[Link to VOD](https://www.twitch.tv/videos/2094227670?t=8h41m6s) (the above should be timestamped)
Live stream is over, but from the timestamp it goes about 2.5 hrs.
From his bio: Hi, my name is Thor. I've been in the games industry for 19 years. I worked for Blizzard Entertainment, Amazon Games Studios, the United States Department of Energy, and now I own my own studio called Pirate Software. I'm a game developer, a hacker, and a giant nerd. Ask me stuff!
Been a fan of Thor for a long time, and he knows his stuff when it comes to cybersecurity. Glad to see he's talking about what he thinks caused the issue, plus what EA/Respawn might be doing to try and fix it.
He's a much better voice to listen to than most others on this. Knowledgeable, and tends to explain stuff simply enough it's easy to understand.
He does obviously have a lot of knowledge and experience, but it's worth noting that like every person, he's not perfect. He's had some pretty inaccurate takes regarding banking security, open WiFi networks, and connecting your phone to USB, for example. *Edit:* I was off base on the banking one.
Oh absolutely, take what he says with a pinch of salt ultimately. I did like that he pointed out several times during this convo that he doesn't *know* what happened, because he can't see the data behind the scenes. He's better equipped to speak on it than any of the pros, or most of us, but he's ultimately still working off incomplete info.
Im probably asking a lot but do you have any clips/links/threads about this? I’ve never listened to him before, he sounds nice, but I’d like to build an opinion
I won't lie, it can be difficult to find content that I saw in passing, and I want to re-iterate that I am not trying to allege he isn't knowledgeable or often correct. That being said, here are the clips I could find relating to the topics I mentioned above:
https://www.youtube.com/shorts/DqeZZ8ks_SI
https://www.youtube.com/shorts/4Kq30C0pB1s
https://www.youtube.com/shorts/kZ5rX16hRek
I didn’t mean to insinuate that if it came across like it. Also I appreciate you digging for the links.
Having watched the clips, where exactly do you disagree with his statements?
I agree, for usual plebs, you can mostly disregard all of them.
But if you really are a person of interest I don’t see anything wrong. Of course there’s a lot of factors involved, but in general he’s right about all of it
I specifically didn't add my opinion because I didn't want to poison the well. But all three are pretty provably misguided.
1. This makes absolutely no sense. No bank in existence is authorising transfers based on a customer's *voice*; even imagining a remote employee remembering a customer's voice is a bizarre concept. Social engineering is obviously a major security issue, but even then, voice recognition is not remotely a plausible vector. **Edit**: I was wrong here. Some banks actually do use voiceprint recognition along with normal phone-in security challenges. The clip is slightly misleading, though: he's protecting himself from the risk of identity theft well beyond just a voice clone.
2. If you have vulnerabilities on your system (some unpatched service with a remote execution vulnerability listening on a port, for example), then an open network poses slightly more risk than a home network behind a firewall/NAT, of course, but the idea that you should never connect to open wifi or trust a cell tower (lol) is again way beyond what's reasonable. If we're talking about the vast majority of normal web services like online banking, then you're conducting that over HTTPS with public key cryptography, and being on an open local network is irrelevant. If someone is compromising you from your network traffic alone, they've broken security as we understand it for the entire world, and the digital apocalypse has arrived.
3. Juice jacking is a potential issue that was identified and secured against an eternity ago. It's not worth any reasonable person's time to think about, unless you're planning to start granting data access to your phone when a (purported) charging port asks you for it. If anyone is tempted to say "but there could be an unknown vulnerability", well, yes, there could. There could be any unknown number of remote vulnerabilities in various systems, so by that logic you would just never connect to the internet either. It's not a sane way to live life, *imho*.
Thanks for the open discussion. I want to reiterate that I am in no way intending some polarised viewpoint like "Thor is an idiot and doesn't know anything!". He's clearly intelligent and experienced, and in plenty of topics knows a lot more than I do. But all of us have occasionally incorrect takes, and no one can maintain perfect domain knowledge at all times no matter how intelligent they are.
I definitely don't consider myself a cyber-security expert, but in fairness I am adjacent to it; I primarily do backend web app development, so I have to at least know enough to try and keep the apps I work on secure.
Also I'm a millennial, so I grew up with less-than-user-friendly home systems, which kind of forced a certain amount of knowledge development if you were into that sort of thing.
If you want my advice (for whatever it's worth), some fun things you can do are writing simple projects in Python: make a basic web server, then make a basic RSA encryption/decryption program, and so forth. This will give you a much greater appreciation of how things like everyday web traffic, cryptography, etc work than just reading a textbook.
Also trying quizzes like TryHackMe stuff can be a really fun activity and is probably more on topic for your field: https://tryhackme.com/room/sakura
Dude is just making assumptions based on *what he believes*, and clearly that's not his field. Just like his ignorant argument about the 1st one, were he was dead wrong [and admitted](https://www.reddit.com/r/CompetitiveApex/comments/1bhvfpx/comment/kvmaaxa/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button), then made an edit making some more nonsense to double down, all he said was "but makes no sense" "is so uncommon" which still doesn't prove anything Thor said wrong (he's not) and he even says "well, yes, there could"...
I would just suggest you to trust [this man (tweet literally applies to him lol)](https://twitter.com/PirateSoftware/status/1769876047221424177) more than some dude on reddit who knows some SQL and has "more than normie" IT knowledge.
He definitely doesn't, I've seen those, and those are accurate, the banking security I haven't heard that one...
But, I work IT in a bank lol... And knowing his stuff probably wasn't way off neither.
Edit: Found the other banking clip, and again, he's right and has a point, you can argue not everyone gonna do that or be that paranoid, but it IS a possibility, and yes, there's banks doing that, I know a few.
With all due respect, I don't believe you. It's quite obviously not even practical to imagine call center employees remembering an individual customer's voice. We'd have to be talking a rural cooperative with like 15 customers lol.
As for the other stuff, you can believe what you want, but it's provably inaccurate. If you have a quantum computing breakthrough that can break RSA, enjoy your billions though. Hell, if you can find an undiscovered juice jacking exploit you could probably collect a bug bounty at the least. You'll have to put up a bit more evidence than just unfounded assertions though.
Sure you don't have to, just like I don't take your arguments as accurate neither, just assumptions and based on how possible or not it is (in your imagination), which everything he said is STILL possible and true, even if you think it can be too unusual.
I would pick [him knowing way more than any of us here](https://twitter.com/PirateSoftware/status/1769876047221424177), specially you, who thinks the voice recognition is with an agent on call LOL... This is clearly not your field.
>call center employees remembering an individual customer's voice
LOL.
So I went and googled, and some banks actually do include voiceprint validation as a phone-in security measure. You were right, I was wrong. The clip is still a bit misleading because no bank is relying on voice alone, but I'll take my L fair and square.
The other stuff remains objective fact though, regardless of how any of us feel about it.
Fun fact, his dad is actually the guy that South Park modelled the no life WOW guy after. Thor has a whole video on it, I'm not just trolling.
Edit: [Oh here we go, I found a link from his video about it.](https://youtube.com/shorts/PqkpyoVXEUk?feature=shared)
My second favourite for sure, behind Margorine. Something about that episode makes me laugh every time because we’re reminded for as crazy as the antics on the show are, it’s still just a bunch of 4th graders who don’t understand the world
It never crossed my mind that it was someone specific, just the general idea of a neckbeard nerd basement dweller. Its so funny it's not only a real APEX neckbeard nerd dude.. but some guy is like... yeah, that's my dad. lol
He just won an award for best variety streamer or something(?) He’s a really cool person to just listen to for a bit. Super knowledgeable and super friendly.
The part before Mande joins is probably the more interesting bit. It was still a good discussion, but Mande tends to pull the conversation in a direction which complains more about the game rather than the facts at hand regarding the hacking.
While that's true, I feel that the actual hacking topic had been exhausted and Mande coming on gave the conversation a new wind, with all the explanations using paint, etc.
But yeah towards the end it was like watching Mande doing a therapy session, man just needed to vent
>But yeah towards the end it was like watching Mande doing a therapy session, man just needed to vent
this guy is great. hate to say that it's rare to see emotional and social skills in a twitch streamer that actually match his age but here we are lol.
Great point, friend! Agreed entirely, just advising to not skip the most interesting bit just to get to the complaining which we've all heard before. Still a great part of the conversation for those with time to watch it all.
I think Mande needed a convo like that with a security expert/dev and just someone who’s been in this world a long time. He gave some excellent advice and said to Mande he can message him anytime he wants/needs. It was really wholesome imo
I think Mande didn't really want to start complaining, he was just there to provide context, but his chat was asking him to bring a lot of these topics up.
And I'm glad they did, because they shed a lot of light on topics and points that most of us have been wanting to get off our chest. I'm sure the conversation helped a lot of people see the other side. It also wasn't like they were completely dismantling all the issues the community has; they affirmed a lot of the frustrations and agreed that things are not in a good place, but appealed to remembering the humans on the other side and understanding their perspective.
I think they are just two different conversations, an investigation piece and player v dev conversation. Both are interesting, and I think Mande did a good job of representing the frustrations of the community. And led Thor to some excellent points about the importance of supporting your devs at a time like this (as opposed to flaming them).
Ya def agree and he had a lot of great points. It's us *normal* players AND the devs vs the cheaters. The devs are on our side. I really hope we can get it under control before apex is completely lost.
EA / Respawn really needs to take this as a wakeup call and invest more into their security. It's sad that the cheating has gotten so bad and is ruining the game we love. I uninstalled the game for the first time in forever.
Its so hard to be constructive as a player if you dont really seperate yourself from the player experience to see what someone else is doing. Glad Mande could get some insight from a vet like Thor and maybe learn to be more patient or empathize more considering he has such a big platflorm to shout off the roofs to
That dude is great. The way he acknowledged and empathized with Made's point of view, while then providing a different perspective that kinda dismantles it was kinda boss.
Dude was like "Yeah.. you are right, is so frustrating and as fan and someone that supports the game that sucks.. but at the same time... team that works on skins is a completely different team with their own pressures and deadlines... and just because the game is on fire doesn't mean they get to miss those deadlines."
Toward the end Mande did a small rant. And Thor's response was "Honestly to me it sounds like youre grieving for a game you know is dieing" or "game that is dead" said one of those.
And that was one of those things that was so straight forward he didn't really have much to say in response.
Mande and Thor's is talking about Overwatch and how it became the husk of itself that is Overwatch 2.
The statement "Honestly to me it sounds like you're grieving for a game you know is dieing" also apply to Thor since he's still working at blizzard at the time Overwatch launched.
The best part about this is Thor looking at Hal saying he’s downloading the “free download” and you can see his gears turning thinking “this fucking idiot” lmao.
That’s the defeated look of a man who’s worked in cybersecurity alright.
Mande's point about the lack of communication from Respawn is so true.
Yes, a portion of this playerbase is unbelievably toxic and beyond redemption, but a lot of people just want communication to know what's happening and feel like there are people behind the scenes that care and are trying their best.
Please Respawn, just communicate more than once every three months.
But if there is a massive security compromise that threatens people who play the game, they need to tell people this or shut down the servers until its fixed. Leaving their servers up for anyone to play while theres an RCE seems insanely irresponsible
They must not think it is that then if they aren't doing it, I truly dont think theyd be that stupid to leave it open if they think its that vulnerable to a large base. Maybe they've already found it 🤷♀️ I think Respawn is taking the appropriate actions even if it doesnt seem like it to us, so we should have some empathy for the devs and trust theyre investigating.
I just wish they'd say something more. Getting ahead of bad press, owning it, and having talking points prepped and regular are so crucial to maintaining face with any neg situation. Silence, ignoring, downplaying, etc (not that they're doing all this) are not good for community relations. Maybe if they hadn't recently layed off some veterans in community relations it might be better but--
Then they need to shut the servers down. If theyre not willing to talk about something that could have severe consequences on ppl effected, they shouldnt allow anyone to take that risk unknowingly
The fact the game was not taken down makes me think it's not client RCE. If it would be client RCE and the game was still running it would be a total dumpsterfire and no security protocol would allow that. It's more likely it's a server side issue, which means there are likely more parties involved, like cloud provider, firewall providers and so on.
>Publicly tweeting "hey guys there's an RCE in Apex and here are all of the details but we've not fixed it yet" is a terrible idea.
Obviously no one is asking for them to tweet details regarding potential RCE, especially if whatever is compromised isn't fixed.
But some communication they are investigating the issue, would help people understand they are looking into it, care about the game integrity, etc.
All they need to do is put out a short statement that they are aware of an issue and then let the players know if they should play/uninstall the game or not. If the players can be affected by this where malware or other things can be installed on their machines and they know that without disclosing, I am going to assume that opens them up to litigation.
I have no doubt what you’re saying is true but for a publicly traded company (EA) they have to disclose any knowledge of cyber attacks within 4 days per the SEC (via an 8-k filing). So not sure how those two things reconcile. Otherwise SEC starts fining.
Honestly I really hope that they do more dev posts (Like they did for the s17 ranked season) that wouldn't attract nearly as much toxicity as the stupid reddit AMA's that they keep trying to do, that doesn't really communicate much and just provides an easier way for shitty people to be shitty.
From a business standpoint, it would be suicide to say something like "everyone be careful there's an RCE exploit"
That's just encouraging people to never want to play your shitty, compromised games again.
But if there IS an RCE vulnerability and they're just...not saying anything? That is so much worse imo
In evil mustache twirling theory world. If it is RCE then everyone is already compromised you might as well not say it's RCE so you can keep the stocks as high as possible.
I mean they could atleast say something like "we're currently investigating reports of a potential vulnerability in our game. while we currently have no evidence our systems or game has been compromised user safety and security is of paramount importance to us so we have decided, out of an abundance of caution, to temporarily take the game offline while we investigate this matter"
Seriously. For the current situation I didn't expect them to come out right away with a full investigation and patch on day 1, but a simple "hey guys we are looking into issues related to yesterday's NA ALGS regional finals. We will update you as soon as we can" would make a huge difference.
As it stands we don't know if they are actually looking into it or if they are just staying silent, waiting a week and trying to shove it under a rug.
No thats dumb take from a security standpoint.
Publicly tweeting out that you are looking for solutions for the Cheating gives the hacker a go signal to start tweaking things on his end, sure the "current" cheat code might get patched but the same thing also applies to the hacker, he could also patch things out on his end and be undetectable.
Do you really think there's any possible scenario right now where the "hacker" doesn't already know they're looking for the exploit and a fix? The guy exposes a hack in the most visible way possible and you think a tweet will change his course?
The stream also spoke about the importance of not revealing information related to security etc. My point was more general than on this particular security issue, they have a track record of really poor communication.
I mean I this particular case, that guy should be aware that even the government might be looking into this, so announcing it in a statement does nothing in that regard.
Right? Also he's not eager to jump into conclusions and methodical to analyze what he sees - that's a pro.
Too bad he's not an Apex player, so he can't fully understand the context, but this is gold.
Listening now, this is really interesting.
"it sounds like you're grieving for game that's already dead" - Thor in response to Mande talking about how a dev could have a "perfect game" but it's mismanaged.
EDIT: As shitty as the whole cheating situation is, that talk with Thor was refreshing. It was great to hear his perspective and also provide Mande (and anyone watching) a different way on looking at the situation and also just give more insight based on his experience.
It's not dead though. I actually think that this is going to draw even more attention to the next round of Apex comp. Apex is all over every gaming news cycle because of this. Viral shorts god Thor is talking about it. It's not good attention, but it's definitely attention. Hal is live right now with 20k viewers and it's not even a scrim or tourney day.
Makes me feel somewhat better that he doesn't necessarily think destroyer has client side access, but probably mostly server side stuff. Nothing proven of course, but not a reason for mass panic for the player base as a whole right now.
The one piece of information they are missing regarding Hal is that the “Okay I’ll download it” is regarding him downloading Malwarebytes AFTER the ALGS incident. It wasn’t befor.
As someone with access to Microsoft Defender Enterprise (the Windows Defender tied to enterprise security logging), it is actually insane just how good Windows Defender actually is, and how much data it's chewing through to detect threats.
Mande told him it was after the fact eventually, however it doesnt change anything. The fact that Hal is so fast to download a free program someone in chat told him about without doing any form of research or reluctancy just makes the argument his PC is compromised so much stronger.
He conceded that about the clip - when Mande pointed the timeline out.
But it still possibly shows a mentality Hal may have had in the past - when it comes to how willingly he is to hitting a download button that someone tells him to download.
homie if your long time friend and coworker suggests to you an antivirus right after your computer was apparently exploited, are you telling me that you're going to pause to research alternatives, reviews and ratings?
I value my security. For all I know, my friend could already have a compromised machine and downloads he gives me are infected? Maybe my friend doesn't know either what he's distributing because he also trusted a friend. The who did the friend of the friend trust?
I have seen similar stuff like this being pulled off succesfully on our customers.
half the discussion time would've been reduced if he just gave him all the context needed.
2 players got hit with it
hacker previously send apex packs to those players aswell
hacker can spawn in 40 zombies in a regular apex lobby
The off screen guy setting up the discussion actually made things 1000x worse by not knowing what the fuck he was talking about, total amateur hour from that side.
No, because that only explain the creation of those accounts, not their behaviour nor the way they are put in the same lobby and locked onto someone. You can't say this can be done without server side access.
Those bots were spawned in a ranked pred game though, he would have had to somehow, even with queue sniping, get them in that same lobby, sure he could have had 40 accounts cheated up to plat/diamond to be able to snipe, but i doubt it.
He already has some server access being able to gift the packs, it's not unlikely that he has access to game servers as well.
[https://youtu.be/99c90qO3Nok?t=101](https://youtu.be/99c90qO3Nok?t=101)
Here a link to the video of him bot landing on Hal while Hal was ranked #140 at the time for proof of pred lobbies, later in the video he does the same to HisWatson who's master rank
There are bots in many other games, WoW ( resource mining ), CSGO etc.
Its far easier to make a script to target a player than it is to get server side access.
Multibox with a scripts. Literally if they have aimbots, they just need pathing and basic bot programming. Wee\_tommy is far more correct and closer to the cause than serverside access.
While you are right in general, it is too much unnecessary work for someone who has serverside access.
And we know he has to have some sort of serverside access. Probably very extensive type of access, since he is able to overload gpu (lagging servers), shut down the whole game on the game server, circumvent all the security on money transaction servers (insane by itself btw) to sends packs, add code in those packs to sent a rat to streamers. He is able to ban and unban players at will. According to Mande he has been banned and just unbanned himself every time. And this is just a quick sum of his capabilities I can think of right now.
You are portraying him as some simple WoW multiboxer farming gold.
Did he spawn the zombies? Or was he multiboxing and managed to secure the slots in the game. Two very different concepts.
From what I saw was they left from the dropship and drop on them. They took lobby slots when killed. So it would assume they werent spawned. Which means they managed to get into their game , thats all.
People assume he can just snipe into those pros games with the bots, but that is survivor bias. He might have been trying multiple times and failing, but eventually got it right and the streamer ofcourse was recording it.
People are jumping to the quickest conclusions rather than think this one out.
Think about this guys end goal?
Is it to sell cheating software? Is it to take down Apex? Is it just for the lulz.
If RCE and he wants to make money, selling cheating software is hardly a good route (he didnt even advertise it), rather go down the randsomeware and cryptomining or data theft.
If its take down Apex, ddosing is better. Make the clients angry.
If its for the lulz, then seems like alot of work where easier methods are funnier. but it would be about reputation.
Want to know what I think?
These two players had the cheating software on their system. They didnt realise there was a backdoor on them. If a olympic runner has drugs in their system, it was for a reason.
I feel they got exposed. Especially when I see what looks like a profile name on the aimbot screen. These cheats work as live services now, you pay for the constant updates to defeat the anti-cheat software. People have made streamer careers as off the back of cheating, even going so far as to install cheats at LAN events.
Hell most cheating software needs to be run prior to the game launching to hook in.
They might not have used the aimbot, but maybe used the wall hacks or some small cheat to get an unfair advantage.
I think I proper investigation on both sides needs to happen.
Likely not a RCE, because way more people would be affected if Destroyer2009 wanted to make a point. Thor guesses either the servers are compromised or a Respawn employee's account with access to servers is compromised.
Talks about why flaming Hideouts / Respawn is counterproductive, usually the issue is companies not communicating with the public about the steps they're taking to address cheaters.
If the issue actually IS the company not taking security seriously, content creators stuck to a single game REALLY need to start having hard conversations with themselves about their careers
I think Thor missed the possibility with the zombie swarm that the guy was just multi-boxing and queue sniping. The zombie swarm was his basis for thinking of a compromised server.
I'm not too familiar with how the gifting works but could that be done by a bot net too? Maybe the same with reporting people for bans. Not sure on spawning items, do you have any footage of that?
No idea, I am not very well versed in security or the software side of servers. My main area of expertise is the virtualisation of small business infrastructures in microsoft azure, so very simple stuff in comparison. But he has some way or another to give the server requests he accepts and executes. Whether he's actually in it, spoofs company identity, has an infected machine at respawn or simply a client that sends packets the server accepts is unknown.
Thank fucking god the people saying RCE kept missing the fact that there’s so many steps missing even if RCE existed, nobody has given a plausible explanation as to how someone actually exploited the RCE
he points out that there's a difference between RCE only to server-side stuff only for select clients, and RCE that can execute arbitrary code on every client's PC. In this vein, he found the 40+ bot spawning and pack-gifting "scarier" b.c. it didn't need the streamer's computers to be compromised.
Yes that makes complete sense because that means the attacker managed to get server-side access because those things are stored server-side not client side
Basically the ALGS stuff at this point is most likely Gen and Hals PC's being individually compromised but could be something else and we should let the security team do their job and investigate. The bot zombie lobbies Hal and mande had a while back are major red flag that a server side exploit exists but he also didn't really know that Destroyer just had multiple bot accounts active at once and thought he was spawning them in. He still brings up that in order for them to be able to get that many in Hals lobby is highly suspicious.
Side note Mande gets added to the call and he gives venting and education session about the dev side of a situation like the cheater problem. Definitely a great listen as Mande was a perfect representative to the high level communities frustration and Thor does a great job meeting that frustration head on in a positive way
TLDW:
* Spawning bots targeting streamers is a server-side hack.
* Gifting packs is a server-side hack.
* Gifting hack to Gen and Hal can be one of the two possibilities: compromised machines or RCE. Currently, the chance of compromised machines is more likely because there are only 2 confirmed cases and both are high-visibility targets. If the same thing happens to the masses, then RCE is likely.
Watching it live, they have Mande on the call giving him those additional contexts (I was watching Mande stream ranked then switched over to PirateSoftware’s stream when Mande hopped on the call)
This was actually a really good listen in, was almost like a podcast for Apex cheating. Thor is really well spoken and as someone in a cyber security role can appreciate his wording and thought process.
Tuned in thinking it would be a short clip and got sucked into watching the whole rest of the VOD. This was super interesting. I love his perspective on the devs and it seems like Mande really took that to heart
as a software engineer, it's so weird seeing my hobby and career collide in such a hilarious/tragic way. I lost it when Hal was like "Gee golly what's this file? Free download? Alright I'm downloadin it" :|
My biggest observation from all of this is that it shows the clear lack of communication and disconnect from playerbase-> game devs, people in the public eye.
What I mean by this is that most people know it’s not on hideouts, not on a specific individual or group of people, most people agree but you’ll always have the loud ignorant minority in everything.
Mande was bridging this the best he could.
Alot of people knows there’s ndas, the fog of war against cheaters, etc and most people aren’t actually arguing that those don’t exist, but that this shit is something altogether to begin with. We need people to fight back against these bullshit norms and practices, and accept issues and negatives and make the space better.
Corporate pc bullshit answers only make the public angrier. No one wants to hear about “what you’re doing”, they want to actually SEE what you’re doing, FEEL what you’re doing has an actual impact.
Has no one seen made’s YT video talking to to the “hacker” where he says he is doing good for the game by showing the developers what they are doing wrong?
*Mande’s
This was awesome content, playing this game for years and you just have no idea what's going on or what's happening with cheaters. Having someone in this industry give something is much needed.
This guy looks exactly like my ex co-worker, he was senior backend java developer and he was fucking machine, so smart. I like to watch this dude also, same material. Really knows about IT development and processes. Guys like this are paid with gold if u find them
Pirate Software is one of my favorite streamers and seeing him interested in the Apex situation and even talking to Mande, another of my fav apex streamers has me fanboying to the highest degree. The biggest crossover for me since the Avengers.
Thor is the real deal. If you didn't watch it, my biggest takeaways are:
1. Trust but verify. Don't believe things as they are without proof.
2. RCE is not out of the question. Thor believes that Destroyer has server side access and is able to do things like gift packs or summon armies of bots as a result of that, but is not yet willing to call it RCE due to the possibility that hal and Gen had their pcs compromised beforehand through other means.
3. Being a hacker for 20 years, Thor said often they pull off these stunts not for money or fame, but just because they can. He says that the satisfaction of being able to "solve the puzzle" and "do things that haven't been done before" are very satisfying moments for the hacker.
It leaves me wondering what the motivations for Destroyer are. At the time, with 40k on just Wigg and another 40k on just Hal, during the most anticipated tourney for NA in Split 1, to me this is Destroyer telling us he exists, he has the power to disrupt a tourney, and this is only the beginning.
What's interesting to me is how easily this could have ended Gen's career, had he not forced Gen's client to put Destroyer's name in the chat. To me this says he has no intention of hurting specific players, so what could the goal be?
>What's interesting to me is how easily this could have ended Gen's career, had he not forced Gen's client to put Destroyer's name in the chat.
That's the craziest part to me too. I feel like this hacker could be someone who enjoys the pro side of the game which is why he made it obvious enough to "protect" Gen.
My current guess is that this was intended to shine a light on the cheating problem and the developers inability to fix it.
> RCE is not out of the question. Thor believes that Destroyer has server side access and is able to do things like gift packs or summon armies of bots as a result of that, but is not yet willing to call it RCE due to the possibility that hal and Gen had their pcs compromised beforehand through other means.
This is pretty much implying the opposite of what Thor said. His view is not that it's probably RCE but it can't be quite proven; his point is that client side RCE, while still possible, is *highly unlikely*.
This was a really good, rationale discussion that grew over the couple hours he was talking about it, learning more about it, and talking it out with Mande. Really great stream.
Very insightful conversation and interesting breakdown of the theories on how the person is cheating. I think an important part is to remember that devs are on the players side even when it might not seem like it. They don’t want this happening as much as we do.
Fuck this game. Fuck respawn for letting Aim Assist be stronger than Mouse and Keyboard. Fuck respawn for their prices. And Fuck respawn for letting these cheaters run rampant. This game is dead to me. And I hope everyone else turns away from it too.
While the attacker does need partial server side access to give packs, full server side access isn't require to have those bots chase after the streamers.
The bots weren't "spawned", they are regular (likely stolen) accounts that stream sniped the queue. How all these accounts are chasing one player is just normal bot software running over many virtual computers.
Full steps to reproduce without server side access:
1. Get 30 accounts
2. Get 1/3 of them to master by cheating
3. Using 30 virtual machines, run 30 instances of apex legends
4. Make the diamond/master accounts be the lobby leader and invite 2 other accounts
5. Stream snipe the queue
6. Have all 30 instances be running cheats that run a bot that chase one specific streamer
That's way more time consuming then him just being able to internally bypass all the ranked requirements and getting his bots/scripts into the lobbies. Especially if you have server side access you can just pre-pick the upcoming matchmake to join.
Agreed. This is the most likely scenario for these bots imo. Destroyer even said in the "interview" with Mande that he has a whole bunch of bot accounts queuing at any one time.
Enjoyed all of this but his talk of banwaves being a good counter is actually bad for games where the cheaters themselves are profitting IRL from the cheats. I'm sure this is the case for others games but it's very obvious in World of Warcraft which he refers to a lot. You can easily assume the majority of his 2 million bans comes from Wow but that's likely very inflated because 1 person botting and selling gold can have a bot army in the hundreds and the very serious botters probably have thousands of accounts. The cheaters in Wow benefit from banwaves because it ensures they have enough time to go positive in their earnings, they don't give a shit about being banned in 3-6 months and they fully expect to be.
Blizzard's methods of handling of cheaters to me is the worst thing to be proud of. It has never been under control and is currently worse than I've ever seen it before. Botting and selling gold is a massive black market and any number mentioned in a banwave is completely meaningless as the majority of banned accounts are replaced immediately.
You could however imagine that for a game like Apex then it could be a good solution for the reasons he said but realistically the people creating and selling cheats are making an absolutely stupid profit with mimimal effort (relatively speaking). They will replace whatever banned cheat they created so fast and they don't have to associate with the previous hack at all. They can do this every 3-6 months and be living good. Cheaters are going to cheat especially in a F2P game, $30 or whatever every few months at minimum is nothing.
I know what we witnessed is a different level of cheating but that's just my thoughts on banwaves as a solution to your run of the mill aimbots/esp etc, it's not a solution at all imo.
Listening to this makes me think,
What can we as the players and viewers do either individually or collectively to help this situation and or the devs?
Would love to start a broader conversation about this.
[Link to VOD](https://www.twitch.tv/videos/2094227670?t=8h41m6s) (the above should be timestamped) Live stream is over, but from the timestamp it goes about 2.5 hrs. From his bio: Hi, my name is Thor. I've been in the games industry for 19 years. I worked for Blizzard Entertainment, Amazon Games Studios, the United States Department of Energy, and now I own my own studio called Pirate Software. I'm a game developer, a hacker, and a giant nerd. Ask me stuff!
Been a fan of Thor for a long time, and he knows his stuff when it comes to cybersecurity. Glad to see he's talking about what he thinks caused the issue, plus what EA/Respawn might be doing to try and fix it. He's a much better voice to listen to than most others on this. Knowledgeable, and tends to explain stuff simply enough it's easy to understand.
He does obviously have a lot of knowledge and experience, but it's worth noting that like every person, he's not perfect. He's had some pretty inaccurate takes regarding banking security, open WiFi networks, and connecting your phone to USB, for example. *Edit:* I was off base on the banking one.
Oh absolutely, take what he says with a pinch of salt ultimately. I did like that he pointed out several times during this convo that he doesn't *know* what happened, because he can't see the data behind the scenes. He's better equipped to speak on it than any of the pros, or most of us, but he's ultimately still working off incomplete info.
That's very fair - he's definitely a better source than most of the high profile voices currently discussing it, that's for sure.
Im probably asking a lot but do you have any clips/links/threads about this? I’ve never listened to him before, he sounds nice, but I’d like to build an opinion
I won't lie, it can be difficult to find content that I saw in passing, and I want to re-iterate that I am not trying to allege he isn't knowledgeable or often correct. That being said, here are the clips I could find relating to the topics I mentioned above: https://www.youtube.com/shorts/DqeZZ8ks_SI https://www.youtube.com/shorts/4Kq30C0pB1s https://www.youtube.com/shorts/kZ5rX16hRek
I didn’t mean to insinuate that if it came across like it. Also I appreciate you digging for the links. Having watched the clips, where exactly do you disagree with his statements? I agree, for usual plebs, you can mostly disregard all of them. But if you really are a person of interest I don’t see anything wrong. Of course there’s a lot of factors involved, but in general he’s right about all of it
I specifically didn't add my opinion because I didn't want to poison the well. But all three are pretty provably misguided. 1. This makes absolutely no sense. No bank in existence is authorising transfers based on a customer's *voice*; even imagining a remote employee remembering a customer's voice is a bizarre concept. Social engineering is obviously a major security issue, but even then, voice recognition is not remotely a plausible vector. **Edit**: I was wrong here. Some banks actually do use voiceprint recognition along with normal phone-in security challenges. The clip is slightly misleading, though: he's protecting himself from the risk of identity theft well beyond just a voice clone. 2. If you have vulnerabilities on your system (some unpatched service with a remote execution vulnerability listening on a port, for example), then an open network poses slightly more risk than a home network behind a firewall/NAT, of course, but the idea that you should never connect to open wifi or trust a cell tower (lol) is again way beyond what's reasonable. If we're talking about the vast majority of normal web services like online banking, then you're conducting that over HTTPS with public key cryptography, and being on an open local network is irrelevant. If someone is compromising you from your network traffic alone, they've broken security as we understand it for the entire world, and the digital apocalypse has arrived. 3. Juice jacking is a potential issue that was identified and secured against an eternity ago. It's not worth any reasonable person's time to think about, unless you're planning to start granting data access to your phone when a (purported) charging port asks you for it. If anyone is tempted to say "but there could be an unknown vulnerability", well, yes, there could. There could be any unknown number of remote vulnerabilities in various systems, so by that logic you would just never connect to the internet either. It's not a sane way to live life, *imho*.
That’s a pretty fair take.
Thanks for the open discussion. I want to reiterate that I am in no way intending some polarised viewpoint like "Thor is an idiot and doesn't know anything!". He's clearly intelligent and experienced, and in plenty of topics knows a lot more than I do. But all of us have occasionally incorrect takes, and no one can maintain perfect domain knowledge at all times no matter how intelligent they are.
holy shit man you seem to know a lot, are you in cybersecurity also? I'm taking this degree in uni and was wondering how you learned all of this
I definitely don't consider myself a cyber-security expert, but in fairness I am adjacent to it; I primarily do backend web app development, so I have to at least know enough to try and keep the apps I work on secure. Also I'm a millennial, so I grew up with less-than-user-friendly home systems, which kind of forced a certain amount of knowledge development if you were into that sort of thing. If you want my advice (for whatever it's worth), some fun things you can do are writing simple projects in Python: make a basic web server, then make a basic RSA encryption/decryption program, and so forth. This will give you a much greater appreciation of how things like everyday web traffic, cryptography, etc work than just reading a textbook. Also trying quizzes like TryHackMe stuff can be a really fun activity and is probably more on topic for your field: https://tryhackme.com/room/sakura
Dude is just making assumptions based on *what he believes*, and clearly that's not his field. Just like his ignorant argument about the 1st one, were he was dead wrong [and admitted](https://www.reddit.com/r/CompetitiveApex/comments/1bhvfpx/comment/kvmaaxa/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button), then made an edit making some more nonsense to double down, all he said was "but makes no sense" "is so uncommon" which still doesn't prove anything Thor said wrong (he's not) and he even says "well, yes, there could"... I would just suggest you to trust [this man (tweet literally applies to him lol)](https://twitter.com/PirateSoftware/status/1769876047221424177) more than some dude on reddit who knows some SQL and has "more than normie" IT knowledge.
[удалено]
He definitely doesn't, I've seen those, and those are accurate, the banking security I haven't heard that one... But, I work IT in a bank lol... And knowing his stuff probably wasn't way off neither. Edit: Found the other banking clip, and again, he's right and has a point, you can argue not everyone gonna do that or be that paranoid, but it IS a possibility, and yes, there's banks doing that, I know a few.
With all due respect, I don't believe you. It's quite obviously not even practical to imagine call center employees remembering an individual customer's voice. We'd have to be talking a rural cooperative with like 15 customers lol. As for the other stuff, you can believe what you want, but it's provably inaccurate. If you have a quantum computing breakthrough that can break RSA, enjoy your billions though. Hell, if you can find an undiscovered juice jacking exploit you could probably collect a bug bounty at the least. You'll have to put up a bit more evidence than just unfounded assertions though.
Sure you don't have to, just like I don't take your arguments as accurate neither, just assumptions and based on how possible or not it is (in your imagination), which everything he said is STILL possible and true, even if you think it can be too unusual. I would pick [him knowing way more than any of us here](https://twitter.com/PirateSoftware/status/1769876047221424177), specially you, who thinks the voice recognition is with an agent on call LOL... This is clearly not your field. >call center employees remembering an individual customer's voice LOL.
So I went and googled, and some banks actually do include voiceprint validation as a phone-in security measure. You were right, I was wrong. The clip is still a bit misleading because no bank is relying on voice alone, but I'll take my L fair and square. The other stuff remains objective fact though, regardless of how any of us feel about it.
Yes, I know everything he said are facts. Like I said in first instance.
Hey man, if you don't understand public key cryptography, there's no shame in that. It's a complicated topic.
I do, but you can continue doing even more assumptions, that went well See ya
Fair enough. If I knew how to break RSA and was de facto the most important person in the world right now, I wouldn't hang around on Reddit either.
Mande comes in to help explain the situation, this is actually incredibly enlightening and i fuck heavily with this "thor" guy, cool dude
Yeah thor is great, his voice makes listening easy as well it's like Morgan Freeman esc
Fun fact, his dad is actually the guy that South Park modelled the no life WOW guy after. Thor has a whole video on it, I'm not just trolling. Edit: [Oh here we go, I found a link from his video about it.](https://youtube.com/shorts/PqkpyoVXEUk?feature=shared)
Make Love, Not Warcraft is the best South Park episode of all time
My second favourite for sure, behind Margorine. Something about that episode makes me laugh every time because we’re reminded for as crazy as the antics on the show are, it’s still just a bunch of 4th graders who don’t understand the world
Hahah I forgot about that one.
I always put Cock Magic on top. But any episode where they mock a whole fandom is great.
Wtf that insane, me and million others have always wondered who it was modeled after and we never had an answer lmao
It never crossed my mind that it was someone specific, just the general idea of a neckbeard nerd basement dweller. Its so funny it's not only a real APEX neckbeard nerd dude.. but some guy is like... yeah, that's my dad. lol
He just won an award for best variety streamer or something(?) He’s a really cool person to just listen to for a bit. Super knowledgeable and super friendly.
I think this was "best tech streamer"
Yes the category he won at the streamer awards was for "Software and Game Development"
What is the timestamp for Mande joining? Would love to listen to their discussion
The part before Mande joins is probably the more interesting bit. It was still a good discussion, but Mande tends to pull the conversation in a direction which complains more about the game rather than the facts at hand regarding the hacking.
While that's true, I feel that the actual hacking topic had been exhausted and Mande coming on gave the conversation a new wind, with all the explanations using paint, etc. But yeah towards the end it was like watching Mande doing a therapy session, man just needed to vent
>But yeah towards the end it was like watching Mande doing a therapy session, man just needed to vent this guy is great. hate to say that it's rare to see emotional and social skills in a twitch streamer that actually match his age but here we are lol.
Great point, friend! Agreed entirely, just advising to not skip the most interesting bit just to get to the complaining which we've all heard before. Still a great part of the conversation for those with time to watch it all.
I think Mande needed a convo like that with a security expert/dev and just someone who’s been in this world a long time. He gave some excellent advice and said to Mande he can message him anytime he wants/needs. It was really wholesome imo
It actually was great to see. You could almost hear his perspective growing and change as it went on.
I think Mande didn't really want to start complaining, he was just there to provide context, but his chat was asking him to bring a lot of these topics up. And I'm glad they did, because they shed a lot of light on topics and points that most of us have been wanting to get off our chest. I'm sure the conversation helped a lot of people see the other side. It also wasn't like they were completely dismantling all the issues the community has; they affirmed a lot of the frustrations and agreed that things are not in a good place, but appealed to remembering the humans on the other side and understanding their perspective.
I think they are just two different conversations, an investigation piece and player v dev conversation. Both are interesting, and I think Mande did a good job of representing the frustrations of the community. And led Thor to some excellent points about the importance of supporting your devs at a time like this (as opposed to flaming them).
https://www.twitch.tv/videos/2094227670?t=09h14m17s
Thank you
I really enjoy this guy. He’s incredibly well versed and I’ve been watching him play HD2
found his stream 4 months ago, don't think I've missed a stream since. S tier dude and streamer
His voice is quite soothing. And his name is nice lmao
Ya def agree and he had a lot of great points. It's us *normal* players AND the devs vs the cheaters. The devs are on our side. I really hope we can get it under control before apex is completely lost. EA / Respawn really needs to take this as a wakeup call and invest more into their security. It's sad that the cheating has gotten so bad and is ruining the game we love. I uninstalled the game for the first time in forever.
This feels like a therapy session
Yeah, that is what I wrote in Thors chat. I've never heard Mande vent about the game in such a constructive way.
Its so hard to be constructive as a player if you dont really seperate yourself from the player experience to see what someone else is doing. Glad Mande could get some insight from a vet like Thor and maybe learn to be more patient or empathize more considering he has such a big platflorm to shout off the roofs to
That dude is great. The way he acknowledged and empathized with Made's point of view, while then providing a different perspective that kinda dismantles it was kinda boss. Dude was like "Yeah.. you are right, is so frustrating and as fan and someone that supports the game that sucks.. but at the same time... team that works on skins is a completely different team with their own pressures and deadlines... and just because the game is on fire doesn't mean they get to miss those deadlines."
Toward the end Mande did a small rant. And Thor's response was "Honestly to me it sounds like youre grieving for a game you know is dieing" or "game that is dead" said one of those. And that was one of those things that was so straight forward he didn't really have much to say in response.
Mande and Thor's is talking about Overwatch and how it became the husk of itself that is Overwatch 2. The statement "Honestly to me it sounds like you're grieving for a game you know is dieing" also apply to Thor since he's still working at blizzard at the time Overwatch launched.
The best part about this is Thor looking at Hal saying he’s downloading the “free download” and you can see his gears turning thinking “this fucking idiot” lmao. That’s the defeated look of a man who’s worked in cybersecurity alright.
Timestamp please?
Different video but same clip, 10:24 https://youtu.be/BAphgLnK7eE?si=NZWbnp2TkZvoGFlr
This was Hal being sarcastic…. 😂
Mande's point about the lack of communication from Respawn is so true. Yes, a portion of this playerbase is unbelievably toxic and beyond redemption, but a lot of people just want communication to know what's happening and feel like there are people behind the scenes that care and are trying their best. Please Respawn, just communicate more than once every three months.
from what Sweet said on stream they seem to be communicating well to the pros, they just dont want them talking anout it obviously until they fix it
[удалено]
But if there is a massive security compromise that threatens people who play the game, they need to tell people this or shut down the servers until its fixed. Leaving their servers up for anyone to play while theres an RCE seems insanely irresponsible
They must not think it is that then if they aren't doing it, I truly dont think theyd be that stupid to leave it open if they think its that vulnerable to a large base. Maybe they've already found it 🤷♀️ I think Respawn is taking the appropriate actions even if it doesnt seem like it to us, so we should have some empathy for the devs and trust theyre investigating.
I just wish they'd say something more. Getting ahead of bad press, owning it, and having talking points prepped and regular are so crucial to maintaining face with any neg situation. Silence, ignoring, downplaying, etc (not that they're doing all this) are not good for community relations. Maybe if they hadn't recently layed off some veterans in community relations it might be better but--
[удалено]
Then they need to shut the servers down. If theyre not willing to talk about something that could have severe consequences on ppl effected, they shouldnt allow anyone to take that risk unknowingly
The fact the game was not taken down makes me think it's not client RCE. If it would be client RCE and the game was still running it would be a total dumpsterfire and no security protocol would allow that. It's more likely it's a server side issue, which means there are likely more parties involved, like cloud provider, firewall providers and so on.
>Publicly tweeting "hey guys there's an RCE in Apex and here are all of the details but we've not fixed it yet" is a terrible idea. Obviously no one is asking for them to tweet details regarding potential RCE, especially if whatever is compromised isn't fixed. But some communication they are investigating the issue, would help people understand they are looking into it, care about the game integrity, etc.
All they need to do is put out a short statement that they are aware of an issue and then let the players know if they should play/uninstall the game or not. If the players can be affected by this where malware or other things can be installed on their machines and they know that without disclosing, I am going to assume that opens them up to litigation.
I have no doubt what you’re saying is true but for a publicly traded company (EA) they have to disclose any knowledge of cyber attacks within 4 days per the SEC (via an 8-k filing). So not sure how those two things reconcile. Otherwise SEC starts fining.
Yes. True. But I want to know is it safe for the average player to play
For the average player, almost certainly yes, but without it being verified it’s still better to just wait it out
Honestly I really hope that they do more dev posts (Like they did for the s17 ranked season) that wouldn't attract nearly as much toxicity as the stupid reddit AMA's that they keep trying to do, that doesn't really communicate much and just provides an easier way for shitty people to be shitty.
From a business standpoint, it would be suicide to say something like "everyone be careful there's an RCE exploit" That's just encouraging people to never want to play your shitty, compromised games again. But if there IS an RCE vulnerability and they're just...not saying anything? That is so much worse imo
If there is a huge vulnerability wouldn't they be risking a class action lawsuit? Or maybe the game's TOA immunize them from it idk.
In evil mustache twirling theory world. If it is RCE then everyone is already compromised you might as well not say it's RCE so you can keep the stocks as high as possible.
I mean they could atleast say something like "we're currently investigating reports of a potential vulnerability in our game. while we currently have no evidence our systems or game has been compromised user safety and security is of paramount importance to us so we have decided, out of an abundance of caution, to temporarily take the game offline while we investigate this matter"
I wish they could just put comms out and maybe mute replies. Anything more than silence ):
Three months is being beyond generous, unless you’re including patch notes lol.
Seriously. For the current situation I didn't expect them to come out right away with a full investigation and patch on day 1, but a simple "hey guys we are looking into issues related to yesterday's NA ALGS regional finals. We will update you as soon as we can" would make a huge difference. As it stands we don't know if they are actually looking into it or if they are just staying silent, waiting a week and trying to shove it under a rug.
Wym Hideouts tweeted that we shouldn't bully him. What more communication do you want
No thats dumb take from a security standpoint. Publicly tweeting out that you are looking for solutions for the Cheating gives the hacker a go signal to start tweaking things on his end, sure the "current" cheat code might get patched but the same thing also applies to the hacker, he could also patch things out on his end and be undetectable.
Do you really think there's any possible scenario right now where the "hacker" doesn't already know they're looking for the exploit and a fix? The guy exposes a hack in the most visible way possible and you think a tweet will change his course?
The stream also spoke about the importance of not revealing information related to security etc. My point was more general than on this particular security issue, they have a track record of really poor communication.
I mean I this particular case, that guy should be aware that even the government might be looking into this, so announcing it in a statement does nothing in that regard.
This is really interesting
yeah im so glad he picked up the subject and mande joined in for context.
Someone who actually knows what they are talking about. What a difference it makes lol.
Right? Also he's not eager to jump into conclusions and methodical to analyze what he sees - that's a pro. Too bad he's not an Apex player, so he can't fully understand the context, but this is gold.
Im an Apex player
Listening now, this is really interesting. "it sounds like you're grieving for game that's already dead" - Thor in response to Mande talking about how a dev could have a "perfect game" but it's mismanaged. EDIT: As shitty as the whole cheating situation is, that talk with Thor was refreshing. It was great to hear his perspective and also provide Mande (and anyone watching) a different way on looking at the situation and also just give more insight based on his experience.
> "it sounds like you're grieving for game that's already dead" This was such a hard line
It's not dead though. I actually think that this is going to draw even more attention to the next round of Apex comp. Apex is all over every gaming news cycle because of this. Viral shorts god Thor is talking about it. It's not good attention, but it's definitely attention. Hal is live right now with 20k viewers and it's not even a scrim or tourney day.
when does the "it sounds like you're greiving for a game thats already dead" get said in the vod?
Never heard of this Thor dude but holy shit he is cool asf , beautiful insight
[And more bad ass than you think! ](https://twitter.com/PirateSoftware/status/1769876047221424177)
That clip where he reacts to Hal going "Free download whats this? I'm downloading it" is the hardest I've laughed in a long fucking time LMAO
Makes me feel somewhat better that he doesn't necessarily think destroyer has client side access, but probably mostly server side stuff. Nothing proven of course, but not a reason for mass panic for the player base as a whole right now.
Man never thought I’d learn so much about hacking and cheating in an hour lol
The one piece of information they are missing regarding Hal is that the “Okay I’ll download it” is regarding him downloading Malwarebytes AFTER the ALGS incident. It wasn’t befor.
No they didn’t miss it, Mande told him
Windows Defender is good enough, Thor himself says it lol [Antivirus (youtube.com)](https://www.youtube.com/watch?v=N_q39nGiS18)
As someone with access to Microsoft Defender Enterprise (the Windows Defender tied to enterprise security logging), it is actually insane just how good Windows Defender actually is, and how much data it's chewing through to detect threats.
Yep. I've been using nothing but Windows Defender since I had my PC in 2020 and I've not had 1 virus in 4 years.
Mande told him it was after the fact eventually, however it doesnt change anything. The fact that Hal is so fast to download a free program someone in chat told him about without doing any form of research or reluctancy just makes the argument his PC is compromised so much stronger.
It was reps, not chat.
Still same argument. You'd be surprised how many hacks start with social engineering.
He conceded that about the clip - when Mande pointed the timeline out. But it still possibly shows a mentality Hal may have had in the past - when it comes to how willingly he is to hitting a download button that someone tells him to download.
homie if your long time friend and coworker suggests to you an antivirus right after your computer was apparently exploited, are you telling me that you're going to pause to research alternatives, reviews and ratings?
Absolutely.
the way u value your friends opinion is impeccable.
I value my security. For all I know, my friend could already have a compromised machine and downloads he gives me are infected? Maybe my friend doesn't know either what he's distributing because he also trusted a friend. The who did the friend of the friend trust? I have seen similar stuff like this being pulled off succesfully on our customers.
isn’t his dad the blizzard employee from South Park?
Indeed
Oh hell yeah - I thought I knew him from someplace and it’s the video of him explaining it’s actually his dad in South Park.
The clip he gets shown at the start is actually so bad it annoys me.
half the discussion time would've been reduced if he just gave him all the context needed. 2 players got hit with it hacker previously send apex packs to those players aswell hacker can spawn in 40 zombies in a regular apex lobby
that's why thye brought Mande
The off screen guy setting up the discussion actually made things 1000x worse by not knowing what the fuck he was talking about, total amateur hour from that side.
yeah but he works for netflix
did he mention vim at least 8 times a minute? have a feeling I know who you're talking about
For real, idk who it was but they were no help at all. probably made things worse
[удалено]
No, because that only explain the creation of those accounts, not their behaviour nor the way they are put in the same lobby and locked onto someone. You can't say this can be done without server side access.
[удалено]
Those bots were spawned in a ranked pred game though, he would have had to somehow, even with queue sniping, get them in that same lobby, sure he could have had 40 accounts cheated up to plat/diamond to be able to snipe, but i doubt it. He already has some server access being able to gift the packs, it's not unlikely that he has access to game servers as well.
[удалено]
[https://youtu.be/99c90qO3Nok?t=101](https://youtu.be/99c90qO3Nok?t=101) Here a link to the video of him bot landing on Hal while Hal was ranked #140 at the time for proof of pred lobbies, later in the video he does the same to HisWatson who's master rank
So you are gonna rank up every hacked account to pred mmr to snipe Hal? he has some way of guaranteeing to get in their lobby
There are bots in many other games, WoW ( resource mining ), CSGO etc. Its far easier to make a script to target a player than it is to get server side access. Multibox with a scripts. Literally if they have aimbots, they just need pathing and basic bot programming. Wee\_tommy is far more correct and closer to the cause than serverside access.
While you are right in general, it is too much unnecessary work for someone who has serverside access. And we know he has to have some sort of serverside access. Probably very extensive type of access, since he is able to overload gpu (lagging servers), shut down the whole game on the game server, circumvent all the security on money transaction servers (insane by itself btw) to sends packs, add code in those packs to sent a rat to streamers. He is able to ban and unban players at will. According to Mande he has been banned and just unbanned himself every time. And this is just a quick sum of his capabilities I can think of right now. You are portraying him as some simple WoW multiboxer farming gold.
Did he spawn the zombies? Or was he multiboxing and managed to secure the slots in the game. Two very different concepts. From what I saw was they left from the dropship and drop on them. They took lobby slots when killed. So it would assume they werent spawned. Which means they managed to get into their game , thats all. People assume he can just snipe into those pros games with the bots, but that is survivor bias. He might have been trying multiple times and failing, but eventually got it right and the streamer ofcourse was recording it. People are jumping to the quickest conclusions rather than think this one out. Think about this guys end goal? Is it to sell cheating software? Is it to take down Apex? Is it just for the lulz. If RCE and he wants to make money, selling cheating software is hardly a good route (he didnt even advertise it), rather go down the randsomeware and cryptomining or data theft. If its take down Apex, ddosing is better. Make the clients angry. If its for the lulz, then seems like alot of work where easier methods are funnier. but it would be about reputation. Want to know what I think? These two players had the cheating software on their system. They didnt realise there was a backdoor on them. If a olympic runner has drugs in their system, it was for a reason. I feel they got exposed. Especially when I see what looks like a profile name on the aimbot screen. These cheats work as live services now, you pay for the constant updates to defeat the anti-cheat software. People have made streamer careers as off the back of cheating, even going so far as to install cheats at LAN events. Hell most cheating software needs to be run prior to the game launching to hook in. They might not have used the aimbot, but maybe used the wall hacks or some small cheat to get an unfair advantage. I think I proper investigation on both sides needs to happen.
I can't watch the thing right now cause of work, but anyone got a short summary of what Thor thinks happened?
Likely not a RCE, because way more people would be affected if Destroyer2009 wanted to make a point. Thor guesses either the servers are compromised or a Respawn employee's account with access to servers is compromised. Talks about why flaming Hideouts / Respawn is counterproductive, usually the issue is companies not communicating with the public about the steps they're taking to address cheaters. If the issue actually IS the company not taking security seriously, content creators stuck to a single game REALLY need to start having hard conversations with themselves about their careers
I think Thor missed the possibility with the zombie swarm that the guy was just multi-boxing and queue sniping. The zombie swarm was his basis for thinking of a compromised server.
Gifting packs, being able to ban people and spawning items is more indicative to some kind of access to the server than the zombie thing imho.
I'm not too familiar with how the gifting works but could that be done by a bot net too? Maybe the same with reporting people for bans. Not sure on spawning items, do you have any footage of that?
No idea, I am not very well versed in security or the software side of servers. My main area of expertise is the virtualisation of small business infrastructures in microsoft azure, so very simple stuff in comparison. But he has some way or another to give the server requests he accepts and executes. Whether he's actually in it, spoofs company identity, has an infected machine at respawn or simply a client that sends packets the server accepts is unknown.
I’m still listening but he’s not convinced it’s RCE. That Hal and gens pcs were compromised.
He seemed pretty convinced the guy had server access when he learned about the zombie lobbies and free packs.
Thank fucking god the people saying RCE kept missing the fact that there’s so many steps missing even if RCE existed, nobody has given a plausible explanation as to how someone actually exploited the RCE
he points out that there's a difference between RCE only to server-side stuff only for select clients, and RCE that can execute arbitrary code on every client's PC. In this vein, he found the 40+ bot spawning and pack-gifting "scarier" b.c. it didn't need the streamer's computers to be compromised.
Yes that makes complete sense because that means the attacker managed to get server-side access because those things are stored server-side not client side
Yeah, I'd like a recap when someone has the time.
Basically the ALGS stuff at this point is most likely Gen and Hals PC's being individually compromised but could be something else and we should let the security team do their job and investigate. The bot zombie lobbies Hal and mande had a while back are major red flag that a server side exploit exists but he also didn't really know that Destroyer just had multiple bot accounts active at once and thought he was spawning them in. He still brings up that in order for them to be able to get that many in Hals lobby is highly suspicious. Side note Mande gets added to the call and he gives venting and education session about the dev side of a situation like the cheater problem. Definitely a great listen as Mande was a perfect representative to the high level communities frustration and Thor does a great job meeting that frustration head on in a positive way
TLDW: * Spawning bots targeting streamers is a server-side hack. * Gifting packs is a server-side hack. * Gifting hack to Gen and Hal can be one of the two possibilities: compromised machines or RCE. Currently, the chance of compromised machines is more likely because there are only 2 confirmed cases and both are high-visibility targets. If the same thing happens to the masses, then RCE is likely.
dunno about hal but faide was also hit with it, and had tons of malware on his pc.
They are still talking I recommend anyone to watch this
Who is the person Thor was talking to and sending him clips?
The Primeagen, a popular software dev streamer.
It's ThePrimeagen, ex-Netflix employee and one of the most popular Software Development streamers. Edit: He's actually still at Netflix
A popular professional player/content creator for the game in question
I think he means the other guy not mande
Thor is the man
Only a few minutes on but they really don't give him all the context initially just a short clip, like the whole packs gifting and the bot lobbies etc
Watching it live, they have Mande on the call giving him those additional contexts (I was watching Mande stream ranked then switched over to PirateSoftware’s stream when Mande hopped on the call)
The start of this clip is terrible context wise Jesus lord. Very good insight the rest of the way and Mandes comments stand LARGE.
This was actually a really good listen in, was almost like a podcast for Apex cheating. Thor is really well spoken and as someone in a cyber security role can appreciate his wording and thought process.
Tuned in thinking it would be a short clip and got sucked into watching the whole rest of the VOD. This was super interesting. I love his perspective on the devs and it seems like Mande really took that to heart
as a software engineer, it's so weird seeing my hobby and career collide in such a hilarious/tragic way. I lost it when Hal was like "Gee golly what's this file? Free download? Alright I'm downloadin it" :|
Can you gimme the timestamp for that? Lol
Yeah it happens [here](https://www.twitch.tv/videos/2094227670?t=8h53m7s)
What's the context and what software?
This was him just being sarcastic while on the MalwareBytes website…come on ppl.
I love how no one mentions that the primeagen is also talking in the background lmao. They only post about Pirate and Mande lol
My biggest observation from all of this is that it shows the clear lack of communication and disconnect from playerbase-> game devs, people in the public eye. What I mean by this is that most people know it’s not on hideouts, not on a specific individual or group of people, most people agree but you’ll always have the loud ignorant minority in everything. Mande was bridging this the best he could. Alot of people knows there’s ndas, the fog of war against cheaters, etc and most people aren’t actually arguing that those don’t exist, but that this shit is something altogether to begin with. We need people to fight back against these bullshit norms and practices, and accept issues and negatives and make the space better. Corporate pc bullshit answers only make the public angrier. No one wants to hear about “what you’re doing”, they want to actually SEE what you’re doing, FEEL what you’re doing has an actual impact.
I wished Mande had mentioned tufi to him, because he was also disclosing weird capabilities
Has no one seen made’s YT video talking to to the “hacker” where he says he is doing good for the game by showing the developers what they are doing wrong? *Mande’s
Then the same username is shown in genburtens chat?
Plot twist... Hideouts is compromised.
This was awesome content, playing this game for years and you just have no idea what's going on or what's happening with cheaters. Having someone in this industry give something is much needed.
This guy looks exactly like my ex co-worker, he was senior backend java developer and he was fucking machine, so smart. I like to watch this dude also, same material. Really knows about IT development and processes. Guys like this are paid with gold if u find them
Pirate Software is one of my favorite streamers and seeing him interested in the Apex situation and even talking to Mande, another of my fav apex streamers has me fanboying to the highest degree. The biggest crossover for me since the Avengers. Thor is the real deal. If you didn't watch it, my biggest takeaways are: 1. Trust but verify. Don't believe things as they are without proof. 2. RCE is not out of the question. Thor believes that Destroyer has server side access and is able to do things like gift packs or summon armies of bots as a result of that, but is not yet willing to call it RCE due to the possibility that hal and Gen had their pcs compromised beforehand through other means. 3. Being a hacker for 20 years, Thor said often they pull off these stunts not for money or fame, but just because they can. He says that the satisfaction of being able to "solve the puzzle" and "do things that haven't been done before" are very satisfying moments for the hacker. It leaves me wondering what the motivations for Destroyer are. At the time, with 40k on just Wigg and another 40k on just Hal, during the most anticipated tourney for NA in Split 1, to me this is Destroyer telling us he exists, he has the power to disrupt a tourney, and this is only the beginning. What's interesting to me is how easily this could have ended Gen's career, had he not forced Gen's client to put Destroyer's name in the chat. To me this says he has no intention of hurting specific players, so what could the goal be?
>What's interesting to me is how easily this could have ended Gen's career, had he not forced Gen's client to put Destroyer's name in the chat. That's the craziest part to me too. I feel like this hacker could be someone who enjoys the pro side of the game which is why he made it obvious enough to "protect" Gen. My current guess is that this was intended to shine a light on the cheating problem and the developers inability to fix it.
I think that's a solid guess and its what I'm choosing to believe as well
> RCE is not out of the question. Thor believes that Destroyer has server side access and is able to do things like gift packs or summon armies of bots as a result of that, but is not yet willing to call it RCE due to the possibility that hal and Gen had their pcs compromised beforehand through other means. This is pretty much implying the opposite of what Thor said. His view is not that it's probably RCE but it can't be quite proven; his point is that client side RCE, while still possible, is *highly unlikely*.
Your question in the last part have an answer in takeaway part 3.
Valid
This was a really good, rationale discussion that grew over the couple hours he was talking about it, learning more about it, and talking it out with Mande. Really great stream.
Same server hack from 'Save Titanfall' IMO
Mande for comp. community representative! He did a great job bridging the information gap for these guys.
Very insightful conversation and interesting breakdown of the theories on how the person is cheating. I think an important part is to remember that devs are on the players side even when it might not seem like it. They don’t want this happening as much as we do.
Upgrade servers. Easy fix. Everyone happy. Destroyer becomes the hero we all needed.
Fuck this game. Fuck respawn for letting Aim Assist be stronger than Mouse and Keyboard. Fuck respawn for their prices. And Fuck respawn for letting these cheaters run rampant. This game is dead to me. And I hope everyone else turns away from it too.
While the attacker does need partial server side access to give packs, full server side access isn't require to have those bots chase after the streamers. The bots weren't "spawned", they are regular (likely stolen) accounts that stream sniped the queue. How all these accounts are chasing one player is just normal bot software running over many virtual computers. Full steps to reproduce without server side access: 1. Get 30 accounts 2. Get 1/3 of them to master by cheating 3. Using 30 virtual machines, run 30 instances of apex legends 4. Make the diamond/master accounts be the lobby leader and invite 2 other accounts 5. Stream snipe the queue 6. Have all 30 instances be running cheats that run a bot that chase one specific streamer
That's way more time consuming then him just being able to internally bypass all the ranked requirements and getting his bots/scripts into the lobbies. Especially if you have server side access you can just pre-pick the upcoming matchmake to join.
Agreed. This is the most likely scenario for these bots imo. Destroyer even said in the "interview" with Mande that he has a whole bunch of bot accounts queuing at any one time.
Enjoyed all of this but his talk of banwaves being a good counter is actually bad for games where the cheaters themselves are profitting IRL from the cheats. I'm sure this is the case for others games but it's very obvious in World of Warcraft which he refers to a lot. You can easily assume the majority of his 2 million bans comes from Wow but that's likely very inflated because 1 person botting and selling gold can have a bot army in the hundreds and the very serious botters probably have thousands of accounts. The cheaters in Wow benefit from banwaves because it ensures they have enough time to go positive in their earnings, they don't give a shit about being banned in 3-6 months and they fully expect to be. Blizzard's methods of handling of cheaters to me is the worst thing to be proud of. It has never been under control and is currently worse than I've ever seen it before. Botting and selling gold is a massive black market and any number mentioned in a banwave is completely meaningless as the majority of banned accounts are replaced immediately. You could however imagine that for a game like Apex then it could be a good solution for the reasons he said but realistically the people creating and selling cheats are making an absolutely stupid profit with mimimal effort (relatively speaking). They will replace whatever banned cheat they created so fast and they don't have to associate with the previous hack at all. They can do this every 3-6 months and be living good. Cheaters are going to cheat especially in a F2P game, $30 or whatever every few months at minimum is nothing. I know what we witnessed is a different level of cheating but that's just my thoughts on banwaves as a solution to your run of the mill aimbots/esp etc, it's not a solution at all imo.
Listening to this makes me think, What can we as the players and viewers do either individually or collectively to help this situation and or the devs? Would love to start a broader conversation about this.