Hacker says they banned ‘thousands’ of Call of Duty gamers by abusing anti-cheat flaw

In October, Activision announced that it had resolved a bug in its anti-cheat system affecting a limited number of genuine player accounts. However, a hacker utilizing the exploit, known as Vizor, revealed that the issue resulted in the banning of “thousands upon thousands” of Call of Duty players, whom they falsely represented as cheaters. Vizor disclosed their experiences to a journalist and described the exploit as amusing.

The hacker, introduced to the journalist by fellow cheat developer Zebleer, explained that they had been aware of and using the exploit for months. This incident underscores a broader pattern where hackers search for vulnerabilities in online games to create cheats that confer illegitimate advantages. Developers like Zebleer profit from these cheats, sometimes earning millions, prompting gaming companies, including Activision, to employ cybersecurity experts to enhance their anti-cheat systems.

Activision’s Ricochet anti-cheat system, launched in 2021, was designed to operate at a kernel level to make evasion difficult for cheats. Vizor discovered that it utilized fixed strings of text as signatures to identify cheaters, such as “Trigger Bot.” By sending a private message containing these strings, Vizor could cause the targeted player to be banned. This method exploited the game’s flawed approach to scanning for keywords, which led to potential misidentifications based solely on message content.

Vizor noted that they had even executed a script capable of banning players autonomously by repeatedly joining and leaving games and posting messages. This allowed them to manage the exploit while taking breaks, and they would observe new signatures added by Activision over time, quickly adapting their method to continue banning users and creating the illusion of legitimate anti-cheat measures.

As the hack gained traction, certain well-known players found themselves banned before being unbanned following Activision’s rectification, indicating a broader impact of the exploit. Evidence of the vulnerability became public when Zebleer detailed the exploit, leading to Activision’s acknowledgment of the flaw and subsequent fix.

An anonymous former Activision employee confirmed the hack’s methodology, stressing the illogical reliance on a memory scan for banning players based on simple strings. This individual called the practice inexperienced, highlighting the significant security vulnerabilities exploited by Vizor and the need for more robust protective measures for signature detection.

In the end, Vizor expressed satisfaction with the eventual resolution of the exploit, highlighting not only the ease with which they manipulated the system but also the implications for the integrity of the anti-cheat technology currently employed by Activision. This incident exemplifies the ongoing arms race between game security measures and the determination of hackers to find and exploit vulnerabilities within online gaming systems.