Why video games need to be protected from cheat developers before they even launch.
It's an often-asked question. ‘When should you start monitoring and protecting a game from hackers and cheats?’
To an extent, this depends on the type of game and how popular it is. But if it’s a competitive multiplayer and involves shooting, you’d do well to be prepared by the time you start sharing keys for the closed beta, because once you do, cheat developers will get busy.
As we’ve all seen, nothing spoils a launch more than a game being overrun by cheats. Negative feedback in player communities and the subsequent PR nightmare, threaten both a game’s long-term viability and colleague morale.
Over the last six months, we’ve worked on a number of closed betas for multiplayer games and these have demonstrated you can never be too early with your security strategy.
It’s no secret cheat devs have always been innovative and professional, and some beta keys will always find their way to them, but the increasing speed they release cheats for unreleased games, is a growing concern.
For example, during one closed beta test we worked on at the beginning of the year, we saw over 20 vendors actively discussing cheats for the game, with 11 going on to release working cheats - all in the space of two weeks.
In another more recent test, we identified 10 vendors selling cheats for the game, with the first becoming available within just two days of the test starting, and another eight released in the first week. In fact, on average cheats were released 1.5 days after the vendor announced they were developing a cheat.
The graphic below shows the different stages and events for a typical game in closed beta, from when the cheats devs start to talk about a game, through to the paid cheats going on sale.
Cheat development begins with discussions and requests in the digital communities focused on cheating, such as forums on ElitePVPers and Unknown Cheats, as well as on Discord, Telegram and Reddit. Dedicated market sections and sub-categories are set up in marketplaces for the specific game, which are then also used to advertise the cheats once released.
Trust is key when it comes to selling cheats so video showcases are the most popular way for vendors to demonstrate their cheats are working; videos on YouTube, Daily Motion and Vimeo will often get 3,000-plus views.
Of course, this all requires beta keys to access the game in the first place, and so creates demand and an additional market for the keys. Resembling a twisted circle of life, vendors respond by selling keys, whilst they offer free cheats for keys when they need them for testing purposes.
Inevitably some honest players in the test start to suspect they’re playing against cheaters and start complaining - we’ve seen this start as early as the first day of a test - and cheating is often the most common issue raised by users - ‘Wayyy too many cheats for me!’ as one unhappy tester put it.
However, there is hope.
Taking action early enough can disrupt the developers and cheat vendors’ plans, and help protect a game’s launch.
Firstly, building an understanding of the likely cheat ecosystem around the game, in advance of the beta, is essential and will give you a head start in the race against cheating.
Looking at similar games in the same genre, or previous editions of the franchise, and testing the cheats available for those, can provide engineers with invaluable information on what to watch out for, and guard against.
And, the bad actors are likely to be similar, so you’ll have a good idea of where threats to the new game are likely to come from. Below are just some of the cheat vendors we've seen target several closed betas this year.
When it comes to the test itself, it’s about monitoring these communities, and any new ones you detect, so you know about cheats in development as soon as they’re discussed or requested, and before they're even released.
With this insight, you’re ready to procure the cheats as soon as they’re available, test them to see which operate as advertised, and then patch the game and optimize the anti-cheat.
At every stage, data such as vendor sites, volume of traffic, reputation for reliability, and pricing, is gathered and used to prioritise the security and engineering teams’ resources.
Doing all this disrupts the actors who pose the biggest threat.
Complaints from cheaters increase as the cheats stop working, and vendors have to try and update before the end of the beta, often leading to issues of unreliability. Best of all, their reputation takes a hit, and like any brand, trust is easier to lose, than build.
They can be further disrupted by issuing takedowns of their marketing materials and assets such as YouTube videos - hindering their attempts to build publicity.
This all requires resources, and starting early means more in the short term. That’s why along with enabling Game Sec teams to monitor cheat communities through our SaaS platform, we provide additional practical services such as cheat procurement and testing, takedowns, and research reports on threat landscapes.
By acting as an extension of internal teams and utilizing our proprietary platform, we can protect beta tests and help give games the best chance of success in the future.