Game developer Rockstar has been preparing the next title in its popular video game series “Grand Theft Auto” for nearly a decade, almost as long as it has been since the last title in the series was released. The upcoming Grand Theft Auto 6 (GTA6) wasn’t expected to release until 2024, but a cyberattack has given the public a big sneak preview that Rockstar wasn’t prepared for. The GTA6 leak contains development videos of various aspects of the game under test, and the hacker claims they are also on stolen source code.
GTA6 Leak Shows Early Build of Game to Public; hacker claims to have stolen the source code
The first signs of the GTA6 leak appeared on September 18 on the website GTAForums, the largest discussion forum for fans of the series. A user by the name of “teapotuberhacker” started posting what would eventually become a set of 90 videos featuring nearly a combined hour of development footage from an early build of the game. But it soon became clear that the user was doing more than just showing off; they claimed to have obtained the videos of a cyberattack in which a Rockstar employee’s Slack channel was violated, and also obtained the early source code for GTA6, as well as the full source code for the earlier title GTA5. The hacker said they wanted to negotiate a payment from Rockstar for returning this stolen code.Read:With sky-high fuel prices, more Mainers are applying for heating assistance
Despite being raw test clips, the videos were of a level of detail that would be extremely difficult to fake. Rockstar acknowledged that the GTA6 leak was authentic shortly after the clips appeared, but is busy issuing copyright warnings to remove them when posted to sites such as YouTube and Twitter.
The cyber attack on the Slack channel apparently led the hacker to download all these video clips directly. This mirrors to some extent the recent cyberattack on Uber, where the attacker first compromised employees’ VPN credentials and then penetrated the Slack channel to announce their presence. However, the Rockstar hacker doesn’t seem to have had the level of total administrative access that the Uber hacker got lucky with.
There are also questions as to whether the hacker ever actually had access to the source code. Rockstar’s Tom Henderson took to Twitter to inform users that the GTA6 leaker would not be able to access any source code only through the employee’s Slack channel. The hacker has responded to questions by posting specific code snippets requested by GTA5 mods that explain certain previously obfuscated features; although the hacker only posted a relatively small amount, this code appears to be authentic. However, they have yet to post a similar code confirming they have access to GTA6.Read:Forget Leaks: Google Itself Fully Reveals Pixel Watch on YouTube
The source code would not compromise the content of the game as it is in such an early and raw state and clearly lacks most of the resources and structure that will be in the final version. However, it can give hackers a roadmap to exploit the game. A well-designed online game generally doesn’t give hackers access to user systems with any sort of privileged access, but in-game pranksters will likely have a field day with the experience to the point that it can drive players away and affect sales. Financially motivated hackers can also use the source code to develop ways to take over user accounts or steal items from them. The source code for GTA5 may also provide some insight into how GTA Online works, which was developed as a companion game that shares some code and resources.
Craig McDonald, VP of Product Management at BackBox, notes that there are still gaps in this story and more information could be forthcoming: “While Rockstar has informed the press that the breach will not have a long-term impact on game development, it’s still unclear whether the attacker accessed any data outside of the video clips posted. To be secure, all infrastructure devices on an organization’s network must have the latest operating systems and patches and be configured in accordance with internal security policies, government and industry regulations. Such preventative measures often lag behind more urgent network management tasks, so companies must invest in network security automation to ensure continuous movement for upgrades and patches. Implementing a baseline for good automation ensures that these tasks are performed consistently and reliably and can discourage future attacks that compromise data from accessing critical and confidential information.”Read:Top iOS 16 tricks to make your iPhone 12, iPhone 13 battery last longer
Rockstar Cyber Attack Highlights Importance of Protecting Employee VPN Credentials, Slack Logins
While the GTA6 leaker didn’t get the same level of access to Rockstar’s systems, it may have been the same party that broke into Uber recently. While Rockstar has not yet pointed the finger, Uber has stated that it believes the hacker from both companies is a familiar face responsible for a series of cyberattacks against big tech names in the past year.
Based on its internal investigation, Uber has pointed the finger at the Lapsus$ group, which was previously identified as a group of mostly teenagers from the United Kingdom and Brazil. That group has been in business since 2021 and has hit a number of other major companies, including Microsoft, Samsung, Nvidia, Ubisoft and T-Mobile. A spate of arrests were made in the UK in April 2022, including the alleged “mastermind” of the group, but the Brazilian component of the group (including the “superhacker” most responsible for the high-profile break-ins) is believed to have yet to to be free and active. And most of the British component remains out of prison while under investigation, albeit ostensibly under surveillance.
Given the similarities in the cyberattacks, Uber believes Rockstar was also affected by Lapsus$. And the hacker appeared to confirm this by posting that they were responsible for both break-ins. If it was the same party, they probably used the same “MFA fatigue” approach to compromise an employee’s credentials. In the case of Uber, the hacker was lucky enough to come across admin credentials for essentially the entire network in a plain text PowerShell script; it looks like they weren’t so lucky with the GTA6 leak.
According to Yana Blachman, Threat Intelligence Specialist at Venafi, “Since the Lapsus$ cybercrime group has been responsible for breaches at Nvidia, Microsoft and Samsung over the past year, these recent attacks on Uber and Rockstar show their hunger for Big Tech companies and should be a warning to the entire industry. Despite the group being relatively young, the list of victims is beginning to read like a “who’s who” of the tech industry. In the past – such as the Samsung breach – the attacks have been characterized by the use of stolen code-signed certificates.These are real crown jewels for hackers, as they allow malicious files to masquerade as legitimate.If organizations do not properly manage the process and infrastructure for code signing certificates security, the risk of misuse and the impact of any compromises is extremely high.”
Confirmed #cyberattack on Rockstar led to the GTA6 leak of in-game videos via the internal Slack channel. The #hacker claims they are also on stolen source code and are asking for ransom. #cybersecurity #respectdataClick to Tweet
The FBI is now investigating both the GTA6 leak and the Uber cyber attack and is reportedly in “close coordination” with both companies.