FYI.

This story is over 5 years old.

Tech

‘Guild Wars 2’ Caught Using Spyware to Catch Cheaters

The makers of the popular multiplayer game caught almost 1,600 alleged cheaters using a program that scanned their computers for cheating software.
TK
Image: ArenaNet

The developer of the popular online role-playing game Guild Wars 2 banned almost 1,600 players accusing them of using cheating software—and it allegedly used spyware to identify the suspected cheaters.

On Saturday, a spokesperson for ArenaNet, the company that develops Guild Wars 2, announced in a forum post that it had suspended for six months 1,583 accounts of gamers who were using “programs that allow players to cheat and gain unfair gameplay advantages.”

Advertisement

According to Fabian Wosar, a security researcher and one of the Guild Wars 2 players banned, ArenaNet was able to spot the alleged cheaters thanks to what essentially amounts to spyware. In a Reddit post, Wosar explained that he reverse-engineered Guild Wars 2 updates over the last few weeks and said that a March 6 update included a program that surreptitiously scanned the player’s computer looking for other apps and processes that could be used to cheat in the game.

“Arena decided it was okay to just snoop around in the processes I was running and decided it found something it didn't like,” Wosar wrote on Reddit. “The problem is, that just because you have a process running that could potentially be used to cheat in your game, doesn't mean it is used to cheat in your game. […] Based on the data Arena gathered on my system, Arena doesn't know whether I cheated in their game either. All they do know is, that I had processes running that could be used for cheating.”

A screenshot of the message informing Wosar of the ban. Image: Fabian Wosar

Wosar told me that he never cheated or used bots in Guild Wars 2, but said he had the apps that ArenaNet deemed as suspicious running on his computer because of his job.

He said he doesn’t believe this technique to monitor players is uncommon, but in this case, it was sending all the information gathered from the player’s computer in an insecure way to ArenaNet’s servers.

In its public statement, ArenaNet acknowledged that many of these programs have “benign uses:”

Advertisement

“1,516 accounts were suspended because we detected that the accounts were running Guild Wars 2 at the same time as one or more of the following programs over a significant number of hours during a multi-week period earlier this year,” the company wrote. “We targeted programs that allow players to cheat and gain unfair gameplay advantages, even if those programs have other, more benign uses.”

ArenaNet did not immediately respond to a request for comment.

Read more: For 20 Years, This Man Has Survived Entirely by Hacking Online Games

According to Wosar, the technique ArenaNet used was also not very sophisticated, as it couldn’t really tell if the player was using the suspected software to cheat on Guild Wars 2.

“The method they are using is unfit for the purpose of cheat detection,” Wosar said.

Josh Watson, a senior security engineer at Trail of Bits, said he agreed that the anti-cheat system could be considered “spyware” but that it would be “trivial” to bypass this detection technique. Even so, it likely was highly effective anyway.

“They probably found shit pretty easy because I doubt a lot of people expected Guild Wars to be doing this,” Watson told me in an online chat. “But for other games that are known to have anti-cheat stuff, this is kid stuff.”

Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzo@jabber.ccc.de, or email lorenzo@motherboard.tv

Adrian Bednarek, a security researcher at Independent Security Evaluators who has done research on video games, said he has seen “a couple” of games using similar methods to catch cheaters.

“I would consider any processes covertly sending back data about processes and modules running on my system as spyware,” Bednarek said in an email.

In February, Motherboard reported that a flight simulator was trying to catch people using pirated software by infecting them with malware designed to steal their Chrome passwords.

Motherboard’s documentary series “Dear Future” was nominated for a Webby. We’d love your vote , and it only takes a minute.