People who cheat when playing popular online games engage in activities similar to hackers, according to new research that reveals a hidden industry behind the development of technologies used during unfair gaming practices and methods of combating them.
A technical analysis of cheat programs used by online gamers and information on cheating forums has shown that people who cheat in online games regularly bypass Microsoft Windows kernel protections like some traditional hackers and ransomware attacks. The research also revealed a lucrative online cheating marketplace that boasts tens of thousands of monthly members and generates tens or even hundreds of millions of dollars annually.
“It is surprising that there is a large-scale economy behind game cheating and defenses against it, which is largely ignored by the cyber security community, even though there are well-defined attacker and defender models,” said Dr. Marius Muench, a researcher from the University of Birmingham and a co-author of the study outlining the team’s findings.
Technical Analysis Reveals How People Cheat in Online Games
The researchers began their study by performing a technical analysis of the various techniques used in online cheating and the “anti-cheat” technologies used to counter them. According to the researchers, most anti-cheating systems operate within the Microsoft Windows kernel. Like anti-virus programs, these tools operate at the highest privilege level. One recent, high-profile example of kernel-level software is the Crowdstrike program, which made headlines due to its failure and resulting internet outages.
“Software can only run in the Windows kernel if it has been approved and signed by Microsoft,” explains a press release announcing the study. “This makes it more powerful than software run normally by the user.”
According to the team’s technical analysis, cheats often take advantage of weaknesses present in Windows to effectively “inject” themselves into the system’s kernel. If successful, this privilege gives the cheater more control over the system, including “spying” on their competitor’s private game information.
Notably, the team says this type of Windows kernel exploitation is not unheard of but is typically seen “in the domains” of malware and anti-virus. For example, gaining kernel access has been used before ransomware attacks to disable anti-malware protections before the main attack is launched.
“It’s fascinating to see such advanced attacks deployed in this context,” said Sam Collins, the project’s lead researcher. “It presents an intriguing counterpoint to more traditional and harmful malware, such as ransomware.”
Hands-on testing of some of the available cheat software found that they often exploited third-party drivers to “get a foothold” into the kernel. According to the researchers, this technique lets cheaters bypass protections put in place by anti-cheat software, “enabling users to cheat in competitive online games such as Fortnite, Valorant, and Apex Legends.” The findings were supported by forums where users discussing how to cheat in online games often point to the success of gaining Windows kernel access via third-party drivers.
Thousands of Cheaters and Millions of Dollars
As part of their overall study effort, the researchers looked at gray market websites that sell online cheats for popular games. While selling cheats online is not technically legal in most countries, including the U.S., the team points out that some game makers have sued these marketplaces under copyright laws by claiming their code violates their copyright protections.
This effort discovered a robust “gray market” of roughly 80 sites selling software to cheat in online games on a subscription basis. Prices for lower-demand games were as cheap as $10 a month, while higher-demand game cheats could cost up to $240 a month.
Although the nature of this marketplace made it difficult to accurately tally overall users and revenue, the study authors estimate a combined monthly membership of between 30,000 and 174,000 online cheaters. They project the revenue of the 80 sites they surveyed somewhere between $12.8M and $73.2M annually.
No Anti-Cheat Program is Unbreakable
The team says they found cheats for every game they searched for, leading them to conclude that no anti-cheat program is “unbreakable.”
“Game anti-cheats work in the Windows kernel,” explained study co-author, Professor of Cyber Security Tom Chothia. “The complete availability of game cheats tells us that the Windows kernel protections are not as good as many people thought.”
The team also performed a series of tests to “benchmark” which games had the best anti-cheat protocols and which were the easiest for gamers to cheat. Counter-Strike 2 and Battlefield 1 proved to be the most vulnerable for people who want to cheat in online games, while Valorant and Fortnite had the most robust anti-cheat software.
Perhaps unsurprisingly, the team’s analysis found that the more difficult the system was to cheat, the more expensive the monthly subscription fees giving people who wanted to cheat in online games access to the top-line cheating software were.
“While no game has an unbreakable anti-cheat, cheaters have to pay a lot more to cheat at games with stronger defenses,” said Chothia, who added that “studying cheats and anti-cheats leads to a better understanding of protections on Windows.”
The team’s paper “Anti-Cheat: Attacks and the Effectiveness of Client-Side Defences” was presented at the October 18th Salt Lake City workshop titled “Research on offensive and defensive techniques in the context of Man At The End (MATE) attacks.”
Christopher Plain is a Science Fiction and Fantasy novelist and Head Science Writer at The Debrief. Follow and connect with him on X, learn about his books at plainfiction.com, or email him directly at christopher@thedebrief.org.