6/30/2020

Dev Blog: Rainbow Six Siege's Anti-Cheat War

Table of Contents
Intro
Glossary
Siege Anti-Cheat Philosophy
Graphs and Data
Future of Siege Anti-Cheat
-- 1. Improving Cheat Detection
----- 1.1. Detection Modeling
----- 1.2. Bridging Siege + BE
-- 2. Increasing Barriers to Entry for Cheats
----- 2.1. Barriers for Cheaters
----- 2.2. Barriers for Cheat Devs
-- 3. Reducing Impact of Cheats
----- 3.1. Vulnerability Assessments
----- 3.2. Vulnerability Fixes
Wrap-up

INTRO

The anti-cheat war is a nonstop battle - an unending arms race as we must continuously grow our defenses to maintain a functioning, relevant anti-cheat system against cheats of ever-increasing numbers and resourcefulness.

And it’s a war we must face head on, because competitive integrity is core to Rainbow Six Siege. Whether you are sweating it out in Ranked, or just playing in Quick Match, a W/L outcome in its essence should be decided by you and the skills of the 9 other players in the game. For the Rainbow Six Siege team, preventing cheaters from undermining that competitive integrity is and always will be one of our highest priorities.

A few lines down, we’ll dive deep into our anti-cheat strategy. Cheating and the efficacy of our anti-cheat system is very personal to us, and we have historically always held our anti-cheat cards very close to our chest. However, this long-overdue blog will lift the veil on how Siege manages the anti-cheat war. We’ll be covering several topics such as the efforts we’re making now, some of the successes and failures we’ve had, and how we are looking to fortify our anti-cheat even further in the future.

THE SIEGE TEAM’S APPROACH TOWARDS CHEATING

R6 3PillarStrategy

The Siege war on cheating is one we expect to be fighting for as long as Siege continues to grow. Our anti-cheat strategy is built upon three pillars:

  • Detection Improvement
  • Increased Barriers to prevent cheaters and novel cheats
  • Reduction of Impact of cheats in game

Each pillar feeds into the other to help us build a better stronghold against cheats.

Efforts against cheating also span many teams working from many angles, and we will continue to evolve our anti-cheat tools and methods as we continue to move forward.

GLOSSARY

Throughout the blog we’ll be referencing a few groups of individuals and technical terms:

  • Cheaters: Individuals using a 3rd party application, script, or macro to obtain an unfair advantage in game or in a manner that violates the ToS.
  • Cheat Developers: The individuals developing cheat applications which they then use, sell or provide to cheaters. They are looking at the client code, the calls made to our backend among other things, in order to find ways where they could inject code to then create an unfair advantage for their customers.
  • Hackers: In the context of this article, these are malicious individuals/groups who are taking over accounts that are not theirs and re-selling accounts they do not own.
  • Exploits: Exploits are in-game design flaws and are handled on a case by case basis. In this blog we will be focusing on cheating (malicious attacks on weak points in the system).

TIMELINE OF ANTICHEAT IN SIEGE

R6 AntiCheatTimeline

The Early Days: When Siege released in 2015, we did not predict the darker side of the love and passion our players would have for Siege in the early days. Siege did not release with the necessary protection it needed against code injection. This meant that anyone could run cheat engines during live games. At the time, cheat detection conventions within the video games industry consisted mostly of post-game detections of cheats and player sanctions after the fact. Following the industry standard, we were also relying on post-game detection and sanction methods to handle cheating in Siege.

Today these two practices are still very much core to the anti-cheat process. However, relying on a reactive system of post-game detection is insufficient – both for our players’ negative exposure to cheaters in game, and for our efficiency in catching cheaters. We realized we needed more proactive measures for a more complete anti-cheat protection system.

BattlEye Joins our Forces: In 2016 we introduced BattlEye as our live anti-cheat solution. BE was never meant to be an all-cure solution for cheating. The purpose of BE was to help boost our previously limited anti-cheat system by making us more effective at proactively catching cheaters on live. An important point to keep in mind, BE does not ban players based on player statistics and in-game data points. BE bans players when it detects known 3rd party applications, scripts, or macros that are cheats. We currently utilize data points to track potential cheaters and later integrate the cheats they are using into the BE system.

2020 and the Future: More than ever, Siege is a target of choice for cheaters and cheat providers due to its growing popularity and competitive nature. This has pre-empted us to make further upgrades to our anti-cheat system, which we will go into further detail below.

SOME DATA ON OUR ANTI-CHEAT PROGRESS

R6 BansByYear

BE bans for cheaters have risen at a steady rate year over year (the actual ban count for Y4 is only partially represented here, so expect the true value to be higher). Our goal is to scale up our ban numbers even faster to match the growing players and the demand for cheats.

R6 Bans2020

In 2020 alone so far, we have banned 47,898 accounts through BE for cheating (with a large push in April in particular). We expect to see these numbers continue to trend upward for 2020 as we have also already begun ramping up our cheating initiatives and executing on future anti-cheat moves.

ANTI-CHEATING IN SIEGE AND FUTURE IMPROVEMENTS

As Siege grows and evolves, so do the cheats.

Below we’ll lay out more detailed plans on how we will be improving our anti-cheat measures built upon our three core pillars of 1. Detection, 2. Barriers to entry and prevention, and 3. Reduction of cheat opportunities and impact of cheats.

Our dedicated Anti-cheat team tackles the challenge of the ever-growing cheat threat by building up, reinforcing, and expanding our anti-cheat strategy. Upcoming improvements to all three of these areas of our anti-cheat system will aid us in being better at fighting the proliferation of cheating in Siege.

1. Improved Cheat Detection

The fight against cheating is an arms race – and we must constantly invest, evolve, and adapt to the cheat landscape. While cheat detection will never be perfect, improving the speed and accuracy of our detection system is integral to our anti-cheat strategy.

Detection models will alert us to cheats faster, and additional telemetry analysis will improve how accurately we can detect cheats. Faster and more accurate are the key words here, and the early knowledge from the detection models gives us an edge in the alerting and monitoring of cheats.

1.1 Using Data based Detection Models for Early Detection and Flagging Cheats

Detection modeling methods use data to build models for detecting new cheats. The models also provide us with greater visibility on new cheats. With them, we can create rapid, simple models which can be leveraged for faster reaction times to respond to cheats, and better identification of cheaters that may have slipped through the BE net.

Put in more context, when cheat devs find ways around our anti-cheat, our detection models will give us a much higher level of visibility on these new cheats, cheat workarounds, and the cheaters using them. Data-based Detection models will give us the ability to:

  • Have greater sensitivity to new waves of cheaters undetected by BE
  • Act as a monitoring and alerting system
  • Catalyze the investigation, cheat fix, and cheat prevention process
  • Expedite cheater identification and ban-hammer process
  • Faster, more accurate investigations into cheaters while minimizing false positives
  • Improved reactivity to novel cheats to detect and kick cheaters (The adjustment period for BE when new cheats are introduced can allow new cheats to cause havoc during this short period. Detecting cheaters based on data enables us to quickly flag the most blatant cheaters whenever a new cheat comes to the market. By sharing this information with BattlEye, we also make sure that we can work with BE to integrate new cheats detections into BE ASAP).

Right now we are working to ensure the preciseness in the creation of our models in order to avoid potential false positives that could cloud our visibility of new cheats. Once the models have been fine-tuned, we will soon start to use it in our anti-cheat operations.

1.2 Strengthening the Bridge between Siege and BE

Using the data we gain from our detection models, we are also preparing to make sure that knowledge is shared with BattlEye to support BE’s cheat detection service. This will help marry together the Detection Models and BE anti-cheat systems, further supporting BE in its automatic cheat detection process and cheater ban process. As mentioned above, BE does not see player stats – BE bans are based on detected cheat software. However, improved knowledge of the players using cheats, and the nature of the cheats will allow both us and BE to better sleuth out the cheat software at work so it can be added to the BE cheat library.

2. Increased Barriers to Entry and Cheat Prevention

Cheats are born when cheat devs create and sell cheats in response to an increasing market demand by players looking for a shortcut (in place of having any actual skill). Both parties involved are bad. By increasing barriers to entry for both the creators and buyers of cheats, our goal is to cancel out any benefits that could be gained and making it costly for them each time they try to act shady.

2.1. Making Life Difficult for Cheaters Using Cheats

From the cheater-side of the equation, we want to make life for players using cheats as tedious, as annoying, as frustrating, and as maddeningly difficult as possible. One way we do this is to prevent the accessibility of cheats and cheating on PC through 2-Step-Verification Ranked lock. 2SV not only deters cheating, it helps secure accounts from being hacked – preventing egregious cheaters from casually joyriding in, and burning through stolen/hacked accounts. In the near future, we are preparing to reinforce the 2SV Ranked lock globally by extending the requirement to APAC regions, as well as reinforcing our existing 2SV requirements.

2SV is only one of many tools in our toolbox for making life for cheaters hard. By using a multi-sided approach, we try to gatekeep the playing field to promote a better Ranked environment and a clean Champion leaderboard. Other methods we use:

  • The PvE XP level caps which makes botting/grinding low level accounts for cheaters to use as throwaway accounts difficult
  • Increases to Clearance Level Requirements for Ranked
  • Increased Champion prerequisites
  • You can read more about these in our Top Issues Blog Update.

2.2. Making Life Difficult for Cheat Developers

From the cheat-development side. The ideal anti-cheat system stops cheats before they are even created. We don’t have a time machine, so we try to cut the lifespan of a new cheat short before it even has a chance to make it to live. By making cheat development and cheat maintenance more costly and more difficult for cheat devs, we disincentivize the development of cheats. Such an ideal situation of cheat contraception and prevention is not always easy to achieve, but stopping the possible creation and spread of cheats in game is the most significant means of confronting cheating.

Over the next few weeks, we will begin to put into place some tech groundwork which we be able to build upon in the future to make sure the cost of cheat development and cheat maintenance continues to climb. When we are confident these new measures are ready, we will begin to execute on them. For security reasons we cannot go too deep into details, but we will be doing our utmost to make life difficult for cheat devs.

3. Reduction of Vulnerabilities, Cheat Opportunities and Impact of cheats

We have learned many things throughout our 5-year journey with Siege. Unfortunately, some systems in Siege were not initially designed back in 2014-2015 with the necessary security in mind required to hold up under today’s pressure.

For the past three years we have been working to fortify system after system through major refactoring efforts to make the Rainbow Six Siege systems more robust, secure, and cheat-resistant in the long-term. While refactoring changes are ongoing, we are investing more into minimizing the “attack surface” or potential areas of vulnerability that cheat devs can exploit. Vulnerability assessment and fixes help us protect our weak points and reduce impact of attack vectors by making them less harmful to players and the player experience.

3.1 Vulnerability Assessment

Cheat devs take advantage of current vulnerabilities to concoct their cheats. So when we assess vulnerabilities, we must also predict what future content could potentially introduce new points of weaknesses later on. We frequently run vulnerability assessments with our Ubisoft Game Security Team. These assessments help us to understand potential new gameplay cheats or other vulnerabilities that may arise with a new update.

3.2 Vulnerability Fixes

Discovered vulnerabilities need to be turned into vulnerability fixes. To address any vulnerability, we have a dedicated team tasked with fixing vulnerabilities on live, as well as working to prevent potential points of attack in the future. Each time Siege needs their help, this cross-functional superhero team of experts and specialists have been there to save the day. They have been the force behind fixes for many cheats such as the infinite ammo hacks, speed hacks, teleport hacks, crash hacks, and many others.

With each fix we use that knowledge to spread best practices to our other teams in order to introduce less and less vulnerabilities over time.

WRAP-UP

Our efforts against cheating will never relent. We will continue to fortify our barriers and stack our defenses in an effort do more to safeguard our players and the player experience. We hope this blog was able to shed some light on our convictions against anti-cheat and our plans for the future.

We’ve already begun gearing up to settle in for a long and dirty fight against cheats and cheaters, and we’ll always be on the lookout for new opportunities to grow and strengthen our line of defense. While we couldn’t reveal all the measures that we and the anti-cheat team are working on in this blog, we want to take a moment to once again reaffirm our dedication to making Rainbow Six Siege a safe and fair competitive space for our players.

Contributors:

R6 Siege Anti-Cheat Strike Team

R6 Siege Player Behavior Cell

R6 Siege Community Team