n October, Activision was attacked by a group of hackers, who created a bug that made them able to affect according to Activision “a small number of legitimate
player accounts”. Yet the reality seems to be something else.
Activision is a video game giant, that after being hacked had reported a bug that caused its users to be banned from the video game. Activision reported that it had fixed its bug that affected thousands of users.
However, after the hackers had an interview with TechCrunch, the reality seems to stand in another way. The Call of Duty players were banned from the game by the hackers, framing them as characters from the game.
Vizor, one of the hackers who reported for TechCrunch said “I could have done this for years and as long as I target random players and no one famous it would have gone without notice,” Vizor, also added that it was ”funny to abuse the exploit”.
This attack caused by the hackers highlighted the power that hackers sometimes have over the rules of the game. Even more so, sometimes exploit the game flaws in order to create a so-called “cheat code” that can be sold to other players in order to have an advantage. Such a cheat code system is Zebleer, creating and selling their programs as a service, generating millions of dollars. So, in order to keep their games fair, video game companies have hired cybersecurity experts who are working on finding any possible loopholes and protecting them.
In 2021, Activision liberated its Ricochete anti-cheat system that runs at the kernel level of the video game, making it difficult for those who want to cheat to succeed. Yet, the team of hackers Vizor works with, succeeded, leveraging the Call of Duty protection and acting against users. The hackers discovered the list of the hardcoded strings of text the protection system was using as “signatures” and used a so-called “Trigger Bot” that automatically triggered a cheater’s weapon.
Subscribe to our newsletter
The players would simply get a “whisper” message that contained the hardcode strings which activated “Trigger Bot” and get them out of the game. “I realized that Ricochet anti-cheat was likely scanning players’ devices for strings to determine who was a cheater or not. This is fairly normal to do but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives” said Vizor.
Also added “The same day I found this, I got myself banned by sending a whisper message on Call of Duty to myself with one of the strings in the message contents”
Vizor also said that at some point they even created a string of code that would eliminate random users from the video game. It was a ”join a game, post a message, leave the game, join a new game, repeat repeat repeat,”.
“I was most active with the trolling when [the] Ricochet anti-cheat team would add new string signatures. So if I check the [memory] region and see a new string, I will go crazy with it so they think they are detecting real cheaters,”.
At the time of the exploit, the hackers were not only targeting random players, but also some famous ones. Even more, some video game streamers also post on X that they have been banned.
“It was nice to see it get fixed and see unbans,” said Vizor for TechCrunch, adding “I had my fun.