Slashdot Mirror
Videogame PUBG Bans 30,000 Cheaters, Discovers Professional Players Cheated (newsweek.com)
An anonymous reader quotes Newsweek:
The makers of PUBG sent down the banhammer Thursday afternoon in a ban wave believed to iimpact more than 30,000 fraudulent player accounts. What PUBG Corp likely didn't expect, however, was that its new security measures would also implicate several of the game's pro players.
Like ban waves in most popular online games, technology is at the center of it all. In this particular case, Radar Hacking was the main target. For those unaware of how the method works, Radar Hacks reveal detailed server information and send the collected data to an external device via a third-party VPN. In layman's terms, Radar Hacks allowed PUBG cheaters to see all player positions via a second monitor or smartphone application.... Given what we know now, it appears use of this unsanctioned assistive software was somewhat popular in PUBG's European and North American esports scenes. Over the last handful of hours, multiple apologies, suspensions and explanations have been posted on behalf of players and organizations alike.
Newsweek reports that on at least one team, "Suspicions rose when teammates were admonished for not following in-game calls that didn't align with the information available."
Like ban waves in most popular online games, technology is at the center of it all. In this particular case, Radar Hacking was the main target. For those unaware of how the method works, Radar Hacks reveal detailed server information and send the collected data to an external device via a third-party VPN. In layman's terms, Radar Hacks allowed PUBG cheaters to see all player positions via a second monitor or smartphone application.... Given what we know now, it appears use of this unsanctioned assistive software was somewhat popular in PUBG's European and North American esports scenes. Over the last handful of hours, multiple apologies, suspensions and explanations have been posted on behalf of players and organizations alike.
Newsweek reports that on at least one team, "Suspicions rose when teammates were admonished for not following in-game calls that didn't align with the information available."
The e-sports outfits just need to team up with the professional wrestling leagues. The wrestlers can help them become better entertainers and give them many tips on developing their showmanship.
I'm just learning about this exploit now, so am going to have to do some reading... though wonder if this was done as a server optimization issue where the server doesn't have to do the work of "Can Player_A see Player_B?" based on building geometry, but instead simply distance.
Aside from that, I'm rather surprised that the traffic was so easy to sniff overall. Granted all of the traffic was UDP based... in [Current Year], is it too expensive to have some level of encryption on top of that (block based, not stream)?
Help Brendan pay off his student loans
e-sports events needs to be local server only.
So it's fair and so that internet issues don't mess up the event.
Its much easier server load wise to just tell clients who is within xxx range of player. Let the clients computer hand rest. Sadly it allows for this to happen as they can see everyone within that range. Its one thing to have server do work load in games with say 12-16 players its another thing when tracking 90+ at start of matches.
If a person that is a so called "pro" uses a hack to get an advantage how can still call them a pro then since they had to use a cheat to get the advantage? Too me if you use such program in online play you aren't a pro you are one lowest forms of life on earth, you are lower then likes of rats and cock roaches.
So games can be played around the world using low cost dev code.
When the game knows where people "are" and will "be" lag feels less bad.
Game play feels responsive for all no matter the ping.
The alternative would be new servers needed in all/many nations with extra huge bandwidth costs.
Domestic spying is now "Benign Information Gathering"
Just recently I tried a few rounds of the new Battle Royale mode of the ancient CS:GO FPS shooter.
After you die, as you spectate you can enable "X-Ray" mode that lets you see markers for where other players are, even if out of sight - and it made me wonder if someone could log into with two systems, have the first character die off quickly, then use spectra-view to see if he was looking towards other players.
It didn't seem like other players were doing that (no obvious reaction to x-ray information I could see when spectating) but it sure seemed like a flaw to me to broadcast all player information to anyone.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Interesting, maybe all spectating modes should be given a one minute delayed feed to prevent that kind of info.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Why is this data being broadcast to the client? It's basic game security 101 that you only send the data to the client on a need-to-know basis to prevent this kind of exploit.
Need-to-know includes units, structures, resources, etc currently not visible. Things that a clean player would not know about yet. Due to network lag and local storage delays a server needs to inform the client of things just beyond legitimate detection so that the client can prepare to render those things smoothly should they become visible, without pause or stutter.
So there will always be the potential for a cheater to acquire an illicit early warning regarding things that a player should not yet know about. Yes, a game should not send everything on the map. But some things local to the player should be sent. The big question/problem in design and polish is how local.
PUBG is short for PlayerUnknown's Battlegrounds which "is a last-man-standing shooter being developed with community feedback."
Maybe I'm just old and out of touch but I think this should have been mentioned in the summary somewhere.
Anons need not reply. Questions end with a question mark.
Just because you can't "See" a player, doesn't mean they're undetectable. Footsteps and reloading sounds (for instance) need to be sent to the client to give the player an idea of where a hidden enemy might be, and that data can be hijacked and displayed in a visual manner to give X-Ray like abilities. And while this isn't what was happening in this case (In this case, they were using a second account, logged in through a VPN to hide the duplicate IP, and playing as a spectator, with the spectator data being relayed to an overlay on their playfield) it's another example of how difficult these things can be to detect.
This is Newsweek. Not exactly a tech-heavy publication. So rather than going into the weeds, they kept the article simple for the non technically minded.
... playing pvp Dark Age of Camelot being radar ganked anytime I got into the frontiers. There were multiple windows applications that intercepted network traffic from the game client to parse the player position information in a overlayscreen or secondary monitor.
Just why the hell pubg never acted before is bad as well. They just did not care as long dollars swamped in.
Bach says it all.
I can't tell you how many times I have been sitting silently in a room with no windows in the middle of nowhere on the map only to have a team of dudes open the door and throw in grenades to kill me.
Only way that happens is to be using a cheat device that showed my location to them on the map.
Mike @ The Geek Pub. Let's Make Stuff!
Why does the client need to know where everyone behind walls are? They had this issue literally decades ago with Quake and similar. You got a hacked driver and could see through walls. One card reseller even boasted about it as an official option briefly until blowback made them cancel it.
It also wastes network, a bottleneck for games having truly massive fights.
Just don't send the info. Send shooting data if it goes visible just nothing else beyond a small hysteresis for the client prediction if it looks like the other guy may pop into view.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
TFS quotes Newsweek's Christopher Grough facepalmingly:
The makers of PUBG sent down the banhammer Thursday afternoon ...
<rant>
In today's version of journalism, apparently it's idiots mangling idioms all the way down. We've got "on the wrong tact" nitwits, some random, even number of "sheets to the wind" lunkheads, and now what I'd guess is a recently-graduated journo major who seems eager to add "send down the (varietal)hammer" to the list.
In terms of visiting discipline or punishment on people or organizations, hammers are never "sent down." Ever. They can be brought down. They can be dropped. But, unless they're intended as a gift to be used by the recipient, rather than wielded by an authority against their target, they're never merely "sent," because that would be stupid. And ineffective, at best.
"Hey, you! You've been cheating! Here's a hammer, for you to use as you wish. That should teach you ... !"
</rant>
Check out my novel.
"I am shocked—shocked—to find that gambling is going on in here!" -Captain Louis Renault
Seriously, I'm not even into gaming and I saw this coming from about 500 million miles away.
Offer anything of value -money, fame, notoriety, prizes- and people will cheat. Hell, some people will cheat just because they can, no incentive needed.
Just cruising through this digital world at 33 1/3 rpm...
Interesting, maybe all spectating modes should be given a one minute delayed feed to prevent that kind of info.
The half-life engine had this very option back in 1998.
Stuff like this is why I think games as a stream have a future. Where your game's graphics are rendered by the server, then transmitted to you as a video stream (like a movie). The lag sucks, the graphics aren't as crisp (due to having been compressed), and you need a good (fast and stable) Internet connection. But cheaters are why we can't have good things.
Another reason not to have e-sports, it's just not a very mature industry. What if balls suddenly deflated during a game. Oh wait...
But seriously, like normal sports, e-sports should uphold a certain set of standards. Be independent of the game publishers, create a strict set of standards for equipment, and so on. If PUBG has problems then remove PUBG from the competition.
Right now this is much closer to entertainment than to sports.
It's a great game being developed by an overwhelmed company. These issues? Price you pay for it's indie flair and not being like Call of Duty or Fortnite. It's gotten better and is very enjoyable.
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
And not just PUBG, but most multiplayer online games, period. Pick any multiplayer game and type in it's name followed by "cheats" and/or "hacks" and see how many sites come up. Hell, a lot of them are companies MAKING and SELLING the hacks. It's big business now. I get into arguments on the Overwatch official message board over how much cheating there is going on, only to get told "git gud". I'm not sure if it's because too many people have their heads in the sand over the scope, they just want to troll, and/or they are part of the problem themselves.
And let's not forget that the game makers don't mind because every time they ban an account, the cheater just buys another one, thus increasing their revenue stream. It's getting to where I don't even want to play against humans anymore.
Beware of Sales Reps bearing gifts.
Why is this data being broadcast to the client? It's basic game security 101 that you only send the data to the client on a need-to-know basis to prevent this kind of exploit.
It is because PUBG uses a peer-to-peer networking as opposed to a client-server architecture. It seems a lot of games these days use peer-to-peer which is rather unfortunate as there is no central authority (the server) so clients pretty much know everything about the game world and they can send whatever they want to other clients no matter how bizarre.
Google: "frustum" and enlighten yourself. The graphics engine needs to know the players perspective to decide what to render; that means the rendering engine and graphics card need to know about all entities the player could *possibly* see, in order to decide which ones to render on screen.
This is how "wall hacks" for online games work, by hacking the graphics card to display "non-visible" entities that it has data for.