Late last week, ArenaNet, makers of the MMO Guild Wars 2, suspended over 1500 player accounts it suspected of cheating. According to one of the players caught in the sweep, the studio accomplished this using what some users and experts are calling spyware to monitor people’s computers for known cheat programs.
Image: ArenaNet (Guild Wars 2)
“Today, ArenaNet suspended 1583 accounts involved in the use of illicit third-party software,” a representative for the company said in a forum post on April 12. They said the suspensions would last six months and not be open to appeal, before going on to advise players to remove any “illicit third-party software” from their machines lest they become the victims of malware or computer viruses.
Fabian Wosar, a player based in Germany who also claims to be a security researcher, was one of the players suspended and used it as an opportunity to investigate how and why he was targeted.
In a lengthy Reddit post on April 13, he said he had reverse-engineered a 32-bit version of the game’s client released on March 6. According to Wosar, this version of the game client, which was live until March 27, allowed ArenaNet to periodically check whether other processes running on players’ computers simultaneously matched a list of cheat programs.
While Wosar admitted to using bots to farm in other games such as FF14 and Path of Exile, he said he’s never used them for Guild of Wars 2 because it isn’t as grindy. Instead, he believes his account was flagged simply for having the other programs installed on his computer and potentially running in the background.
On April 14, an ArenaNet rep posted a message on the game’s forums saying that “1516 accounts were suspended because we detected that the accounts were running Guild Wars 2 at the same time as one or more of the following programs over a significant number of hours during a multi-week period earlier this year”. The post listed the cheat programs it recently checked for.
CheatEngine is a memory editor that can be used for things like getting infinite ammo in a multiplayer shooter as well as modding games. Screenshot: YouTube
Wosar had fretted that ArenaNet’s approach could flag people who might be innocently be running programs the company doesn’t like even if they weren’t using them on Guild Wars 2.
“I am working for an anti-virus company,” he wrote in his post. “I have a ton of tools running that can be used for hacking games. Process Hacker, Cheat Engine, Wireshark, IDA, x64dbg. Was I now banned because I forgot to close all my work stuff after work or because I grabbed my daily reward during lunch break?” CheatEngine is one of the programs ArenaNet said it monitored for.
ArenaNet hasn’t been clear about what they’re checking hacking programs for and whether they’re ensuring that they are being used on Guild Wars 2. In their April 14 post, they said, “We targeted programs that allow players to cheat and gain unfair gameplay advantages, even if those programs have other, more benign uses.” ArenaNet did not respond to a request by Kotaku for further comment.
Wosar initially feared ArenaNet was indiscriminately monitoring all programs running on user’s computers and having that data sent back to its own servers. Subsequent research by him and another Redditor suggest it was only retrieving info on matches for the blacklisted programs. Wosar still doesn’t like it.
“A lot of people will probably feel uncomfortable knowing that a game they play accesses all the programs running on their system and reads a lot of files that it has no business reading in addition of potentially sending some of that information back via the internet to their servers,” he said in an email to Kotaku.
Two security experts Motherboard spoke with said they would both characterise ArenaNet’s methods as a form of spyware but noted that, in the larger scheme of things, it was not very complex and would be easy for savvier users to bypass now that they know it exists.
Comments
12 responses to “Guild Wars 2 Developers Criticised For Technique Used To Suspend More Than 1500 Accounts”
Cheaters got mad because they get caught and now trying to shift the blame to the developers.
Great job cheaters.
Except nowhere in that ANet post does it state they got caught – only that these programs were running when the game was also running.
It was very oddly worded. Why didnt they just flat out state “we have evidence of the game being interferred with by these programs.”?
That doesn’t even aacount for Cheat Engine having uses outside nefarious ones.
It all seems very fishy. Especially as their security head that carried it out deleted all his tweets about it and has gone into hiding.
Absolutely zero sympathy from me. If someone uses applications with cheating potential for work or other benign purposes, I absolutely expect the responsibility to be on the user to make sure that they’re not running at the same time. Am I meant to mourn the loss of a player who’s still openly admitting that he uses these programs in other games?
As long as it’s not unreasonably infringing upon privacy – which the article confirms it wasn’t – then Wosar doesn’t have a damn leg to stand on.
Boo f**king hoo. You done the crime, you do the time.
at least it isnt as intrusive as Black Desert Online’s XIGNCODE, it not only checks memory and local drives, but also scanned my NAS.
Those hacks were for OTHER games. I would never cheat in THIS game.
Cry me a river.
The only negative here is that now that they know about it the villains will work out ways to hide their cheat programs from the search.
Wosar needs to stop playing games at work.
Eh, I’d be a little worried if the banned program list was broad but it seems like it really just picks up programs designed specifically for botting and cheating in MMOs.
If it false-flagged programs like trainers or cheat engine which exist mostly for single player games I’d be against it because dammit I will cheat in my singleplayer games all I want.
Multiplayer cheaters or those who knowingly have programs installed or running for the purpose of cheating on multiplayer should kinda be prepared to be caught out for this though.
While I’m all for getting rid of cheats, I don’t like the idea of them monitoring a user’s background processes. After all aren’t we meant to be up in arms at Facebook for invading our privacy?
According to the article, it only relayed information that matched against the blacklist. Given the specifics of what these processes are, I’d say it’s wholly appropriate. It’s a very different situation to relaying information on all or most processes, or doing a Facebook and harvesting everything that you can.
You mean like they do with any Blizzard game or anything from Steam?
While I agree with you on principle, the reality is some of the major games publishers have been doing this for ages so it’s pretty much already established practise. To the point I don’t even think it deserves an article.
It’s becoming more common. Farcry 5 wont let you start the game if it detects cheat engine is running.
If this is even legit (doubt it), loading a game up on a work system is just asking for trouble.
I’ve thought about this many times, I use autohotkey for like…. lots of stuff. Its not hacking or anything… But i know some games actually ban you for using it.
So depending on the game I am playing, I need to do a little research before playing and potentially close it. (e.g Path of Exile trade macro)
Bahahaha… assholes being held accountable for being assholes. Let’s all shed a tear for losers who cheat.
Remember kids this is NCsoft..they are the evil empire of gaming compnaies. Who is to say they are not collecting more data than they should?