115: Player Cheater Developer Spy

One year I went to DEF CON, the annual hacker conference, and at DEF CON there's something called Roots.

It's basically DEF CON Kids, where it's a whole village set up just for kids to learn how to hack.

I ducked my head in there to check out the scene.

Kids were learning how to solder, how to pick locks, how to hack voting machines, and how to hack websites.

There are talks in this Roots village, too.

And there was a girl on stage, probably 10 years old, and she was talking about how she hacked a video game on her phone.

The game was some kind of farming game where you have to plant your seeds and then wait a certain amount of actual real days for the crops to grow.

Well, she didn't like having to wait.

So she turned the clock forward on her phone and then got back in the game to see if the crops had grown at all, but they didn't.

There was some kind of check that the game was using to see if people were doing this, but she didn't stop there.

She tried again.

This time, she tried turning the Wi-Fi off on her phone and then then changing the clock.

And when she opened the game back up, boom, all her crops had fully grown.

She figured it out.

A 10-year-old figured out how to hack this farming game, which was one of the coolest talks I've ever seen at DEF CON.

These are true stories from the dark side of the internet.

I'm Jack Reesider.

This is Darknet Diaries.

This show is sponsored by Delete Me.

Delete Me makes it easy, quick, and safe to remove your personal data online at a time when surveillance and data breaches are common enough to make everyone vulnerable.

Delete Me knows your privacy is worth protecting.

Sign up and provide DeleteMe with exactly what information you want deleted and their experts will take it from there.

DeleteMe is always working for you, constantly monitoring and removing the personal information you don't want on the internet.

They're even on the lookout for new data leaks that might re-release info about you.

Privacy is a super important topic for me.

So a year ago, I signed up.

DeleteMe immediately got busy scouring the internet looking for my name and gave me reports of what they found.

Then they got busy deleting things.

It was great to have someone on my team when it comes to protecting my privacy.

Take control of your data and keep your private life private by signing up for Delete Me.

Now, at a special discount for my listeners, get 20% off your Delete Me plan when you go to join deleteme.com/slash darknet diaries and use promo code dd20 at checkout.

The only way to get 20% off is to go to joindeleatme.com/slash darknet diaries and enter code dd20 at checkout.

That's join delete me.com slash darknet diaries code DD20.

This episode is sponsored by my friends at Black Hills Information Security.

Black Hills has earned the trust of the cybersecurity industry since John Strand founded it in 2008.

Through their anti-siphon training program, they teach you how to think like an attacker.

From SOC analyst skills to how to defend your network with traps and deception, it's hands-on, practical training built for defenders who want to level up.

Black Hills loves to share their knowledge through webcasts, blogs, zines, comics, and training courses all designed by hackers.

For hackers.

But do you need someone to do a penetration test to see where your defenses stand?

Or are you looking for 24-7 monitoring from their active SOC team?

Or maybe you're ready for continuous pen testing where testing never stops and your systems stay battle ready all the time.

Well they can help you with all of that.

They've even made a card game.

It's called Backdoors and Breaches.

The idea is simple.

It teaches people cybersecurity while they play.

Companies use it to stress test their defenses.

Teachers use it in the classroom to train the next generation.

And if you're curious, there's a free version online that you can try right now.

And this fall, they're launching a brand new competitive edition of Backdoors and Breaches, where you and your friends can go head to head hacking and defending just like the real thing.

Check it all out at blackhillsinfosec.com/slash darknet.

That's blackhillsinfosec.com/slash darknet.

Hey, friends, I just want to thank thank you again for being here with me and listening to the stuff I create.

You, the listener, means the world to me, and I love you.

Hey, want to go down a rabbit hole with me?

There's some stuff I stumbled into that's kind of crazy, and you might already know about all this, but I didn't.

And I love finding new pockets of crazy stuff happening on the internet.

So come along with me and let me show you something.

This is an an opening clip of a YouTube video called

Oh, actually, it's in Russian, so I have no idea what it says.

Here, let's see what Google Translate says.

I think I understood these words.

Did it say Cheetah's documentary film?

Here, listen again.

Cheetory Documentalni film.

Well, now I'm going to make Cheetory Cheetri Documentalni podcast.

So it came to my attention that, okay, brace yourself.

People are cheating in video games.

Dun dun dun.

It's probably the most well-known fact about video games.

And to be honest, people have been telling me about this many times.

And I was kind of like, yeah, of course people cheat.

Duh.

In fact, the first hack I ever did was manipulating the save game file on SimCity and giving myself 999 billion Sim dollars.

So I was just just like, yeah, who cares about cheaters?

But someone I was chatting with was like, no, no, no, it's a crazy industry.

And I still wasn't interested.

I'm like, yeah, of course.

Haven't you heard about Game Genie?

And I really didn't care because, so what if there's a cheater in a game?

It's just a game.

Anyway, I finally leaned in to take a look at what this person was telling me.

And I was like, whoa, what?

And I immediately thought of you, my listener, and how you would probably want to hear about this too.

So let's get into it.

Now I've been working on this episode for geez six months now trying to embed myself in the game cheating community to get an inside look and I did sorta.

I talked with all kinds of people involved in the cheat scene developers distributors admins and players but I wasn't able to get any to agree to a voice interview which was really frustrating when you can chat on discord with someone for hours and hours and day after day who are open to just about anything yet don't want to have their voice heard.

It's a little frustrating.

And this wasn't one person who turned me down.

It was every single person I chatted with.

So I'm sitting here now just looking at pages and pages of chat dialogue with these people.

And well, since this is an audio show, hey, why not get a voice actor to read these chat messages?

How's my voice sound?

Can you email Rat?

Yeah.

Yeah, this sounds great.

Thanks for doing this.

Yeah, no problem, man.

What he's going to read from me is kind of a mashup of all the conversations I had with a few different people.

It's not just one conversation I had.

He's going to read from many different conversations.

I want you to know, I don't really care about cheaters.

Not enough to make a whole episode on it, that's for sure.

And it's probably because I suck at all online games and people don't need to cheat to beat me.

So I just kind of see it as a trite problem, something that's just so common that it's boring to me.

On top of that, it just feels like a big whoop kind of problem, you know, like it's just a game, so what?

And so because of that, I'm not gonna focus on players at all for this whole episode.

What I'm fascinated with is the money involved and the internal war that's waging between devs.

So I'm the admin of a website that provides cheat software for Call of Duty, Battlefield, Apex Legends, Day Z and others.

Why do you do this?

Because people will pay a lot of money for cheats.

How much do you charge for, say, a cheat in the game Day Z?

Currently, our public cheats are $29.99 for seven days.

But we have private cheats too that are reserved for only a few trusted clients.

Wait, so you can only use the cheats for seven days?

Then what happens?

Then they have to pay more to keep using it.

Oh, okay.

First of all, I thought game cheats were free.

I didn't realize people were buying them.

But not only are they buying them, they're paying more for the cheat than they are for the game itself.

And I'm extra surprised that it's a subscription-based model.

Yeah, it has to be like that because the game developers are always patching their game, which makes it so the cheat doesn't work.

So we need to find a new way to exploit the game.

We have to always be developing, which costs money.

So how many people are on your team?

I am the admin of the website and owner, and I have a developer who creates the cheats and loader.

I do the customer support too.

But not all cheating sites have their own developers.

In fact, not all cheats are even real.

There are a lot of scam sites out there that promise to provide cheats, but they don't work.

Then there are developers and resellers.

Say a developer finds an exploit and creates a cheat.

They can package that up and sell a key to a reseller.

The reseller then creates a website or listing somewhere saying they have a working cheat and tries to find buyers.

If someone buys it, the reseller just sells them the key to use the cheat that they got from the developer.

So two different people are making money from this, the developers and resellers.

Why wouldn't the developer just sell directly to players?

Developers want to focus on developing, not marketing and selling, or dealing with customers and money transactions.

Once a developer finds a good reseller, then they don't have to continually look for new buyers.

The reseller will do all the legwork.

Also, a developer can be more protected because they can just accept all payment in Bitcoin from the reseller, giving them a way to hide better.

Okay, so in this scenario where there's a developer and a reseller, who's making more money?

The developer will.

How much do cheat developers make from this?

They can make anywhere from a few bucks to $500,000 a month.

A medium-sized cheat would bring in about 20 to 80K a month.

Well, dang, that's a lot more than a regular job as a developer.

Yeah, and resellers can make good money too.

Anything is possible.

Okay, I'm looking at your website now.

The buying process is unlike anything I've ever seen before.

It's crazy.

You can't just buy and download this and begin using it.

Can you walk me through what it takes for someone to buy this?

Okay, before you can buy a cheat, you must be verified.

You must fill out an application, which must include your real name, date of birth, country, links to your profiles on sheet forums, and we will send you a private message to confirm it's you, which sheet you're interested in buying, and three separate photo IDs, like a national ID card, passport, or driver's license.

We also need a selfie.

That's way too much information that someone has to give you just to get the cheat from you.

Three photo IDs?

Are you serious?

Yeah, yeah.

There's a lot of people who would love to get their hands on our cheats, and we need to protect them.

Protect them from who?

Haters, game devs, competitors.

Uh yeah, this makes sense.

Game developers must hate when new cheats are developed.

If they could get their hands on the cheat, they could probably fix it right away.

And this makes me curious what game devs are doing about this.

So my name is Sugin Harton.

I currently work on a game called Dying Light 2 at Techland.

And before that, I worked at Bohemia Interactive

on a game called AZ, which was the the one where the,

I guess, the whole security thing around games started for me.

Now, it also was not easy to find a game developer to come on the show to talk about how they're battling these cheat makers, because this is an act of war zone.

Game devs don't want to share their tactics on how they're defeating this.

But I did find Eugene here because he gave a talk about this at a conference, and he's willing to talk about the old stories he had from when he was working on the game Day-Z five years ago.

What was

what were the cheaters like in the game?

What were they doing?

Okay, so Daisy might be a bit of a specific example, but I'll go into a bit of detail.

So, generally, like when you think about cheating, you can say that it's basically gaining an unfair advantage of any kind.

With that in mind, you know, like it can be probably broken down to exploiting and glitch abuse, which is where they are basically using something that we already did wrong in the game.

So, a bug that we introduced ourselves or a glitch

that

is not part of the intended design.

Any game state manipulation and injection, which was also very common in DAISY, and automation, which is just an automation of inputs to basically alleviate any manual work this

intended by design inside the game.

So all of these things to a certain degree were happening in DAISY as well.

Now we're only talking about online games here where you're playing against other players.

Some of the exploits for sale today promise to give players extra abilities, such as being able to see exact locations of other players or aim bots which point your weapon for you.

All you need to do is click the mouse button and you'll hit your target.

And some other things, like being able to go through walls, or making your own hitbox smaller.

Even the slightest advantage gained through cheating is an unfair advantage to all the other players in the game.

It ruins the fun.

Fun generally means a process of learning and overcoming a system.

And if that's the case, if what they are doing is not, you know, like damaging others people's experiences and they are doing it only for their own experience, experience.

It generally is not a problem.

Okay.

So,

how big of a problem is this for video game companies?

Like, how much resources do video game companies, or maybe even just DAIS, put into fighting this?

So, I met a bunch of people in the space, and to speak about DAISY first, I would say, you know, we had five people that were dedicated just to the subject.

If I don't count the externals, because Bastian Suter, who's the creator of Bat Lye,

which was the kernel agent we were using to protect the game.

Basically the common anti-cheat, also used in many other games.

So if I would cut Bastian helping us with the subject, it would be like six people.

And if I look at a different direction of much more larger games and competitive games like League of Legends, as far as I know, the team was like 25 plus or something.

Whoa, there's a 25 person team just within the game League of Legends that's primary job is to focus on finding cheats and fixing them?

That's crazy.

League of Legends is owned by Riot Games and according to Wikipedia there are 2,500 employees at Riot Games.

But even still, 25 is a lot of people dedicated to just stopping cheaters.

I don't know.

I'm just shocked by that.

Because when you play these games and encounter cheaters, it feels like cheaters are everywhere in the game and the game makers just sort of gave up trying to fight it or do very little to stop it.

But now I'm realizing game makers actually put a lot of effort into battling it, and they take it very seriously.

And another thing Eugene just said was that game makers use Battle Eye to help stop it too.

Battle Eye is an anti-cheat engine.

Game makers can integrate it into their game and its job is to examine all player behavior to identify a running cheat and close the game before it can affect the game.

It's now integrated into over 50 games, and Battle Eye has its own team of developers to help detect and stop cheaters.

They can check for things like if the player is pushing buttons at an inhuman rate, or if the player's position moves too fast for what the game allows, or if their win rate is higher than normal.

And they can try to analyze a player's game to see if they're exploiting anything, and then ban the player and report the exploit to the game developers.

And that's just Battle Eye.

There's also other anti-cheat software like Punkbuster, Easy Anti-Cheat, and VAC.

What I'm realizing is that because there's so many cheaters in video games, it's spawned this whole secondary offshoot industry of anti-cheat software solutions.

And again, that's on top of the dedicated team that the video game company already has working on this.

And so now we start to see how there are some serious enemies in this space.

Battle Eye is out there to try to ruin the game cheating industry, which is a bold thing to set out to do to try to ruin a whole industry.

And the cheat makers out there.

This episode is sponsored by Shopify.

Starting a new solo project is really overwhelming.

When I started this podcast, I suddenly had to worry about writing, editing, researching, interviewing, and so much more, all alone.

And when you're starting something new, finding the right tool that not only helps you out, but simplifies everything can be a game changer.

For millions of businesses, that tool is Shopify.

Shopify is the commerce platform behind millions of businesses around the world and 10% of all e-commerce in the U.S.

From household names like Mattel and Gymshark to my own t-shirt shop, which is shop.darknetdiaries.com.

And I love Shopify because of how easy it makes getting my business online.

And once it's there, Shopify has built-in tools to help me create, execute, and analyze my online marketing campaigns.

So get started with your own design studio.

With hundreds of ready-to-use templates, Shopify helps you build a beautiful online store to match your brand's style.

If you're ready to sell, you're ready for Shopify.

Turn your big business idea into

with Shopify on your side.

side sign up for your one dollar a month trial and start selling today at shopify.com slash darknet go to shopify.com slash darknet shopify.com slash darknet

Out there are trying to build working cheats, but then also make it so bad-eye can't detect it and they've got to constantly be developing new strategies to be undetected and find new cheats in the game.

And game developers are just wanting to provide a fun experience for players and not let their game get overrun or ruined by cheaters.

We're going to take a quick ad break here, but stay with us because when we come back, people start playing dirty.

Game devs and cheat devs don't like each other.

Game devs are always trying to ruin the cheating industry, which means the cheat developers sometimes just wake up some days and suddenly their main product isn't working anymore, which means the cheat developers need to scramble to get new working cheats out there.

We also have haters who are actively attacking us, trying to bring our cheats down.

What do you mean?

Like our competitors, other cheat makers, they sometimes attack us.

And lots of people get mad at us because they just hate in-game cheaters.

So we get DDoS, and our site goes down, and then we have to spend more money on DDoS prevention and pay for extra bandwidth when that happens.

Okay, so now it makes sense on why you ask for three forms of ID before giving someone your cheats.

You don't want your cheats landing in the wrong hands because if it does, it could make it unusable very quickly.

Exactly.

So have you ever tried to buy the cheats yourself?

Yeah, of course.

Like the paid ones.

Yeah, and how successful were you?

Pretty successful.

So with public ones, it's pretty easy.

So the way we did it, the first thing that we need to like kind of implement is like kind of a bug bounty program and the ability to like buy cheats.

So we created like a completely physically separate network inside the company that has a separate network connection to the internet, and we were using it as basically a separated lab where we were buying cheats and disassembling them.

So, inside basically this space,

we had like a couple of people working on it, like a reverse engineer and like a community manager, who are trying to buy cheats, be or impersonate people who are like looking for a cheat, both in like public and private space.

So, for public, easy, they would create accounts, they would buy it

through PayPal money, which was like deposited by the company.

And because a lot of the times it was like PayPal transfer,

I think there was something even with crypto, etc.

So generally, basically alternative payment methods.

And

we would have this person look for these public cheese and private cheese, try to acquire as much of them as possible, and both provide them to the anti-cheat program we were using.

And if possible, use also our own reverse engineer to figure out how they are breaking the game.

And this process of buying the cheat was

easy on the public side, as long as you

didn't make it clear that you're from the company,

like using the name of the developer, et cetera, because they would

ban these accounts.

But when it comes to private ones,

it sometimes meant you would have to have an IAM conversation on Skype, ICQ, IRC, VK, Facebook, whatever, or on forums through their dedicated channels or dedicated websites.

And

we even have cases where people were asking for IDs to confirm the identity of the purchaser, especially with some of these super private ones where they are selling to 10, 20, 30 people and asking for a very sizable subscription, like $200, $500, because we've seen even those,

where people are willing to pay $500 to have a private sheet that's just for them.

That's what they want to do, and there is a developer that they contact if anything fucks up and they will fix it for them.

So,

you know, posing as different

users, multiple accounts, multiple, you know, like separate networks that we are using, and just like being present on all these channels where the barters and trades have been happening.

But it's not as easy as just posing as someone else to buy these cheats.

Loading and running the cheat in-game is also a very delicate process that the game devs have to be careful about because the cheat makers are watching that part.

So how does your cheat work?

If I bought it, what steps do I need to do to get it to work?

We have a loader.

You first run the loader, then it runs the actual game.

It's sort of a wrapper for the game, so all packets coming in and out go through this loader.

All memory is also available on the loader.

And the loader manipulates the data to make the cheat work.

Okay, I get it, but is there a login feature to the loader?

How do you know when my subscription has run out?

We use license keys.

When you run the loader, you enter in a license key, and that makes the cheat valid for that many days.

Talking with the cheat seller more, they tell me that there are also ways to identify the machine that the loader is running on, and the key becomes tied to that machine ID.

So it might be a combination of host name, MAC address, IP address, or other identifiers.

And what that also means is you can't share the cheat with others.

It will only work on the first machine you install it on.

Now, let's stop here for a second and recognize how desperate some people are to get these cheats.

Paying $30 to use a cheat for seven days is pricey enough if you ask me.

But on top of that, you have to give the website three forms of ID and then you download and install and run a program from a shady underground hacking website.

Whoever is buying this stuff really has to ignore several red flags to get it going.

And some cheat makers see this and take advantage of it.

You should look into AimKit.

Okay, AimKit.

This was a cheat for the game Rust that you had to pay $40 a month to use.

And players reported that the cheat was never undetectable, meaning Battle Eye could easily spot it if you were using this cheat and ban you.

So to begin with, AimKit was not a quality cheat.

You buy it, you use it, you get banned.

And this is not how you want your cheat experience to go.

Good cheats go undetected.

Anyway, when users started complaining about this cheat, other users started piping up too, saying after installing it, they got their Discord accounts banned.

And what supposedly was happening was the loader was not just providing a cheat, but also grabbing a few things off that computer that it was installed on and sending it back to the devs at AimKit, such as Discord logins and who knows what else.

Supposedly the AimKit devs used those Discord logins to do things.

I'm guessing spam channels or people, and that got the person banned from Discord.

But that's just one example of a game cheat that was actually malware, stealing user information and causing harm to the user.

But there are far worse ones than this.

Eugene says when he buys these cheats, he's always expecting them to be malware or some kind of spyware.

So he has to take extra precautions when installing them.

What the application that he sent us did, it was of course on like a separate network physically,

and

as much of the protection as we could imply within the company.

But what the application that he sent did, it downloaded all the Skype database files and sent it over

to the guy.

And when he reviewed those Skype database files, he could see that it was us developers, for example.

Yeah.

So as soon as he basically sent us something which was not working and we started complaining that it's not working, he would go and close the communication immediately because he would figure out we are developers.

So they go to really extreme caution.

Wait, are you saying that when they send you the loader

or the cheat, that the cheat actually looks at other data on your computer to confirm who you are?

Yeah, yeah, it acts like malware all the times.

You know what?

I should have expected that, actually.

I remember downloading games when I was a teenager from dodgy websites, and half of them did contain malware.

Why would I expect it to be any different today, even if I'm paying for it?

Downloading any executable from a shady website is never a good idea.

So this is why when video game developers get a cheat, they put it on a fresh computer that doesn't have any sensitive files on it on its own separate network.

Because the developers of the cheats watch to see who's using their cheat and maybe even take note on what game dev's IPs are and block it if it matches.

But this also makes it hard for game developers to share the cheat with the dev team or Battle Eye since they can't send this cheat to someone else.

It won't work on another computer.

So game developers have to set up like remote desktops so other people can come into that machine and analyze it or install it on a virtual machine.

Eugene also tells me that sometimes people from the cheat community will come forward and just give them a cheat, often through their bug bounty program, but sometimes not.

Sometimes they just get sent a working executable that has a cheat in it.

Clearly something that this person bought but didn't develop and are willing to share it with a game developer.

And I think what's going on here is that it could be infighting among other cheat devs, where if one cheat provider wants to ruin the business for another cheat provider, they could just buy the cheat and then give it to the game developer who would then fix it to make that cheat not work, which means more people buy the working one.

So, yeah, you could say like we had both kind of

like approaches to have like a double agent on our side and people from the community, the cheating community that would act as double agents for us

by actually providing us additional information or like directly the binaries of a certain cheat that was private, etc.

Gosh, it's crazy, huh?

Being Being a game developer today means you might have to pose as a double agent acting like a cheater to get your hands on some cheats, or you might have to work with double agents who are in the cheat community but feel like exposing someone.

It's a crazy battle that's taking place.

And sometimes all this gets personal.

There's a lot of emotion involved in all this, right?

I mean, for a cheat dev to make a cheat, they probably already love the game and know it very well, and they would love to develop an extra feature in the game.

So they sit down and try manipulating the in-game data to try to find something that gives them an advantage, and that might take weeks.

But when they do, it's got to feel great that you outsmarted the game makers.

They must feel like they know stuff about the game that the developers don't even know.

So I bet there's a bit of a celebration that goes on after they find a new cheat.

Of course, getting paid for that brings all kinds of new emotions too, right?

Dopamine hits for sure.

But then all that comes crashing down when the game studio detects it and patches it.

Now that high that the cheat devs had goes away and they could get mad.

They might want to know who exactly was the game developer that ruined the party and find their name and start insulting them over Twitter.

And now this is where things start getting ugly.

We got really close with these people.

And by close, I mean they, you know, slowly they kinda doxed us and got our phone numbers and like private accounts.

They never, I think, got actually

into any of my accounts because most of them have all their under two-factor authentication, but I guess they at least tried.

With these like connections to these people, I met a lot of different weird characters.

Eugene says he was going to give a talk about cheaters at GDC, the game developers conference.

And apparently, the game cheaters started a GoFundMe campaign to raise money to...

What was was it they were going to raise money for?

To be able to pay for the tickets to GDC to come to the presentation and draw me there, basically.

Well, he gave the presentation at the conference and there were no trolls in the audience.

But he was doxxed and had many invalid login attempts on his accounts and got all kinds of weird messages and threats.

You know, like the things that I hated the most were like the creepy calls.

You know, like I would pick up a phone and, you know, like since it's my work phone and when an anal number is calling like I generally pick it up because it can be any of our partners and I would like have these like weird things being said to me or like people contacting my family members sending them like weird gory pictures and it was just annoying

like why would you like make it

Well, like, for example, why would you target like my family member?

Like, I don't, I don't fucking get it.

Like, okay, like, bother me on Instagram, bother me on Twitter, bother me on like freaking freaking Messenger and send me weird shit.

Just don't call me, you know?

Like, don't bother people around me.

That would be like nice.

So it kind of prompted me to be more,

you know,

secure about a lot of my like social media.

And I don't use them as much as I used them, you know, in the past.

It's just like all closed up.

It's just wild that the game devs and the cheat devs are both getting attacked in this space.

And it's a weird parallel with the game itself.

I mean, in the game there are battles taking place, simulated fighting, but then outside the game there's this whole different battle happening too.

And that's much higher stakes.

I'm just clicking around on one of these websites that sells cheats and there's something here that says this cheat is stream proof.

What's stream proof?

It means it's not detectable on Twitch.

Oh, so if Twitch sees you're cheating, they ban you?

No, no.

If someone is streaming, they can see the cheat, but the viewers of the stream don't see the cheat.

Whoa, that's crazy.

That's a whole nother level of sophistication in this.

The person playing with the cheats on can see the locations of the other players, whatever extra perception they have, but that's not visible to whoever's watching them play on the stream.

This makes the player look so much better than they actually are, and their viewers have no idea they're cheating.

This is actually amazing, Because there's a lot of people who make a living from just streaming themselves playing video games.

And I imagine better players get more viewers than worse players.

So having that little cheat boost to help you look better than you are probably pays off to these streamers.

I feel like personally, cheating for fun is fine, but cheating in competition is lame.

Do people cheat in competitions?

Yeah, it's a very small customer base, but we work with some pro players.

For them, they use it to win cash prizes in tournaments.

And who doesn't like more money?

I can see why this is taken so seriously by game developers.

If there are cash prize tournaments for a game you make, you want that game to be as fair as possible.

And in-game cheating at tournament level reflects just as badly on the game itself as it does on the cheater.

I talked with two different owners of these cheating websites, and I asked one of them, is what you're doing illegal?

They said, nope.

Then I asked the other, and they said, Yeah,

some have been called like Misusoft.

Misusoft.

Let's take a look at what or who that is.

Ah, here's a video.

This teenage hacker runs a smaller operation from the Netherlands.

His business can still make almost £1,500 a week, and his customer base is growing.

That's a clip from a BBC News story that the journalist Joe Tidy did.

You could get in some serious trouble with this, could you?

Yeah.

If Ubisoft decides to come after you because of copyright infringement,

you're in for a tough time.

Joe interviews what looks like a 17-year-old kid for this, who claimed to be making and selling cheats.

And the kid shows Joe what they do and how they work.

Well, one month after appearing on BBC, Ubisoft was able to identify this young man and sue him.

It turned out he was running a website called MizooSoft, selling game cheats for Ubisoft.

And Ubisoft had all this information on this guy, his name, address, his websites, his parents' information too.

The BBC didn't turn him in, but if you come on TV to talk about the underground activity you're doing, your OPSEC is probably not the best.

Since he was only 17 when he was hit with this lawsuit, Ubisoft just asked for the website to be taken down to immediately stop developing and selling cheats for the game, and they wanted a copy of all the cheats he had and some kind of financial compensation for the damage that they suffered from it.

I believe that lawsuit is still ongoing, and I actually did get in contact with the guy, the owner of Mizusoft.

We chatted for a while, but he ultimately said he can't talk about this case.

So again, turned down, which is typical for the scene.

But there are a few other stories like Mizusoft.

Apparently there was a cheat going around for Pokemon Go, and this cheat was called PokeGo ⁇ ,

and it allowed you to move to another location without having to leave leave your house.

But the game developers discovered who created this cheat and sued them.

The case was settled, and the cheat creators paid $5 million

in the settlement.

Wow.

Then there was another story that Joe Tidy from the BBC reported, saying the world's biggest video game cheat operation was busted by the Chinese police.

The story says, Tencent and the Chinese police worked together to arrest the crew responsible for making cheats for Tencent games.

The bust resulted in several luxury sports cars being seized.

There's a photo that has a Lamborghini, Ferrari, McLaren, Mercedes, and a Land Rover.

These were all seized by the police.

And in fact, the police reported they seized $46 million worth of luxury cars alone from this crew.

And they reported that these cheat developers made $76 million from selling cheats for 10 cent games.

10 people were arrested who were involved with this, and it was quite an operation for the Chinese police.

As I dig through court cases, I start seeing even more things show up.

In 2019, Epic Games sued a 15-year-old YouTuber for advertising cheats on his channel.

The complaint says he was selling Fortnite cheats for $250 each.

And what's really weird here is this YouTuber made a video saying he got sued.

Well, today, I got like 30,000 pages in the mail from Epic.

I don't know.

I think it's kind of weird that they're saying me.

I don't know what's going to happen.

I already have a pretty good attorney, so.

That was the last video this kid ever posted, and it's been three years now.

Now, in this case, Epic is saying the boy violated the copyright laws.

Okay, I guess I can see that.

Perhaps that's the best legal leg to stand on in this case.

In June 2021, Bungie sued AimJunkies.com for infringing on their their intellectual property.

Apparently, this site was selling cheats for the game Destiny, but AimJunkies is trying to get this case dismissed, saying Bungie is embellishing and exaggerating what happened and is misusing the legal system.

So there's one cheat developer who's trying to fight back.

I'm not sure how that's going for them.

Earlier in 2022, Activision sued two German companies for creating cheats for Call of Duty.

Activision is saying these companies have violated copyright laws.

And that case is still ongoing.

And there are quite a few other cases in the air.

Epic Games is saying they've issued over a half dozen lawsuits to cheat makers now.

But the problem that these game makers have is they often have a hard time tracking down who the cheat developers are to issue lawsuits to them.

And sometimes when they do find who these people are, they're in other countries that lawsuits just don't have that much of an impact to cheat makers.

And so...

As I learn more about all this, I've come to the conclusion that I don't like cheaters.

I think they do ruin the game for other players, at least online games, right?

Cheat all you want if it just affects you, but when you're battling against other players and you use cheats to beat them and you're ruining their game, that's not cool.

Nobody likes that.

So I agree it's wrong, but I'm torn on what should be done to stop this.

Okay, issue a cease and assist.

Great.

And you can hope the cheat developers stop there, but many aren't.

All the cheat devs I spoke to said they received cease and desist letters, but just sort of laughed and kept on doing it.

So, what should be the next steps that game makers should do?

Call the cops, issue lawsuits?

Sending a cease and assist letter is easy.

You just email the cheat support team telling them, stop what you're doing.

But issuing a lawsuit requires you to know who the person is that you're suing.

So, now the game makers have to sort of investigate who the cheat developers are for this.

Which, I don't know, could result in some kind of hack back type of activity, maybe?

Like phishing the cheat makers to try to get info on them?

I mean, it's possible, but unethical.

It's just weird to think that there are game studios out there that are investigating to try to figure out the real identity and location of who these cheat developers are.

What seems to be happening are game makers are using high-priced lawyers to try to intimidate cheat developers, saying things like, we're going to sue you for the maximum allowable amount, which may be millions of dollars, or some other big scary things.

And I suppose some of this works.

It gets the cheaters to just stop what they're doing and not do it anymore.

But it'll be interesting if someone does challenge a lawsuit like that and wins, because I don't know, maybe they somehow prove that cheating isn't illegal.

It's a weird legal issue for sure.

And I worry because corporations have bullied people in the past with lawsuits because someone violated their terms of service or some other made-up rule, which has had horrible results.

Just look up who GeoHot is or Aaron Schwartz.

So it seems like for now, the best tactic is for game makers to solo this one themselves and dial it on their own.

And I mean in-game.

By putting more resources into securing the game code and game client and adding more monitoring and detection mechanisms to try to find when players cheat and force them to quit.

But of course, with every shot fired by the game studios, the cheat makers try to dodge it and heal up and move forward.

And this might be the most epic battle that game studios have created yet.

A big thank you to Eugene Hartin for sharing some of the insights from a game developer's point of view.

And also, thanks to everyone I chatted with over DMs on Discord to give me inside scoops on what's going on.

This episode was created by me, your commanding officer, Jack Reese Sider.

Original music this episode was created by the demo man, Garrett Tiedemann.

Mixing done by Proximity Sound, editing help by the medic, Damien, and our theme music is by the King of the Hill, Breakmaster Cylinder.

I was blowing up a balloon the other day, and I was thinking: inside this is CO2, right?

And it's compressed, right?

So, why not call it CO2.zip?

This is Darknet Diaries.