Scribd
Upload
31 views

RIOT Security Analysis - Victor Ueki

The document analyzes the security vulnerabilities of RIOT's IT system, particularly focusing on DDoS attacks targeting the SK Telecom T1 League of Legends team. It highlights the weaknesses in RIOT's anti-cheat measures, the lack of two-factor authentication, and the potential for information disclosure. Proposed solutions include enhancing the anti-cheat system and implementing two-factor authentication to improve overall security.

Uploaded by

shinoeking
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views

RIOT Security Analysis - Victor Ueki

The document analyzes the security vulnerabilities of RIOT's IT system, particularly focusing on DDoS attacks targeting the SK Telecom T1 League of Legends team. It highlights the weaknesses in RIOT's anti-cheat measures, the lack of two-factor authentication, and the potential for information disclosure. Proposed solutions include enhancing the anti-cheat system and implementing two-factor authentication to improve overall security.

Uploaded by

shinoeking
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

RIOT’s IT System

Security Analysis
By Victor Tagawa Ueki 72075098
System Analysis
Objective Requirements
- Providing both a Client and - Servers which host the games
Server for users to play the that are being played. (Possibly
game named “League of biggest expense)
Legends”. - Servers able to keep each
- Client serves as a save file for players personal information.
each users game statistics such (i.e. Email, DoB, in game name)
as past games and purchases. -
- The ability to communicate with
other users through client.
01
DDoS Attacks
Attacks purely focused on a single team.
SK Telecom T1
- Regarded as the best competitive League of Legends team with 5
total worlds championship (most prestigious tournament of the
game).
- All T1 players play, practice, and stream in T1’s headquarters located
in Gangnam.
- Since 2022 has fell victim to multiple cases of DDoS attacks still
prevailing until today.
- All members of the team are from South Korea. (Relevant to the case)
From Hackerone Report
Assets
What RIOT has implemented against Threats & Vulnerabilities
Key Affected Assets
Addition of RIOT’s
Source Code Anti-Cheat
On January 2023 RIOT had Since the addition of Vanguard on
suffered from a social engineer May 2024, T1 has still been
attack and had their source code affected. Thus the exploit
stolen. bypasses Vanguard.

Korea’s Unique Anti-Cheat


Demacia is an anti-cheat
specifically which had a
vulnerability allowing users with
spyware to check IP addresses.
Threat
DDoS, Botnet, Exploit Kits…
Key Threats
DDoS Bot Net
Most DDoS attacks were targeted In this case, most botnets were
to one team specifically. RIOT has bought instead of made in order
issued a bounty specifically to perform a DDoS attack.
against DDoS attacks.

SwissKnife League Puller


Suspected for DDoS attacks within Exploit kit which abuses SKs
Korea. SwissKnife sells multiple anti-cheat software which sends
different programs through a reported users IP addresses to
secretive discord server. RIOT, and redirects that
information to the kit abuser.
Vulnerability
Region based
T1’s DDoS Vulnerabilities
Same IP
01 address
All T1 members share the same IP address due to
them practicing together.

Known
02 Location
T1 Headquarters location is well known to the
public providing a physical vulnerability.

Server Code
03 Vulnerability
Anti-Cheat called Demacia (Alleged flagged
cheaters would have their IP sent to RIOT).

Slow Company
04 Response
Only a year after the initial main DDoS attacks, RIOT
issued a 100,000 dollar bounty.
Proposal
Possible solution to T1’s DDoS issue
Changes to The System

Changes to Anti-Cheat Physical T1 Changes


As SwissKnife’s program Due to the possibility of a
League Puller is possibly physical vulnerability within
abusing South Korea’s unique T1’s office headquarters,
anti-cheat Demacia, thus having players play and
changing the anti-cheat practice at a unknown
could possibly get rid of the location instead could prove
main issue. to be more secure and fruitful.
03
Lack of 2FA
Leading to information disclosure, and lack of repudiation.
STRIDE Threats
Information
Spoofing Repudiation Disclosure
The attacker may be using Until recently, RIOT’s A lot of private information
multiple cracked accounts anti-cheat system didn’t could be within an
to pose as a fellow user of operate at a kernal level account, such as others
the game. This can be which lead it to make it a they know, names,
used maliciously as lot easier to use cheats purchase history, etc…
developers don’t know who within the game without
to trust as their banning being caught. Thus
relies heavily on a report developers would have to
system. trust their users on
reporting each other.
Key Threats
Phishing Password Cracking
May be used in order to find out users Due to the lack of limited number
login info as 2 factor authentication of tries with accounts, password
would stop those with the cracking is facilitated with users
username/password. not being notified.

Defacement SPAM
Once with the access of breached As the attacker does not have a
users profile they have free reign of high amount of risk by losing the
changing anything about the users account they hacked, spamming
profile without further verification. the friendlist could be done with
little to no drawbacks.
T1’s DDoS Vulnerabilities
There is a lack of authentication which is very
01 No F2A problimatic and also leads to many threats such
as Password Cracking.

Weak Until the addition of Vanguard, RIOT had a very


02 Anti-Cheat weak anti-cheat making it hard for the system to
find who were exploiting the game.

Reliance on Due to the weak anti-cheat, users need to be


03 P2P Reporting reported in order to have their account punished
meaning that there can be a lack of hard evidence
that those reported are at fault.
Improvement:
Add 2 Factor
Authentication

You might also like