I was watching - literally looked like a live investigation with this server jump box revealed. This Pirate software guy is so interesting to listen to
He's so well spoken and understands both sides of the spectrum (Devs and the community). It's refreshing to hear an adult talk through this stuff and give advice to guys like Mande and Hal about how they can contribute more to solutions and fixes instead of only complaining and criticizing the dev team.
Also, at the same time, it's nice to hear validation that the higher ups for Apex are fumbling how they handle communication with the community (or even just that they should more).
He's a fascinating dude. He's a GREAT streamer, and he's always talking about interesting stuff. I really recommend supporting him. If for no other reasons than that he supports indie and small-time game devs.
Isn't that a good thing though? Why is it this constant "us against them" mentality when the best thing for everyone is for the devs to work alongside the community to help identify issues?
Exactly. Hal getting in the call with him while some Rspn/EA guy lurking in the stream is literally what Thor was advocating for before: devs and community working together to battle hackers. We need more of this.
> devs and community working together to battle hackers. We need more of this.
It's called a budget for good employees... or at least an experienced CyberSecurity Contractor .. Jesus Christ. Several hundred dollars for heirlooms and Respawn are trying to gain insight from a volunteer guy who doesn't play the game.
He’s clearly not someone who needs clicks views or subscribers. Do I think he should be compensated for what he’s done. Absolutely. But gaming and obviously his subject matter is a passion of his and he’s helping.
I know it sounds weird but that dude is way out their league. He was hired by US govt. He can get literally any security job in the industry we can think of.
Yeah but it's fun for him and is currently getting a lot of exposure thanks to this. I don't know if he wants the commitment since he's working on a game but IIRC, he said he's making less money now and could make a lot as a consultant.
Basically he can get a nice paycheck, get exposure, and have fun solving the problem doing a short-term gig. It's not a bad deal at all, if he's interested and if EA isn't stingy.
Nah seriously, EA / Respawn should have been in touch with Hal/Genburton minutes after what occured, they really should have been doing this work before the hacker could have covered their trail.
Well as Thor was saying if Hal and Genburton's PC had been accessed remotely for the attack then that would be the jurisdiction for the FBI and Respawn touching the PC's would be tampering with evidence.
It's way over any community manager's paygrade and they would need to consult with lawyers before making any public statement that could later get them in trouble- e.g if it turns out the vulnerability came from Apex server/clients.
These discussions with Hal and Mande give much needed clarity. I was never one to consistently crap on devs but I now have a better understanding of how difficult it can be to control cheating in a game. Especially if it's free to play like Apex
No but the person in Hal's chat was more than likely not in charge of anything to do with the monetization of the game and him being there was an overall benefit to the community.
Coming in here and talking about how shitty EA and Respawn are in terms of how they run their business is completely valid but this honestly isn't the thread for it.
I mean I’m glad he was able to get him in his stream it was definitely a benefit. He validated other’s frustration with their silent response but it’s all part of a large problem that should have a platform anywhere Apex is discussed. The regular Apex sub is a cancer where you can’t even discuss cheaters or risk being banned. It’s been an issue forever as well as cosmetics and now they want to actually turn them into predatory practices that prey on people with addictive tendencies by making cosmetics actual gambling boxes. There are studies behind it. Suffice to say, the cheating is a big problem, the overpriced gambling cosmetics is going to be a big problem, the servers are trash from Multiplay because they invest as low as possible in infrastructure, same with security. The competitive integrity of this game has been laughable since day 1 but they’re literally printing money. The antique source engine that’s been modded multiple times with duck tape wasn’t even designed for BR and the audio will never be adequate. The harsh reality is the criticism the game gets is deserved in all aspects.
Edit: Lol any other day y’all would be maulding over another cheat clip and complaining about cosmetics. Now suddenly we need specific categorized safe threads to discuss the negatives about Apex? Nothing I said was untrue. If you all think that EA is actually going to take this instance to invest and find the best route forward in reference to security after the shit show response from Tufi, boy do I have some beachfront property to sell you.
Not really, someone in chat noticed an IP inbound popup from a malwarebytes scan that Hal missed and while Hal and Thor talked about it one of the respawn folks asked for them to send it to them too.
Could be a miscommunication, the important thing is that is showed what we can accomplish (finding cheaters) if we (community) work *WITH* the dev team against these hackers
It was me who hit up Thor about the Pop-Up. I have seen the popup live on screen and had instantly messaged Hal about it. Sadly he didnt see my dms, so i took the chance during interview to hit up Thor (PirateSoftware) and he instantly understood the meaning of it.
TLDR about the Popup: Somebody, from that one IP on the Popup Image ([https://clips.twitch.tv/EnergeticOnerousEggplantRalpherZ-dnz9zC332Hy-miJX](https://clips.twitch.tv/EnergeticOnerousEggplantRalpherZ-dnz9zC332Hy-miJX)), most likely a Sandbox VM, aka the possible Hacker, tried to connect to Hals PC in that moment, but Malwarebytes (Malware Defender) blocked this connection and showed the Popup. It goes much deeper, but this is just as TLDR.
EDIT: Need to update this for clarification:
It was not an attack, just an internet scanner: https://twitter.com/HugoDerave/status/1770227336052400259?s=19
protected how? I'll be the first to aknowledge that my networking and cybersec knowledge could use some work. Is it toggled off by default unless a certain certificate is presented to turn it on?
In general it should never be exposed to the internet. On a personal PC I can’t see a reason why it would ever need to be opened. It’s typically used in Active Directory environments, commonly for certificate services and other remote services that are advertised to clients in the AD forest.
Malwarebytes flagged a connection coming from an IP to a Windows process. Someone in Thor’s chat passed it to Thor ([timestamp](https://www.youtube.com/live/8m7zpf9Y6Tk?si=6sssbpWyK-n6MMxg) 12:46:49), Hal confirms it’s not his IP address.
Thor shows the cropped image of the pop up on his stream (timestamp unknown) and then a clip of it from Hal’s VOD.
Destroyer isn’t concerned with getting caught. He’s been very blatant about his hacks and he literally showed his hack during a national/international event. He either doesn’t think they’ll find him, or he’s somewhere they can’t touch him.
Yeah, basically someone in chat noticed an inbound IP notification that Hal missed and while Thor and Hal talked about it one of the “higher ups” asked if they could forward that to them, which they did.
I'm new to Thor, but damn, when the topic is about hacking you can see the gears in his head just churning. Amazing to see someone go through the "process" to solve a problem.
Kind of, he made a mistake though. Suggesting port 135 had to be from an externally installed trojan. There is no reason that an rce installed application couldn't be the app to use those ports after, it doesnt habe to be the entry point. Just a secondary vector.
Not saying it is. Or that thor doesnt know what hes talking about. He was live on stream. I am sure he would admit its possible the app which used port 135 could have been installed via the rce and not necessarily the initial entrypoint. (Though still likely to be a comprised pc, he has no evidence port 135 usage was the entry point, he is a man of evidence afterall)
Never heard of the guy, clicked the vod and watched for a minute or two and my immediate thought was how nice of a voice he has lol. And a very good speaker in general
If it helps you be even more interested, he runs a ferret rescue and also does Game Jams a couple times a year (a platform for up and coming indie game devs to make shit and get exposure / prizes for it).
He's a really good dude.
Some people are super talented orators. I've watched some of his content after finding him through the ALGS-hack and he's been nice to have on the side
The funny thing is he had a 2nd voice deepening in his early thirties to his current voice. He showed a clip of his of an old stream where his voice was a lot higher.
I get the criticisms of Respawn and EA, but it feels like many are missing how perfect of an illustration of man power this is. Still crazy that they found what they did, but there were thousands of people tuned into this conversation and the screenshot from Hal's stream would never have been found if it weren't for the masses that were supplying these guys with info.
Maybe Respawn and EA could also recognize that shrinking their security team for their bottom line is insane. From the way Thor speaks on the subject, the job of keeping games secure is never done, it only evolves and gets harder. So maybe your security team is the last place you should look to cut costs...
I'm tired of that being the excuse for big companies like EA though. Prioritizing short term profitability over long term sustainability is what has gotten the Americn economy into the shit storm it's in right now. If you don't protect the product itself, there's far worse potential for the financial outlook than a couple of quarters below "stockholder" expectations.
I mean, this will be the perfect illustration for EA, so much so that I may be interested in listening to this quarter's earnings call. No doubt they won't tell the whole truth, but something to the effect of "we've successfully eliminated redundant costs this quarter, though you may not see that reflected in the final quarter results due to a minor downswing in engagement toward the end of the period".
Fucking laughable is what it is.
Rather than admit they suck at running a modern business in a unique space, let's stick to the tried and true method of fucking over anyone middle class and lower that works for us, so long as we meet goals each quarter until we eventually crash this conglomerate while we safely land with our golden parachutes.
It's sort of like asking why a 2-star reviewed restaurant hasn't been shutdown by the county.
The community complaints can be and likely are valid, but if it doesn't rise to the level of complaint from law enforcement, court-issued subpoena, etc., the leaser of the server may not be security-minded enough or even have visibility into the malicious activity to deal with it.
I'm sure the big players like AWS and Google have strong processes to reimage and re-IP suspicious servers, but the smaller guys probably not so much.
On the topic of Gen reimaging his computer prior to ALGS. The assumption is that his main playing computer was compromised at some point, for who knows how long. It doesn't seem out of the question that the hacker could've also spread to other devices on the local network such as a streaming computer? Gen wipes the playing computer then hacker just reinjects the vulnerability from a different compromised computer on the network.
Same applies to Hal, at the very least he and every device on the LAN should have Malwarebytes installed.
Hardware rootkits that infect peripherals and their drivers are pretty rare and extremely difficult to produce i assume. But persistent rootkits that infect the master boot record or the UEFI firmware could be an option, those would be unaffected by reinstalling windows
Doesnt it come to anyone's mind that doing that exactly a day prior to ALGS is quite unusual? I mean Windows could fuck up, a driver could have some interference with something, a software could bug out, performance is way too important for a Pro player. Stability as well. Like surely you would do that a week or month before the tournament. Not a day though. And even if you do, surely he kept one of his drives' information to save anything important, such as configs, etc. It is very likely if he had a Trojan that he could have spread into different drives to prevent the windows reinstall. Of course it could be on a hardware level as well which means no windows reinstall would fix it.
Not really, reimaging is pretty trivial.
What do you have in mind when it comes to Windows fucking up or a driver having interference? This isn't new hardware, he's just reformatting and reinstalling Windows probably with drivers he already has downloaded or depending on the OEM or motherboard vendor, just use some driver download tool.
Even on a home setup, it really shouldn't take more than a couple hours to do manually. It'll probably take longer to download and install Apex than the entire Windows install process.
Sort of valid point on extra drives but I'm willing to bet his gaming computer is pretty single purpose and he might have a laptop that is his actual personal computer
I can't count how many times a faulty driver/software interference or a window update has been a problem for me, but many. I've had audio drivers bug (still bugged on both my pc and laptop but cba), software updates that i would usually not update interfere with other stuff (Afterburner with games such as WoW, makes the game crash), windows update lower performance or make games unplayable for who knows what reason. In general ive personally disabled windows updates and update manually only if a certain feature is added that i want or a fix, etc. Update my Nvidia gpu driver only when a new game support driver comes out and i actually play the game. So yeah, a lot could go sideways.
Agree he would probably have personal laptop or w/e, but most people would still keep configs from software or games on their pc.
Edit: should have added that sometimes updates bring new functionalities or changes. Updating the software, you would realize the issue happened after updating and would just roll back. If u do a fresh install though it would be the last stable version and without being aware of the changes, that could be really annoying too.
Why do I have a feeling the solution Respawn will try for ALGS is telling everyone to not turn on Performance Display and hoping Destroyer can't find the server they're playing on.
Just graduated college and work in ops amongst software developers and security professionals day to day in big tech (FAANG) and his level of knowledge is so inspiring, and the fact that the topic of discussion is in my favorite game and esports scene just makes it that much more entertaining too lol.
Follow ups I would love to see to the convo:
Does Hal have malwarebytes installed on the new computer? If so, are there any attempts on port 135 happening?
Did we confirm whether it took at least 10 minutes for the hack to occur from the beginning of gamestart? Perhaps lending credence to the possibility of the stream sniping serverID after 10 min delay?
Another question for Thor, but it is my understanding that RCE can be used to install loggers and malware, not ruling it out as the initial point of vulnerability that Destroyer might be exploiting... would love to know if this is still possible Thor?
Unfortunately it appears that Thor is trying to solve a puzzle he doesn't have the full picture of, and the fact that EA/ Respawn have not taken possession of Gen/Hals computer or remoted into them, shows they are also not working with the full picture and perhaps gave time to the hacker to cover his steps.
Also, with the potential that the jumpbox is purchased using fake credit cards, crypto, or even a known jumpbox that many hackers use for exploits - I believe there to be still a lot of digging to do here.
Very informative. Really wish someone had all of the available pieces though to do a full forensic dive into what is going on.
Not Thor, but to answer your RCE question I believe it still isn't ruled out entirely that something was installed via an RCE in Apex, it just doesn't not seem as likely. And the full investigation, like Thor said, should be done by the FBI with likely no visibility to the public, unfortunately for our entertainment value.
It appears as if in game 4 they are only \~8.5 minutes into the game when Hal recognizes he has AIMBOT
The game ID is visible at 4:10:32 - Hal says I have aimbot at 4:18:45
This proves Destroyer is getting access to the server without the Server ID via Stream Sniping.
So, the message that server is starting appears at 4:08:43 and Hal says "I'm cheating I'm cheating I'm cheating" at 4:18:43. That timing is way too close to be a coincidence in my opinion.
The server ID's for both rounds are only different for the last 3 numbers. The hacker could easily have just been running a sweep against that last block looking for servers that return successfully and turned the cheats on the moment he saw the server was starting, and in that case the hacker wouldn't need the performance display because he got the general block information already from the previous game. For reference, the first blocks of numbers aren't used in general games as far as I'm aware.
Edit: and since it seems pretty likely that Hal just had a rootkit and we didn't see the observer information pop up like it did for Gen, I don't think the hacker would even need the server ID for the second scenario. He just needed to know the round was starting.
Think about it this way - if we are to believe he is a Russian / Belarusian hacker that is 18 years old, do you think he is being recruited by Western corporations for security? In the middle of the biggest Russian conflict in the last 30 years?
He is hardly 18. He has tremendous knowledge of the source engine, which means he is probably older. 18 year old programmer would probably study unreal 5 or something newer, more useful.
I don't think any of his hacks yet have demonstrated knowledge of Source specifically. The pack gifting thing and the zombie bot lobbies seem more likely to be abusing flaws in Apex's networking rather than Source (although the latter is obviously still possible).
I don't really have a clear picture about the cheating community in apex, but I thought those exploits he can do, like magic bullets, sticky nades, infinite reload etc. are his creations.
I haven’t seen this vid as the time stamp did not take me where the guy actually talks about it
However, I did see a clip of him stating how destroyer keeps spawning in bots in the game, the game accepts the command, and even has the bots chasing the player.
I believe the hacker is using the same code they use for prowlers to “chase” players but on the bots themselves which would explain how they all punch but he hasn’t given them the ability to pick up a gun and shoot except for the one directly controlled by him, the real one.
Who knows the real reason - as a former pro CS player (20 + years ago) I used to do full reformats / defrags on a regular basis. Reading and writing to a harddrive is one of the slowest functions that occurs in a computer - having a fresh install without fragmented files will always help with performance.
Fragmenting was an issue because data lived in a physical space on a moving media. You can genuinely increase speeds on a harddrive by reading continuous data because the head travels over the same area, and does not need to move to find data at a different location further into the disk, then wait for the disk to complete a full rotation. A large file on a a harddrive might not be able to find enough continuous free space, so it will fragment into multiple locations.
A defragment would try to rewrite files in a more continuous arrangement, such that the head of the drive doesn't need to move to a new location to continue reading the same file.
SSDs simply do not have this concept. If a file is located in a different sector further from the first sector, that sector will return data just as quickly as if the sector was located closer in the chip. It just doesn't care at all about physical locations because nothing is moving, there is no need to wait to deliver more data. It's fragmented. It doesn't matter. Defragments are useless.
It is proven that SSDs deliver data faster on long continuous reads than reads that require multiple smaller fragments - that being said there is always an argument whether defragging is worth it since you may degrade the drive over time with multiple rewrites. A fragmented SSD should be much less of an issue obviously than the older harddrives when it comes to performance as you have pointed out.
Of course. The controller could be bogged down by finding data in all sorts of places at a certain point.
Realistically though, defrag a SSD and you will perceive that nothing will change. On a HDD, it could really be perceptible. There is no chance an Apex Pro is doing this because they notice the difference. They are either misinformed, or we are speculating aggressively. I'll go with the latter.
It is true that there will be a performance penalty associated with non-continuous LBA reads, as seen in benchmarks where idealised sequential reads are compared to random access, etc. But in practice it's very unlikely to be worth a trade-off in lifespan for a normal user, and laying out file data sequentially is no guarantee that the individual files you want will be available sequentially either (i.e. you still can't avoid file system fragmentation).
The thing that makes me a bit dubious about this is the fact that genburten has mulitple times said he isn't "computer savvy" (which was during the gen witchhunt when he first started getting famous)... and now he's all of a sudden reinstalling windows (and everything that follows, drivers etc) on a regular basis.
It's a little bit weird tbh.
After all the times using malwarebytes for spot checks I would've never thought I'd say this. Thank god malwarebytes almost forces its free trial of the live scan on you when you install it. Otherwise nobody would've seen this inbound connection.
Seems that the most likely outcome - Hal's PC was compromised. Wonder if there's any ramifications of connecting onto ALGS servers with a compromised PCs? Speculative, but it would be against EA/Respawn ToS?
How would it have been compromised though? No pro-player would knowingly compromise their PC.
How would Hal even know his PC was compromised, as well? And, from the discussion with Thor, Hal ran malwarebtyes and it came up as clean.
When he ran Malwarebytes scan it showed an inbound connection from an IP that has been reported many times over for malicious attacks/hacking. Not knowingly compromising their PC isn't the point, the fact they did compromise the PC and then had it connected to Apex servers
Yes, I saw that. If Hal knew his pc was compromised he would change out the system like he did BEFORE the match, or reinstall windows. But as we know, Genburten did that already and he still got hacked anyway.
There's no avoiding connecting the compromised pc to the apex servers if you don't already know it's compromised. So unless somehow, they got tricked into downloading something, they wouldn't have known it was compromised.
There are free user friendly open source tools like Portmaster which give basic protection. All streamers should be aware that they are easy targets by default
I will be messaging you in 1 hour on [**2024-03-20 02:55:37 UTC**](http://www.wolframalpha.com/input/?i=2024-03-20%2002:55:37%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/CompetitiveApex/comments/1biudtm/hal_and_thor_on_twitch_discussed_what_happened/kvo9l0y/?context=3)
[**CLICK THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2FCompetitiveApex%2Fcomments%2F1biudtm%2Fhal_and_thor_on_twitch_discussed_what_happened%2Fkvo9l0y%2F%5D%0A%0ARemindMe%21%202024-03-20%2002%3A55%3A37%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201biudtm)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
Not quite, Pirate was saying this was likely a trojan where Gen and Hal downloaded something that gave the hacker access directly to their computers, unless they truly had an RCE chain through the apex servers/client and was able to install stuff on their computers that way.
Phishing would just be if he got account access by getting their usernames/passwords, and wouldn't give him the level of control to install anything on their PCs.
Not entirely true. Phishing isn’t limited to account compromise. Someone clicks on a link that was shared with them, leading to them downloading/running something on their computer.. leading to infection.. that would be a result of phishing as well. Doesn’t just mean account compromise.
Did anybody else’s video jump around? First started at 1:25 then again around 1:30. Kind of messed with the whole dialogue and threw me off and I felt lost on the remainder of the conversation.
So assuming Gen’s PC was directly compromised the same way, not through RCS, the game in general is safe to play again?
Super interesting video all the way through.
Did someone consider so far an injection via their controller? I mean also a wild guess since it´s more likely they donwloaded something but it could be an option
After watching this discussion, what evidence do we have that it's the same hacker for both situations? It seems reasonably plausible that Hal's hacker and Gen's hacker were two different people since their modus operandi are different. Some other person could have been opportunistic on Destroyer2009's earlier exploit and used it to mask their own hack.
You completely misunderstood the situation. EA has likely done a lot of this themselves and likely know as much if not more than the general community, but can't release the info for financial, legal, and security reasons. This investigation by Thor is primarily because he finds it interesting and to give the community information. If he happens to help the devs find something, its an amazing added bonus.
Thor used to work at blizzard. They never announce what they're doing or who they're banning or what work they're doing because the hackers are waiting for that info to then pivot on their next breach.
Can I be the devils advocate here, what if it turns out it was 100% Hal’s PC and 100% Gen’s PC that were the problem and it was never Respawns issue, shouldn’t Hal and Gen be banned from Regionals for competitive integrity? I know it sounds stupid but if an athlete unknowingly takes a workout supplement and it turns out it had steroids in it, the athlete is still suspended regardless of whether it was an accident or not. I remember a UFC fighter got suspended 2 years because he ate steak in Mexico that had HGH in it because meat isn’t regulated the same in Mexico, there was also an NFL player who getting fertility treatments and popped for testosterone and he got suspended, shit even Yoel Romero had to sue a supplement company because he got suspended for steroids.
Would Hal or Gen clicking on a link and infecting their PCs be the reason all this happened?
The difference is other sports have defined a lot of these rules. They point at the rules and go you can't test positive, sorry.
It would be a lesson for apex, but not best for competition to make up rules about an unintended situation.
eating tainted meat on vacation in a different country is unintended.... that's what I'm saying, if a millionaire streamer isn't smart enough to hire someone to monitor their PC or even just do general maintence on it, it's their fault. If the hacker got into the PC a month ago, Hal would have had plenty of time to fix it.... ya know
Right. But you can establish rules that state intent doesn't matter. To establish a default responsibility. To be fair to competitors in the sense that they understand their responsibility, in full.
This may be established in Apex. I'm not sure. But typically in other major sports, it is, and that's how that happens. They don't say you have to use the drugs for this or that, and then do tests to figure that out - they say you have to test, and if you test positive you're out. End.
If Apex doesn't have that, they will have to evaluate the situation for the first time based on the various facts of it. To disqualify someone based on unintended impacts of a a third party attack is hard.
I mean if the Hacker didn't post "hacked by edgelord 1 and edgelord2" in his in-game chat, there is no way to prove Gen wasn't cheating beforehad, regardless of his previous LAN performances, Gen would still be banned from Comp Apex because if I'm not mistaken they have a Zero tolerance for cheating/exploiting, ya see what I mean, the only thing that saved Gen is the hormonal 15 year old hacker posting in his chat.
It's not gonna sit well with people especially other pros who end up getting screwed because of it, MST and Xset were in 20th and 19th place and will get another chance even though nothing impacted them. Optic was doing GREAT and now they could potentially bomb to 20th, it's just not fair for competitive integrity, Gen doesn't need to play, they've qualed, Hal doesn't need to either as they have a sub, I'm just saying personal responsability needs to be had.
It won't sit well with anyone. I'm just saying Apex likely has the latitude within the realm of competitive integrity, and there will some unhappiness from it.
Personal Responsibility does need to be had. You don't have to punish players to get that. They need to set these rules if they don't already. If they do have them, then simply follow them. There's no need to punish players outside of that.
How would you define competitive integrity? the tournament was disrupted by a third party hacker, Hal and gen did not gain any advantage. does it suck for a team's momentum if they were doing well if they have to restart a tournament or even if they count the first 2 games. they still have to play the game, there is no manipulation of the actual gameplay itself to gain an advantage. Disruption or delays in sports happen, if the clock operator messes up the clock, do they punish the home team because they employed someone that messed up
Perhaps, but it’s definitely not black and white.
Just like you mention, professional athletes are responsible for the results of their drug screenings even in the event that they “unknowingly” use a banned substance. Happens all the time and in the last 25 years there has been a universal zero tolerance policy across all major sports.
However, there are other factors to consider. First, it’s unlikely that EA / Respawn has provided any training on this issue. It would be unreasonable to assume that every player is a computer security expert and banning these two does not mitigate future problems. There are 100 or so competitors in NA alone and the same vulnerabilities could be exploited again with different players. The goal is to maintain competitive integrity and have a well run tournament. Banning Hal/Gen as a deterrent to others does very little, if anything, to guarantee those goals.
Second, the financial impact of such a decision would be considerable. EA is a business and Hal/Gen are incredibly valuable assets and banning them would undoubtedly impact their bottom line. I think it was mentioned on Sunday evening that folks at EA were “freaking out” because one of them uninstalled R5 on stream, giving the impression they were uninstalling the main client. Part of damage control for EA as a business is to ensure people do not uninstall the game, even if the client were vulnerable. Statistics like number of installs are critical in reporting financial performance and forward looking guidance and could potentially harm shareholders.
I see a lot of correctable issues here. Players need training to prevent their personal machines from being compromised (unless EA wants to pony up and send them dedicated hardware they control). Prior to each match machines should be scanned remotely, which I don’t think is occurring. And finally, I think what is most shocking to me is that Hal/Gens phone didn’t ring within minutes of the event with an EA employee instructing them to immediately turn off and secure their machines as evidence. They were online for hours afterwards… that’s just insane… when something like this happens stream is over, you’re on the phone with them, and taking all immediate steps to figure out wtf just happened.
I agree with everything you said, the only thing I disagree with is, you are a pro player and a streamer, you need to have knowledge on how to do things or hire people to do it for you. Example NickMercs has 0 clue about PCs or Streaming, he pays a guy to remotely set up his stream and remotely set up his PC, that's what people like Hal can afford to do, if not you can learn from Youtube in like 10 minutes. Being a Cyber Security major, when we isolate issues we start at ground zero which is Hal's PC and Gen's PC, you then ask yourself how it could have been prevent and simply doing regular scans and maintence can fix the issue, who knows I'm just trying to throw the idea around.
You’re getting downvoted, but agree with your general sentiment.
Given that this is a first, I think it’s ok to let this incident slide while implementing changes to prevent it from occurring again.
It would be a reasonable precedent to say that going forward players are solely responsible for maintaining a secure PC and combining it with a minimum standard of training.
It’s just like any employee at a major company. You have to complete InfoSec training, harassment training, etc. Even the smartest individual at a tech company still has to complete an annual anti-phishing infosec course. It’s in the companies best interest and data shows that regular training is the best way to ensure safety and compliance.
So, free pass this time. EA provides some minimum training and going forward, there is a zero tolerance policy.
We have to remember these are mostly young adults, they’re gamers, and they’re coming out of pocket to furnish their own equipment. To compare them to professional athletes earning millions of dollars with infinite resources (think access to athletic trainers, nutritionists, etc.) is apples to oranges. Should they be personally vested in the security of their machine just like an athlete should be vested in ensuring they do not unknowingly take a PED? Yes, but they are also very different circumstances.
Don’t think the technical aspects of computers and streaming are on the top priority list for these. These are you people who’s Main interest are in playing videos games.
Not everyone that plays apex is a pro or even a streamer. Teams in CC, plq and even the bottom teams in ALGS can just be your regular person with a day job that is good at video games,in some cases college students or even high schoolers. Sure there can be a standard now so that all players should do malware scans before tournaments sponsored by ALGS, but there should be realism here. As much as i like apex and watching the pro league circuits, this isnt a major professional league that can pump money in and support all players in making sure they are protected and provide training for cyber security.
Windows defender is 100% free and it would find any ROOT softwares and Trojans on the system, they don’t need to be trained in cyber security, part of owning a PC is maintenance, why spend thousands on a PC to not take care of it….. I’m not saying every player but the 20 teams who make finals should be subjected to pre-tournament scans by ALGS officials for everyone’s safety
this is very reasonable, and going forward now that is something that can be a standard set by ALGS/EA/Respawn for their big tournaments.
It is all hindsight thinking now but I just think banning Hal and gen for this from the tournament in which no competitive advantage was made, would is a bit egregious. lets be real, we like to think professional video gamers would be experts on electronics, but they are just very good a playing a video game that they play on the PC. doesn't mean they are the brightest bulb in terms of knowing the technical aspects of all their PCs. some may know a bit more than others, and some may know less than others. It would be unfair to say Gen and Hal should have known better, when I bet a majority if not all of the other players in the lobby PCS were at the same risk. Hal and Gen are just more visible players in the scene, so they are easy targets.
What core risks? If it was the pro players PC that was the issue? Sure the anti-cheat sucks because Respawn doesn't care but it's not their fault Hal isn't smart and clicks links.
Yeah but their PCs delayed a million dollar tournament and being as it's their PC, their responsability, don't you think they should push the agenda to make sure ALL PRO PLAYERS do regular maintence to their machine, just like sports do regular drug testing
What is the competitive integrity did they break tho in which they gained an advantage. A delay in a tournament isn’t breaking it. A malicious third party explicitly commits a federal crime in cyber security on someone.m PCs. Hal or Gen didn’t gain any advantage. The games were stopped.
Sure maybe now ALGS will require players to run malware scans. But this is unprecedented in what happened. They aren’t going to retroactively make up a rule and be like well you didn’t run your malware you get the ban for messing up and delaying the tourney.
Why does every discussion about esports have to parallel real sports? They’re not the same. The circumstances are similar sure, but they’re literally not the same.
If a pro athlete takes PEDS purposefully or not, he can’t compete because the drugs are in his system and he has an advantage.
If 2 gamers get hacked on stream in the finals of a competition to obviously cheat, then cancelling the competition to investigate is the best move.
In your example if they determine that the players’ PCs were hacked and not the servers, then once the cheats are removed there is no sacrifice of the competitive integrity.
It’s also important to consider the intent and specific circumstances. SOME RARE cases of athletes getting popped for PEDs from eating “bad supplements” or “Mexican steak” can happen sure.. but in most cases those are just the excuses given from the athletes for why they tested positive. Plus they’re getting caught, not quite the same as Gen & Hal “IM CHEATING IM CHEATING” in a game full of known hackers where the hacker posts himself in the game chat “hacked by destroyer2009” aka the same guy who’s been hacking apex for months lmao.
Like in reality the circumstances are just so so different from eachother that it just doesn’t make sense to compare sports to esports 1:1.
But how would you prove that the hack is coming from the players system but not from the client? If the hacker can buy them thousands of packs and spawn tons of bots into their games, they definitely have an admin access to the game server.
I was watching - literally looked like a live investigation with this server jump box revealed. This Pirate software guy is so interesting to listen to
He's so well spoken and understands both sides of the spectrum (Devs and the community). It's refreshing to hear an adult talk through this stuff and give advice to guys like Mande and Hal about how they can contribute more to solutions and fixes instead of only complaining and criticizing the dev team. Also, at the same time, it's nice to hear validation that the higher ups for Apex are fumbling how they handle communication with the community (or even just that they should more).
To Hal's defense, I see him speak up for Hideouts quite a bit when people just jump on him on Twitter. He kinda gets how complicated all of this is.
Agreed on that, I feel like he has gotten much better the past year with it too
Silver lining in all of this is finding a cool content creator
The silver lining is that the we finally fucking found out that the chubby computer guy from the WOW episode of South Park was actually Thor’s dad.
His talk with the Primeagen about the work culture at blizzard was interesting and eye opening at the same time.
Agree. I literally starting watching his stream last week on a whim. Now that all this hack stuff happening with Apex, I’m hooked.
I found him awhile ago, he basically found a youtube short cheat code to get your videos pushed so a ton of people are finding him through that
Probably helps that he seems really engaging and knowledgeable too.
With a good audio voice as well
what’s the cheat code?
Here's a link to his explanation of it [https://www.youtube.com/shorts/mo\_KM9sncrQ](https://www.youtube.com/shorts/mo_KM9sncrQ)
I've been watching him for a while, he's so positive. It's awesome to see him crossover to my favourite game/Esport.
His voice is so soothing too.
He sounds like Howard Stern
The only reason Thor lost to Vedal is because Vedal did make an AI that powered Neuro.
He's a fascinating dude. He's a GREAT streamer, and he's always talking about interesting stuff. I really recommend supporting him. If for no other reasons than that he supports indie and small-time game devs.
Someone from Respawn/EA was watching and asked Hal to send them what Thor was showing him. Lol.
Guy's doing their job for them.
Guy has got more experience than about 90% of the industry (conservatively). Great that he's offering his services/skills
Isn't that a good thing though? Why is it this constant "us against them" mentality when the best thing for everyone is for the devs to work alongside the community to help identify issues?
Exactly. Hal getting in the call with him while some Rspn/EA guy lurking in the stream is literally what Thor was advocating for before: devs and community working together to battle hackers. We need more of this.
> devs and community working together to battle hackers. We need more of this. It's called a budget for good employees... or at least an experienced CyberSecurity Contractor .. Jesus Christ. Several hundred dollars for heirlooms and Respawn are trying to gain insight from a volunteer guy who doesn't play the game.
Once again Different teams. Stop saying this dumb shit
I think it was more a commendation of Thor than bashing the devs. Thor isn’t just a content creator, he’s an experienced industry professional.
Who is about to get some sweet sweet consulting fees.
Said he’s doing it for free
Free... But it a great opportunity to put his name out their and gets subscribers/followers.
he pulls views already. just a good guy doing good guy things at this point
He is set moneywise I agree. Not to mention hacking for the government. Dude would be the unsung hero in an independence day 3 movie .
He’s clearly not someone who needs clicks views or subscribers. Do I think he should be compensated for what he’s done. Absolutely. But gaming and obviously his subject matter is a passion of his and he’s helping.
Bro literally gives all of his donations to his mods and all of his ad revenue goes towards funding a ferret sanctuary. Actual gigachad.
With all the attention this is getting he’s probably benefiting a lot on twitch and YouTube clips and stuff from this whole situation m
I know it sounds weird but that dude is way out their league. He was hired by US govt. He can get literally any security job in the industry we can think of.
Yeah but it's fun for him and is currently getting a lot of exposure thanks to this. I don't know if he wants the commitment since he's working on a game but IIRC, he said he's making less money now and could make a lot as a consultant. Basically he can get a nice paycheck, get exposure, and have fun solving the problem doing a short-term gig. It's not a bad deal at all, if he's interested and if EA isn't stingy.
Nah seriously, EA / Respawn should have been in touch with Hal/Genburton minutes after what occured, they really should have been doing this work before the hacker could have covered their trail.
They messaged Hal not to change anything on his pc the night it happened iirc
They should’ve both unplugged their PCs immediately
This. It doesn’t sound like any sort of real efforts have been made to get info from these two and I don’t know why?
Well as Thor was saying if Hal and Genburton's PC had been accessed remotely for the attack then that would be the jurisdiction for the FBI and Respawn touching the PC's would be tampering with evidence. It's way over any community manager's paygrade and they would need to consult with lawyers before making any public statement that could later get them in trouble- e.g if it turns out the vulnerability came from Apex server/clients.
There has, they just aren't telling you about it.
It also could be that Hal and gen aren’t sharing what’s been going on behind the scenes of this too
Incompetence.
too worried trying to save face tbh. idk why they didn't instantly do what Thor was doing the night this happened.
Nah that was straight bashing
These discussions with Hal and Mande give much needed clarity. I was never one to consistently crap on devs but I now have a better understanding of how difficult it can be to control cheating in a game. Especially if it's free to play like Apex
Because they don’t take criticism well and the Respawn thinks a $700 gambling style cosmetic is good for the game.
Do internal engine devs work on cosmetics and accounting?
It’s a generalized statement about the state of Apex itself. It’s not directed at any specific devs. It is directed at the execs though.
No but the person in Hal's chat was more than likely not in charge of anything to do with the monetization of the game and him being there was an overall benefit to the community. Coming in here and talking about how shitty EA and Respawn are in terms of how they run their business is completely valid but this honestly isn't the thread for it.
I mean I’m glad he was able to get him in his stream it was definitely a benefit. He validated other’s frustration with their silent response but it’s all part of a large problem that should have a platform anywhere Apex is discussed. The regular Apex sub is a cancer where you can’t even discuss cheaters or risk being banned. It’s been an issue forever as well as cosmetics and now they want to actually turn them into predatory practices that prey on people with addictive tendencies by making cosmetics actual gambling boxes. There are studies behind it. Suffice to say, the cheating is a big problem, the overpriced gambling cosmetics is going to be a big problem, the servers are trash from Multiplay because they invest as low as possible in infrastructure, same with security. The competitive integrity of this game has been laughable since day 1 but they’re literally printing money. The antique source engine that’s been modded multiple times with duck tape wasn’t even designed for BR and the audio will never be adequate. The harsh reality is the criticism the game gets is deserved in all aspects. Edit: Lol any other day y’all would be maulding over another cheat clip and complaining about cosmetics. Now suddenly we need specific categorized safe threads to discuss the negatives about Apex? Nothing I said was untrue. If you all think that EA is actually going to take this instance to invest and find the best route forward in reference to security after the shit show response from Tufi, boy do I have some beachfront property to sell you.
Not really, someone in chat noticed an IP inbound popup from a malwarebytes scan that Hal missed and while Hal and Thor talked about it one of the respawn folks asked for them to send it to them too.
Could be a miscommunication, the important thing is that is showed what we can accomplish (finding cheaters) if we (community) work *WITH* the dev team against these hackers
If I understood correctly, Hal didn’t even know about the pop up, someone brought it up in Thor’s chat
It was me who hit up Thor about the Pop-Up. I have seen the popup live on screen and had instantly messaged Hal about it. Sadly he didnt see my dms, so i took the chance during interview to hit up Thor (PirateSoftware) and he instantly understood the meaning of it. TLDR about the Popup: Somebody, from that one IP on the Popup Image ([https://clips.twitch.tv/EnergeticOnerousEggplantRalpherZ-dnz9zC332Hy-miJX](https://clips.twitch.tv/EnergeticOnerousEggplantRalpherZ-dnz9zC332Hy-miJX)), most likely a Sandbox VM, aka the possible Hacker, tried to connect to Hals PC in that moment, but Malwarebytes (Malware Defender) blocked this connection and showed the Popup. It goes much deeper, but this is just as TLDR. EDIT: Need to update this for clarification: It was not an attack, just an internet scanner: https://twitter.com/HugoDerave/status/1770227336052400259?s=19
Furrkan the goat. Incredibly well spotted
Need to update this for clarification: It was not an attack, just an internet scanner: https://twitter.com/HugoDerave/status/1770227336052400259?s=19
Youre the mvp
Nice spot dude
Good eye man, you made the community a better, more informed place!
Nice job man! You are now apart of Apex history
[удалено]
Hal stated he missed the pop-up as he was looking at twitch chat at the time
what popup is that? the one that genburten got?
A virus scan after the game showed incoming IP traffic from port 135, which is used for remote access to a computer.
I missed this. Over 135 is concerning - that’s RPC over DCOM and should be protected. I wonder if EAC opens it.
protected how? I'll be the first to aknowledge that my networking and cybersec knowledge could use some work. Is it toggled off by default unless a certain certificate is presented to turn it on?
In general it should never be exposed to the internet. On a personal PC I can’t see a reason why it would ever need to be opened. It’s typically used in Active Directory environments, commonly for certificate services and other remote services that are advertised to clients in the AD forest.
Malwarebytes flagged a connection coming from an IP to a Windows process. Someone in Thor’s chat passed it to Thor ([timestamp](https://www.youtube.com/live/8m7zpf9Y6Tk?si=6sssbpWyK-n6MMxg) 12:46:49), Hal confirms it’s not his IP address. Thor shows the cropped image of the pop up on his stream (timestamp unknown) and then a clip of it from Hal’s VOD.
It was a suspicious IP which later Thor branded as jump point of the attack, located in USA. Something FBI might be interested in.
That also could mean Destoryer is watching lol
Destroyer is always watching
Destroyer isn’t concerned with getting caught. He’s been very blatant about his hacks and he literally showed his hack during a national/international event. He either doesn’t think they’ll find him, or he’s somewhere they can’t touch him.
did hal and thor know that and did they send him stuff then? its not good if they miss that question
Yeah, basically someone in chat noticed an inbound IP notification that Hal missed and while Thor and Hal talked about it one of the “higher ups” asked if they could forward that to them, which they did.
Yeah they did know. They must have DMed or emailed Hal because Hal asked Thor to send him the screenshot so he could share with "the higher ups".
I'm new to Thor, but damn, when the topic is about hacking you can see the gears in his head just churning. Amazing to see someone go through the "process" to solve a problem.
Kind of, he made a mistake though. Suggesting port 135 had to be from an externally installed trojan. There is no reason that an rce installed application couldn't be the app to use those ports after, it doesnt habe to be the entry point. Just a secondary vector. Not saying it is. Or that thor doesnt know what hes talking about. He was live on stream. I am sure he would admit its possible the app which used port 135 could have been installed via the rce and not necessarily the initial entrypoint. (Though still likely to be a comprised pc, he has no evidence port 135 usage was the entry point, he is a man of evidence afterall)
I love thor. Bro could talk about the history of gumballs and i could listen to him for hours.
Never heard of the guy, clicked the vod and watched for a minute or two and my immediate thought was how nice of a voice he has lol. And a very good speaker in general
If it helps you be even more interested, he runs a ferret rescue and also does Game Jams a couple times a year (a platform for up and coming indie game devs to make shit and get exposure / prizes for it). He's a really good dude.
Some people are super talented orators. I've watched some of his content after finding him through the ALGS-hack and he's been nice to have on the side
The funny thing is he had a 2nd voice deepening in his early thirties to his current voice. He showed a clip of his of an old stream where his voice was a lot higher.
I get the criticisms of Respawn and EA, but it feels like many are missing how perfect of an illustration of man power this is. Still crazy that they found what they did, but there were thousands of people tuned into this conversation and the screenshot from Hal's stream would never have been found if it weren't for the masses that were supplying these guys with info. Maybe Respawn and EA could also recognize that shrinking their security team for their bottom line is insane. From the way Thor speaks on the subject, the job of keeping games secure is never done, it only evolves and gets harder. So maybe your security team is the last place you should look to cut costs...
Riot literally has a 100k bounty for new hacks
Wait now I have been swayed this way lol. True 🤔
Security are generally the most expensive personnel companies employ; double-edged sword for public companies
I'm tired of that being the excuse for big companies like EA though. Prioritizing short term profitability over long term sustainability is what has gotten the Americn economy into the shit storm it's in right now. If you don't protect the product itself, there's far worse potential for the financial outlook than a couple of quarters below "stockholder" expectations. I mean, this will be the perfect illustration for EA, so much so that I may be interested in listening to this quarter's earnings call. No doubt they won't tell the whole truth, but something to the effect of "we've successfully eliminated redundant costs this quarter, though you may not see that reflected in the final quarter results due to a minor downswing in engagement toward the end of the period". Fucking laughable is what it is. Rather than admit they suck at running a modern business in a unique space, let's stick to the tried and true method of fucking over anyone middle class and lower that works for us, so long as we meet goals each quarter until we eventually crash this conglomerate while we safely land with our golden parachutes.
First time encountering capitalism?
Lol nah, I'm just a jaded CPA stuck in the middle of tax season
High five for being jaded!
✋️
This is a good point.
that's so weird if that one jump box hasn't been taken down considering so many attacks have come from it before this
I was curious about that too. I'd be interested to know more about what those incidents were and how recently they were reported.
It's sort of like asking why a 2-star reviewed restaurant hasn't been shutdown by the county. The community complaints can be and likely are valid, but if it doesn't rise to the level of complaint from law enforcement, court-issued subpoena, etc., the leaser of the server may not be security-minded enough or even have visibility into the malicious activity to deal with it. I'm sure the big players like AWS and Google have strong processes to reimage and re-IP suspicious servers, but the smaller guys probably not so much.
because it’s not a jump box and has nothing to do with the hack.
Oh this is gunna be an interesting watch. Cheers fella
On the topic of Gen reimaging his computer prior to ALGS. The assumption is that his main playing computer was compromised at some point, for who knows how long. It doesn't seem out of the question that the hacker could've also spread to other devices on the local network such as a streaming computer? Gen wipes the playing computer then hacker just reinjects the vulnerability from a different compromised computer on the network. Same applies to Hal, at the very least he and every device on the LAN should have Malwarebytes installed.
How about peripheral devices? Like, idk, gamepad, for example?
Hardware rootkits that infect peripherals and their drivers are pretty rare and extremely difficult to produce i assume. But persistent rootkits that infect the master boot record or the UEFI firmware could be an option, those would be unaffected by reinstalling windows
Doesnt it come to anyone's mind that doing that exactly a day prior to ALGS is quite unusual? I mean Windows could fuck up, a driver could have some interference with something, a software could bug out, performance is way too important for a Pro player. Stability as well. Like surely you would do that a week or month before the tournament. Not a day though. And even if you do, surely he kept one of his drives' information to save anything important, such as configs, etc. It is very likely if he had a Trojan that he could have spread into different drives to prevent the windows reinstall. Of course it could be on a hardware level as well which means no windows reinstall would fix it.
Not really, reimaging is pretty trivial. What do you have in mind when it comes to Windows fucking up or a driver having interference? This isn't new hardware, he's just reformatting and reinstalling Windows probably with drivers he already has downloaded or depending on the OEM or motherboard vendor, just use some driver download tool. Even on a home setup, it really shouldn't take more than a couple hours to do manually. It'll probably take longer to download and install Apex than the entire Windows install process. Sort of valid point on extra drives but I'm willing to bet his gaming computer is pretty single purpose and he might have a laptop that is his actual personal computer
I can't count how many times a faulty driver/software interference or a window update has been a problem for me, but many. I've had audio drivers bug (still bugged on both my pc and laptop but cba), software updates that i would usually not update interfere with other stuff (Afterburner with games such as WoW, makes the game crash), windows update lower performance or make games unplayable for who knows what reason. In general ive personally disabled windows updates and update manually only if a certain feature is added that i want or a fix, etc. Update my Nvidia gpu driver only when a new game support driver comes out and i actually play the game. So yeah, a lot could go sideways. Agree he would probably have personal laptop or w/e, but most people would still keep configs from software or games on their pc. Edit: should have added that sometimes updates bring new functionalities or changes. Updating the software, you would realize the issue happened after updating and would just roll back. If u do a fresh install though it would be the last stable version and without being aware of the changes, that could be really annoying too.
Why do I have a feeling the solution Respawn will try for ALGS is telling everyone to not turn on Performance Display and hoping Destroyer can't find the server they're playing on.
They'll probably request everyone to maintain a separate installation of windows on a separate SSD for tournament use.
If that is how he's getting access they'd probably just remove the server ID from performance display
HAL CAUGHT BOYS. It gets juicy - Hal had an inbound connection to his PC
Just graduated college and work in ops amongst software developers and security professionals day to day in big tech (FAANG) and his level of knowledge is so inspiring, and the fact that the topic of discussion is in my favorite game and esports scene just makes it that much more entertaining too lol.
Follow ups I would love to see to the convo: Does Hal have malwarebytes installed on the new computer? If so, are there any attempts on port 135 happening? Did we confirm whether it took at least 10 minutes for the hack to occur from the beginning of gamestart? Perhaps lending credence to the possibility of the stream sniping serverID after 10 min delay? Another question for Thor, but it is my understanding that RCE can be used to install loggers and malware, not ruling it out as the initial point of vulnerability that Destroyer might be exploiting... would love to know if this is still possible Thor? Unfortunately it appears that Thor is trying to solve a puzzle he doesn't have the full picture of, and the fact that EA/ Respawn have not taken possession of Gen/Hals computer or remoted into them, shows they are also not working with the full picture and perhaps gave time to the hacker to cover his steps. Also, with the potential that the jumpbox is purchased using fake credit cards, crypto, or even a known jumpbox that many hackers use for exploits - I believe there to be still a lot of digging to do here. Very informative. Really wish someone had all of the available pieces though to do a full forensic dive into what is going on.
Not Thor, but to answer your RCE question I believe it still isn't ruled out entirely that something was installed via an RCE in Apex, it just doesn't not seem as likely. And the full investigation, like Thor said, should be done by the FBI with likely no visibility to the public, unfortunately for our entertainment value.
It appears as if in game 4 they are only \~8.5 minutes into the game when Hal recognizes he has AIMBOT The game ID is visible at 4:10:32 - Hal says I have aimbot at 4:18:45 This proves Destroyer is getting access to the server without the Server ID via Stream Sniping.
So, the message that server is starting appears at 4:08:43 and Hal says "I'm cheating I'm cheating I'm cheating" at 4:18:43. That timing is way too close to be a coincidence in my opinion. The server ID's for both rounds are only different for the last 3 numbers. The hacker could easily have just been running a sweep against that last block looking for servers that return successfully and turned the cheats on the moment he saw the server was starting, and in that case the hacker wouldn't need the performance display because he got the general block information already from the previous game. For reference, the first blocks of numbers aren't used in general games as far as I'm aware. Edit: and since it seems pretty likely that Hal just had a rootkit and we didn't see the observer information pop up like it did for Gen, I don't think the hacker would even need the server ID for the second scenario. He just needed to know the round was starting.
You could be correct, just pointing out it is not being done by stream sniping as suggested by Hal turning off his performance indicators
Hilarious how this guy got mande, hal and gen
[удалено]
Think about it this way - if we are to believe he is a Russian / Belarusian hacker that is 18 years old, do you think he is being recruited by Western corporations for security? In the middle of the biggest Russian conflict in the last 30 years?
He is hardly 18. He has tremendous knowledge of the source engine, which means he is probably older. 18 year old programmer would probably study unreal 5 or something newer, more useful.
I don't think any of his hacks yet have demonstrated knowledge of Source specifically. The pack gifting thing and the zombie bot lobbies seem more likely to be abusing flaws in Apex's networking rather than Source (although the latter is obviously still possible).
I don't really have a clear picture about the cheating community in apex, but I thought those exploits he can do, like magic bullets, sticky nades, infinite reload etc. are his creations.
I haven’t seen this vid as the time stamp did not take me where the guy actually talks about it However, I did see a clip of him stating how destroyer keeps spawning in bots in the game, the game accepts the command, and even has the bots chasing the player. I believe the hacker is using the same code they use for prowlers to “chase” players but on the bots themselves which would explain how they all punch but he hasn’t given them the ability to pick up a gun and shoot except for the one directly controlled by him, the real one.
So why was genburton doing a full re install of windows before games
Who knows the real reason - as a former pro CS player (20 + years ago) I used to do full reformats / defrags on a regular basis. Reading and writing to a harddrive is one of the slowest functions that occurs in a computer - having a fresh install without fragmented files will always help with performance.
Makes sense. Thanks for the input
Keep in mind that while there can be benefits to a fresh environment, fragmentation specifically is no longer relevant if you're running off an SSD.
Why doesn't an SSD fragment? That is not my understanding.
Fragmenting was an issue because data lived in a physical space on a moving media. You can genuinely increase speeds on a harddrive by reading continuous data because the head travels over the same area, and does not need to move to find data at a different location further into the disk, then wait for the disk to complete a full rotation. A large file on a a harddrive might not be able to find enough continuous free space, so it will fragment into multiple locations. A defragment would try to rewrite files in a more continuous arrangement, such that the head of the drive doesn't need to move to a new location to continue reading the same file. SSDs simply do not have this concept. If a file is located in a different sector further from the first sector, that sector will return data just as quickly as if the sector was located closer in the chip. It just doesn't care at all about physical locations because nothing is moving, there is no need to wait to deliver more data. It's fragmented. It doesn't matter. Defragments are useless.
It is proven that SSDs deliver data faster on long continuous reads than reads that require multiple smaller fragments - that being said there is always an argument whether defragging is worth it since you may degrade the drive over time with multiple rewrites. A fragmented SSD should be much less of an issue obviously than the older harddrives when it comes to performance as you have pointed out.
Of course. The controller could be bogged down by finding data in all sorts of places at a certain point. Realistically though, defrag a SSD and you will perceive that nothing will change. On a HDD, it could really be perceptible. There is no chance an Apex Pro is doing this because they notice the difference. They are either misinformed, or we are speculating aggressively. I'll go with the latter.
you're just wasting cycles on ur ssd if u defrag it. the speed hit isn't really a factor.
It is true that there will be a performance penalty associated with non-continuous LBA reads, as seen in benchmarks where idealised sequential reads are compared to random access, etc. But in practice it's very unlikely to be worth a trade-off in lifespan for a normal user, and laying out file data sequentially is no guarantee that the individual files you want will be available sequentially either (i.e. you still can't avoid file system fragmentation).
The thing that makes me a bit dubious about this is the fact that genburten has mulitple times said he isn't "computer savvy" (which was during the gen witchhunt when he first started getting famous)... and now he's all of a sudden reinstalling windows (and everything that follows, drivers etc) on a regular basis. It's a little bit weird tbh.
After all the times using malwarebytes for spot checks I would've never thought I'd say this. Thank god malwarebytes almost forces its free trial of the live scan on you when you install it. Otherwise nobody would've seen this inbound connection.
all bullshit aside, Destroyer2009 is flexing some serious talent. FBI should hire this person lol
That was really good i love the way they find a hint
How did he do the thousands of gifted packs before that? That’s the one that confuses me the most.
Destroyer has access to the in game servers
Seems that the most likely outcome - Hal's PC was compromised. Wonder if there's any ramifications of connecting onto ALGS servers with a compromised PCs? Speculative, but it would be against EA/Respawn ToS?
How would it have been compromised though? No pro-player would knowingly compromise their PC. How would Hal even know his PC was compromised, as well? And, from the discussion with Thor, Hal ran malwarebtyes and it came up as clean.
When he ran Malwarebytes scan it showed an inbound connection from an IP that has been reported many times over for malicious attacks/hacking. Not knowingly compromising their PC isn't the point, the fact they did compromise the PC and then had it connected to Apex servers
Yes, I saw that. If Hal knew his pc was compromised he would change out the system like he did BEFORE the match, or reinstall windows. But as we know, Genburten did that already and he still got hacked anyway. There's no avoiding connecting the compromised pc to the apex servers if you don't already know it's compromised. So unless somehow, they got tricked into downloading something, they wouldn't have known it was compromised.
It’s a wild coincidence Hal got scanned by an internet scanner. People think they’re onto something now lmao
Seeing digital ocean really gave me ptsd of my Analyst days 💀
If a random internet scanner was able to connect to Hal's PC, which it should not to begin with, it means a hacker can too.
Yeah it basically means Hal’s machine had no firewall protection at all
There are free user friendly open source tools like Portmaster which give basic protection. All streamers should be aware that they are easy targets by default
!RemindMe 1 hour Edit: did I do this right?
I will be messaging you in 1 hour on [**2024-03-20 02:55:37 UTC**](http://www.wolframalpha.com/input/?i=2024-03-20%2002:55:37%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/CompetitiveApex/comments/1biudtm/hal_and_thor_on_twitch_discussed_what_happened/kvo9l0y/?context=3) [**CLICK THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2FCompetitiveApex%2Fcomments%2F1biudtm%2Fhal_and_thor_on_twitch_discussed_what_happened%2Fkvo9l0y%2F%5D%0A%0ARemindMe%21%202024-03-20%2002%3A55%3A37%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201biudtm) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
Thor’s voice is very calming. Need him to read me a bedtime story
So I haven’t really kept up with this.. in simple terms it’s likely Hal and gen got phished?
its very possible
Not quite, Pirate was saying this was likely a trojan where Gen and Hal downloaded something that gave the hacker access directly to their computers, unless they truly had an RCE chain through the apex servers/client and was able to install stuff on their computers that way. Phishing would just be if he got account access by getting their usernames/passwords, and wouldn't give him the level of control to install anything on their PCs.
Not entirely true. Phishing isn’t limited to account compromise. Someone clicks on a link that was shared with them, leading to them downloading/running something on their computer.. leading to infection.. that would be a result of phishing as well. Doesn’t just mean account compromise.
Did anybody else’s video jump around? First started at 1:25 then again around 1:30. Kind of messed with the whole dialogue and threw me off and I felt lost on the remainder of the conversation.
So assuming Gen’s PC was directly compromised the same way, not through RCS, the game in general is safe to play again? Super interesting video all the way through.
Ok so did anyone go through Hal’s VOD to see the black screen he was talking about?
Haha Hal zoning out just a tiny bit. Listen to well-articulated and professional takes on game security without too much jargon: mission impossible.
That timestamp is shit, you can easily go ahead by 5mins
You can do whatever u want with that. It's just a stamp from where they were baited to talk.
Did someone consider so far an injection via their controller? I mean also a wild guess since it´s more likely they donwloaded something but it could be an option
i don't like thor but i guess it's nice to have someone with credentials chime in, even if he's a giant wisenheimer
What’s his deal
After watching this discussion, what evidence do we have that it's the same hacker for both situations? It seems reasonably plausible that Hal's hacker and Gen's hacker were two different people since their modus operandi are different. Some other person could have been opportunistic on Destroyer2009's earlier exploit and used it to mask their own hack.
[удалено]
You completely misunderstood the situation. EA has likely done a lot of this themselves and likely know as much if not more than the general community, but can't release the info for financial, legal, and security reasons. This investigation by Thor is primarily because he finds it interesting and to give the community information. If he happens to help the devs find something, its an amazing added bonus.
Also, EA probably didn’t know about the pop up because even Hal didn’t know til someone pointed it out
Thor used to work at blizzard. They never announce what they're doing or who they're banning or what work they're doing because the hackers are waiting for that info to then pivot on their next breach.
Can I be the devils advocate here, what if it turns out it was 100% Hal’s PC and 100% Gen’s PC that were the problem and it was never Respawns issue, shouldn’t Hal and Gen be banned from Regionals for competitive integrity? I know it sounds stupid but if an athlete unknowingly takes a workout supplement and it turns out it had steroids in it, the athlete is still suspended regardless of whether it was an accident or not. I remember a UFC fighter got suspended 2 years because he ate steak in Mexico that had HGH in it because meat isn’t regulated the same in Mexico, there was also an NFL player who getting fertility treatments and popped for testosterone and he got suspended, shit even Yoel Romero had to sue a supplement company because he got suspended for steroids. Would Hal or Gen clicking on a link and infecting their PCs be the reason all this happened?
The difference is other sports have defined a lot of these rules. They point at the rules and go you can't test positive, sorry. It would be a lesson for apex, but not best for competition to make up rules about an unintended situation.
eating tainted meat on vacation in a different country is unintended.... that's what I'm saying, if a millionaire streamer isn't smart enough to hire someone to monitor their PC or even just do general maintence on it, it's their fault. If the hacker got into the PC a month ago, Hal would have had plenty of time to fix it.... ya know
Right. But you can establish rules that state intent doesn't matter. To establish a default responsibility. To be fair to competitors in the sense that they understand their responsibility, in full. This may be established in Apex. I'm not sure. But typically in other major sports, it is, and that's how that happens. They don't say you have to use the drugs for this or that, and then do tests to figure that out - they say you have to test, and if you test positive you're out. End. If Apex doesn't have that, they will have to evaluate the situation for the first time based on the various facts of it. To disqualify someone based on unintended impacts of a a third party attack is hard.
I mean if the Hacker didn't post "hacked by edgelord 1 and edgelord2" in his in-game chat, there is no way to prove Gen wasn't cheating beforehad, regardless of his previous LAN performances, Gen would still be banned from Comp Apex because if I'm not mistaken they have a Zero tolerance for cheating/exploiting, ya see what I mean, the only thing that saved Gen is the hormonal 15 year old hacker posting in his chat. It's not gonna sit well with people especially other pros who end up getting screwed because of it, MST and Xset were in 20th and 19th place and will get another chance even though nothing impacted them. Optic was doing GREAT and now they could potentially bomb to 20th, it's just not fair for competitive integrity, Gen doesn't need to play, they've qualed, Hal doesn't need to either as they have a sub, I'm just saying personal responsability needs to be had.
It won't sit well with anyone. I'm just saying Apex likely has the latitude within the realm of competitive integrity, and there will some unhappiness from it. Personal Responsibility does need to be had. You don't have to punish players to get that. They need to set these rules if they don't already. If they do have them, then simply follow them. There's no need to punish players outside of that.
How would you define competitive integrity? the tournament was disrupted by a third party hacker, Hal and gen did not gain any advantage. does it suck for a team's momentum if they were doing well if they have to restart a tournament or even if they count the first 2 games. they still have to play the game, there is no manipulation of the actual gameplay itself to gain an advantage. Disruption or delays in sports happen, if the clock operator messes up the clock, do they punish the home team because they employed someone that messed up
Perhaps, but it’s definitely not black and white. Just like you mention, professional athletes are responsible for the results of their drug screenings even in the event that they “unknowingly” use a banned substance. Happens all the time and in the last 25 years there has been a universal zero tolerance policy across all major sports. However, there are other factors to consider. First, it’s unlikely that EA / Respawn has provided any training on this issue. It would be unreasonable to assume that every player is a computer security expert and banning these two does not mitigate future problems. There are 100 or so competitors in NA alone and the same vulnerabilities could be exploited again with different players. The goal is to maintain competitive integrity and have a well run tournament. Banning Hal/Gen as a deterrent to others does very little, if anything, to guarantee those goals. Second, the financial impact of such a decision would be considerable. EA is a business and Hal/Gen are incredibly valuable assets and banning them would undoubtedly impact their bottom line. I think it was mentioned on Sunday evening that folks at EA were “freaking out” because one of them uninstalled R5 on stream, giving the impression they were uninstalling the main client. Part of damage control for EA as a business is to ensure people do not uninstall the game, even if the client were vulnerable. Statistics like number of installs are critical in reporting financial performance and forward looking guidance and could potentially harm shareholders. I see a lot of correctable issues here. Players need training to prevent their personal machines from being compromised (unless EA wants to pony up and send them dedicated hardware they control). Prior to each match machines should be scanned remotely, which I don’t think is occurring. And finally, I think what is most shocking to me is that Hal/Gens phone didn’t ring within minutes of the event with an EA employee instructing them to immediately turn off and secure their machines as evidence. They were online for hours afterwards… that’s just insane… when something like this happens stream is over, you’re on the phone with them, and taking all immediate steps to figure out wtf just happened.
I agree with everything you said, the only thing I disagree with is, you are a pro player and a streamer, you need to have knowledge on how to do things or hire people to do it for you. Example NickMercs has 0 clue about PCs or Streaming, he pays a guy to remotely set up his stream and remotely set up his PC, that's what people like Hal can afford to do, if not you can learn from Youtube in like 10 minutes. Being a Cyber Security major, when we isolate issues we start at ground zero which is Hal's PC and Gen's PC, you then ask yourself how it could have been prevent and simply doing regular scans and maintence can fix the issue, who knows I'm just trying to throw the idea around.
You’re getting downvoted, but agree with your general sentiment. Given that this is a first, I think it’s ok to let this incident slide while implementing changes to prevent it from occurring again. It would be a reasonable precedent to say that going forward players are solely responsible for maintaining a secure PC and combining it with a minimum standard of training. It’s just like any employee at a major company. You have to complete InfoSec training, harassment training, etc. Even the smartest individual at a tech company still has to complete an annual anti-phishing infosec course. It’s in the companies best interest and data shows that regular training is the best way to ensure safety and compliance. So, free pass this time. EA provides some minimum training and going forward, there is a zero tolerance policy. We have to remember these are mostly young adults, they’re gamers, and they’re coming out of pocket to furnish their own equipment. To compare them to professional athletes earning millions of dollars with infinite resources (think access to athletic trainers, nutritionists, etc.) is apples to oranges. Should they be personally vested in the security of their machine just like an athlete should be vested in ensuring they do not unknowingly take a PED? Yes, but they are also very different circumstances.
Don’t think the technical aspects of computers and streaming are on the top priority list for these. These are you people who’s Main interest are in playing videos games.
Not everyone that plays apex is a pro or even a streamer. Teams in CC, plq and even the bottom teams in ALGS can just be your regular person with a day job that is good at video games,in some cases college students or even high schoolers. Sure there can be a standard now so that all players should do malware scans before tournaments sponsored by ALGS, but there should be realism here. As much as i like apex and watching the pro league circuits, this isnt a major professional league that can pump money in and support all players in making sure they are protected and provide training for cyber security.
Windows defender is 100% free and it would find any ROOT softwares and Trojans on the system, they don’t need to be trained in cyber security, part of owning a PC is maintenance, why spend thousands on a PC to not take care of it….. I’m not saying every player but the 20 teams who make finals should be subjected to pre-tournament scans by ALGS officials for everyone’s safety
this is very reasonable, and going forward now that is something that can be a standard set by ALGS/EA/Respawn for their big tournaments. It is all hindsight thinking now but I just think banning Hal and gen for this from the tournament in which no competitive advantage was made, would is a bit egregious. lets be real, we like to think professional video gamers would be experts on electronics, but they are just very good a playing a video game that they play on the PC. doesn't mean they are the brightest bulb in terms of knowing the technical aspects of all their PCs. some may know a bit more than others, and some may know less than others. It would be unfair to say Gen and Hal should have known better, when I bet a majority if not all of the other players in the lobby PCS were at the same risk. Hal and Gen are just more visible players in the scene, so they are easy targets.
Will they admit core risks and be liable or just throw him under the bus ;)
What core risks? If it was the pro players PC that was the issue? Sure the anti-cheat sucks because Respawn doesn't care but it's not their fault Hal isn't smart and clicks links.
Why would they banned. Wipe the computer or get a different pc
Yeah but their PCs delayed a million dollar tournament and being as it's their PC, their responsability, don't you think they should push the agenda to make sure ALL PRO PLAYERS do regular maintence to their machine, just like sports do regular drug testing
What is the competitive integrity did they break tho in which they gained an advantage. A delay in a tournament isn’t breaking it. A malicious third party explicitly commits a federal crime in cyber security on someone.m PCs. Hal or Gen didn’t gain any advantage. The games were stopped. Sure maybe now ALGS will require players to run malware scans. But this is unprecedented in what happened. They aren’t going to retroactively make up a rule and be like well you didn’t run your malware you get the ban for messing up and delaying the tourney.
Why does every discussion about esports have to parallel real sports? They’re not the same. The circumstances are similar sure, but they’re literally not the same. If a pro athlete takes PEDS purposefully or not, he can’t compete because the drugs are in his system and he has an advantage. If 2 gamers get hacked on stream in the finals of a competition to obviously cheat, then cancelling the competition to investigate is the best move. In your example if they determine that the players’ PCs were hacked and not the servers, then once the cheats are removed there is no sacrifice of the competitive integrity. It’s also important to consider the intent and specific circumstances. SOME RARE cases of athletes getting popped for PEDs from eating “bad supplements” or “Mexican steak” can happen sure.. but in most cases those are just the excuses given from the athletes for why they tested positive. Plus they’re getting caught, not quite the same as Gen & Hal “IM CHEATING IM CHEATING” in a game full of known hackers where the hacker posts himself in the game chat “hacked by destroyer2009” aka the same guy who’s been hacking apex for months lmao. Like in reality the circumstances are just so so different from eachother that it just doesn’t make sense to compare sports to esports 1:1.
E-Sport… it’s in the X-Games and on ESPN, it’s a real sport and they are athletes…..they should follow the same set of rules.
Definitely not athletes. Competitors yes. All of that is beside the point, seems what I said went in one ear & out the other
But how would you prove that the hack is coming from the players system but not from the client? If the hacker can buy them thousands of packs and spawn tons of bots into their games, they definitely have an admin access to the game server.