Cybercriminals used social engineering and neuro-linguistic programming to gain access to Riot Games’ development infrastructure. The stolen gigabytes of source code are now to be auctioned off because the company did not bow to blackmail and did not negotiate with the kidnappers.
As we previously reported, Riot Games confirmed the fact of a cyber attack in which hackers gained access to the source code, after which they sent a $10 million ransom note and threatened to release the stolen code to the public. Although the attack “May cause problems in the future”Riot refused to pay as the company is confident that player and other user data has not been compromised.
According to information security analysts from VX-Underground, the organizers of the attack hacked Riot Games’ infrastructure using social engineering – it turned out that it was enough to send an SMS message to an employee of the company.
The attackers claim to have spent 36 hours on Riot Games’ servers before the vulnerability was discovered by Information Protection Unit staff. However, the criminals failed to reach the main target of the attack – the source code for Riot Vanguard’s anti-cheat technology.
The stolen source code for League of Legends, Teamfight Tactics and the outdated anti-cheat platform Packman is currently being auctioned off on a popular hacker forum. League of Legends starts at $1 million Packman is also available separately for “only” $500,000 There is also a 1,000-page PDF with a 72.4GB source catalog available for download. Based on this document, journalists from Bleeping Computer came to the conclusion that the hacking information is true.
Whether it was League of Legends has not yet been independently confirmed. Riot noted that they are now trying to assess the prospects of a leak and are doing everything possible to make changes to the game code as quickly as possible should such a need arise.
“It is not clear whether the attackers can sell the source code for such a high price that — Notes Nikita Pavlov, expert on information security of the company SEQ. — The source code can be used to find vulnerabilities that theoretically threaten endpoints by executing arbitrary code. In addition, the sources can be used to create new cheats – again with the help of identified vulnerabilities. But these “bugs” can be found by reverse engineering without spending large sums of money. So whether anyone wants to buy these sources for a million or more is an ambiguous question.