Jin Lei from the Cave Fei Temple Qubit | Official account QbitAI
"Starting at $1 million! Packaged for League of Legends and Packman (anti-cheat system) source code. ”
This is how the hacker gang brazenly posted an auction post in the forum:
And according to information obtained by Bleeping Computer, the gang is also willing to sell Packman's source code separately for $500,000.
Curious friends are about to ask, as hackers, shouldn't the "right way to open" be blackmail?
Bird~
The blackmail was passed, but it was rejected.
Riot Games, the company behind League of Legends, has publicly confirmed that the source code was indeed stolen.
But in the face of the hacker's $10 million "offer", the fist is really hard, and directly replied: No way!
Well, it's hard enough...
The stolen codes totaled 72.4GB
However, this incident can be traced back to January 21, when the official Twitter of Fist released a message saying:
Our system has been attacked and there is no way to update the patch at this time.
Family, please be patient and wait, we are working hard to fix it.
Then three days later, Riot came forward again: "The source code of "League of Legends" (including Genting Game) and the anti-cheat system has been stolen by hackers."
Fist also admitted to receiving a blackmail email, although the official did not publish the email, but foreign media Motherboard broke the news about the content of the letter:
Dear Riot Games:
We got your company's valuable data, including the full code for League of Legends and its tools.
We know how important this code is to you; And how it would affect games like League of Legends and Valorant if they were made public.
In view of this, we only have a small request, to take $10 million to "redeem".
Once we get the ransom, we remove the stolen code from our servers; We'll also tell you how the exploit happened and how you can prevent it from happening again in the future.
In order to prove that they did get the source code, the hackers deliberately attached 2 large PDFs (1,000 pages long) containing a directory listing of a total of 72.4GB of stolen code.
They also provided an address for Telegram, a chat software, and invited staff from the Riot Games side to negotiate.
During this conversation, the hacker team said:
Asking for money is our only purpose, but the time given to you is 12 hours.
But the result is exactly as Riot Games responded on its official Twitter: No way!
So does Riot Games think that this hack is indifferent?
"Player data is not affected"
Admittedly, Riot Games admitted that the source code was stolen, but judging by the official tweet, it is emphasizing one point to players -
"We believe that the player's data has not been affected."
But that doesn't mean that future games like League of Legends won't be risky, as summarized in Riot Games' statement:
Any disclosure of the source code will increase the likelihood of new cheating (plug-in) methods appearing.
The leaked code also includes new game modes that are experimental (although there is no guarantee of a future release).
Riot Games is currently working to fix the bug and has promised to fix it later this week.
However, for the countermeasures taken by Riot Games, hackers have previously reminded in the dialogue:
It would be a shame for you to expose this matter publicly, especially if you show that you are very confident in your safety measures.
It's worrying that you can be hacked by an amateur hacker in a matter of hours.
As of now, Riot Games has not released information that the issue has been resolved.
The full ransomware email is attached:
Reference Links:
[1] https://www.bleepingcomputer.com/news/security/hackers-auction-alleged-source-code-for-league-of-legends/
[2] https://twitter.com/riotgames/status/1617900234734198787
[3] https://www.vice.com/en/article/qjky8d/hackers-demand-dollar10m-from-riot-games-to-stop-leak-of-league-of-legends-source-code