Actually incredible cover of the overall story. I love your final thought "We do it for the love of the hunt, not for the thrill of the kill". I think it is rather easy to sometimes fall in these bad places because we are so deep in the "hunt" that we may think that the reward is the only thing that there is left. But there will always be a bigger and more amazing hunt.
I don't think I'd ever make content like this where I personally call out a threat actor and put my face to it; even just someone making game hacks. In any case, your heart seems in the right place and it made an interesting watch. Thanks for the video John. Stay safe.
This is solid OSINT work from SkeletalDemise and foilman, and great reporting emphasizing the appropriate caveats to this work. This was very enriching educational content. One way I think it could have been moreso is if those caveats were explored and extended to their logical conclusions, as in explaining how if at any point the assumptions made were incorrect, how it could unravel the (very convincing) narrative, which for the record I believe. Great video, John!
He did as they have no bug bounty program which was mentioned previously. He possibly burned a way to make an easy buck since he could execute server-side commands and give people in-game currency and packs just for the shits and giggles, what he got for it? He got doxxed and witch-hunted by one of the biggest cybersec RUclipsrs and schooled about "moral compass" as if doxing an 18 yo in the name of a soulless corporation is morally correct.
It has to be right? All be did was target two players for a short time and even put in the game chat that it was him so the blame wouldn't be on the pros! Like if he really wanted to he could've caused some crazy shit in the ALGS like 1000 bots and flying and shit but he didn't.
@@Gavtoocoldits publicity to sell his cheats. Why would a person who makes a living selling cheats and has been for years want to fix the exploit. He doesnt care about the state of the game at all he just know that respawn probably wont fix it and he will have his name permanently linked to apex cheats
Hacking video games should be allowed in dedicated cheater-allowed servers. Hackers will not disappear by just saying it's not allowed. This would allow hackers to have fun, and the game developers to try to fix exploited bugs. Cheating in competitive games will always happen, so the developers needs to keep up with the hackers on detection software.
Nahh, part of the thrill is that it's not allowed/illegal. Nothing's preventing them from cheating on the non-cheater-allowed server. He could've responsibly disclosed it but he didn't. It's a shame and if he gets caught, quite honestly a waste of his talent. But that's totally on him
@@spicybaguette7706 this isn't really that true. in games where you can do hvh easily (csgo), hvh is way more popular and closet cheating/legit cheating is seen as lame
Seems like he did a public service. This is how you get big companies to make changes. I'm still interested to know if the 2 affected gamers are squeaky clean or not.
I’m just a fan of both, so you can I’m biased but I say this with complete certainty, they are clean. Apex is their profession, you can say that that’s a reason to cheat itself, I disagree with that for Hal and gen and every apex pro currently.
what do you mean by squeaky clean? If you're suggesting that you don't know if they're 100% innocent - well they probably are. They're some of the most watched players in their industry and have had significant success at LAN events. Unless they somehow continued their cheating offline during LAN events for many years consecutively, I'd say they're probably clean. Also, with thousands watching them every day, we would probably have seen some weird moments that might prove they're cheating in some way. Not to mention among those thousands, there are many looking to finally find a reason to throw them under the bus and prove they're cheating
@@Embedded-Nickgood thing destroyer2009 didn’t want to frame someone like genburten cause it would’ve worked so many would’ve believed and spread misinformation like a plague
@@Embedded-Nick Fair points. I don't play apex. I guess I was just coming from the angle of, how did two of them get their machines compromised by the same hack vendor? It's easy to be cynical when you don't have all the info.
after EA deleted my accounts for not logging in for a while because I did have internet at the time, and expect me to buy the games again, I'm siding with destroyer2009
I mean a witch hunt and potential dox or an 18 yo kid is not really worth bragging about. As you said yourself he did it for the shits and giggles and not to gain any monetary income, if your game's security is so bad that an 18 yo can execute server-side commands and give streamers in-game currency and packs you should be happy that all they choose to do is play a stupid prank on a tournament instead of capitalising it to ruin the game. Corporations are not your friends.
I agree with this, due to the fact that the corp already faced previous hacks before on Titanfall 2 (I could be wrong, but pretty sure it was also server side) and moments across Apex's lifespan.
I don’t think age matters. Just because they were hacked by an 18 year old, that doesn’t mean that Respawn has bad cyber security. That could just mean that the 18 year old is really good for his age
@@Tmanwith3yearsofworkbringing justice? Hahahha bro you are not batman, and this is not that serious. Also destroyer will never face any consequences for all of this, calm down
I applaud this guy for showing how much work anticheat needs to a larger community. Timoxa is a hero for trolling these publishers with the garbage regular players deal with every day. EAC is a joke right now.
Honestly this wouldn't be an issue in ALGS if they had the tournament on a LAN and then streamed from another PC that isn't directly connected to the game somehow and would make the game more fair due to connection issues.
Apparently some are done that way since people have mentioned the two streamers have previously won LAN tournaments. Not sure why it isn't being done for seemingly the biggest competition. Of course there is still of the issue of these cheats still being in play for the rest of the players if it doesn't get fixed ...
what a fantastic video and an absolutely remarkable investigation - hats off! just a few clarifications on this topic from a native russian-speaking perspective: 1. timoxa is actually pronounced as timoha, with an accent on "o". it serves as a shorthand for the russian name Timofey. 2. it's essential to recognize that not everyone who speaks the russian language identifies as "russian" (with aprox. 380kk speakers worldwide). 3. this one is mostly related to the Mande's mistake (who made that inverview video) - dude explicitly stated "I'm Russian". it's worth noting that Belarus (as mentioned in the subtitles) is distinct from Russia. this distinction is further supported by your gmaps activity review, which only spotted locations in Russia. Belarus lies far away from the left pointer on the map.
As an apex legends player who grinds it a lot, thank you for making this video. Super entertaining and educational. I watched yours and pirate softerwares vids, so awesome!!! Ty Ty Ty❤️❤️❤️🔥🔥🔥
He's probably open about this because game hacking isn't as serious as stealing user data or money, etc. I've never heard of a cheat dev being arrested
There have been even cheaters who have been sued by companies. There was this one kid in early Fortnite days who got sued by Epic Games because he counter claimed Epics DMCA takedown of his youtube video where he promoted his cheats. He probably does not care because he lives in a country that wont do anything about it. Russia is notorious for not doing anything about cyber criminals unless they target Russian citizens.
Thank you John, I really enjoy all of your content. I must admit, I think of hacking in tournaments a bit like athletes using PED's in sports. In sports they utilize drug testing to try to deter those from using PED's and I equate that to online gaming using anti-cheat software in an attempt to deter cheating. Ultimately it is up to the developers to make sure the gameplay is secure as can be. You will always have those looking for the competitive advantage and we must do everything to combat that.
The only reason this was possible was because the event was not hosted on LAN like almost all in-person esports events. It also doesn’t help that the game has a backdoor that probably shouldn’t be there in the first place
Im glad he cant get caught. Its EA fault for running a 5 mil tournament with bad security. Thats negligent, plain and simple. Yes he did damage, but in the way I would do damage to my muscles to make them stronger.
If someone manages to get their hands on destroyer, I'm really torn between offering them a position in an internal offensive security team for either EAC/Apex and enforcing punishment
Hes 18 and ea wouldnt be able to stop the fbi from charging him so its unlikely hed be allowed too. He has to be super careful now. If he was in the states his life couod be over be for it begun and i dont think thats fair.
LMAO EAC... why do you think they havent posted for 5 years? Becuase that's when they woke up to themselves and gave up trying..... Real game hacking is done on the hardware
it's hard to believe that there was no motivation other than for the lulz. I mean i understand that, as a kid I was oppening my friends CD rom on LAN using some trojan for the lulz, but that was against a friend and very innocent in comparison to this apex hack.
Judging by the way he speaks russian - he's not from russia, based purely on his accent he's either from belarus or ukraine, and since he said he's from belarus, I would be inclined to believe that I guess
I’m Destroyer2009 side, no bug bounty program, no way to report vulnerabilities… No cybersecurity investment by the company, so… At least he did a joke on it, imagine threat actors on that stuff.
5:45 There is a high probability that Timoxa is a name derived from shortened russian name Тимоха pronounced as Timokha. It might indicate that the guys full name is Timofey which is Тимофей in russian.
I know it’s cliche to say but he had to be smarter than this regarding his cyber trail right? Why wouldn’t he go through a transfer/offloading phase for all of his work and potential PII?? And we all have multiple emails, accounts, etc…. Once he was done preparing his attack or developing it, he should have isolated and masked all of the potentially identifiable information for ANY entity involved while falsifying things like locations, IPs, VMs etc. Also seems that Destroyer2009 understands his position in Russia is beneficial for hacking purposes to say the least..
Or Ukrainian. Visual difference is in just few letters. At least based on his speech i would not throw this possibility off head. But way he pronounced word "кто" (as "hto", instead of "kto") slightly skews me to either Ukraine or border region of Russia? Timoxa ==> pronounced as Ti-mo-ha (not ~ksa), is diminutive and familiar form of name Timofei. Not very popular name in Russia i might say, but with amount of people, plausible possibility. But, i will note... Imo, but his uploaded video of cheat, and voice in interview do not sound that same for me. Pitch is way different. I guess it is plausible if there is 3+ year difference and he was like 14 to 18 years... Still hard to prove if it is same person. Especially hard to parallelise them as they spoke on two different languages. About emails with different numbers. It may be him, but may be another person. A lot of people are required to register here and there for school work nowadays, and as children they often create accounts with name+number (often suggested). But these discord conversations surely do hint on link between his current discord name and his previous account name. No definitive proof as he denied that cheat forum involvement, but still big piece enough.
Honestly on one hand I hate cheaters. However on the other hand if doing so in such a public way forces EA's hand into putting resources behind fixing the cheating problems in Apex, I'm for that.
Although I agree with the general outlook has what he did was incorrect, I wouldn't go as far as consider this kid a malicious threat actor. Honestly he's a bit more of a hacktivist if anything. His actions brought out a huge spotlight to a pre-existing, much larger issue that EA (Respawn) have continually failed to address with any level of efficacy. There has been, and continues to be, a ridiculously rampant hacking problem in Apex Legends. It is the most apparent in the highest ranked bracket (predators) where they all tend to congregate once ranks have stabilized. out of probably sheer desperation, players of apex have gone as far as dig into the anti-cheat system and found that Apex Legends uses the cheapest anti-cheat plan possible with EAC. from the outside looking in which is the sentiment that a lot of their dedicated playerbase feels, it appears that EA just doesn't really care and is so behind on taking action that their efforts just simply aren't effective. this, in conjunction with the outlandishly priced cosmetic items in the game that release frequently and on a strict schedule, maddens the community to no end. if this kid is trying to embarrass EA and expose their MO, honestly I feel like he's done a pretty good job at achieving his goals. he's caused some pretty tangible reputational damage.
to corporations, of course a hacktivist is bad news. but you reap what you sow. if you don't wanna have risk associated with being exposed for your questionable business practices, don't conduct questionable business practices. this is basic risk management. don't wanna go to jail? don't commit a crime! this is pretty elementary logic.
Apex should discipline the hackers. But not with jail time, or fines. Block access to all their Servers for the Hackers. What Apex now should do, is learn from that mistake and upgrade their security, ASAP.
it didn't go far as it was noticed before being pushed to stable build. It was a dude that social engineered to get his code edits pushed to production on XZ Utilities GitHub. That would later hook into openSSH connections on server environments like in Debian.
The video covered one image saying the IP connection was through a RAT so does that mean they SSH into their PCs from obtaining their IP before the live tournament, or did the end user downloaded something before hand?
that what i thought personally , piratesoftware said the cheat window that appears on gen screen are just "graphics" and thats wrong, gen wouldn't get wallHacks just by an image presented on his screen, those hacks won't function without a driver level application installed on his pc, and how that could be done and how the hacker get his ip address to remote install it on his pc ? he did it thought exploiting : either ssh or one of the 0 day vulnerabilities most likely after he get access to their ip addresses trough the server id itself using reverse tracking, worth mentioning that Microsoft is still Patching 0 day vulnerabilities till today so it could been used instead of ssh.
To address the format window that popped up it wasn't graphics or apart of apex they're not technically wrong saying it's graphics. If you have your graphics card unlocked which the guy admitted he had FPS unlocker installed you would have to unlock your graphics card from windows tamper protection and isolation. You can make format windows transparent and overlay other applications but as soon as you do that the windows pane will be sent back behind the application you clicked on which is what happened he clicked back on apex after seeing that window pop up. The fact John Hammond and pirate software missed that part and jist focused on the fact the window of cheats hacks was transparent and had apex styled text means they forgotten about windows 95, XP days where options like making your format windows transparent and summed up that conclusion by not taking into account the guy said he had fps unlocker software installed not realizing the implication of what that means.
As someone who does security for a living, I can't say that I blame the hacker. Sure, they did the hack and it caused problems, but the issue is about that they shouldn't have been able to do the hack in the first place. You're always going to have to deal with threat actors, but they only exist because of the holes in the security.
I 100% agree that this is cybercrime, gaining unauthorized access to systems and also cyber disruption. The way the person executed their hack on a live stream fully knowing it would be exposed to millions of people says it all, their intent was to get attention and "credibility" for their action. This being exposed to the public would and could just bring more harm to the people involved, nothing ethical or morally correct about it.
I just thought I would say this, when you said it was just for kicks, that is only partially true. While I am sure he did do it for fun, the other reason for him pulling off these large super public hacks was to raise awareness of how terrible ea's anticheat is as cheating has been a huge issue in the apex legends scene recently. In higher ranked lobbies, you run into cheaters so often.
Has it been ruled out that the players weren't using cheats created by Destroyer/Temoxa containing a backdoor and he just trolled them hard publicly? It seems strange that a global event involving millions of dollars in prize money isn't being conducted on private servers on a segmented network. Or are multimillion dollar gaming tournaments just hosted on public internet where they can be hacked by anyone? Is that because the servers always have to be connected to the internet for dynamic anti-piracy/anti-cheat stuff? I guess it doesn't matter anyway, cause cheaters are gonna cheat and hackers gonna hack. Unless you fully lock down tournaments with segmented networks, no external devices allowed and player searches it's going to keep happening.
Personally any type of hack that is used to gain advantage over the normal person should be a crime, whether you are the buyer or the seller, it should be treated the same. its to easy for kids these days to pick up a cheat and run with it coz whats the worst that can happen in most games? you get banned, start a new account and just continue. if the youth start to learn that your decisions and actions have actual lawful repercussions then they might think twice before doing this shit. Thank you very much for the video, i just subscribed
Great work to the two guys spending time on this, it’s not always fun and a lot of resources and time goes into it. Also don’t forget - Don’t fact drive (dive) under the influence of speculation 😊 OSINT’ers only real hangover 😅
as someone with over 1k hours in apex im glad he hacked the game because he proved that respawn and EA dont care about the game or people playing the game when the hack happened they put out a sale in the in game shop to say sorry who the fuck cares we dont feel safe having our banking info on the game anymore I am happy he did this and i hope he does it again to stop a mega billion dollar corparation form exploiting their players
I personally don't think there should be reprepercussions because if these companies fail to secure their shit, it's their fault. Also they (EA) atleast had some idea about these cheat software in the market and still they failed to manage it so can't blame "Destroyer2009". Infact their internal security team couldn't even uncover this. It's credit to those two guys who actually managed to get this information and even helped EA with this.
I am not sure what to think about this video. First of all, the video is pretty good, showing how to osint and giving awareness to our online activity. Then again, you basically just made 1.3 million people and potentially more aware of this issue and showed them pretty much exactly how to track this person. Considering your vast amount of followers and the potential to go viral, this might not be morally correct at all. Even if the accounts you showed have nothing to do with the hacker, there are now bound to be people that will look for this person and potentially destroy his life. Even if it was the person, its a probably 18 year old kid, which potentially could've caused tons of damages and made tons of money by selling this "exploit" or whatever they did, but decided to raise attention to the security problems of apex. I feel like you potentially made the exact same mistake this kid did, you wanted to go viral on costs of others. Why not just tell authorities and the responsible person about this instead of the whole world?
It is a lesson in OSINT, and that is what John teaches. This 'kid' cost people a lot of time and money, and could have ruined careers. Maybe he will learn his lesson, and others will think twice before doing something like this for the 'lols'.
The people who care already know all this. The kid perfectly knows he will never face any consequences for his actions as long as he does not target Russians.
Programmers often do run cheats to test detection and prevention methods... but those with a brain will put them in an isolated container first lol. It's expected for some of them to contain backdoor and malware.
The moment you discovered that the person in question was a 18 years old and he/she was probably even younger than that at the moment of the hacking, you should have dropped the investigation and didn't upload this video in my opinion. The responsibility of his actions are questionable due to his age, regardless of his citizenship or intentions. Even more, the intentions may not be pure malice as you seem to imply at the end of the video. He may have done this to force the developers to fix an extremely bad exploit that they were just ignoring after being reported. This hack allowed him to take control of any player in any game apparently and execute commands on the client machines; the fact that he only demonstrated the vulnerability publicly without further damage is something that EA should be grateful for.
Do we know if like he possibly used some cross site scripting? I’m not like full immersed into Coding and Such but I did understand that, cross site scripting I wasn’t sure if it would have anything to do with it
19:37 (-ish) Weren't there **any** good intentions, though? From what has been covered (by SomeOrdinaryGamers I believe?) "the community" was telling it was an awful idea to host the matches on servers & they were pleading not to do it this way. The concerns weren't about CySec per se (though also listed), but about the quality of the matches (data speed/integrity over a LAN vs over the Internet) (which is pretty important in CySport, considering the height of the performance levels of these sportsmen). From what I've understood the hosts were being assholes towards the participants & the community by not acknowledging their concerns & metaphorically giving them the middle finger of "I couldn't care less, I'll do what I want". To me it feels like in a weird sense of justice the participants/community can give the metaphorical middle finger back to the hosts & say "told you, you ignorant nitwits"! IMO this incident *could* be vigilantism (to be clear, I'm not saying that if it was, it diminishes the disturbance and grief this caused to the innocent participants and bystanders). Having this impression I couldn't name this incident a "black hat" hacker attack with a straight face. Not familiar with the term "threat actor", but the way mr. H. presented it, it lead me to believe that "gray hat"/"weird cyber vigilantism" hackers are not "threat actors"? But if they can be, then why differentiate them in a way it was done in this video? Was it a cognitive distortion, a concealed motive or was there some other info that has lead the host to believe so - I can't tell, because I haven't looked into the story & haven't seen the hacker's responses/announcements, where they tell they did it "for the lulz". And I mean sincerely - "from under their mask", and not trying to appease some undercover social engineer (posing as a fan), who gave their starved, fragile ego some positive attention. One thing I agree with is that the kid needs some sense scared into him before he does something stupid & ends up fucking up his & his close ones' lives by getting jailed (or fined to smithereens)... Any way - hope the kid will find ways to redeem himself in the future by contributing to CySec/OpSec for our most vulnerable - the non-tech-savvy & credulous people, or something. A very solid presentation, btw! :nod-of-approval:
I'd like to clarify that IMO cheating in multi-user games (especially obvious, blatant cheating) is damaging for them. They are alive generally thanks to their userbase, so if you truly enjoy the game & don't want it to wither and die, then don't kill it by causing grief to other players by using unfair means, making people quit. If you don't enjoy the game, then vote it out by quitting until it gets better or shuts down... You don't have to cheat for griefing either - find a game where you can live out your sadistic tendencies by getting good or getting a headstart, so you could "crush those noobs" or sth. It's more satisfying when it's not a bot doing all the noob-crushing anyway...
This guy didn't do this for the laughs. He's too smart for all of that train of thought. He did this with an intent. Not a shred of doubt in my mind. He may say it's for laughs but I guarantee you he had other motives. Remember when Pirate Software was interviewing the professional player just a couple weeks ago? "EA never listens, they don't ever release patches, we're sitting in the dark and people just do xyz." I'm certain that this person did this with the intention of dragging the vulnerabilities to the surface and showing them to the world. In our line of profession, we still call this grey hat hacking. Unwanted hacking, but not with truly malicious intent. If he was on their servers, he could have shut them down and uploaded everyone's credit card information to the dark web for tons of money. He could have done something way darker than spawn in some random bot ais to attack some dude for the lulz. idk man this is my hunch
In his interview with Mande, Destroyer2009 reveals some gripes he has with video game companies he hacked. Like his gripe against Rust which led him to hack the game. So it corroborates there being an intent.
@@酎ハイ飲んだらいい感じ personally, it's against the field I am in, but also personally, I kind of agree with the premise of the attack, but not the attack. Like it's not super malicious, but at the same time, it is affecting people's cash flow. It affected that tournament outcome for sure.
![Felix "Unfair" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/Oswujxm2Ag0/mqdefault.jpg)
John went dad mode for a second there. Kinda scary ngl
Fr 😂 I thought he was talking to me for a second there.
Actually incredible cover of the overall story. I love your final thought "We do it for the love of the hunt, not for the thrill of the kill". I think it is rather easy to sometimes fall in these bad places because we are so deep in the "hunt" that we may think that the reward is the only thing that there is left. But there will always be a bigger and more amazing hunt.
This is proof not to mess with cyber security professionals. You literally found out everything!
Why the guy would care anyway? He's in Russia
If you have good opsec even cybersecurity professionals won’t be able to find anything
@@cleava959its hard to have perfect opsec, very few have that as history shows
@@malborboss 1 singular Hellfire R9X would be a small price to pay so he will never interrupt another tournament again?
@@rakis69lmfao bruhs ready to go to war over apex legends
We want a collab between John and Jack Rhysider ❤️
What would they even do? Jack is a storyteller
@@IT10T Yeah but he also was a security guy iirc
John needs to go on Darknet Diaries
@@IT10T I'm sure John has plenty of stories to tell lol
That would be sick
in russian timoxa can be read as timoha, short for timofej(Тимофей)
13:56
))
Как больно было слушать тимокса, когда ты Тимофей 🙄
Yes, it's Timothy in English.
In the end, even if you identify him, he's Russian, so you'll never be able to sue him
Maybe I missed something, but who confirmed that destroyer2009 actually did this whole thing? I might just be someone using their handle.
when John made direct contact with destroyer in the video, loved the seriousness and the stiff rightfulness on your face brother.
I don't think I'd ever make content like this where I personally call out a threat actor and put my face to it; even just someone making game hacks. In any case, your heart seems in the right place and it made an interesting watch. Thanks for the video John. Stay safe.
This is solid OSINT work from SkeletalDemise and foilman, and great reporting emphasizing the appropriate caveats to this work. This was very enriching educational content. One way I think it could have been moreso is if those caveats were explored and extended to their logical conclusions, as in explaining how if at any point the assumptions made were incorrect, how it could unravel the (very convincing) narrative, which for the record I believe.
Great video, John!
This is a fantastic video and investigation!! Thank you to all involved.
This just opened my eyes to how wildly easy it is to find this information
Ikr he literally just googled his name and found out where he lived lol
I thought Destroyer2009 stated that he did this specifically during a large event to force EA to fix the vulnerability?
He did as they have no bug bounty program which was mentioned previously. He possibly burned a way to make an easy buck since he could execute server-side commands and give people in-game currency and packs just for the shits and giggles, what he got for it? He got doxxed and witch-hunted by one of the biggest cybersec RUclipsrs and schooled about "moral compass" as if doxing an 18 yo in the name of a soulless corporation is morally correct.
Yeah. Also that he would report the issue directly to EA if they offered bounty for finding of the exploit.
It has to be right? All be did was target two players for a short time and even put in the game chat that it was him so the blame wouldn't be on the pros! Like if he really wanted to he could've caused some crazy shit in the ALGS like 1000 bots and flying and shit but he didn't.
@@Gavtoocoldits publicity to sell his cheats. Why would a person who makes a living selling cheats and has been for years want to fix the exploit. He doesnt care about the state of the game at all he just know that respawn probably wont fix it and he will have his name permanently linked to apex cheats
@@iv3995Or they just want a new challenge hacking stuff, that's why they're asking them to improve 😆
Hacking video games should be allowed in dedicated cheater-allowed servers. Hackers will not disappear by just saying it's not allowed. This would allow hackers to have fun, and the game developers to try to fix exploited bugs. Cheating in competitive games will always happen, so the developers needs to keep up with the hackers on detection software.
Nahh, part of the thrill is that it's not allowed/illegal. Nothing's preventing them from cheating on the non-cheater-allowed server. He could've responsibly disclosed it but he didn't. It's a shame and if he gets caught, quite honestly a waste of his talent. But that's totally on him
The point of cheating is for the real game.. Why would anyone cheating want to play with other cheaters 💀
@@spicybaguette7706 this isn't really that true. in games where you can do hvh easily (csgo), hvh is way more popular and closet cheating/legit cheating is seen as lame
Seems like he did a public service. This is how you get big companies to make changes. I'm still interested to know if the 2 affected gamers are squeaky clean or not.
I’m just a fan of both, so you can I’m biased but I say this with complete certainty, they are clean. Apex is their profession, you can say that that’s a reason to cheat itself, I disagree with that for Hal and gen and every apex pro currently.
I do agree with your 1st statement 100%
what do you mean by squeaky clean?
If you're suggesting that you don't know if they're 100% innocent - well they probably are. They're some of the most watched players in their industry and have had significant success at LAN events. Unless they somehow continued their cheating offline during LAN events for many years consecutively, I'd say they're probably clean. Also, with thousands watching them every day, we would probably have seen some weird moments that might prove they're cheating in some way. Not to mention among those thousands, there are many looking to finally find a reason to throw them under the bus and prove they're cheating
@@Embedded-Nickgood thing destroyer2009 didn’t want to frame someone like genburten cause it would’ve worked so many would’ve believed and spread misinformation like a plague
@@Embedded-Nick Fair points. I don't play apex. I guess I was just coming from the angle of, how did two of them get their machines compromised by the same hack vendor? It's easy to be cynical when you don't have all the info.
Cool to see you covering this topic! I'm on my cyber security journey. I find all your videos super interesting! :)
I love the breakdown of this and would love to see more like it. Thanks John!
EA will probably never go into detail about what happened but there are interesting threads on UC on this topic going back to 2019.
Do you have any links to the affirmationed articles ?
after EA deleted my accounts for not logging in for a while because I did have internet at the time, and expect me to buy the games again, I'm siding with destroyer2009
Apex is FREE-to-play.
???
Did this happen on the ea app? Cause why were you using the ea app primarily for your games, I blame you if that’s the case lol
@@puffyips it's still ea's fault for making it dogshit
@@lfcbproprobably other ea games
This sounds a bit strange. Companies usually want to retain players because retaining is cheaper than getting new ones. How long were you gone for?
Curious, what website/service did you used at 9:33? I kinda want to search my own email with this.
I mean a witch hunt and potential dox or an 18 yo kid is not really worth bragging about. As you said yourself he did it for the shits and giggles and not to gain any monetary income, if your game's security is so bad that an 18 yo can execute server-side commands and give streamers in-game currency and packs you should be happy that all they choose to do is play a stupid prank on a tournament instead of capitalising it to ruin the game. Corporations are not your friends.
I agree with this, due to the fact that the corp already faced previous hacks before on Titanfall 2 (I could be wrong, but pretty sure it was also server side) and moments across Apex's lifespan.
I don’t think age matters. Just because they were hacked by an 18 year old, that doesn’t mean that Respawn has bad cyber security. That could just mean that the 18 year old is really good for his age
@@Tmanwith3yearsofwork 🐑🐑🐑
@@Tmanwith3yearsofwork Christ won't save you when he figures out that you're a Steven Crowder fan. Global warming is real!
@@Tmanwith3yearsofworkbringing justice? Hahahha bro you are not batman, and this is not that serious. Also destroyer will never face any consequences for all of this, calm down
I applaud this guy for showing how much work anticheat needs to a larger community. Timoxa is a hero for trolling these publishers with the garbage regular players deal with every day. EAC is a joke right now.
Timoxa watching this video:
A drone will find it...
John, the quality and content of your videos have truly become amazing. Well done! Excellent report.
Honestly this wouldn't be an issue in ALGS if they had the tournament on a LAN and then streamed from another PC that isn't directly connected to the game somehow and would make the game more fair due to connection issues.
Apparently some are done that way since people have mentioned the two streamers have previously won LAN tournaments. Not sure why it isn't being done for seemingly the biggest competition.
Of course there is still of the issue of these cheats still being in play for the rest of the players if it doesn't get fixed ...
what a fantastic video and an absolutely remarkable investigation - hats off!
just a few clarifications on this topic from a native russian-speaking perspective:
1. timoxa is actually pronounced as timoha, with an accent on "o". it serves as a shorthand for the russian name Timofey.
2. it's essential to recognize that not everyone who speaks the russian language identifies as "russian" (with aprox. 380kk speakers worldwide).
3. this one is mostly related to the Mande's mistake (who made that inverview video) - dude explicitly stated "I'm Russian". it's worth noting that Belarus (as mentioned in the subtitles) is distinct from Russia. this distinction is further supported by your gmaps activity review, which only spotted locations in Russia. Belarus lies far away from the left pointer on the map.
If these big game companies don't wanna listen about cve, then they get burned by hacker's memory foam.
As an apex legends player who grinds it a lot, thank you for making this video. Super entertaining and educational. I watched yours and pirate softerwares vids, so awesome!!! Ty Ty Ty❤️❤️❤️🔥🔥🔥
He's probably open about this because game hacking isn't as serious as stealing user data or money, etc. I've never heard of a cheat dev being arrested
You have never googled "cheat developer arrested"
@@CypherNL Those are mostly from devs who have done other stuff or live in areas like china.
There have been even cheaters who have been sued by companies.
There was this one kid in early Fortnite days who got sued by Epic Games because he counter claimed Epics DMCA takedown of his youtube video where he promoted his cheats.
He probably does not care because he lives in a country that wont do anything about it.
Russia is notorious for not doing anything about cyber criminals unless they target Russian citizens.
@@CypherNLThose guys were making millions, probably gang related too
@@hexlocation this guy hacked two major streamers computers, but granted did not do much with their access
Thank you John, I really enjoy all of your content. I must admit, I think of hacking in tournaments a bit like athletes using PED's in sports. In sports they utilize drug testing to try to deter those from using PED's and I equate that to online gaming using anti-cheat software in an attempt to deter cheating. Ultimately it is up to the developers to make sure the gameplay is secure as can be. You will always have those looking for the competitive advantage and we must do everything to combat that.
The only reason this was possible was because the event was not hosted on LAN like almost all in-person esports events.
It also doesn’t help that the game has a backdoor that probably shouldn’t be there in the first place
Im glad he cant get caught. Its EA fault for running a 5 mil tournament with bad security. Thats negligent, plain and simple. Yes he did damage, but in the way I would do damage to my muscles to make them stronger.
If someone manages to get their hands on destroyer, I'm really torn between offering them a position in an internal offensive security team for either EAC/Apex and enforcing punishment
Hes 18 and ea wouldnt be able to stop the fbi from charging him so its unlikely hed be allowed too. He has to be super careful now. If he was in the states his life couod be over be for it begun and i dont think thats fair.
LMAO EAC... why do you think they havent posted for 5 years? Becuase that's when they woke up to themselves and gave up trying..... Real game hacking is done on the hardware
No company like that will hire him, he is a high risk person, that could go berserker one day and start leaking things
You could argue that exposing their shitty security to the world is a good thing, but yes there are better ways to do it
Very interesting. Great covering of this.
it's hard to believe that there was no motivation other than for the lulz. I mean i understand that, as a kid I was oppening my friends CD rom on LAN using some trojan for the lulz, but that was against a friend and very innocent in comparison to this apex hack.
Netbus for the win
Promotion for his hacks?
Judging by the way he speaks russian - he's not from russia, based purely on his accent he's either from belarus or ukraine, and since he said he's from belarus, I would be inclined to believe that I guess
I think what he did is exposing most of corporation or game ondustry of how their games pretty much has lot of security exploits on it
I’m Destroyer2009 side, no bug bounty program, no way to report vulnerabilities… No cybersecurity investment by the company, so… At least he did a joke on it, imagine threat actors on that stuff.
btw, that alphabet is Cyrillic, it's the alphabet used for Russian, but it's not only for Russian.
5:45 There is a high probability that Timoxa is a name derived from shortened russian name Тимоха pronounced as Timokha. It might indicate that the guys full name is Timofey which is Тимофей in russian.
Props to foilman and demise for figuring all this out, fantastic detective work
I know it’s cliche to say but he had to be smarter than this regarding his cyber trail right? Why wouldn’t he go through a transfer/offloading phase for all of his work and potential PII?? And we all have multiple emails, accounts, etc…. Once he was done preparing his attack or developing it, he should have isolated and masked all of the potentially identifiable information for ANY entity involved while falsifying things like locations, IPs, VMs etc. Also seems that Destroyer2009 understands his position in Russia is beneficial for hacking purposes to say the least..
Some people don't care... like me... opsec my toaster
Whats the point if your in a country that wont let the US violate your rights (thats their job..)
I don't think he deserves to be doxxef
Russian is not the only language that is written with the Cyrillic script. It can be perfectly Belarusian language.
Hes actually said in an interview before that he is from Belarus
Functionally no difference in the current Geo-political environment.
@@spartan1986ogthere is difference you cant say all eu are the same. dont be stupid
But... Isn't Belarus part of Russia?
;)
Or Ukrainian. Visual difference is in just few letters.
At least based on his speech i would not throw this possibility off head. But way he pronounced word "кто" (as "hto", instead of "kto") slightly skews me to either Ukraine or border region of Russia? Timoxa ==> pronounced as Ti-mo-ha (not ~ksa), is diminutive and familiar form of name Timofei. Not very popular name in Russia i might say, but with amount of people, plausible possibility.
But, i will note... Imo, but his uploaded video of cheat, and voice in interview do not sound that same for me. Pitch is way different. I guess it is plausible if there is 3+ year difference and he was like 14 to 18 years... Still hard to prove if it is same person. Especially hard to parallelise them as they spoke on two different languages.
About emails with different numbers. It may be him, but may be another person. A lot of people are required to register here and there for school work nowadays, and as children they often create accounts with name+number (often suggested).
But these discord conversations surely do hint on link between his current discord name and his previous account name. No definitive proof as he denied that cheat forum involvement, but still big piece enough.
I mean, we can't do anything, but other Russians can. Lol
Honestly on one hand I hate cheaters. However on the other hand if doing so in such a public way forces EA's hand into putting resources behind fixing the cheating problems in Apex, I'm for that.
Although I agree with the general outlook has what he did was incorrect, I wouldn't go as far as consider this kid a malicious threat actor. Honestly he's a bit more of a hacktivist if anything. His actions brought out a huge spotlight to a pre-existing, much larger issue that EA (Respawn) have continually failed to address with any level of efficacy. There has been, and continues to be, a ridiculously rampant hacking problem in Apex Legends. It is the most apparent in the highest ranked bracket (predators) where they all tend to congregate once ranks have stabilized. out of probably sheer desperation, players of apex have gone as far as dig into the anti-cheat system and found that Apex Legends uses the cheapest anti-cheat plan possible with EAC. from the outside looking in which is the sentiment that a lot of their dedicated playerbase feels, it appears that EA just doesn't really care and is so behind on taking action that their efforts just simply aren't effective. this, in conjunction with the outlandishly priced cosmetic items in the game that release frequently and on a strict schedule, maddens the community to no end. if this kid is trying to embarrass EA and expose their MO, honestly I feel like he's done a pretty good job at achieving his goals. he's caused some pretty tangible reputational damage.
to corporations, of course a hacktivist is bad news. but you reap what you sow. if you don't wanna have risk associated with being exposed for your questionable business practices, don't conduct questionable business practices. this is basic risk management. don't wanna go to jail? don't commit a crime! this is pretty elementary logic.
Having bad opsec and then there's an osint investigation: "That man is playing Galaga. Thought we wouldn't notice, but we did" (Avengers)
John Hammond covering this story? Im intrigued.
How did you get access to the data breaches that had his information? Are those publicly available?
Yes. I personally know of 2 that were both breached and took down by the FBI.
@@catnip202xch.how can I access thjs
The moment you realize that the purely speculation information turns out to be actually real
he's probably (& rightfully) proud of his achievements. kid has skills
Apex should discipline the hackers. But not with jail time, or fines. Block access to all their Servers for the Hackers.
What Apex now should do, is learn from that mistake and upgrade their security, ASAP.
Oh you innocent soul. That isn’t how that works at all.
No video on the xz backdoor hack yet?
it didn't go far as it was noticed before being pushed to stable build. It was a dude that social engineered to get his code edits pushed to production on XZ Utilities GitHub. That would later hook into openSSH connections on server environments like in Debian.
The video covered one image saying the IP connection was through a RAT so does that mean they SSH into their PCs from obtaining their IP before the live tournament, or did the end user downloaded something before hand?
that what i thought personally , piratesoftware said the cheat window that appears on gen screen are just "graphics"
and thats wrong,
gen wouldn't get wallHacks just by an image presented on his screen,
those hacks won't function without a driver level application installed on his pc,
and how that could be done and how the hacker get his ip address to remote install it on his pc ?
he did it thought exploiting : either ssh or one of the 0 day vulnerabilities most likely after he get access to their ip addresses trough the server id itself using reverse tracking,
worth mentioning that Microsoft is still Patching 0 day vulnerabilities till today so it could been used instead of ssh.
I still think these players hacked and there was a back door in the software
To address the format window that popped up it wasn't graphics or apart of apex they're not technically wrong saying it's graphics. If you have your graphics card unlocked which the guy admitted he had FPS unlocker installed you would have to unlock your graphics card from windows tamper protection and isolation. You can make format windows transparent and overlay other applications but as soon as you do that the windows pane will be sent back behind the application you clicked on which is what happened he clicked back on apex after seeing that window pop up. The fact John Hammond and pirate software missed that part and jist focused on the fact the window of cheats hacks was transparent and had apex styled text means they forgotten about windows 95, XP days where options like making your format windows transparent and summed up that conclusion by not taking into account the guy said he had fps unlocker software installed not realizing the implication of what that means.
@@DoctorMGL ^
As someone who does security for a living, I can't say that I blame the hacker. Sure, they did the hack and it caused problems, but the issue is about that they shouldn't have been able to do the hack in the first place. You're always going to have to deal with threat actors, but they only exist because of the holes in the security.
I 100% agree that this is cybercrime, gaining unauthorized access to systems and also cyber disruption. The way the person executed their hack on a live stream fully knowing it would be exposed to millions of people says it all, their intent was to get attention and "credibility" for their action. This being exposed to the public would and could just bring more harm to the people involved, nothing ethical or morally correct about it.
are you not making the xz video ?
11:16 how do you know youtube channel's google account's email?
ghunt
I just thought I would say this, when you said it was just for kicks, that is only partially true. While I am sure he did do it for fun, the other reason for him pulling off these large super public hacks was to raise awareness of how terrible ea's anticheat is as cheating has been a huge issue in the apex legends scene recently. In higher ranked lobbies, you run into cheaters so often.
Holy f, this was a beatiful job John.
Thank youuu
Has it been ruled out that the players weren't using cheats created by Destroyer/Temoxa containing a backdoor and he just trolled them hard publicly? It seems strange that a global event involving millions of dollars in prize money isn't being conducted on private servers on a segmented network. Or are multimillion dollar gaming tournaments just hosted on public internet where they can be hacked by anyone? Is that because the servers always have to be connected to the internet for dynamic anti-piracy/anti-cheat stuff?
I guess it doesn't matter anyway, cause cheaters are gonna cheat and hackers gonna hack. Unless you fully lock down tournaments with segmented networks, no external devices allowed and player searches it's going to keep happening.
He forced the hand of EA to act on was happening and it worked out. The game got patched
Personally any type of hack that is used to gain advantage over the normal person should be a crime, whether you are the buyer or the seller, it should be treated the same. its to easy for kids these days to pick up a cheat and run with it coz whats the worst that can happen in most games? you get banned, start a new account and just continue. if the youth start to learn that your decisions and actions have actual lawful repercussions then they might think twice before doing this shit.
Thank you very much for the video, i just subscribed
bro's email is the most obvious thing a hacker would guess
You know what you the best? Because you talk slowly and explain from zero, thank you❤
Great work to the two guys spending time on this, it’s not always fun and a lot of resources and time goes into it. Also don’t forget - Don’t fact drive (dive) under the influence of speculation 😊 OSINT’ers only real hangover 😅
as someone with over 1k hours in apex im glad he hacked the game because he proved that respawn and EA dont care about the game or people playing the game when the hack happened they put out a sale in the in game shop to say sorry who the fuck cares we dont feel safe having our banking info on the game anymore I am happy he did this and i hope he does it again to stop a mega billion dollar corparation form exploiting their players
18:47 I can’t beleive Respawn as a company can’t sue him
For doing that that’s crazy.
Knowing how his hack worked, would be fascinating 🤨
It was so fun to watch John! Great investigation! :)
can we get some timestamps John? thank you
Keep up the good work* been watching you a long time: learning a lot".
I personally don't think there should be reprepercussions because if these companies fail to secure their shit, it's their fault. Also they (EA) atleast had some idea about these cheat software in the market and still they failed to manage it so can't blame "Destroyer2009". Infact their internal security team couldn't even uncover this. It's credit to those two guys who actually managed to get this information and even helped EA with this.
The moment that Regulators or Federal law makers touch gaming or online gaming is the moment it dies.
BT
You’re amazing 🙌🏾
I did not know I wanted a true crime like thing for cyber sec... but now I need it.
I am not sure what to think about this video.
First of all, the video is pretty good, showing how to osint and giving awareness to our online activity.
Then again, you basically just made 1.3 million people and potentially more aware of this issue and showed them pretty much exactly how to track this person. Considering your vast amount of followers and the potential to go viral, this might not be morally correct at all. Even if the accounts you showed have nothing to do with the hacker, there are now bound to be people that will look for this person and potentially destroy his life. Even if it was the person, its a probably 18 year old kid, which potentially could've caused tons of damages and made tons of money by selling this "exploit" or whatever they did, but decided to raise attention to the security problems of apex.
I feel like you potentially made the exact same mistake this kid did, you wanted to go viral on costs of others.
Why not just tell authorities and the responsible person about this instead of the whole world?
It is a lesson in OSINT, and that is what John teaches. This 'kid' cost people a lot of time and money, and could have ruined careers.
Maybe he will learn his lesson, and others will think twice before doing something like this for the 'lols'.
The people who care already know all this.
The kid perfectly knows he will never face any consequences for his actions as long as he does not target Russians.
Man, I kind of feel like pulling the kid behind me, putting my hands forward and say "hey hey, chill the fuck out guys".
Good intention? There is one. EA should fix their shit and not be that greedy
I take the old gamer stance... GET GOOD! Security just needs to step up.
based on this being pure speculation, i'll add a note that тимоха is a non formal Name. A formal name for this would be Тимофей,
His good intention is make it public which got the exploit fixed
whoever done the osint that guy is beast
Timoxa is a Russian nickname for Tim, x is a Russian “h”
More interesting than who is Destroyer2009, is how he got into the PC's of the progamers. 100% they had cheats running!
Programmers often do run cheats to test detection and prevention methods... but those with a brain will put them in an isolated container first lol. It's expected for some of them to contain backdoor and malware.
Trogan horse, they didn’t have cheats. They were injected into their games. Compromised pc’s for both individuals was confirmed.
how these teenagers manage to do all these things.
The moment you discovered that the person in question was a 18 years old and he/she was probably even younger than that at the moment of the hacking, you should have dropped the investigation and didn't upload this video in my opinion.
The responsibility of his actions are questionable due to his age, regardless of his citizenship or intentions. Even more, the intentions may not be pure malice as you seem to imply at the end of the video. He may have done this to force the developers to fix an extremely bad exploit that they were just ignoring after being reported. This hack allowed him to take control of any player in any game apparently and execute commands on the client machines; the fact that he only demonstrated the vulnerability publicly without further damage is something that EA should be grateful for.
This is a masterclass in OSINT
Who is the TheLegend27?
Companies have a lot of money they only want to give to the top executives. They deserve to get meme'd
had fun watching the stream with PS, gotta ask him for more colabs lol. and as usual, great video.
He's Kristimoxa, AS WRITTEN! Apex Al-Ghaib!
Do we know if like he possibly used some cross site scripting? I’m not like full immersed into Coding and Such but I did understand that, cross site scripting I wasn’t sure if it would have anything to do with it
Hands down favorite part was the discord conversations and making your avatar an Anime avatar 😂 why did you choose to do that?
19:37 (-ish) Weren't there **any** good intentions, though?
From what has been covered (by SomeOrdinaryGamers I believe?) "the community" was telling it was an awful idea to host the matches on servers & they were pleading not to do it this way.
The concerns weren't about CySec per se (though also listed), but about the quality of the matches (data speed/integrity over a LAN vs over the Internet) (which is pretty important in CySport, considering the height of the performance levels of these sportsmen).
From what I've understood the hosts were being assholes towards the participants & the community by not acknowledging their concerns & metaphorically giving them the middle finger of "I couldn't care less, I'll do what I want".
To me it feels like in a weird sense of justice the participants/community can give the metaphorical middle finger back to the hosts & say "told you, you ignorant nitwits"!
IMO this incident *could* be vigilantism (to be clear, I'm not saying that if it was, it diminishes the disturbance and grief this caused to the innocent participants and bystanders).
Having this impression I couldn't name this incident a "black hat" hacker attack with a straight face. Not familiar with the term "threat actor", but the way mr. H. presented it, it lead me to believe that "gray hat"/"weird cyber vigilantism" hackers are not "threat actors"? But if they can be, then why differentiate them in a way it was done in this video? Was it a cognitive distortion, a concealed motive or was there some other info that has lead the host to believe so - I can't tell, because I haven't looked into the story & haven't seen the hacker's responses/announcements, where they tell they did it "for the lulz". And I mean sincerely - "from under their mask", and not trying to appease some undercover social engineer (posing as a fan), who gave their starved, fragile ego some positive attention.
One thing I agree with is that the kid needs some sense scared into him before he does something stupid & ends up fucking up his & his close ones' lives by getting jailed (or fined to smithereens)...
Any way - hope the kid will find ways to redeem himself in the future by contributing to CySec/OpSec for our most vulnerable - the non-tech-savvy & credulous people, or something.
A very solid presentation, btw! :nod-of-approval:
I'd like to clarify that IMO cheating in multi-user games (especially obvious, blatant cheating) is damaging for them.
They are alive generally thanks to their userbase, so if you truly enjoy the game & don't want it to wither and die, then don't kill it by causing grief to other players by using unfair means, making people quit.
If you don't enjoy the game, then vote it out by quitting until it gets better or shuts down...
You don't have to cheat for griefing either - find a game where you can live out your sadistic tendencies by getting good or getting a headstart, so you could "crush those noobs" or sth. It's more satisfying when it's not a bot doing all the noob-crushing anyway...
love to see how the hacks actually work. like an overlay on just that users machine?
This guy didn't do this for the laughs. He's too smart for all of that train of thought. He did this with an intent. Not a shred of doubt in my mind. He may say it's for laughs but I guarantee you he had other motives.
Remember when Pirate Software was interviewing the professional player just a couple weeks ago? "EA never listens, they don't ever release patches, we're sitting in the dark and people just do xyz." I'm certain that this person did this with the intention of dragging the vulnerabilities to the surface and showing them to the world.
In our line of profession, we still call this grey hat hacking. Unwanted hacking, but not with truly malicious intent. If he was on their servers, he could have shut them down and uploaded everyone's credit card information to the dark web for tons of money. He could have done something way darker than spawn in some random bot ais to attack some dude for the lulz. idk man this is my hunch
In his interview with Mande, Destroyer2009 reveals some gripes he has with video game companies he hacked. Like his gripe against Rust which led him to hack the game. So it corroborates there being an intent.
@@酎ハイ飲んだらいい感じ personally, it's against the field I am in, but also personally, I kind of agree with the premise of the attack, but not the attack. Like it's not super malicious, but at the same time, it is affecting people's cash flow. It affected that tournament outcome for sure.
John Wick, when does he get on board?