Cyberattack gifts esports pros with cheats, forcing Apex Legends to postpone tournament

Updated Esports pros competing in the Apex Legends Global Series (ALGS) Pro League tournament were forced to abandon their match today due to a suspected cyberattack.

In the early hours of Monday morning, two professional Apex Legends players competing in two separate matches were forcibly given cheats on their accounts – events that have seen the tournament temporarily shut down. 

Noyan Ozkose (whose alias is Genburten) of the Dark Zero team was suddenly given the ability to see all opponents through walls, while Phillip Dosen (alias: ImperialHal) of the TSM team was also suddenly gifted the ability to aim automatically at his opponents without any manual application to the controller – an "aimbot."

ImperialHal remained in the game server until organizers shut it down, but was issued a ban by the game itself after it detected a cheat system running. Teammate Evan Verhulst (alias: Verhulst) also received a ban.

There is no suggestion the players were anything but horrified at being gifted the sudden "hacks," as the panicked audio in the linked Twitter feeds attest.

The community suspects that the attacker responsible for the intrusion exploited an unpatched remote code execution (RCE) vulnerability in the Apex Legends game.

This was backed up by messages sent from the alleged attacker to the individual behind AntiCheatPD, an X account that gathers information about video game cheats, claiming that the incident was caused by an RCE exploit.

The messages didn't specify the component of the game that was allegedly exploited. The community has been debating whether it could be in the Apex Legends game client itself or in the game's built-in anti-cheat mechanism (Easy Anti-Cheat).

Another possibility being discussed is that the vulnerability was in Valve's Source engine, a heavily modified version of which powers the game.

However, the scant communications from Apex Legends, developer Respawn Entertainment, or publisher Electronic Arts (EA), haven't answered anything in terms of technical specifics. It's still early days, after all.

"Due to the competitive integrity of this series being compromised, we have made the decision to postpone the NA finals at this time. We will share more information soon," Xeeted the Apex Legends Esports account.

El Reg asked EA's comms team for more information about whether a suspected RCE was exploited, or when a further update would arrive, but it didn't reply.

The incident - where competition was disrupted as a result of outside interference - is a rarity in the esports world.

In 2015, professional matches in DOTA 2 and League of Legends were also forcibly abandoned after DDoS attackers knocked players offline, rendering them unable to compete. This type of attack is more common against game servers themselves, rather than individuals, but it's not unheard of for professional esports players or streamers to get the same treatment.

Given that all major esports matches are freely streamed online, the disruption can be seen in real time. Also taking into account that bets can be placed on matches with major, legitimate bookmakers, there is entertainment and potentially financial incentives to carry out such attacks. Reputational harm to a player and/or the game could also be a motivator.

Cheating in esports has largely come from the players themselves, introducing cheat software to their systems to give themselves a competitive advantage.

There have been countless cases over the years that have led to professionals being banned from their respective games for varying lengths o time. Some, like former StarCraft world champion Lee Seung-hyun, were banned for life. 

Although he didn't use a technical, software, or hardware-based exploit, Lee was found guilty of taking payments to fix matches and subsequently banned from StarCraft esports forever.

Using illegal cheats has long been on the radar of video game professionals and made security shop Trend Micro's top three concerns for pro players back in 2019, alongside ransomware and information stealers.

• Olympic-level server tossing contest seeks entrants – warranty voiding guaranteed
• Amazon's game-streamer Twitch to quit South Korea, citing savage network costs
• Linux interop is maturing fast… thanks to a games console
• There can be only one... Microsoft Excel Champion

"After analyzing esports underground markets and seeing the services and technology available, there is no doubt that the esports industry will be heavily targeted by malicious actors going forward," Trend Micro said at the time.

"Luckily, gaming companies and tournament organizers are already aware of their status as targets, and are always on the lookout for new cheating techniques and tools. There are also new security features being developed for the industry, as well as different anti-cheat services dedicated to keep esports fair. 

"But, for all the targets involved, there needs to be a more comprehensive awareness on the specific threats involved in these competitions. This can help them build better defenses and find more effective security solutions." ®

Updated at 14.59 on March 18, 2024, to add

Easy Anti-Cheat, the anti-cheat software used by ApexLegends, said in a statement on X: "We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat. At this time - we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed."