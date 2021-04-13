The videogame Counter Strike: Global Offensive (CS: GO), the new version of the classic from the early 2000s, helps cybercriminals to steal passwords and personal information of the players, according to a vulnerability that is activated through the system of invitations of the game in the platform Steam.

The Secret Club, a non-profit reverse engineering group, demonstrated in a post on Twitter how the exploit, that is, a program or code that takes advantage of a security vulnerability.

Translated into real life, it would be as if a lock model (system or application, in this case Steam) had a design flaw that allowed us to create keys that would open it (exploit) and thus be able to access the site that tries to protect and carry out criminal acts (malware), as described by ESET specialists.

This exploit is triggered as a bug that allows remote code execution when accepting an invitation to the video game Counter Strike: Global Offensive, which reaches the user through the Steam digital video game platform.

According to the group, the exploit allows the executors steal users’ passwords and personal information.

Counter Strike, a classic first-person shooter game, can be downloaded for PC for free from Steam.

In addition, The Secret Club ensures that it cannot verify that this exploit is only found in this title, and that it may be present in other games developed with the Source engine.

The group claims that Valve, the Steam developer, did not make any response about this exploit after alerting the company three times about the problem, the last time five months ago.

According to the reverse engineering group, the origin of the problem dates back to two years ago, when one of its members found a Source engine vulnerability which was activated when accepting an invitation on Steam.

CS: GO under the gaze of the FBI

Esports Integrity Commission (ESIC), the body that monitors fair play in video game competitions, is collaborating with the United States Federal Bureau of Investigation (FBI) on an alleged plot of rigged professional matches in Counter-Strike: Global Offensive.

ESIC Commissioner Ian Smith spoke with the youtuber slash32 about cheating in video games, and specifically, about match fixing in official competitions, collected by Kotaku.

Smith points out that in terms of cheating, there are levels: the amateur, generally young players who download some software to cheat in online games, and that more and more they are detected through the anti-cheat systems of the games and platforms such as Valve delete their accounts.

And a second level, professional, where they organize rigged matches, and that the organizers of the competitions monitor and try to avoid. Something difficult to detect unless someone plays really bad and the betting markets are checked.

The FBI investigates a number of professional matches in the Counter Strike: Global Offensive video game.

At this level, cheating is usually detected by opponents, when they perceive that a player is playing “too well”, since detecting a sophisticated software It is not easy, says the commissioner.

ESIC have already encountered some players who cheat at the professional level. In the case they are investigating in North America, Smith reported that they are analyzing conversations of a group of players through communication platforms such as Discord, which they hope to be able to make public soon.

Another part of the investigation refers to a small number of players from Counter-Strike: Global Offensive. These are “players bribed by outside betting syndicates to fix matches, rather than players just opportunistically doing it on their own,” Smith said.

In the investigation of this case, the commissioner stated that they are working with the security forces, specifically, with the FBI, which has recently had a sports betting unit.

