Pirate Software, a renowned cyber security specialist, shares his expert opinion on the recent ALGS hacking issue. Also explains if it’s safe to play Apex Legends right now.
Note: Scroll to the bottom of the article to find the TL;DR. However, if you want to get into the details, we recommend you read the full article.
If you don’t know who Pirate Software is, he is a cyber security specialist who’s been working in the security industry for about 20 years. He has previously worked for Blizzard Entertainment as the lead of application security and as a hacker for the federal government. To put it briefly, he is fairly knowledgeable about these kinds of topics.
So, when Pirate Software was made aware of the recent ALGS situation about pro players getting hacked, he reviewed the whole thing and shared his expert opinion on this matter. Another content creator named Ferret Software and Apex-pro, Mande, also helped Pirate Software by providing enough information to assess the incident properly.
Before we get into his opinion regarding the issue, I would like to draw your attention to this Reddit thread, which indicated that there may be an RCE (Remote Code Execution) vulnerability to the game. Moreover, the main culprit in the ALGS hacking incident also claimed the exploit to be RCE. It would help you understand why many people started uninstalling Apex Legends to be on the safer side.
Back to Pirate Software’s take on the recent ALGS hacking case. After reviewing Genburten & ImperialHal’s clips and having an in-depth conversation with Mande, Pirate Software identified some possibilities for what had actually happened.
The first and most likely possibility, according to Pirate Software, is that the hacker infiltrated both Genburten and ImperialHal’s PCs, which also supports how they activated the cheat software on Genburten’s PC. Moreover, there’s also evidence that a different IP had direct access to ImperialHal’s PC.
The second likely scenario is that the hacker somehow managed to get server-level access. A few days ago, the same hacker gifted thousands of Apex packs to Genburten, ImperialHal and Mande, which is easily doable if someone had access to the servers. According to Pirate Software, banning or unbanning someone and gifting Apex packs are very possible via this method. 40 people jumping on the same person and chasing them down on the server can also be done if there’s a server-level vulnerability. Although this does not imply that the hacker had complete access to the server, they did have some level of access that made those actions possible.
The third possibility is that the hacker somehow has a compromised employee’s machine. According to Pirate Software, hackers can do everything an employee can with the server if they have a compromised employee’s PC. Both the second and third scenarios can give the hacker the same amount of access to the server. So, either one can be true.
The fourth but very unlikely chance that happened was the RCE attack. According to Pirate Software, if the hacker had remote code execution on Easy Anti-cheat or Apex Legends, they would certainly impact more players on the server rather than targeting only Genburten and ImperialHal. Moreover, if getting attention was the hacker’s main motive, it would make more sense for them to infect every player on the server. However, it doesn’t entirely remove the possibility that Apex Legends has an RCE vulnerability. The chance is very low, and the hacker didn’t use it on Genburten and ImperialHal.
So,the TL;DR is that, based on what Pirate Software has reviewed so far, it's very likely that Genburten and ImperialHal's accounts were compromised by the hacker beforehand, which made it possible to turn on cheats during the ALGS finals. However, there is also evidence that the hacker has some sort of server-level access, which is why they can gift Apex packs and ban/unban players. On the other hand, there is no evidence that suggests that Apex Legends or Easy Anti-cheat has an RCE vulnerability as of now; otherwise, more players would be affected. Not to mention, Easy Anti-cheat has already claimed to be clear of any RCE attack. In any case, Pirate Software never cleared the chance of Apex Legends being 100% free from RCE vulnerability. Therefore, if you believe Apex Legends is not safe to play right now, you shouldn't until the developers conduct a thorough investigation.
If you want to watch Pirate Software’s full breakdown regarding the matter, watch his March 17’s Twitch broadcast from 8:39:00 to 10:21:09.
More Related: Expert Hacker Reviews Whether Apex Legends Has RCE Vulnerability and if it is Safe to Play Right Now
