Valve Bans 40,000 Accounts After Laying a Trap For Cheaters In Dota 2 (theverge.com) 89
An anonymous reader quotes a report from The Verge: Over 40,000 Dota 2 accounts have been permanently banned in the last few weeks after they were caught red-handed using third-party software to cheat the game. In a blog post published on Tuesday, Valve revealed that it had recently patched a known issue used by third-party software to cheat in Dota while simultaneously setting a honeypot trap to catch players using the exploit. According to Valve, the cheating software gave its users an unfair advantage by accessing information used internally by the Dota client that shouldn't be visible during gameplay. After investigating how it worked, the developer then decided to identify and remove the "bad actors" from the active Dota playerbase.
"We released a patch as soon as we understood the method these cheats were using," Valve said. "This patch created a honeypot: a section of data inside the game client that would never be read during normal gameplay, but that could be read by these exploits." Valve claims that all 40,000 of the now-banned accounts had accessed this hidden section of data, and that it had "extremely high confidence that every ban was well-deserved." Valve highlighted that the number of accounts banned was especially significant due to how prevalent this particular family of cheating clients is, and that the action taken is just one step in an ongoing campaign to tackle those abusing the popular MOBA game. "While the battle against cheaters and cheat developers often takes place in the shadows, we wanted to make this example visible, and use it to make our position clear: If you are running any application that reads data from the Dota client as you're playing games, your account can be permanently banned from playing Dota," warned Valve.
"We released a patch as soon as we understood the method these cheats were using," Valve said. "This patch created a honeypot: a section of data inside the game client that would never be read during normal gameplay, but that could be read by these exploits." Valve claims that all 40,000 of the now-banned accounts had accessed this hidden section of data, and that it had "extremely high confidence that every ban was well-deserved." Valve highlighted that the number of accounts banned was especially significant due to how prevalent this particular family of cheating clients is, and that the action taken is just one step in an ongoing campaign to tackle those abusing the popular MOBA game. "While the battle against cheaters and cheat developers often takes place in the shadows, we wanted to make this example visible, and use it to make our position clear: If you are running any application that reads data from the Dota client as you're playing games, your account can be permanently banned from playing Dota," warned Valve.
Curious to see (Score:5, Interesting)
What the backlash arguments are for why this is a bad thing.
On its face, this seems like an encouraging move by Valve. Kudos!
Re: (Score:2, Interesting)
Better hope your anti-virus software never scans that data.
Does it affect other games? Your Steam account?
Re: (Score:2)
Anti-virus software will scan that area. But it would do it once per scan.
Cheat programs were caught scanning that memory area continuously - Valve deliberately put honeypot data there and never reads from it. Cheat software finds the area full of useful information and it's scanned repeatedly.
Well, I'm sure Valve Anti-Cheat will probably carry over into your account as being a cheater, which might affe
Re:Curious to see (Score:5, Informative)
That's not 100% how cheat software works, it's often less sophisticated, either hooking the binary already in memory, or patching the C/C++ runtime so that it intercepts access to parts of memory it wants to look at.
It has to be said that ASLR should be preventing "memory scanning" from working in the first place. But this feature is rarely turned on in Windows for applications that must still support 32-bit environments or Windows Vista or older.
The reason why ALL cheats are detectable in the first place is because cheaters often do-not-give-a-shit, and run stuff they find on hacker forums without a second thought as to how they work. Nearly every MMO has "hacks" on one german forum, and that forum operates out in the clear, and is easily found, because the people who develop for-profit botting advertise there.
Most cheats aren't even developed in a way to be hidden, they used some generic trampoline library which makes it easy to locate by anti-cheat programs, and then they write their cheat tools in C# or Python or something that is easily detected by anti-cheat software. Cheaters are stupid, but the wannebe hackers tend to be even stupider. Any real cheat that someone might use to gain an advantage, they will keep close to their chest, write it in C, and invoke specific compilation options to keep anti-cheat software from being able to see what it's doing.
This is why if you really want to cheat in MMO games, you need a second computer to proxy through so the anti-cheat software can't see that the data is being modified. But if you're streaming to profit from this, as soon as your eyes leave your screen, your accountability goes out the window.
Hence these bulk bans will only really catch idiots and not anyone who knows what they're doing, which might only be like a small handful of people.
Re: (Score:2)
Hence these bulk bans will only really catch idiots and not anyone who knows what they're doing, which might only be like a small handful of people.
That's fine. Less idiots making the internet a worse place is a good start.
Re: (Score:3)
Surely the connection to the server is encrypted, making the second computer proxy system redundant.
Not so useful in an MMO, but I have seen recent ones that use HDMI video capture and image recognition to auto-aim. They try to simulate realistic mouse movement inputs (via USB, cloning a legit gaming mouse) so it's very difficult to detect them. There have been a lot of false positives against players who are just really good at fast aiming.
Re: (Score:1)
Do you ever say anything positive about anything? Always doom and gloom with you.
Re:Curious to see (Score:5, Insightful)
this is the wrong take. cheating has always existed and companies will always fight to stop it. if you dont like it, don't install the game, it is your computer after all.
so shut the fuck up and dont EVER make excuses for cheaters you fucking scumbag.
Re: Curious to see (Score:2)
Re: (Score:2, Informative)
If one were to check the steam forum for Dota 2, one might see that it happens to be many players of the russian persuasion that are currently dumbfounded as to why they were suddenly banned. ;)
https://steamcommunity.com/app... [steamcommunity.com]
https://steamcommunity.com/app... [steamcommunity.com]
lol:
https://steamcommunity.com/app... [steamcommunity.com]
There's just no stalin the russian war machine....
Re: (Score:2)
You sound a little unbalanced. The poster never even said that _they_ were a cheater, they just objected on principle to restrictions on what they can do with their own hardware.
Re:Curious to see (Score:5, Insightful)
It sets a dangerous precedent that they want to claim ownership of what goes on inside my computer and control what I do with it
What they are saying is that you're allowed to do whatever you want on your computer. No attempt to stop people from reading the memory was made. But you cannot do whatever you want on your machine on THEIR network. That is the point that was made.
Frankly, this just exposes a poor client/server model
Okay then don't play the game. Plenty of software out there that's used by millions is not the most optimized piece of code ever written by mankind. If you limit yourself to only software written to X% excellence, that's your call to make. No one is stopping you.
If they don't want people to look at what is going on in their own compute, then write the software such that the client doesn't know anything the player shouldn't know.
Well part of the TOS indicates not cheating. Sort of how part of the speed limit indicates not going over a particular limit. You're more than allowed to do either, but one shouldn't be surprised if you end up being caught for having done that. If you don't like the TOS or the speed limit, try not to play the game or travel the road.
Their lack of programming skills and a poor design for a game client/server is not the player's fault
No you kind of agree to play by a particular set of rules. Just because you can technically circumvent them doesn't negate your duty to uphold that TOS you agreed to. It's really hard to have any kind of sympathy for the cheaters that got banned. There's a big old TOS that you have to click the agree button to even get started and doesn't matter what you can and cannot technically do, you're supposed to uphold that TOS, which includes not cheating. Violating the TOS is indeed the player's fault. If not being able to read sections of your memory to abide by the TOS rubs you the wrong way, THEN DO NOT PLAY THE GAME. It's that simple. Don't like the TOS? Don't play the game.
Re: (Score:2)
Their client/server model is horribly broken if the client is sent data that the user should never see.
That's something that's inevitable in gaming. The client needs to be able to know stuff the player doesn't to assist with game state and rendering. The alternative would be something like some of the cloud gaming services where the hardware is mostly under the control of a 3rd party and the only the graphical information is sent to the client, but those have proved to be somewhat unpopular as people would rather run the games on their own machines.
Re: (Score:3)
Re: (Score:2)
I would personally feel no duty toward upholding that at all
And they owe no duty to let you play a game. That's how that works. You can think it's invalid all day long, but at the end of the day, they don't have any legal obligation to allow you to play their game they developed. And that's ultimately how it goes in courts.
Who says I do? I don't even know what that dumb game is
Okay then you didn't have a standing to begin with, so you're a nonparty to the whole argument.
The amount and lengths game companies go to in the cause of DRM (off topic) and anti-cheat (on topic) are egregious
Then perhaps you should ask someone to legislate about it. Because lacking black and white text, you're grasping at straws.
I would never put their root-kit software on my beloved computer
Guess what? YOU DON'T HA
Re: (Score:2)
Re: (Score:2)
Well part of the TOS indicates not cheating.
All fine and good, just one thing: what's the process for getting a refund if you're reading the TOS and find it unacceptable?
Re: (Score:2)
This is Steam we're talking about, get your refund in the first 24 hours for any reason, so you have plenty of time to read the license the first time. If they change it on you later, that's something else I guess.
Re: (Score:2)
Ok. Fair enough. Sorry, that was more of a standard complaint about the unreasonableness of your typical software EULA. I'm not a big fan of unconscionable contracts of adhesion and it disturbs me that the average person is technically meant to be complying with hundreds of them at any given time. I suppose, with online games there's the problem that there's the local client, and then there's the service itself, plus they will constantly be updating the local client. So the line gets pretty blurred in many
Re: (Score:2)
what's the process for getting a refund
That's what is so weird about everyone's arguing here. DOTA 2 is a free to play game. You can buy skins and all that other shit, but pretty much you can play the game free of charge.
Re: (Score:2)
Don't like the TOS? Don't play the game.
The one problem I have with this argument is that developers love to change the TOS after your purchase, and that's on top of the fact that you often can't even see the TOS until after purchase.
There's a whole lot of reasons why I rarely buy modern games. I don't even bother with mutliplayer stuff.
Re:Curious to see (Score:5, Informative)
If the user shouldn't have certain information, it's pretty bad design to have that information in the client and then depend on the client's security to keep that from the user.
For many types of games there is just too much latency to do it any other way. If the client has to wait for a round trip to update the position of every element on the screen, determine hits and misses, and so on, the game is likely to be so janky it's unplayable. This isn't bad game design, it's just necessary.
Re: Curious to see (Score:2)
Re: (Score:3)
MOBA's, FPS and Fighting Games are all way more sensitive to input lags and latency so the client/server model is really the most feasible.
Tradigional MMO style games do the thing where way more is done on the server but that plays into the kinda floaty, dice roll style combat most of them have. The game is "playing" on the servers and your client is really just drawing the animations over the information the server is sending back to you. Anyone who has played these knows part of the skill is being to re
Re:Curious to see (Score:5, Funny)
You're completely right. Also, Chess is a bad game because the board allows you to move every unit in any way and even out of turn, instead of enforcing the game's rules. If someone is moving pieces "illegally", he should not be banned from play as long as he is using a board he bought, as he is simply using the chess board he bought and legally owns in whatever way he wants. /s
Re: (Score:2)
Yeah, no. Sounds more to me like you're the one lacking experience in that regard.
Sure, in an ideal world where we're not subjected to those annoying laws of nature, like the speed of light, you should theoretically be able to do that. But in practice you can't just have a thin-client kind of thing that is only used to send requests to the server and then display the responses. Especially in action based
You don't act like it's your computer (Score:3, Insightful)
Except they're not claiming ownership of what goes on inside your computer. They're claiming ownership of what goes on inside of their computer, and they've made the decision that they don't want their computer to talk to yours, because they don't like what your computer said to theirs.
Suppose a human says something that you don't like. They have every right to say what they said.
Re: (Score:3)
Spoken like a cheater. In actual reality, as soon as you use copyrighted software and communicate over the network, your argument becomes invalid.
As to the poor "C/S" model, that is just you being uninformed about current network realities. Unless you are on a very low latency Internet connection, the client needs to do some things that could otherwise be placed on the server.
Obtuse (Score:1)
What the backlash arguments are for why this is a bad thing.
My computer is my computer. What happens on it is my property.
playing online is not just "your computer"... Its now MY TIME as well. Be less obtuse.
Re: (Score:1)
Banning is the wrong approach. The cheaters will just make new accounts and the suffering of honest players continues. Window dressing to make it look like Valve is doing something, while accomplishing nothing.
Instead game companies need to institute shadow bans. Any account proved to be cheating gets put in a separate lobby. They can still play the game with other cheaters, but never again with the regular player pool. Let those fuckers aimbot each other all they want and leave the rest of us the
Curious how this was implemented (Score:2)
Because non-perfect CPU prefetchers can wander about accidentally, causing a random 4K page to be loaded.
Re: (Score:2)
CPUs do not prefetch 4k pages.
Re: (Score:2)
Re: (Score:3)
Well, they did not scan the user's systems or invade privacy, they only monitored something inside their own software and they credibly got very high confidence of a cheating attempt. And they banned the fuckers, unfortunately only for DOTA 2. Nope, cannot find anything bad here except that maybe they should kick these assholes off any STEAM multiplayer games entirely.
Re: (Score:2)
If anything it's probably an example of how you should carry anti cheating.
Instead of making horrible black boxed malware that break compatibility and open doors for a myriad of exploits, you literally target at the tool and defeat it.
Slashdot should do the same to Troll modders (Score:2, Interesting)
Any mod who downranks those comments as "Troll" should be banned.
Re:Slashdot should do the same to Troll modders (Score:5, Informative)
I moderate completely based on how much I agree with the post. Who doesn't?
People who read and follow the /. moderation rules.
Re: (Score:2)
But the system is broken by bad moderation and this is impossible
Re: (Score:2)
Great until... (Score:1)
"We [Valve] are having trouble with our database and we need you to send your username and password so we can be sure it is you."
This kind of phishing worked back in the AOHell days and I'm sure it still works now.
Re: (Score:3)
That's been a problem on Steam for years.
Re: (Score:2)
But I remember a time where Steam would tell me to not share my login with anyone. And part of that reason was indeed because accounts got stolen, and not only because Valve doesn't want you to share your video game library. For that they introduced the Family feature which allows you to share some games with a limited number of people.
Re: (Score:2)
There are still scammers that will do things like invite you to join a tournament team and link you to a website where you'll sign up to be on a pro team (lol) by plugging in your Steam credentials and you get the rest.
People lose a lot of accounts that way, to this day.
Re: (Score:2)
Yeah, as it seems scammers always adapt to find a new angle of human stupidity to exploit. Seems like cybersecurity countering social engineering is going to stay in business for a long time (as long as human error is involved).
I can think of some methods to counteract those methods and make things more fool-proof, but they'd be so privacy invading that I'm opposed to them on principle. But maybe t
Re:10 year old game (Score:4, Informative)
Re: (Score:3)
Who still plays a 10 year old game?
Son, I still play Super Mario Brothers.
Re:10 year old game (Score:4, Informative)
Who still plays a 10 year old game?
Son, I still play Super Mario Brothers.
Super Mario Brothers? Youngin'.
Re: (Score:3)
Mario *Brothers*? When did Jumpman have a second kid?! ;)
Re: 10 year old game (Score:2)
Re: (Score:1)
Re: (Score:3)
The release date of a game determines how much fun it is? Wait till you find out people have been playing Chess and Go for thousands of years! Do you also whine that the concept of the wheel is thousands of years old?
I've been playing on and off:
* Diablo 2 for 20+ years,
* Minecraft for 10+ years,
* Terraria for 10+ years.
Good games last because they are FUN.
> Why on earth is Valve still supporting such an ancient game?
Gee, I wonder what a Long Tail [wikipedia.org] is.
The cost to support a game is significantly cheaper t
Re: (Score:3)
"Who still plays a 10 year old game?"
Sorry, can't talk now. Need to get back to my game of Warcraft II.
Re: (Score:2)
Who still plays a 10 year old game?
Are you asking who plays the second most popular game right now (sorted on steam charts by either 24hour peak or current player count)? Yeah what loons. They should instead be playing the more popular game, Counter-Strike Global Offensive which came out ... oh ... 10 years ago.
For the record, 1/14th of all online Steam users currently playing a game are playing DOTA 2. Maybe it's time to revise what you know about gaming.
Antivirus scans memory (Score:1)
Re: (Score:3)
Re: (Score:2)
You're probably right, I'm sure Valve never considered that antivirus might scan memory once and just banned everyone with antivirus
Re: (Score:1)
Wasteland Paragraphs Book (Score:2)
This reminds me of the paragraphs book that came with the original Wasteland game release. The game would refer you to a specific paragraph. The book was filled with fake paragraphs though, so if you just started reading in order to cheat you likely would find a trap that was end your game.
Should go even further... (Score:2)
Since I think lots of players have paid DOTA accounts, even banned account should have a final bill applied for $10 to pay for the expense incurred tracking down cheaters.
Why Cheat? (Score:2)
Curious why so many cheat. When I was a kid, it was sometimes fun to cheat, but it was because you sucked at it. But now, why take all the skill out of a game? Is there a monetary reward for winning?
Suppose this is why I don't bother with online gameplay and instead stick to single-player games where I don't have to deal with people being a million times better simply because they're cheating.
Re: (Score:3)
Big ego fuckups that think being able to fake it is just as good as the real thing. There are tons of these around and by far not only in multiplayer games. One reason why some people never get good at anything.
Re: Why Cheat? (Score:1)
Re: (Score:2)
"So called" cheaters? Naw, just plain cheaters (Score:2)
Does this include physical sports and drug use, I mean, they're just "playing a different game by a different set of rules", right?
In my experience, those who cheat in online competitive games are NOT more intelligent. They're assholes who get off of winning, even if they don't get to it fairly.
Note how 40k accounts got banned for using basically the same cheating software. They aren't writing these exploits themselves. They downloading or buying them off the internet.
Re: (Score:2)
Re: (Score:2)
Given that they eventually ended up banned for violating the stated, not assumed, rule sets, I can't call it "successful". Or even a demonstration of intelligence given that it is as easy as a web search to find and download a cheat set.
There are generally reasons for these rules. In many ways, sports are descended from warfare, and are an alternate to it. There are rules in warfare as well, with the ultimate intent there to make ending war easier.
In a similar way, sports generally have rules to both kee
Re: (Score:2)
Re: (Score:2)
Curious why so many cheat. When I was a kid, it was sometimes fun to cheat
Did you just get confused as to something you already know you did yourself?
Re: (Score:2)
These are generally paid cheats. Are kids these days really spending a pile of money each month to cheat? Crazy.
Re: (Score:2)
So, then (Score:4, Funny)
Banhammer 40,000?
Mods good, Cheaters bad (Score:4, Interesting)
As someone who has played a fair amount of online games --- I welcome this. Occasional, unpredictable honeypot traps + waves of permanent bans is a good way to go for some types of games, PvP style especially.
If there's one thing that turns me off to a game faster than spoiled haggis, it's the presence of blatant cheaters/exploiters in a PvP game. Cheaters mess with atmosphere and can make the product look rough around the edges or unfinished, and make you question whether it's worth a time investment to explore further. Most of the time I'm much more attracted to the immersive genre of a game, and not some other, very different meta-game of exploit arms-racing.
I also strongly prefer games with active mod communities. I'm in favor of moddable games, both offline and live. This isn't a contradiction. You can have great mod communities around a game and also be intolerant to exploits that disrupt the gameplay experience within it. If you like finding exploits/glitches/easter eggs/creative hacking, there's ways to do this and show off your skillz and creativity without becoming an asshat to everyone around you. Know where that line is, stay on the classy side.
A good start. (Score:1)
This was the only game I've ever uninstalled due to a reason other than needing space on my harddrive for something else. The cheating, abusive dialogue, and generally rampant griefing was so bad that I had honestly started to think that it was somehow part of Valve's business plan for this game to cater to these types of behaviors. 40,000 accounts banned sounds like... a good start.
Re: (Score:2)
Um, I think you're mixing things up. DOTA2 isn't a MMRPG or resource type game, it's a "MOBA" - Multiplayer Online Battle Arena. I haven't ever played it, but it's a bit like counterstrike, team fortress, and such, but it sounds a bit more strategic.
So this isn't cheating like not counting a few swings in your non-ranked, non-competitive golf game. This is like, oh, trying to use a cored bat in professional baseball.
So this is very much NOT a coop or single player game.
If nothing else, a bunch of shadow