Turn off Open and Private until the current hacking/spoofing situation (rogue devkit?) is conclusively handled.

[Calteru]

I don't think I should have to explain why, but I didn't think I'd have to make a suggestion of this either so here we are.
There is currently a very serious issue occurring in-game where someone is brazenly spoofing other players and calling in assets like their own Thargoid ships -- in the middle of Jameson.
This is a very serious problem. This is the kind of thing where access to Open and Private should be shut down until it's handled. The best explanation for this is a rogue devkit in the hands of someone who shouldn't have it, and I definitely don't think I need to highlight what kind of problems can be caused for players with that sort of thing out there.
This requires immediate action.

 

[Ned Flandalorian]

If two random people want to play together in their own closed private group that nobody else even knows about, why should they not be able to just because some cheating plonker is messing with streamers?

 

[SteveWW57]

I don't think I should have to explain why, but I didn't think I'd have to make a suggestion of this either so here we are.
There is currently a very serious issue occurring in-game where someone is brazenly spoofing other players and calling in assets like their own Thargoid ships -- in the middle of Jameson.
This is a very serious problem. This is the kind of thing where access to Open and Private should be shut down until it's handled. The best explanation for this is a rogue devkit in the hands of someone who shouldn't have it, and I definitely don't think I need to highlight what kind of problems can be caused for players with that sort of thing out there.
This requires immediate action.

The other explanation I have seen is that a trainer tool is being imported. Is this different from a devkit?

Steve

 

[Hellrider]

If two random people want to play together in their own closed private group that nobody else even knows about, why should they not be able to just because some cheating plonker is messing with streamers?

Because...
DOOOOM.
We are dead.

PS to op:
Current situation has nothing to do with open, if they want to snipe you they will make funni things under your nickname even if you are in solo.

 

[Northpin]

The best explanation for this is a rogue devkit in the hands of someone who shouldn't have it

nah, as far as got from an explanatory YT movie, it's a hacking tool that allows manipulation of game variables stored in the computer memory - and this allows any ship modification (they used coriolis.io to alter the builds in any imaginable way, then "load" the ship build in the live game) and it can also spawn thargoids or "fit" thargoid specific modules to their hacked ship - like the neutralizer field

This way a €5 new account with no engineering or other game progress can "load" any ship build that can be defined in coriolis.io (along with any custom values that can be set in coriolis builds for any module - like damage parameter for weapons or optimal multiplier for drives)

Still, this is no reason to shutdown PG
Open... that's a different story and i'm not sure what they can do to stop cheating and at what costs - given the way the game is built and how multiplayer works in ED.
Probably not much except to rely on player reports and to ban the offending accounts, which will only lead to cheaters buying other €5 accounts from shady sites.

 

[Brrokk]

It's obviously a big problem and I don't know how they can fix it conclusively. This will become a solo game for me if they can't. Even then, I wonder if that's a complete defence against having your CMDR name misused.

 

[Chaparral]

I wonder if any spoofed commanders have been banned?

 

[Old Duck]

In Frontier's defense, cheating and hacks are a serious problem for many online games. Hackers ruined both online Space Engineers and Red Dead Online for me, two very different games (one of which is backed by a huge Dev studio), and yet both were easily infiltrated by hackers. I've read of other games suffering similar problems. One of the reasons I switched to console years ago was because of the hacker problem on PC even way back then (hackers have been with us since my C64 days). A console is much harder to hack - not impossible, but it's not something the average script kiddie can do.

Add this to my list of reasons for preferring single-player games over multiplayer games these days. I don't envy any developer the daunting task of trying to make their games unhackable, especially games that run on open hardware like PCs.

 

[Darth Ender]

the question is, are they paying anyone to care and follow thru with all the flagged activity? since it's not all automatic.

it should, and theoretically has been, pretty simple for the server to flag and ban users doing or having impossible things or getting things impossibly fast. but it's also been fdev's stance to keep it all top secret so we have no idea how effective they are or if they are doing anything.

the issue is not new, it's basically as old as the game. especially the software that is most commonly used. it's been a while since someone was so blatantly doing it though. I'd think most would be done on solo for the black market selling of user accounts... where they make real money selling accounts with various ships and resources in auctions and listings.

 

[The Own of Noon]

I think hacks based on scraping or stuffing the local memory like that can be mitigated by obfuscating or encrypting the heap.

Their developers announcement is sensible that they want to discreetly study them with their pants down and I have reasonable faith they will put in good fixes. Uh, my words not theirs
https://forums.frontier.co.uk/threa...ng-and-account-imitation-manipulation.619178/

I don't envy any developer the daunting task of trying to make their games unhackable

I was going to say I do envy them, at least the discovery process what they are doing and detection strategies anyway.


I have not seen any players in open, usually every day or two, been almost a week. Maybe that's just me. They probably isolated me because my vulture is so badass

 

[shockbait]

It's not a "rogue dev kit", it's a trainer menu, just like exists for every other peer-to-peer game in existence. You're saying to turn off the game until they implement dedicated servers for the entire galaxy, not happening.

That is the trade-off for saving the costs of having dedicated instancing servers, peer-to-peer instancing is basically impossible to fully secure.
Dead By Daylight actually spent the money to swap from peer-to-peer to dedicated servers due to rampant, and I mean rampant trainers ruining games, but it's a "competitive" matchmaking game, GTA:Online just ignores the rampant trainers ruining public lobbies because they're not going to pay for dedicated servers either.

The problem is basically a non-issue in Elite unless you're at Jameson during peak hours. In my 2000+ hours in Elite, I've encountered ONE hacker, and I was leaving Jameson. Thargoid shutdown field, then more packhounds than could possibly be fired that fast by any vessel.

But that's just one, if I log-in to GTA:Online right now there would probably be three in the first lobby I joined.

The people using the cheat trainer menus are usually younger, and Elite has a generally older playerbase, and as everyone likes to point out, isn't incredibly high on the daily concurrent players charts, making it an unappealing target for most immature trolls looking to ruin other peoples fun for their own amusement.

 

[Darth Ender]

It's not a "rogue dev kit", it's a trainer menu, just like exists for every other peer-to-peer game in existence. You're saying to turn off the game until they implement dedicated servers for the entire galaxy, not happening.

That is the trade-off for saving the costs of having dedicated instancing servers, peer-to-peer instancing is basically impossible to fully secure.
Dead By Daylight actually spent the money to swap from peer-to-peer to dedicated servers due to rampant, and I mean rampant trainers ruining games, but it's a "competitive" matchmaking game, GTA:Online just ignores the rampant trainers ruining public lobbies because they're not going to pay for dedicated servers either.

The problem is basically a non-issue in Elite unless you're at Jameson during peak hours. In my 2000+ hours in Elite, I've encountered ONE hacker, and I was leaving Jameson. Thargoid shutdown field, then more packhounds than could possibly be fired that fast by any vessel.

But that's just one, if I log-in to GTA:Online right now there would probably be three in the first lobby I joined.

The people using the cheat trainer menus are usually younger, and Elite has a generally older playerbase, and as everyone likes to point out, isn't incredibly high on the daily concurrent players charts, making it an unappealing target for most immature trolls looking to ruin other peoples fun for their own amusement.

Counterpoint, cheating impacts the perception of new players to the game. The game has a massive new player retention (or even attraction) problem due to the nature of 9 years of content and excitement that they can't experience and joining a playerbase that has lost nearly all enthusiasm for the game due to decreased content delivery and odyssey's launch and subsequent year of destruction that followed.

It's important to mitigate and eliminate / punish this kind of very public cheating because new players will think it's important. They haven't played the game enough to realize that nothing you do in the game can actually matter, so the consequences of cheating are limited and easily ignored / avoided.

 

[shockbait]

Counterpoint, cheating impacts the perception of new players to the game. The game has a massive new player retention (or even attraction) problem due to the nature of 9 years of content and excitement that they can't experience and joining a playerbase that has lost nearly all enthusiasm for the game due to decreased content delivery and odyssey's launch and subsequent year of destruction that followed.

It's important to mitigate and eliminate / punish this kind of very public cheating because new players will think it's important. They haven't played the game enough to realize that nothing you do in the game can actually matter, so the consequences of cheating are limited and easily ignored / avoided.

New players can't get to Jameson Memorial. In 2000+ hours, that's the only area of the game I've encountered anyone "hacking".
Just gankers in Deciat and CG systems, places "new players" would be.

 

[Darth Ender]

New players can't get to Jameson Memorial. In 2000+ hours, that's the only area of the game I've encountered anyone "hacking".
Just gankers in Deciat and CG systems, places "new players" would be.

you can get elite in very little time. I'd consider anyone who hasn't played a hundred hours to be new. Getting elite can be done in a weekend if you follow a guide.

That's like saying new players can't fly anacondas. Sure, that was true in 2015.

edit... hell, even half that is probably a massive portion of the max play time players have in the game. And still 50 hours is plenty to get elite and the largest ships these days.

fyi, a new player can find a friendly carrier player and get elite trade in just a couple hours. Or follow the exploration road to riches guide and do it in a handful of hours.

whether the players you interact with in such a system are new or not is not really the point though. the point is new players will be impacted by seeing this in youtube or directly, far more than a veteran player. and the game needs a better new player perception far more than it needs to keep 10 year veteran players in the game.

 

[shockbait]

you can get elite in very little time. I'd consider anyone who hasn't played a hundred hours to be new. Getting elite can be done in a weekend if you follow a guide.

That's like saying new players can't fly anacondas. Sure, that was true in 2015.

edit... hell, even half that is probably a massive portion of the max play time players have in the game. And still 50 hours is plenty to get elite and the largest ships these days.

This seems really pedantic and argumentative, I don't get what your point is, when the fact is there is literally nothing that can be done about this due to the peer-to-peer nature of Elite's instancing. All you can do is report it and let Fdev sort it out. Bans will be issued, but the people who do this have plenty of throwaway accounts.

The fact it is so limited makes it basically a non-issue, you have a much better chance of being ganked trying to get to Jamesons, so most people swap to Solo/PG anyway already. This is just another reason to do so.

 

[Rochester]

If there is an issue simply report it with FD both via their ticket system and here via PM with a Com-Dev, with as much information as possible. It’s real easy for them to identify an account, and then if they have sufficient grounds legally request from the IP provider the player’s personal geolocation. But I would presume it’s simpler for ED to just burn that account straight out - as someone with the insight to hack should obviously have the insight to hide their IP, clone accounts etc, if they don’t they will be being monitored. Every IP provider keeps a record of traffic, key word search’s and keystrokes. If you’re going to hack you should really know how to hide your tracks. The issue is really do FD care, do they have the time / resources.

They probably do, and it probably happens a lot. Many companies deal with such threats internally and quietly on a daily basis. Don’t think it’s really worth the time discussing, it won’t alter the situation.

Just report it.

 

[Hellrider]

New players can't get to Jameson Memorial.
Just gankers in Deciat and CG systems, places "new players" would be.

Oh, trust me, they can. Currently progression is so fast, that I know about a lot of players, which were able to hit elite, or at least their first shiny, outfitted conda without knowing about rebuy (with...harsh finale)

 

[Dillon Fallon]

Oh, trust me, they can. Currently progression is so fast, that I know about a lot of players, which were able to hit elite, or at least their first shiny, outfitted conda without knowing about rebuy (with...harsh finale)

Chances are those new players would be blown up whether it was a hacker or not. I've seen what long term players consider combat ships to be as well and they've gone pop within a minute of being attacked. There's a lot of bad builds out there.

The difference is that a player who actually has outfitted their ship with decent defences and engineering should expect to survive an interdiction unless they've been hit by a very well coordinated wing. One ship should not be an issue.

So really I don't think this is an issue for new players who in the main world get blown up by your average non-cheating ganker anyway, but it is an issue if players who know how to build ships that can survive a attack by those same non-cheating gankers can't last 10 seconds.

 

[Darth Ender]

can something be done about it, sure. it's peer to peer but everything that impacts your save game is streamed to the server at the time it happens. this would include damage to your ship, as well as optional telemetry fdev has added over years of dealing with this issue... that can report on loadout or other triggers experienced by either the client's own player or others sharing an instance. it would be trivial to blacklist certain npc effects / modules and behaviours that exceed realistic limits have the clients flag them. it's assumed the clients do this already since this kind of cheating has been going on since 2015.


it is an issue though because it impacts new players disproportionally more than any other type. players who have been playing a while aren't deterred by its existence in the game but new or prospective players are. the discussion around cheating in the game is worth having since it's debatable if fdev's strategy of being entirely secretive is good for the game in the face of poor new player retention and the seemingly care free way cheaters are behaving lately. maybe a more effective approach is like how other games have done it, and publicly advertise the ban wave.

 

[Old Duck]

I think hacks based on scraping or stuffing the local memory like that can be mitigated by obfuscating or encrypting the heap.
[...]
I was going to say I do envy them, at least the discovery process what they are doing and detection strategies anyway.

If your specialty is cybersecurity, then I understand the enjoyment of "spy vs spy", trying to outsmart the hackers. But if you're just trying to write a good game in a limited amount of time, then things like encrypting the heap is a huge distraction and time sink keeping you from focusing on game-related code like how to track a player walking around on a moving ship.

IMO, all security based "countermeasures" should be provided by the OS and even the hardware, rather than the developer just trying to write a game or word processor. Consoles do this to some extent, including things like encrypting the hardware databus, though IIRC their motivation was more about DRM than cheaters.