Experts may be worried about election hacking, but sports enthusiasts are facing their own crisis after an in-game hack forced officials to suspend play at one of the world’s largest esports competitions – extending ongoing concerns about sports hacking to the online realm.
Play was proceeding normally during an intense match in the Apex Legends Global Series (ALGS) – which players compete on the popular first-person shooter for their share of $7.7 million ($US5 million) in prize money – when two different players were given extraordinary powers in the game as cheats were unexpectedly applied.
Video of the game shows one player lifting his hands in surprise after the match was interrupted, with the appearance of a new window called ‘TSM HALAL HOOK’ displaying an interface that enables players to add a range of cheating modes – forbidden, naturally, during competitive gaming.
Even as the cheat suddenly gave one player the ability to see other players through walls, the in-game chatbot simultaneously showed a message saying ‘Apex hacking global series, by Destroyer2009 &R4andom’ – a tag suggesting that the game had been hacked by an outside party.
The event’s organisers suspended the finals because, they said in a post on X, the “competitive integrity of this series [had been] compromised.”
The maker of Apex Legends’ built-in anti-cheat technology, the Epic Games owned Easy Anti-Cheat – whose technology has been adopted to prevent manipulation of games including Apex Legends, Fortnite, Ghost Recon Wildlands, Squad, and others – was quick to refute suggestions that an error in its code had allowed a hacker to infiltrate the gaming competition.
Feedback from observers showed that many were concerned that a back door in Apex Legends could leave their computers vulnerable to cyber attack, with some calling for matches to be run, as in the past, on standalone local networks that are not connected to the Internet.
Ultimately, Destroyer2009 told TechCrunch that he had undertaken the hacks “just for fun” and had used a vulnerability in the game to infiltrate the game – although he declined to explain more and said he was waiting for game developer Respawn to patch the vulnerability.
He had not reported the vulnerability to the companies because, he said, publisher Electronic Arts does not offer a bug bounty program that pays hackers who discover weaknesses in their code.
Sports competitions in the firing line
The outside hacking of an esports competition – in which the actual games being played are vulnerable to manipulation, rather than just the betting, operational and other systems associated with an event – highlights the exposure of a global esports market that is projected to be worth $6.6 billion ($US4.3 billion) this year, of which $3.8 billion ($US2.5 billion) is related to esports betting.
Yet it’s only the latest twist in a much broader story as hackers and cyber criminals exploit widely watched events as an opportunity to cause mass disruption, scam fans and organisers, and influence the outcome of competitions.
Last year, a Microsoft report warned of “diverse and complex” threats to the complex assortment of IT systems and arenas at large sporting events and venues, which “contain hundreds of known and unknown vulnerabilities that allow threat actors to target critical business services” and personal information.
Managing this risk, Microsoft said in relating its experiences securing the 2022 FIFA World Cup, requires “constant vigilance and collaboration among stakeholders to prevent and mitigate escalation” of threats to the $920 billion ($US600 billion) global sports market.
With US basketball fans revving up for the impending start of ‘March Madness’ – three-week university basketball finals, involving 68 teams, in which Americans bet an estimated $24 billion ($US15.5 billion) last year alone – IT service provider Advizex recently warned that AI hacking is poised to further amplify attacks on office betting pools, bookmakers and other parties exposed to what would be “a perfect pick-and-roll opportunity for cyber criminals.”
AI has already been proving its worth to criminals and scammers, who are using the tools for devious purposes such as a recent scam in which a female fan of Formula One driver Lewis Hamilton messaged what she did not realise was a fake Instagram account, even though it had just 1,400 followers compared to the real Lewis Hamilton’s nearly 36 million.
The scammer sent the woman what was later evaluated and found to be an AI-generated audio recording, which used the real Hamilton’s voice that offered to sell her a ‘fan card’ for $2,300 ($US1500) – and while her common sense ultimately prevailed, the incident highlights the growing role that AI is playing in helping criminals take advantage of unsuspecting sports fans.