Literal days after its official reveal, Call of Duty Warzone‘s internally-developed Ricochet Anti-Cheat has been leaked across various hacking forums on the internet. The Ricochet Anti-Cheat solution launches on November 5th alongside Call of Duty: Vanguard, with a new kernel-level driver coming with the Warzone Pacific update later in the year in order to combat cheating in the first-person shooter. How exactly these files were leaked is currently unknown. However, some speculate that this may have been a controlled leak by Activision; a red herring in order to throw off any would-be hackers from finding actual vulnerabilities to exploit. Note that this speculation is unfounded at this time.
Ricochet Anti-Cheat was advertised as a multi-part anti-cheat solution, in part featuring a kernel-level driver that monitors any outside applications attempting to modify the game while it’s running. Not only that, but the system’s “multi-faceted approach” also includes new server-side tools supported by a team of internal professionals dedicated to investigating cases of cheating, as well as player reporting. Activision stated that it would continue to “evolve the Ricochet Anti-Cheat system” over time.
— Anti-Cheat Police Department (@AntiCheatPD) October 14, 2021
According to Modern Warzone, the leaked files in question are the source code of the Ricochet Anti-Cheat kernel-level driver. Initially appearing on private groups, the files later spread to public forums dedicated to cheating software and other hacking communities. If legitimate, hackers can potentially use the source code to find a way to bypass the anti-cheat system’s verification system, thereby allowing the use of cheating software that wouldn’t be caught by the driver.
However, one possibility is that the leaked files are in fact a “trojan horse” (metaphorically, not to be confused with the “trojan horse” virus program) or red herring that Activision intentionally leaked in order to throw off any hackers from finding vulnerabilities. If so, the source code in question would feature possible exploits that wouldn’t exist in the final system, thereby wasting time and effort on the hackers’ part.
The theory is plausible when you consider the fact that Activision’s new Ricochet team is reportedly made up of security professionals, who likely know how the exploitation process works. Even so, the digital signature of the files in question also indicates that they are from September 30, 2021—more than two weeks ago, which could also mean that there may already be significant changes to the final driver.
All in all, even if the Ricochet Anti-Cheat driver leak is legitimate, the multi-faceted approach to anti-cheat as well as ongoing learning and updates should still put the fight against Warzone cheaters well ahead of where it is currently.
[Source: Modern Warzone]