Rockstar Games’ servers have been under heavy fire from massive DDoS attacks in recent days, causing widespread login and connectivity issues for players of GTA Online. These attacks come in the wake of Rockstar’s recent implementation of BattlEye, a new anti-cheat system designed to crack down on in-game cheating, sparking backlash from a segment of the player base. Protesters, unhappy with the new system, have resorted to using distributed denial-of-service (DDoS) attacks to disrupt the servers, escalating tensions between the gaming giant and its community.

  • jonne@infosec.pub
    link
    fedilink
    English
    arrow-up
    17
    ·
    edit-2
    3 months ago

    Eh, I was playing it on steam deck, GTA online was just not worth it with all the cheating anyway.

    What I don’t get is why they went with the most invasive kernel level stuff instead of doing even the most basic server side checks to check for users doing physically impossible stuff.

    • ysjet@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      3 months ago

      Because it’s cheaper than actually implementing working anti heat instead of just stealing control of your computer and leaving gaping vulnerabilities on it.

      After all, why would they care? It’s not their computer.

    • Wrench@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 months ago

      Man, that sounds familiar. I gave up on Escape from Tarkov for the same reason.

      • jonne@infosec.pub
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        3 months ago

        It’s just ridiculous the stuff you see that should be easy to catch with basic server checks (even if you were to run them after the fact). Players conjuring money and vehicles out of thin air, moving impossibly fast, vehicles/players with seemingly unlimited hit points, etc. You could easily catch that shit on the server side and ban the cheaters, but instead they go for the most invasive client side shit.

        Sure, if you want to stamp out stuff like aim bots and whatever eventually you’ll need to look at the client side of things, but in a decade they didn’t seem to do anything at all.

        • Soggy@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          3 months ago

          That kind of stuff catches legitimate users all the time. In Rust for example it’s common to get kicked for “fly hacking” while jumping on vehicles. The more open-ended the game the more weird edge cases become very relevant. Especially if it has a halfway decent physics sim. Tons of ways to give players weird velocities. Then it has to account for the variance ping introduces…

          Some stuff, yeah. Should be easy to check if a player has too much HP. But spoofed communication between the client and server is a tough nut to crack when you can only see what the client wants you to see. Keeping everything server-side would help but that introduces latency to every input, unacceptable for anything even moderately paced.

          All thay said, it would be a lot easier to swallow the “necessary evil” argument if it actually fucking worked.

          • flashgnash@lemm.ee
            link
            fedilink
            English
            arrow-up
            3
            ·
            3 months ago

            I’m pretty sure there’s not a valid reason for players to be able to spawn giant Ferris wheels in people’s garages, that seems like a fairly easy one to test for

          • Buttons@programming.dev
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            3 months ago

            Use a more holistic approach. Combine heuristics like the average speed and aim hit percentage with reports from other players.

            Review player reports, if a player makes a false allegation in their reports, mark that player as having less reliable reports. If a player reports someone who turns out to be a definite cheater, mark whoever reported the cheater as having more reliable reports. Etc etc.

            Like, if the report just says “player was moving fast outside a vehicle”, maybe they were cheating, or maybe they were just goofing off trying to stand on top of vehicles the whole game. If the report says “player was moving fast the whole game, had the highest kill count, and was also reported by 5 other players in the match for cheating”, it’s a little more clear what’s happening.

            • Soggy@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              3 months ago

              None of that helps low-level play or games without meaningful progression. Continuing to use Rust as an example, because I’m most familiar with it among games with controversial anticheat: people get banned all the time. All the time. And they keep coming back with brand new Steam accounts, and continue to cheat until someone notices and an admin happens to be online. Rinse and repeat. Seemingly an infinite pool of cheaters, or finite cheaters with infinite money for new copies of the game. And it only takes a few minutes to ruin someone’s week.

              The most effective prevention method is probably strict gatekeeping: require a minimum hours played in wild west servers or a certain value of games owned in an account before a player can be whitelisted. Proof of investment, that kind of thing.

    • Aceticon@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      3 months ago

      Server-side checks cost processing power and memory hence they need to spend more on servers.

      Client side kernel-level anti-cheat only ever consumes resources and cause problems to the actual gamers, not directly to Rockstart’s bottom line (and if it makes the game comms slightly slower on the client side it might even reduce server resource consumption).

      If Rockstar’s management theory is that gamers will endure just about any level of shit and keep on giving them money (a posture which, so far, has proven correct for just about every large game maker doing that kind of shit) then they will logically conclude that their bottom line won’t even suffer indirectly from making life harder for their existing clients whilst it will most definitelly suffer if they have more server costs due to implementing server side checks for cheating.