Play Games
10 months ago
103
In the latest RICOCHET Anti-Cheat™ Progress Report we’re examining new and shelved mitigations, recapping how mitigations fit into our enforcement work, and examine our third-party hardware device detections, which was first announced ahead of Season 03.
RICOCHET Anti-Cheat Mitigations
#TeamRICOCHET remains focused on combating unfair play and ejecting bad actors from our games. One of the ways we accomplish this is by banning accounts we have determined are cheating; however, we have also outlined our use of mitigations and we wanted to refresh the community on why and how those systems are used.
In some scenarios, #TeamRICOCHET may choose to deploy in-game roadblocks we call Mitigations on accounts we verify as cheating. These are gameplay adjustments we can make to constrain the gameplay experience of verified cheaters – such as taking away their weapons with Disarm or making legitimate players invisible to cheaters with Cloaking.
Why do we do this?
Cheating in video games such as Call of Duty is big business, and the technology behind cheats is constantly evolving. Allowing cheaters to remain in the game in a mitigated state provides #TeamRICOCHET with intel, while keeping cheaters occupied, in the dark, and unable to harm your in-game experience. The data we gather through analysis of mitigated players enhances our ability to reliably detect and ban players using similar cheat software.
After we capture info, cheaters are removed from matches and/or the accounts are permanently disabled across titles, as outlined in our Security and Enforcement Policy.
Mitigation data shows our detections are doing a better job of protecting the game. In Modern Warfare II, for example, we mitigated four players for every one report. That means, on average, for every one cheater our community reports in-game our detections also mitigate three accounts detected of cheating before they are able to impact our community’s experience.
You can read more about previously announced mitigations in our Season 03 Progress Report. In the latest report, we wanted to showcase one mitigation in active use and another we’ve developed but since put on the shelf to help further outline our philosophy around developing mitigations and protecting your overall gameplay experience.
Active Mitigation: Hallucinations
Hallucinations place decoy characters within the game that can only be detected by cheaters that have been specifically flagged by our system. These false characters are undetectable by legitimate players, and they cannot impact a legitimate player’s aim, progression, end of match stats or overall gameplay experience, but serve to disorient cheaters in a variety of ways. Hallucinations can be deployed both as a method of mitigation for verified cheaters or, in secret, as a detection for suspicious players:
As a Mitigation
Hallucinations look, move, and interact with the world like a real player. These are not AI but a clone of an active user in the match, mimicking their movement to trick a cheater into believing the character they see is a real-life player. In the image above there is one real player and a Hallucination, and in-game it’s impossible for cheaters to know at first glance which is real.
Hallucinations also trigger the same information that cheaters would have access to using nefarious tools, revealing unique data to make them appear legitimate.
As a Detection
Hallucinations can be hidden and positioned anywhere relative to a suspicious player in the world. As shown in the example above, the team can place the Hallucination near a suspicious player, forcing them to self-identify as a cheater if they engage with the cloned character in any way. Like Hallucinations as a Mitigation, the character model displays legitimate data when viewed in cheats and will also trigger things like aimbots.
(Note: The character outline and information in the image above was manually added using photo editing tools for demonstration purposes only.)
Why did we build Hallucinations?
This mitigation is a first but foundational step in one of many efforts to combat what the community refers to as “non-rage” hackers. These are cheaters using prohibited tools for additional in-game information, giving them an unfair advantage against other players. Using these tools is against our Security and Enforcement Policy and will result in account bans.
Read the Reversing Anti-Cheat’s Detection-Generation Cycle With Configurable Hallucinations white paper for more information on Hallucinations and the team’s vision for this mitigation’s future.
Decommissioned Mitigation: Quicksand
#TeamRICOCHET is continuously working on new systems and detections to impede cheaters. Sometimes those ideas yield unintended results.
Quicksand was a mitigation that would slow or freeze the movement of detected cheaters in-game, making them sitting ducks. This was accomplished by adjusting their connection delay to the game server. To further impact a cheater’s experience, Quicksand could occasionally (and randomly) alter a cheater’s input settings. It could, for example, swap analog stick controls from default to inverted or begin reassigning mapped keys for mouse and keyboard settings. Someone hit by Quicksand, for example, could suddenly begin to move at half speed and be forced to press their W key to move backwards. It was designed to disorient cheaters and it worked well in testing.
Ultimately, the team decided to decommission Quicksand.
Mitigations are designed to be a roadblock for cheaters so our community can participate in a protected and interruption-free gameplay experience. While Quicksand was a fun mitigation to deploy against bad actors, it could also be very visually jarring to anyone in the lobby. Imagine coming upon an enemy that was moving at a snail’s pace in the middle of your rotation out of a hot zone. It could trip you up. Since #TeamRICOCHET does not want a mitigation we develop to be overly distracting to other players, Quicksand was put on the shelf. We may revisit the concept in the future.
How the Game and Security Pipelines Communicate
#TeamRICOCHET uses a variety of systems that are consistently tuned and updated to identify and capture cheaters. These updates happen for a variety of reasons: we have new methods to detect cheaters, cheat developers update their processes to circumvent identification, we’re launching new tricks. There are many reasons.
This is the cat-and-mouse nature of anti-cheat development. We make a move, they counter; we fix a problem, they create new issues.
One thing we wanted to clarify is that the security team’s efforts run alongside the game itself and therefore, in the instance of something like mitigations, these processes cannot trigger without reason.
Think of the security layer from #TeamRICOCHET as a connected but separate pipeline from the active game. The game on your machine and our servers exchange information to operate a multiplayer match. As part of that process, info from that machine/server exchange splits off and feeds into the security pipeline in real-time for detection and investigation. The security team only steps in if we detect an abnormality.
Mitigation triggers do not consider you having the best game of your life as an abnormality. Similarly, if a wave of people submits malicious in-game reports about you, those reports can’t activate mitigations without additional corroboration. These processes do not function together in that way – and there’s a long list of ways we detect cheaters in real-time.
In short, if two people are in a gunfight and neither is cheating, there’s no way for our in-game mitigations to get in the way of the result.
Third-Party Hardware Device Detection Update
In our previous Progress Report, we detailed a new detection for the malicious use of third-party hardware devices. Today, we want to examine the results we saw within the first two weeks of the detection being live.
As a reminder, third-party hardware devices used to provide a player with an unfair advantage are against our Security and Enforcement Policy. Players found to be using these devices will be served warnings and account penalties.
Within the first two weeks of launching this detection we saw a 59% drop in any use of these devices across Modern Warfare II and Warzone – inclusive of MWII Ranked Play (Warzone Ranked had not launched within this window). Of those users, 57% of them did not utilize the device again, whereas 43% once again attempted to circumvent the policy.
Repeat offenders and those continuing to use these devices without pause have been penalized. Malicious use of these devices may result in account suspensions – up to permanent account bans.
Like all anti-cheat systems, the moment we announced our detections, cheat makers and cheaters worked to find new ways to play unfairly. Our detection methods and systems for this detection (and others) have seen consistent updates and we have multiple methods of approach to identify the use of these devices. These, like all detections, will continue to evolve and update to combat cheating.
In-Game Reporting Update
Our Security and Enforcement Policy has been updated to include Malicious Reporting. The RICOCHET Anti-Cheat team and Call of Duty’s anti-toxicity teams – which both capture information from in-game reporting – take any purposefully false reporting very seriously and we wanted to further highlight changes we have made over the last few weeks to our systems to combat a rise we saw in false reports:
- Malicious Reporting has been added to the Security & Enforcement Policy: Knowingly submitting false reports or spam reporting legitimate players may lead to account penalties, up to and including warnings or permanent account suspensions.
- In-Game Notifications Rewritten for Clarity: In-Game warnings will inform you of a report; however, the original language did not clarify whether an action or investigation was taking place. The new language clears this up.
- Automated Penalties: The automated application of some feature restrictions, such as voice and text restrictions, have been disabled as we adjust our systems.
Our in-game reporting system is a valuable tool to help make our anti-cheat and anti-tox systems better, and to make your experience fair and fun. Reporting effectiveness and this pipeline of information to build better systems suffers when people use these tools inappropriately or maliciously. We’re examining further updates to how we manage reports but we’re happy to have taken these significant steps to reduce any potential misuse of our systems.
For more information, read the Security and Enforcement Policy.
Our Continued Commitment to Fighting Unfair Play
Sometimes our mitigations make a big impact within the community conversation, but the overall goal from #TeamRICOCHET is to protect the game. Our team is excited to showcase its tricks and data as much as possible to be as transparent about the fight we’re in on a day-to-day basis. It’s important for us to illustrate that our work is ongoing and iterative. We’re committed to using all our knowledge and creativity to combat this industry-wide issue.
In the event cheaters find a way into your lobby, our teams work closely together to identify how they evaded our initial detections, capture their information, and get them offline. Sometimes this process is quick and sometimes cheaters evade detection for too long. Eventually, however, cheaters will be identified, captured, and removed and every step we take helps build better tools for the future.
The #TeamRICOCHET mission is to fight unfair play using all means necessary. From developing new detection and protection systems, mitigations and even Cease and Desist notices, our commitment to gameplay integrity is unwavering and we will utilize every tool available to us to keep your experience fun and fair.
