13/12/2021

RAINBOW SIX SIEGE - UNDERSTANDING ANTI-CHEAT

Anti-Cheat can be a difficult topic to discuss, from its deeply technical nature to the necessity of keeping initiatives secret to protect against dubious folks exploiting them. Even so, it's something we know you're keen to better understand.

Below, we've put together a primer on the many facets of Anti-Cheat. We want this to stand as a reference into what we do - from the way we talk about cheaters, to statistics behind cheating on Siege, to the actions we focus on each day, all the way through to some plans we have for the future.

It's quite long, as we want to establish a better understanding of what we do before coming to you with more regular, more focused updates on social in the coming weeks and months - this is something we can improve and we're committing to. For the abbreviated version of this blog post, check out the thread we've just posted on Twitter!

Now, before we dive into a breakdown of what we do daily to combat cheaters in Siege, we wanted to share some background on the cheating ecosystem.

DEFINING KEY ACTORS IN THE CHEATING ECOSYSTEM

Blatant Cheaters

Whether they show no regard for gravity (fly, teleport) or spin out of control to get rid of their opponents, these are the obvious cheaters -- the ones who have the highest visible impact on the community.

Covert Cheaters

These are the cheaters who try to pass their cheats off as their own skill. While they might not cheat all the time and are rarely obvious about it, their goal is to appear better than they really are and create noticeable disruption in the community.

Overperforming Players

Overperforming players can be cheaters, but they might also be smurf accounts playing at lower ranks, players who are highly skilled, or mouse and keyboard players on consoles. Even though all of these can create frustration in their own ways, identifying which are truly cheaters is complex and a key part of our job.

Boosted Players

These are the players who play with, or take advantage of, overperforming players or cheaters to gain faster access to higher ranks. They can easily be perceived as cheaters themselves as they have an unfair advantage against other players.

Account Stealers

While not literal hackers, this is the name we use to talk about those who steal other players' accounts and resell them. They contribute to cheaters' ease of access to new accounts and re-entry into the overall Siege ecosystem.

Cheat Makers

They create the cheats we see in Siege and can range from one person to a dedicated team. They are the brains behind the cheats. For them, creating cheats and profiting from them is a job. They empower othersto negatively impact the game.

Cheat Resellers

They package the cheats created by cheat makers, selling cheats, and hiding already-detected cheats behind new securities. They are part of organizations that cater to cheaters and profit from the whole market.

This ecosystem exists because there is money to be made on Siege and will unfortunately exist for as long as they can profit from it, which is why disrupting their money flow will always be one of our primary jobs.

WHY DO CHEATERS CHOOSE SIEGE?

It's likely no secret for anyone who actively plays multiplayer shooters, but cheaters are an unfortunate inevitability. What is it that attracts them to a game like Siege, though?  

  1. We are a competitive game with a solid player base. This equates to money in the eyes of cheat makers and resellers.
  2. We are part of the esports scene. And with more attention on the highest level of play comes an increased market for getting players up to that level.
  3. Players are always looking for an edge. As long as there's incentive for players to perform at a high level, there will be an aftermarket to support easy enhancement.

As you can guess, this ties into one of the biggest problems with cheating -- it's widespread and an industry-wide issue. Wherever there's money to be made, cheating will continue to exist as a prolonged, resources-based fight.

But it's one we're committed to fighting with and for you.

A LOOK AT THE DATA BEHIND CHEATING IN SIEGE

Now that we've talked through some of the cheating basics, we wanted to share some raw cheating data. There's no better way to understand the scale of cheating than to see it in hard numbers. Before we go into detail with our numbers, it's important to note that we cannot compare our numbers to other games. A one-to-one comparison isn't possible when different games have different player bases.

What we can do is look at the context of cheating in Siege and use that as a way to talk about the future.

Total Cheating Bans

R6S TOTAL-CHEATING-BANS

This graph groups BattlEye's bans and our own sanctions based on data. Here are some takeaways:

  • The two visible spikes from 2020 correspond with the initial phase of the pandemic back in April 2020 and the end of that school year respectively.
  • On average, we ban over 10,000 players for cheating each month.
  • We've banned over 100,000 cheaters since January 2021.

Ban numbers are only one indicator of the actual issue, but they tie into the extremely visual nature cheating, so we think it's important to see the scale of this up-close.

We keep a close eye on new cheats and plan to focus more time and energy into threat intelligence - working with others in the space to expand our knowledge of emerging cheats so we can deal with them before they reach you in-game.

BattlEye and Data Bans

R6S BATTLEYE-AND-DATA-BANS

This graph gives more visibility into how sanctions are split between BattlEye and our data-based sanctions. Here are some things to note:

  • About 11% of our total cheating bans are bans based on data.
  • The point of data-based detections is to work in parallel with BattlEye and act as redundancy to ensure together, we catch as many cheaters as possible.
  • We can see a small increase in sanctions year over year. As our detections have improved, so has our ability to catch more cheaters.

We are currently working on improving our data detection models and will continue our close collaboration with BattlEye to improve our identification of cheaters. More on this a little later.

Knowing what we do about the scale of cheating in multiplayer gaming, how do you go about dealing with this rampant issue? Below, we've broken out the many roles we play in this fight while also outlining the collaborative nature of Anti-Cheat as we work closely with other teams at Ubisoft.

WHAT DOES THE ANTI-CHEAT TEAM DO?

Cheat Detection and Validations

Put simply, detection and validation are the act of identifying cheats and making sure the offending players are actually cheating. Since the cheating industry is so large and so many different types of cheats exist, a single Anti-Cheat solution is often not enough. This is where our close third-party partnership with BattlEye comes in.

They tap into a robust, ever-evolving cheating knowledge base to detect cheaters at a large scale, casting an incredibly wide net to effectively catch blatant cheaters and many covert cheaters that fit the parameters within their system. Of course, some cheats are more elusive than others. Where possible, we try help BattlEye expand their detections to account for emerging issues. We then act as a second layer of cheat security.

Using data we collect from the game and monitoring reports and conversation from the community, we've developed our own detection methods to catch cheaters who may not immediately be caught by BattlEye's net. These range from data bans to the recent detections we put in place to catch idle botters -- basically, we strive to catch the outliers who think they can get around the system.

This is also one of the most ever-evolving aspects of our job, so keep reading for an update on what we've been doing to address your feedback on data detections in Siege.

Sanction Cheaters

Once a cheater has been detected and confirmed, it comes time for sanctioning - the ol' ban hammer. Sanctions are a significant part of what we manage each day. While most of our sanctions are triggered automatically after detection, like BattlEye bans and data bans, we also manually investigate and act on reports and issues. These investigations help us identify outliers and deal with them quickly, often while we figure out how to improve or create detections for these cases.

Take the idle botters mentioned above for example. When it was discovered that hardware could be used to circumvent our AFK detections, we had to hustle to find a solution. Our first course of action was to sanction the early offenders while we worked on an automatic detection system which came shortly after. Next, we plan on automating the sanctions for these early next year.

Like with detections, there isn't a simple one-size-fits all solution to sanctioning cheaters, so we try to be as adaptive as possible. Over the past two years in particular, we've added DDOS bans, data bans, and botting bans to this roster of sanction types, and continue to work on more. We then issue ban waves and monitor for mentions of false positives to make sure we keep these detections up to date.

Protect the Game's Code

It's no secret that Rainbow Six Siege is a mature game that shipped 6 years ago. This means that a lot of our code is just as old.

Understanding that the code's age, how it validates data, and the risk of updates introducing new vulnerabilities are all very real hurdles, we've worked hard to make our builds even more secure over time. Put simply, a more secure build is harder to develop cheats for, which slows down the progress of cheat makers and providers. Below, we've broken out three ways we've increased code-level protections for Siege to help stem the flow of cheaters:

Encryption

This is about hiding parts of our code from cheat makers - scrambling the data, if you will. We know they can crack it eventually, but we continue to add a layer of work every time we push a new game update to further slow them down.

Refactoring

Refactoring parts of our code (updating it) allows us to remove vulnerabilities, add detections, and improve the overall security of the game. These take time because of the impact refactors can have on devs who are actively working on new content that may interact with this code but continue to be something we hammer away at in the background.

Server-Side Validations

This refers to how we validate information we receive from the player's game client. In the past, multiple player actions were validated only on their own PC. They could "tell" the game that they were supposed to "fly" and the game would allow that. Since then, we've added multiple validations that make cheats like this impossible to do, limiting access to this particular vulnerability.

Invest in Threat Intelligence

Threat intelligence is all about knowing more. What cheats are out there? How much do they cost? How do cheaters get them and from who? It's one thing to be able to act on what we already know, but it's another to look to the future and anticipate what's coming.

We know that the future of Anti-Cheat lies in data and intelligence and are allocating more resources to deal with these subjects as we look into incorporating machine learning and collaborating with others.

We've already kicked off a close collaboration with another company on this subject and are looking to expand. We believe that the more we know, the better we'll become at managing and staying on top of the ever-evolving cheating ecosystem, which of course translates to stronger Anti-Cheat actions.

Deal With Live Fires

Drawing a little from each of the above topics, we work closely with the Game Operation and Community teams to ensure we're fully aware of what the players are experiencing in Siege. When a new major cheat is reported, it gets flagged and routed through our team:

  1. We start by discussing the obvious "how are they doing that?" question.
  2. We check if any new update could have introduced a vulnerability or if it is something we might have missed.
  3. Once we know where to look, we see how and if we can fix the issue by adding validation (your game passing a check to say "I'm not cheating") or protections.
  4. We make sure our fix or validation makes it live as fast as possible to limit disruption!

WHAT DO OTHER UBISOFT TEAMS DO TO SUPPORT ANTI-CHEAT?

We can't do it all when it comes to security and Anti-Cheat, and a huge amount of support comes to us from other teams within Ubisoft. We work with various teams to bring up issues that we discover, and work with them to come up with actionable solutions. Below are some key examples of this:

Legal

Our legal teams take care of everything when it comes to going after cheat creators and cheat resellers. Cease and desist letters, legal proceedings, and litigation are all part of their help. They did an amazing job on our Mizusoft case last year and are regularly shutting down different cheating providing services, including the ongoing litigation around Ring-1.io cheats!

Account Technology

Security and account creation are important subjects for Ubisoft. For that reason, we're working at the account level to increase the overall protection afforded to our players. This comes in the form of account unicity -- the ability to verify that a player is who they say they are. Basically, it's more important than ever to be able to identify if a repeated cheater is trying to create a new account and stop them in their tracks.

We're currently working with other teams here to add protections against this and better control the number of accounts players create to control abuse of account farming and selling. Specifically, teams are investigating verification that players will need to pass before entering competitive modes, although it's important to note this has no defined shipping date at the moment and will be iterative, releasing across multiple updates.

Company Security

Ubisoft makes sure we get access to outside knowledge and companies that can help us in our fight, investing in threat intelligence and new technologies to help counter negative or illegal behaviors. They also ensure our Terms of Services is enforced and remains relevant and on par with what the games and company stand for, while addressing emergent bad faith actions in the gaming space.

LOOKING TO THE FUTURE

Now that you have a framework of what we work on daily, we wanted to shed light on some future developments. As mentioned before, we can't always go into detail on all our upcoming plans to limit cheat makers' ability to react as quickly, but feel the following are particularly relevant to what you may be experiencing in-game:

Data Ban Detections

We've heard the complaints about our data detections and sanctions, and it's something we're actively working on. We have reviewed the reports that have come through and have been tweaking our detection model. So far, the only false positives that have been triggered stemmed from smurf accounts of players playing against less experienced players. Smurfs or not, we want players to be able to trust these detections, so we're continuing to further improve their accuracy.

We are working with multiple teams and data scientists at Ubisoft to expand these detections and add more data to our data set. This will ensure we get even more precise scores to sanction based on. This precision will help us identify more cheaters and suspicious behaviors, while continuing to limit its effect on fair players.

Reducing the Amount of Returning Cheaters

We know how important this is to you. There's no way to stop cheating altogether, but the faster we act, the more games we save, the less time cheaters are active. We have multiple teams working on initiatives to improve our time to detection and time to sanction. We aim to ship several different initiatives and updates over the course of the next year and while we are unable to share more about most of these right now, the one we can talk about is the work being done to add verification for players looking to enter competitive modes. We expect this to help slow the re-entry of cheaters into the Siege ecosystem and is expected to help curb the issue of smurfing (a topic for another day, as it's not owned by our team).

Ban Automation

The more confidence we can build in our data, the more we're able to automate our sanctions. And in the end, this means cheaters get dealt with more efficiently and spend less time in your games. We plan to start automatically sanctioning several new behaviors during the next season! While we can't share what they are now, as it would tip of cheat makers, we plan to share an update on social once they are successfully doing their job in-game.

Bug Bounty Program

While not managed directly by our team, we'll be contributing to Ubisoft's upcoming Bug Bounty Program - different from the R6Fix reward program you may be aware of. This program will offer recognition and compensation to players who report security exploits and vulnerabilities. This is crucial knowledge for developing Anti-Cheat protections, since these issues can stem from vulnerabilities in the code, and your security is integral to what we do.

HOW CAN YOU HELP?

In-game reporting will always be the best way to help up identify cheaters. This is the quickest way to help us flag potential cheaters. If you're looking for the most direct route to action, this is it! Below, we've listed some guidelines for useful information you can provide in reports to help us identify and sanction cheaters in the quickest time possible:

  • Clear video or photo proof of the incident
  • The offending player's Username and User ID
  • Match ID for any relevant matches
  • Date and time of the incident

MOT DE LA FIN

Our team, focusing on all things Anti-Cheat and Player Behavior, are committed to continuing this fight against cheaters and supporting this giant industry we all love. Rest assured, we're hard at work in the shadows, trying to make things better for you!

While this may be the end of this blog, it's the beginning of a new commitment. Moving forward, we promise to bring you regular updates every 1.5 months on what we're doing via our social channels. The first of these updates will be published on February 10, 2022. Interested in seeing how many cheaters we've banned in the last month? Want to hear about the latest sanction that's been automated? Your trust is integral to what we do, so we want to give you more chances to better understand what it is we do and can't wait to bring you along on the journey!

Visit Other Social Channels

facebook icontwitter iconyoutube icontwitch icon