HITBSecConf2017 Amsterdam (April 10th - 14th)
Register Online Now!
Valve DNS privacy flap exposes the murky world of cheat prevention
Like most online game makers, Valve uses a cheat detection system to protect popular multiplayer games like Counter-Strike: Global Offensive, Team Fortress 2, and Dota 2 from hacks that would give a player an unfair advantage. That Valve Anti-Cheat (VAC) system was at the center of a potential privacy bombshell earlier today, with accusations that the system was sending Valve a list of all the domains that a system has visited whenever a protected game was played.
The claim rose to popularity thanks to a Reddit post that included an image originating from a cheating/hacking forum, purportedly showing a partial decompilation of the offending VAC module. However, while the initial evidence suggested that VAC is doing something with users' DNS history, it wasn't clear from the decompiled code provided that it is in fact transmitting the information back to Valve. Valve CEO Gabe Newell has subsequently and categorically denied that the module transmits any private information back to the company.
Windows operates a DNS cache to accelerate the translation from domain names into IP addresses. Windows users can see the domains stored within the cache, both at the command-line (ipconfig /displaydns) and within the GUI. The partial decompilation of VAC shows that the module is using undocumented Windows functions to enumerate all the cached entries. In turn, each entry is converted to lower case and then hashed using MD5.