The Hacker Who Went to War With Riot Games
HTML-код
- Опубликовано: 3 июл 2024
- The hacker who keeps riot games awake at night.
Find the full write up and original reporting from hall of fame esports journalist Richard Lewis:
dotesports.com/league-of-lege...
As well as his substack for more recent work:
richardlewis.substack.com/
And youtube/twitch:
/ @rlewisreports
/ richardlewisreports
Want to support me further? I now have a Patreon.
/ kirayt
------------------------------------------------------------
#riotgames #hacker #documentary 
Развлечения
My account was hacked in 2017 and at least the person who stole my account for two weeks did very well in ranked... Thanks Hacker.
Great pfp, Maria no danzai
They more than likely was scripting on your account, quite lucky you didn’t get banned tbh but their anti cheat in 2017 was so bad doesn’t surprise me you wasn’t banned.
Someone probably sold your account and the person that bought it was playing
My story: An account of mine was hacked in 2012 or 2013. By the time I got my account back, I figured the hacker(?) had put at least $100 of his own money in my account to buy stuff. It was a P2W game and I never figured how much he spent for my account because he also spent on a bingo-like event where he won the ultimate prize ($1 for every roll to get a random number from 1-99; the board consists of 25 random numbers and the ultimate prize will be given to you when all numbers on your board is checked). I still feel sorry for him and I hope he has found a better job and a better life...
"you are going to brazil" just got a whole new meaning lmao
I've worked in IT and the senior at Riot not changing his password when everyone else has to do so is EXTREMELY consistent with senior level behavior at companies. They will whine and scream that there should be "absolutely no exceptions" and "everyone must change their password" (which is actually good policy btw) while insisting that you allow them to keep their password. Their primary issue is ALWAYS the same and can be found in virtually every company across the planet: they don't want experts to guide them to good policy decisions but rather to be told that their decisions are good policy regardless of how insanely stupid they may be. That way they consistently say "we consulted with experts" to the employees/public and will have someone to point the finger at when their stupid decision inevitably bites them in the ass publicly.
I work in IT security and from my experience the "experts" of managers and executives are usually not actual experts - just people that have "expert" somewhere in their job title and have gotten the job title because the manager/exec liked them. And those people don't plan policies that make anything actually secure - they're making "feel good" security, that only looks like it makes stuff more secure to people who don't understand the technology involved.
A great adaptation of a piece of work I always rated as one of my best. Thanks for bringing it to a new audience.
cringe af
Hey! Great writing my man, I re read your article after this.
@@AlbequerqueJoe I know, who’s “proud of their accomplishments” and “sincere” anymore? Lame…
I'm so confused. Can some one explain?
@@jackbaxter-williams8059 OP is the one who published an article that was the basis for this vid
So, while he was out on bail, Jason was continuing his antics. And nothing happened to him. He probably realized that. What a world we live in. Really good video!
The real lesson of all of this is simple.
Riot games never cared about anyone's data or security and Steam is once again superior in every single way.
I too can't tell right from wrong... so I guess I'm free to commit any crime???
He obviously knew with his condition he could bend the law.
Friendly reminder that brute force attacks are still a thing. It's just done on captured hashes, offline, instead of the servers directly. Use a password manager and never reuse the same passwords.
He got out of going to jail because of a mental illness is utter bs, he knew what he was doing as he was parading it around and taunting people
wait they caught him?
Exactly, having aspergers/high functioning autism does not automatically mean that the person is unaware of their actions in the slightest. Most that fall in this category are perfectly capable of understanding right from wrong and acting as responsible adults
@@cbegefdkih I think it was that plus his upbringing (homeschooling) that made the argument convincing.
@@stanimirborov3765did you watch the video?
Yeeeaahhh I see what you saying, but 100% it will have been his lawyers who decided to mount that defence, not him. Doesn't make it any more 'right' obviously, but.
Would have been good to mention that Riot didn't even infer to anyone that their information might have been stolen until about a year after those forum posts which were already a year after the hack had happened and they should have let everyone know
A Kira video is the best firework display this July 4th....
Oh, just wait.
"Lost our goodwill in over playerbase"
-That was gone way before.
The phrase is “with great power comes great responsatillatrance.”
sklounst!
Not saying he deserves to be locked up but it is wild that he got away with it by using aspergers as an excuse. I mean I have that/high functioning and I doubt I could use it as a legal defense.
As someone who does have aspergers myself, I'd say he definitely deserves to be locked up and I cannot believe that they believed that "because he has aspergers, he doesnt know the consequences of his actions."
I call bullshit on his insultingly, extremely-lenient sentence, because while that could be true for some ppl w/ aspies, just because ppl have aspies, it doesn't mean that everyone in that spectrum's completely oblivious or don't know any better. And from his antics and him repeatedly taunting others and trying to hack all sorts of shit and even creating a paid service where ppl could boot others from the game using their IP addresses, there's multiple signs that paint a clear picture that he knew exactly what he was doing and did it for both the attention and monetary gain (and even got as much as 110,000 worth of bitcoin from it before it got taken away). Having asphergers or adhd or autism is not an excuse to commit literal crimes, and in his case he most likely would've kept going and committing even more if he wasn't tracked down and arrested.
from my own experience, hyperfixations and isolated talents that come with aspergers can make you forget everything in the real world and lose control not only of yourself, but also what you're doing - it's a controversial choice to make legally, but it has a very valid side to it
i think he's based for targetting riot games and i'm glad he could use something to get away with it
@@Linda- Fair enough I guess I just havent experienced it myself. I mean I do get way too obsessed with things but I've remained _somewhat_ level headed.
@@RisingRevengeance Well, me too, but autism isn't called a spectrum for no reason, everyone perceives it differently and suffers from it in different ways
8:10 bruteforcing wasnt a poor approach to steal riot accounts, if you wanted to get a mass amount of accounts, like some people did, riot never used to have a password lockout of any kind. (no clue if they do now) but you could run a bot to do it for you overnight, you basically just got a word list, which consisted of like 500 notepads full of dictionary words and names and some code
the code would basically execute those words with numbers on the end those could be like 123, 1, 1998 etc. etc. the other popular one i used would be username and numbers, a lot of people used to just use the username and some numbers or in some cases just the username as the password.
i mean hell, i still have some accounts from way back when i used to do this with the exact same password.
you would think companies have would care about security and all that but they dont, lots of websites still allow for bruteforcing, and you can steal a lot of personal information doing so, a great example that comes to mind are a lot of the facebook businesses that have their own webpage and store
i am also curious to know about Jasons involvement in the neopets hack, because if hes the one who sold the database to Joe he made absolute bank.
I worked in system security and software engineering for companies and numerous large ISP's over the decades going way back into the early BBS days. The issue was not so much the hacker but the total disregard by Riot to admit something was wrong and take action. This is the typical scenario you see when a major hack happens to a large company. Instead of coming right out and saying they were hacked and bringing in the talent that could do the software forensics to determine the scope of the attack and how it was done they instead played the PR game while it continued. It's the typical incompetence and misplaced priorities that happens over and over with these companies.
When it comes to games they seem to like to challenge hackers by bragging about how good their security and A/C are. One of the worst things you can do IMHO.
As far as the employee not changing his password, it's very easy to tell who did using simple hashing of previous vs current passwords, it is something any script kiddie could check in 5 minutes.
Maybe one day these companies will be held liable for looking the other way and not protecting their customers data and privacy. Are black hats bad, hell yeah but no worse than total incompetence or lying about something being wrong.
Great video !
I think a lot of people don't understand how much damage can a single breech do, especially when it's connected to a video game.
In reality, if you got access to a full list of passwords and logins, there are often very few things holding anyone back - try the same password on all associated emails, try it on other platforms, at some point you are bound to find even more personal information which can be used to pass security questions and ultimately gain access to someone's full online identity, including banking. Just from one breach in a video game you are at massive risk, and I just don't get why are such platforms held to a lower standard.
"Riot spagetti code"
Omg, $110k virtual currency in 2013, including bitcoin…
+1 Internets for including a short clip from Hackers. Guilty pleasure movie, don't care that its unrealistic.
Such a great bad movie! I made a Pwnagotchi and put it in a yellow Motorola Advisor pager!
I was one of the first on LoL (I was MyRagNUrMouth). AP Yi was BOSS at the time. I migrated there from DotA when Activision bought Blizzard and shot it down. Then I moved to DotA2 when LoL's playerbase went to shit, and then left DotA2 when I migrated from Win7 to Linux when MS finally killed off 7. Great times and lots of nostalgia.
13:55 Riot claiming they lost customer goodwill over this, that's funny.
..no, really, that's fucking hilarious.
Nice work! I used to be that guy to a game called Grand Chase by KoG and Point Blank in Brazil, but later I quit that activity… (more than 17 years ago) Mainly because the only interest of both companies was the pay 2 win interactions… There was a community about it (nobody got arrested) some of the guys even worked on development of the game itself but were tired about the company decision. Cool times.
A true Aussie legend
Couldn't of happened to a nicer company.
Interesting video. Thank you
I learned all i needed to know about assburgers from southpark.
Multi billion company, one guy with ass burgers.
Fight.
Its indie and smol
@@PlaceOfDestination They had ~2,000 employees. Now almost 5,000. They're not "small".
@@iyeetsecurity922 ah, ur new. It doesnt matter how big they are to say theyre small and indie. You know, memes.
8:20 interesting captcha you got there
Riot sucks and always has. Crazy that this is the first time I'm hearing of this psycho hacker though, thanks for the informative video as always 👍
On one hand, if you commit a crime you deserve to be punished, on the other, I think a lot of people can agree that seeing a massive corporation run around like a chicken without a head because of their own incompetence is quite cathartic.
I was a mod on Legends Of Mir 2 forum, early this century. They linked my account to forum, so they forced me to use same credentials as the game. Forum got hacked. I got fucked.
Amazing game! The good ol’ days.
Brazilian servers is all you need to know.
edit: Also for the lulz, do not ever forget that.
League is one of those things where despite its popularity it has *nothing* but negative discussions.
Ive never once heard a LoL player speak positively of the game despite constantly playing it.
And this is what you call: "Intelligent but stupid."
Jason is a legend. Should name the game League if Jasons
KiraTV: if you pc game on 2010 there a good chance you play league of legend
me: play PC sins 2000 so....yaaa about that never play league of legend and never well be
Him not going to jail because he has aspergers is just ridiculous. Should have been locked up.
Letting someone out for committing a crime doesn't make sense. Isn't it even worst if they can't control their crime sprees?
Dude had $110,000 (AUD i guess) in BTC, in 2016. Back then price was between $500 and a $1000 USD.
The fact he got off over being autistic is diabolical. Dudes an evil genius.
"what motivated jason into doing what he was doing"
It's League.... It's by Riot Games.... does he need any more of a reason? lol
Agreed
That much money in bitcoin back then is crazy
the edit is great, so much work lol
Hmm personally i think that there may be a privacy issue within riot games. So if u are not playing the game. The riot games anti cheat still runs in the background. Which it shouldn't as no one is playing valorant or other games. When u forcefully close the anti cheat and try to open valorant. There is an error. It now has become a huge issue.
I absolutely hate when companies blame the user for their credentials being stolen. I had my Steam account hijacked once. Luckily, Steam support got my account back within a matter of hours, but they still blamed me for the compromise. How the hell could a hacker get a hold of my Steam account name (that I never used elsewhere). Even if they stolen passwords associated with my e-mail address from other websites, I don't see how they could have linked it to my Steam user account name without data breaching Valve. Anyway, it was a lesson for me to go all anal retentive about my passwords and using the most secure methods I'm allowed on websites now.
Breaching your email. Steam sends you an email with your username. Its actually steam that pushed me to finally get a password manager because their password requirements are extensive. They weren't always that way so I suspect the reason is to keep people from using the same password they've used elsewhere.
Do not use the same passwords everywhere. You drop breadcrumbs linking you to various accounts without even realizing it. All they need is the few passwords associated with you and they can try them in all the accounts associated with you. Maybe they are at fault but you can't really know if you were practicing such poor password safety. If you prefer convenience that's fine, but you also need to accept fault when your accounts get compromised.
Not sure when this happened, but account names used to be publicly visible to everyone.
imagine stealing someone's account and using their credit card to buy the Faker Ahri skin and that's it. Don’t even tell anyone you did it. Just let the owner find out on their own.
There is no other RIOT character that can represent this whole video but Valorant's Swedish agent "BREACH." 😅
In 2016, 110k would be ~45btc, in july 8th 2024 it's around $2.5m
Having no idea how this story was going to go, I was very surprised to see that Jason was from my state and around my age. I don't live in Kingaroy but I have family who live nearby... weird to think I could have met him at some point XD his surname is even vaguely familiar... god I might have gone to school with a relative of his msdnbg. Wild.
great vid! Who would have guessed riot failed with security and didn't even do anything until the bigwigs were targeted, customer focused as always :D
Thanks ‘Comments’, no need for me to watch the vid now I know the result of the whole drama.
Great video as usual Kira!
Nice
Jason was a real riot
if only he used json as his calling card.
What a fucking legend. Dude single handedly took a multimillion dollar company by the balls and almost buried them. Just imagine if he covered his tracks better, LOL would be dead
Never played this game. Don't give a hoot about it. Watched this whole dang thing, tho. Well done!
Shane looks exactly like I imagined him.
ah the good ol aspergers get out of jail card.. if someone with aspergers cant be sentenced to time in jail then someone with aspergers should not be allowed access to anything.
This needs to be a south park episode, an angry autist vs a billion dollar company
You could say that he did it... 4 the lulz
While we all fight minions and each other, this guy went for the head
As a fan of Richard Lewis and his work, it was awesome to see the shoutout and recognition!
So imagine trusting Vanguard after knowing this!
I mean how stupid can people be to install Vanguard with this context?
OFC riot only did something about it when they started losing sales over him.
Come see Australia, the oceanic servers.
Yeah, not for money but for the resume! Then you get access to the real groups.
NEOPETS too!? Not NeoPets!
but Asperger's doesn't make you not know whats right or wrong.. 🤔
Moass
Honest to god league was so much better back in the day. I Didn't realize how this guy was terrorizing EUW I'm from NA.
" Part of a Group" ... #WeAreLegion #WeDoNotForget #WeDoNotForgive ... #HailToTheHolyGodJason !
very Italian thumbnail
Honestly XD if he just kept it to destroying riot i would agree.
brute force attacks are on downloaded HASHED passwords
?
i remember 2 of my account being hacked waaaaaay back......... never got them back, one of them was even on my birthday T_T worst present ever
Man shoulda used 7 proxies.
AI david bombal voice xD
I remember this happening after lucian was realeased... and you know the jokes that have been made
Yeesh....
I quit Riot / LoL after they started using Vanguard, the thing is like malware and refused to be uninstalled unless I dug for it.
Thats too intrusive and shadey for me.
He could play a long game
How can someone have so bad OpSec as having a gmail and yahoo account linked to all the hacks. People just get caught because of mistakes like giving emails linked to them. looking at pompompurin etc. i just dont get it at all.
It's astonishing to see the extent of damage a hacker can do. It's a stern reminder for all tech companies to take their security measures seriously.
The Brazilian job.
2:30 interesting username
Can you make a video on how skin seller was able to hack into riots server and generate tons of limited skin code and sell them.
Json you say?
What the... why didn't this pop up on my feed?? Smh
Anyways --- gotta point out the spelling error... *TOO
Ijs.. 😊
great video, yyou are by far my fav. youtuber right now. keep up the great work, i cant get enough
10:31 and YaWhat?
Love your content. Thank you Kira
i like how Duffy's defense made him look like a badly trained hamster who didn't understand how society work
Yep 2012 that's when the game reached a peak and then it went down pretty quickly. Today LoL is dead for any old LoL fan.
I think what the hacker saying is true riot was a small company. I tried the lol beta it was like some sort of pdf game or something it was strange i dont know hooow lol got so big its just doesnt make any sense to me same goes for games like pubg
i know a jason duffy
Im sure he Come backk😮
"Weaponized Aspergers"
lol someone clever enough to hack claiming to not be able to understand consequences is hilarious to me
Not gonna lie. Jason was a menace I didn't dislike.
Two and a half years in prison with "immediate parole" ? (zero years, zero days in prison)
What a weak and pathetic "justice" system.
Let's like Jason needed to be in prison... Prison creates criminals, and he was clearly a strong candidate to be rehabalitated. Probation and keeping him from doing more crime is far better for society as a whole than tossing him in with real criminals and then letting him free with no programs being done.
@@SunnyDeLite He does sound like a real criminal to me. The least they could've done is bar him from owning a computer or accessing the internet, under penalty of actual prison time.
GG God
@kiratv can you make a video about donut media and hosts leaving from youtube channel?
After investment firms got involved