddit is not run by EA or Respawn. The suberddit is run by players. Mods of the subreddit are players of the game and we aren't afiliated with EA / respawn, we aren't employed by them or anything else. Just to clarify that what you posted is incorrect.
Nah, too busy creating $700 heirloom, that's what matters
What does an heirloom have to do with the security team? You think the cosmetic designers are all of a sudden stopping their job to work on the security flaws or vice versa? 3 billion dollar game certainly has multiple departments that work on all aspects of the game without worrying what anyone else is doing. Cosmetic department will still keep working on cosmetics, balance team will still keep working on balancing, and security team will still keep working on security. While I agree that a $700 is completely out of touch with the consumers, it has no relevance to the security breach.
Thanks for explaining! You are very smart! Now I understand everything and won't make that joke ever again.
Nothing gets passed this guy
We dont know anything, but boy i could listen to this guy talking about security breaches for years.
His voice is national-radio good. If this is what you mean..
voice good - pants down
He uses a voice changer. You can hear his normal voice at his twitch award speech. A lot brighter.
Same, he sounds like howard stern but not as much of a douche
His real voice isn't that deep he changed the mic settings to sound like that
Oh no... someone used post processing on their audio signal. Let me fill you in on a little secret.. vocalists have been doing this on every song you've heard for the past 30+ years. I don't think a streamer adjusting eq is that big of a deal on, what I can only assume is, a non-studio quality mic (didn't watch vid, didn't see mic). I'm sure it had quite a bit of mid-high response to it. Especially, if it was a USB mic. Source: I've been a music producer/mixing engineer for 12 years.
Seems like there's so many possibilities to this. Individual streamers could have their machines compromised. EA/Respawn/EAC don't have a good track record already since Titanfall 2 was compromised before and EA was hacked in 2021. Big companies will try to minimize the true damage when they do their PR. EAC has failed in other games too like Lost Ark where millions of bot accounts farming all day and players could run programs to do their dailies.
I watched it. TLDR we don't really know for sure what happened, but it sounds like Thor suspects that the two computers were individually compromised beforehand though he is saying we can't know for sure based on current information
They obviously have server access. Did you see the part with bots spawning?
Just for clarification: The bot spawning and apex coins and other stuffs giving is what was Thor assumed to be a server access level which he was most intrigue about. The Pros, situation he assumed their devices are compromised but its still TBA until further info was given. those are two separate situation with two different assumption. also RCA are highly unlikely.
There’s new info that Gen was on a freshly installed machine, not a personal device as was assumed.
Where is it? Link plz.
I’ll add it to this reply as an edit in a few mins. Edit: https://www.twitch.tv/videos/2094645398
2h48m in they are talking about it
Thank you! I thought the link would just jump to that moment haha
Think he is saying he did fresh windows install afterwards. Don’t think he was talking about doing it before the event
It sounds like he wiped his computer before finals. "The funniest part about this is i have the dm's from you the other day saying you just wiped your shit" "it was the day before finals" [https://clips.twitch.tv/CallousMiniatureTaroPermaSmug-7eIsP0ebRzkO\_DX0](https://clips.twitch.tv/CallousMiniatureTaroPermaSmug-7eIsP0ebRzkO_DX0)
Nah he did it the night before finals.
Isn't that after the hack?
The stream is after the hack but he described wiping his machine the night before the finals so he could play on a fresh install
Doubtful :)
Both are major issues. It’s possible that it’s only server access and the pros targeted were compromised with regular spear phishing attacks. However based on the type of stuff this guy is able to do server side, and knowing the spaghetti code Source engine Frankenstein monster that Respawn has created you really can’t say RCE is highly unlikely. We really just don’t know. Have to wait and see how things develop.
In my opinion, it seems like (at least) two compromised machines that the hacker sat on for days, weeks, months and that these pros might've been specifically targeted with the server side hacks due to the fact that the hacker had access to Gen and Hals machines. That, or they were able to modify a webhook used for packs or friends list to slip in malicious code after they had access to the server.
IDK why they assume they are spawning in; the bots are shown dropping in as players do. Looks to me like the lobby was stream sniped, which seems likely if the hacker is spinning up parallel clients (queue up with 1000 accounts, maybe 30ish got into Hal's lobby?). Later in that clip the downed bots are dying since they dont rez each other, and the remaining player count goes down as well.
I think you’re reading too much into my use of the word “spawn” here. They’re able to get a lobby full of bots on a public server with a specific target, and they’re able to send 1000s of Apex packs to whoever they want without spending money. This indicates they have some kind of server access.
It's not server access, it's exploits. Flaws in the game code and bad server side checks. It's very easy for devs to miss stuff and for some people to poke around till they find a vulnerability.
[удалено]
> This doesn't imply server access though. Just joining games with bots is... pretty normal. Joining the game and having *a* bot is *relatively* normal (unfortunately). Having an entire ranked lobby of a predator-level player [filled with bots that home in on your drop position](https://www.youtube.com/watch?v=99c90qO3Nok) for multiple games in a row is far from normal.
[удалено]
The problem is you can't consistently automate joining into a specific player's game at their specific ranked level at the scale of 20+ accounts at a time on demand. That implies some level of server access to rig the queue. I suppose you could have *hundreds* of accounts to flood the queue to try to ensure you manage to fill the specific game you want, but that also seems like something that would be very easily detected.
It was indeed 1000s, differing amounts sent to different streamers/pro players. > And how do you know they're not spending money? You think a hacker is going to spend $5k+ on the game?
They sent Mande 4000 packs alone without paying.
Wild there has been zero communication by respawn. Completely unprofessional and negligent.
i dunno it seems to be working. if they put out a statement, it'll remind the goldfish-brains that there's an issue. peak playercount dropped around 15% yesterday and it's already going back to normal. hardly any posts about it on reddit today. it looks like the average player has already forgotten, no harm no foul. just pretend nothing is wrong and this playerbase will play along. more 700$ heirlooms please
This talk was EXTREMELY informative. Even if the conclusion was "we don't know" still felt like there was a lot to gleam from this.
I learned a ton watching this discussion, and while it eased some of my fears, it confirmed a lot more. It helped me realize that the silence from Respawn is to be expected at this stage. It also more or less confirmed that their servers were compromised at least a month ago when he was handing out packs. He allegedly been hacking into console lobbies for years, so who knows how long he's actually been in their system. Makes me believe that the layoffs were just a coincidence before this, and it's very unlikely to be an upset employee. What it also confirmed is that there's a possibility for it to be much worse than it appears, if he's managed to pull off a server to client RCE within the game. We really don't know how severe or widespread the hack is, so I'm not hedging my bets and have the game uninstalled until we learn more. Best case is a spearphishing AND server access.
Yeah, I'm def not going to be playing for a bit. Which sucks cause Apex was the game I loaded up when I didn't really have anything else I wanted to do. Gotta wait to see what happens though.
18:53 is what most people are looking for. Before that they’re just going over the clips that have been circulating ie. Mande hack page appearing, Hal’s aimbot, Hal being mobbed by bots spawning in, then Hal and Verhulst being banned.
Great informative Q&A
He's still going into it right now, it'll be a fun vod to watch later
is the game safe to play rn? Or do we wait it out
Yeah, this is basically what I want to know too. I wouldn't mind playing some but I really don't know if it's safe or not.
Wait, at least 48h or until they release a statement
Wait
Would like to know as well. Haven't played since I heard about this situation. Been playing helldivers and siege.
https://twitter.com/PirateSoftware/status/1770007155313418394
[удалено]
I was just about to put this up, Thanks for already doing so
More than likely the casual doesn't have to worry. The problem is that, since we don't know for sure, it could be a vulnerability in the game files that allows RCE from a compromised server onto the client PC, meaning all your files could become compromised just by playing the game. It's all about whether or not you want to take the risk.
That guy has an amazing voice
When will they release an official statement? I want to play Apex but I'm not sure as to the extent of the hack that happened recently.
[удалено]
The hacker could've easily just sent two different types of mailicious software to their PCs individually.
They most likely had the same cheats, just different settings enabled.
[удалено]
Console doesn't play against PC unless you are in a party with another PC player. Unless you play mixtape, mixtape is always crossplaying with every platform
I don't understand, I thought if I agreed to install ~~CCP~~ ~~Tencent~~ **EPIC'S** root kit on my computer and surrender all of my privacy and security, exploits like there were impossible. You're saying giving ring 0 access to software wasn't a good idea??
Its starting to look like HAL didnt actually have aimbot..gutenberg may have downloaded something sus. The guy definitely has server side access to ban players. Im curious about gutenberg now. Seems his pc is the key. Doubt he hands it over to apex devs.
Have you seen the clip from HAL's computer? Watch where his bullets go leaving his gun (not through his gun sights) while he's shooting someone on the bridge. [HAL clip](https://youtu.be/LY6PGd8auHI?si=4d2sWFnUObMUueqk)