Wow it finally happened. So glad I switched to steam running on linux mint last week. I refused to install helldivers because it wanted to install some no holes barred god level permissions anti-cheat software. Windows 11 was the last straw for me. Good times…

The volunteers at the Anti-Cheat Police Department have since issued a PSA announcing, “There is currently an RCE exploit being abused in [Apex Legends]” and that it could be delivered via from the game itself, or its anti-cheat protection. “I would advise against playing any games protected by EAC or any EA titles”, they went on to say.

As for players of the tournament, they strongly recommended taking protective measures. “It is advisable that you change your Discord passwords and ensure that your emails are secure. also enable MFA for all your accounts if you have not done it yet”, they said, “perform a clean OS reinstall as soon as possible. Do not take any chances with your personal information, your PC may have been exposed to a rootkit or other malicious software that could cause further damage.”

  • merthyr1831@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    The missing context here (not your fault, i think people reporting this are being misleading) is that they were using their personal systems in this tournament. That means whatever dodgy software they’ve installed can’t be monitored in a controlled environment, and claims of it being EAC’s fault is unfounded.

    A proper tournament would have controlled hardware and software, even if playing remotely at a professional level. You can’t guarantee these systems haven’t been tampered with, even if the players insist on proper security measures.

  • Venia Silente@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    So, lemme get this straight: allowing remote parties to install malware (DRM) on your system results in allowing remote parties to install malware on your system? Wow, who could have known! Certainly not the distributors of the step-one malware, am I right?

    I’m certain there’s a couple of lessons to be learned here (install and run games as normal, non-elevated users, people! It’s easy to do on Linux) but I’m also somehow certain Big Corpos are going to stick their heads into the sand regarding such lessons.

    Oh well, the pirate way it is.

    • tapo@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago
      • This isn’t DRM, but an anti-cheat
      • The game is free, there’s nothing to oirste
      • The developer has announced that it’s not the anticheat’s fault after all, but a remote execution vulnerability in the game itself
  • Blackmist@feddit.uk
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    Sounds fanciful.

    EAC doesn’t open up ports into your network as far as I’m aware.

    Pretty much the only way to do RCE in games with no direct P2P connection is to send malformed data to the server, and then it sends that to the other clients, relying on things not being checked in two places. We’ve seen this a few times, in Dark Souls series and GTA Online.

    I can’t see for the life of me how EAC would cause that.

    • BURN@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      It’s very likely not EAC that’s the problem. Best guess is the hacker has some kind of server side access, be it allowing unsigned/unauthorized operations to be executed from a client or having access to the servers themselves via rce

    • RememberTheApollo_@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      So what’s going on? These players all had cheats loaded and this is the excuse they came up with when it was detected on their systems? Cheats are pretty rampant, but they’ve mostly shifted to people using external hardware like XIM or Chronos to bypass cheat detection and abuse the Aim Assist function. It’s blatantly obvious in competitive games, especially first-person shooters. Ah well, get gud kid. Learn how to aim.

      • Blackmist@feddit.uk
        link
        fedilink
        English
        arrow-up
        0
        ·
        8 months ago

        Considering it’s two high profile players, I’d say the most likely is that they were tricked into downloading something, or some other software they were using had an exploit (I’ve had one from a browser plugin before now). There’s a video elsewhere in this thread of one of them downloading Malwarebytes for something, so maybe they didn’t manage to get rid of whatever it was.

        Other option is an exploit on the server. Maybe there’s some way of sending malformed data to a player you’re not currently in a game with to exploit an RCE. It’s not completely impossible, but I figure we’d see it a lot more if that was the case.

        I’d put money on option 1 though.

      • Buddahriffic@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        8 months ago

        In another thread for this, someone posted links to streams of the players when it happens. They immediately notice and adjust their playstyle to avoid the cheat (one guy with wall hack leaves the game, another guy with aim bot stops shooting anything). It wasn’t a case of “game detects cheating and player tries to explain after the fact”, but “cheat suddenly and obviously enabled, player announces it immediately in voice chat and team advises to leave”.

    • jinwk00@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      Iirc Apex Legends and Denuvo are never correlated (unless they added Denuvo AC at some point)

      • Ann Archy@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        8 months ago

        So you downvoted my question even though you answered it?

        Lemmy has become a children’s fucking shitshow. Reddit is less retarded than this.

  • jabathekek@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    …your PC may have been exposed to a rootkit or other malicious software that could cause further damage."

    “The rootkit you installed on your pc allowed a rootkit or other malicious software to be installed on your PC.”

    • pivot_root@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      8 months ago

      “But, it stopped little Aimbot Andrew from successfully using the xProAimb0t2024 program he spent his monthly allowance on! Never mind the rest; it’s working as intended. Closed as WONTFIX.”

      – Anticheat developers

  • FilterItOut@thelemmy.club
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    That was a strange path my mind took as I read the title, thinking it was a satire piece about competitors trying to sneak in cheats… Like, the “Anti-Cheat Police Department” couldn’t be anything but a laughingstock.

  • Wes_Dev@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    “I would advise against playing any games protected by EAC or any EA titles”, they went on to say.

    Easy. I specifically blocked all titles with the tags “EA” and “EA Play” on Steam. Never have to worry about it.

    • Ann Archy@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      8 months ago

      EA is burned forever. I will never forgive them, ever, for anything they did post Commodore 64.

      • PraiseTheSoup@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        8 months ago

        Whhaaat they made good games at least until 1998. It was right around the time they switched from using the full Electronic Arts moniker to just “EA” that the quality really tanked.

  • noevidenz@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    There is currently no evidence of an RCE exploit in EAC, and EAC themselves as well as their owner, Epic, have both denied the existence of an RCE in their software.

    There’s a video from about a month ago in which ImperialHal and Genburten (on separate occasions) are in a match against the person named in the messages sent by the exploit on Genburten’s machine.

    It’s possible that they were in contact with the hacker after that point and that he tricked them into downloading something they shouldn’t have.

    Otherwise, it’s also possible that there is an exploit in Apex/Source that the hacker used. He may have been able to get their IP during the public match a month ago and then use it to target them during the competition.

    Beyond what was seen during the competition, the hacker was also able to gift thousands of Apex packs to several players (seemingly without paying for them) and was able to get 40+ “bot” players into a single match and to all target an individual player. He also claimed to be able to open crates on another player’s account. These other exploits seem to indicate that he has elevated access to both the server and to multiple APIs, but none of them indicate elevated access to user machines in general.

    • merthyr1831@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      8 months ago

      Cancel my comment about this being a possible 0day or whatever. They were playing this tournament on their personal systems, which makes it way easier for someone to accidentally download malicious software without players’ consent.

    • Ann Archy@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      In other news, Boeing swears their planes are perfectly safe, and any evidence to the contrary lies at the bottom of the ocean.

      • Ann Archy@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        8 months ago

        Who downvotes this? We should be happy we have robots reminding us and taking care of our piracy (lol I meant to write privacy but I’m leaving it)

        Just install the fucker on your phone and set it as default (because you DO disable the YouTube app that comes bloated into every phone right? RIGHT?!), then you don’t even have to think about it it autoruns all yt links, without ads, age restrictions, cookie naggings, antiadblock whining, and spying on your every single move online.

        • BURN@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          8 months ago

          Because it’s super annoying, clogs comment feeds and is unnecessary to be a giant wall of text comment for something ~50% of people don’t care about.

          And yes, I use the default YouTube app because it works.

            • Droechai@lemm.ee
              link
              fedilink
              English
              arrow-up
              0
              ·
              8 months ago

              I do love the abbreviation bots though, they should be automatically summoned the first time a new abbreviation is used in a comment tree

              • conciselyverbose@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                0
                ·
                8 months ago

                That one is actually nice.

                I think it should be required to get manually added to a community by moderators still though. Or respond to a summon to a specific thread.

  • db2@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    leopards.exe has eaten your face and will continue.

    [OK] [Yes] [I deserve it]

  • ramielrowe@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    I do not buy this RCE in Apex/EAC rumor. This wouldn’t be the first time “pro” gamers got caught with cheats. And, I wouldn’t put it past the cheat developers to not only include trojan-like remote-control into their cheats, but use it to advertise their product during a streamed tournament. All press is good press. And honestly, they’d probably want people thinking it was a vulnerability in Apex/EAC rather than a trojan included with their cheat.

    • CaptainBasculin@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      There is an RCE exploit in EAC which has been confirmed by their twitter account; but they didn’t confirm of it being exploited anywhere.

      My belief is that the people responsible into it hacked these people months ago; as a few months ago the same hacker did attack ImperialHal while on stream with botted zombie accounts that follow him to kill him. On that stream’s highlights all those bots were named (number)destroyer2009fan; which is the same as the person that spammed the chat at the time of the hack.

      This is not an advertisement for cheats. Searching the hacker’s name in cheat forums doesn’t point to any specific program. I suspect that this is openly calling out Respawn to fix their anticheat, which has been a laughing stock.

    • Tarquinn2049@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      8 months ago

      They probably didn’t randomly guess what happened. There would be pretty obvious clues as to how it happened. The network traffic for tournaments like this is monitored. Because they have to be done online. If they had no idea what actually happened, they would have at least been suspicious of the players at first. No matter what messages were playing in chat at the time.

      • ramielrowe@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        8 months ago

        This isn’t a statement from Apex or EAC. The original source for the RCE claim is the “Anti-Cheat Police Department” which appears to just be a twitter community. There is absolutely no way Apex would turn over network traffic logs to a twitter community, who knows what kind of sensitive information could be in that. At best, ACPD is taking the players at their word that the cheats magically showed up on their computers.

    • KairuByte@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      Mmmm I’ve not done any digging, but the likelihood of a large number of streamers all using cheating software and a large number of them literally announcing it and leaving the game is quite slim.

      Think of it this way, assuming they were cheating, the streamers would not want to get caught right? So they would be using cheats that aren’t being broadcast over their streaming software. To then announce “oh no I’m cheating” and quit would be silly, what would be the point of this even joining the tournament at that point? On the other hand, if the cheats were visible on their streams… that seems like a glaring issue a streamer wouldn’t make, never mind a large number of them.

      • Björn Tantau@swg-empire.de
        link
        fedilink
        English
        arrow-up
        0
        ·
        8 months ago

        I think their hypothesis is that the streamers had installed and used cheats outside of the tournament and that the cheat suppliers enabled them remotely to advertise on the big stream.

        • KairuByte@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          8 months ago

          Doubtful. Unless the cheats popped up and said “buy cheats at [cheat website]” then it’s not even really advertising. They’d also be shooting themselves in the foot by showing their cheats are remotely controlled.

          Don’t get me wrong, I absolutely believe it’s possible. But it’s much more likely that a “fuck you” hack was pulled, rather than the majority of streamers all cheating by coincidence.

    • BURN@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      These 2 pros have performed at lan multiple times and the type of cheats used would have been immediately noticed on any stream.

      The hacker (destroyer2009) also gifted in excess of $8k worth of lootboxes to multiple streamers, suggesting that they have access to some remote APIs they shouldn’t.

      On top of that a few months ago there was a widespread issue with top players being targeted in lobbies where they’d drop and then 57 bots would drop and zombie rush, all named the same thing and controlled by some kind of rudimentary script.

      Pretty much everything together has ruled out the possibility of either of the players involved being the ones who are purposefully cheating.

      • ramielrowe@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        8 months ago

        I’m not saying they were purposefully cheating in this or any tournament, and I agree cheating under that context would be totally obvious. But, it is feasible that a pro worried about their stats might be willing to cheat in situations where the stakes are lower outside of tournaments.

        What I also don’t understand is, if this hacker has lobby wide access, why was it only these two people who got compromised? Why wouldn’t the hacker just do the entire lobby? Clearly this hacker loves the clout. Forcing cheats on the entire lobby would certainly be more impressive.

        PS. This is all blatant speculation. From all sides. No one, other than the hacker and hopefully Apex really knows what happened. I am mostly frustrated by ACPD’s immediate fear mongering of a RCE in EAC or Apex based on no concrete evidence.