Honeypots for Dota cheats, Dole ransomware and Russia’s waning influence ops

Shelby Cohron / Unsplash

Welcome to Changelog for 2/26/23, published by Synack! Nate Mott here, signing on from upstate New York—which is currently getting less snow than Los Angeles—with the latest and greatest in the week’s cyber news.


The payload

Video game giant Valve announced this week that it had banned over 40,000 players of Dota 2 for “using third-party software to cheat” in the multiplayer online battle arena—and that it caught them using a tried-and-true security mechanism.

“[A recent Dota 2] patch created a honeypot: a section of data inside the game client that would never be read during normal gameplay, but that could be read by these exploits,” Valve said. (Emphasis theirs.) “Each of the accounts banned today read from this ‘secret’ area in the client, giving us extremely high confidence that every ban was well-deserved.”

Chris Sanders, author of “Intrusion Detection Honeypots” and other security books, defined a honeypot as “security resources placed inside your network whose value lies in being probed and attacked.” These can include accounts that have no legitimate use, documents that aren’t supposed to be opened and other seemingly high value targets.

In this case, Valve was protecting the competitive integrity of Dota 2, not looking to find intruders on its own corporate network. “Dota is a game best enjoyed when played on an even field,” the company said, “where victories are earned by skill and tenacity.” (And by players figuring out how to take advantage of the dauntingly complex game’s mechanics.)

This doesn’t mean Valve’s efforts to remove cheaters from Dota 2’s servers are over. The constant evolution of videogame exploits mimics that of ransomware developers and more dangerous cybercriminals. “We expect that some players will continue to develop and use new exploits, to continue to try to gain unfair advantages at the expense of other players,” Valve said. “As before, we will continue to detect and remove these exploits as they come, and continue to ban users who cheat.”

The week, compiled

For all the concern people have expressed about large language models like ChatGPT—and there has been plenty—a different form of artificial intelligence might prove more valuable to scammers: voice generators.

Joseph Cox reported for Motherboard on Feb. 23 that he “used an AI-powered replica of a voice to break into a bank account.” Cox used this technology to access his own account and, in the process, showed how cybercriminals could abuse these tools to steal from others’ accounts. (You can watch a video of this technique in action on YouTube.)

Brookings researchers said in January that similar technologies could be used to create audio and video “deepfakes” that, in theory, “can be leveraged for a wide range of purposes, including falsifying orders from military leaders, sowing confusion among the public and armed forces, and lending legitimacy to wars and uprisings.”

The first problem could be addressed by using other forms of authentication—preferably a kind that can’t be bypassed easily—instead of having someone say “my voice is my password” because someone watched 1992 hacker hit “Sneakers” too many times. The second problem could prove more difficult to solve, especially if social media companies fail to take it seriously.

Here are some of the other stories worth highlighting this week:

CNN: A ransomware attack on Dole reportedly “forced [the company] to temporarily shut down production plants in North America and halt food shipments to grocery stores.” The impact of this shutdown is unclear, but several grocery stores were reportedly short on salad kits this week.

Louis Hansel / Unsplash

BleepingComputer: A successful phishing attack on Activision reportedly led to the exfiltration of “sensitive work place documents as well as scheduled to be released content dating to November 17th, 2023.” (Hat-tip to vx-underground, which is not a hacker group and doesn’t deserve the hate it’s receiving from Call of Duty fans after revealing the breach.)

A message from Synack

Insecure and unmanaged APIs can lead to multimillion-dollar security incidents, according to Gartner. Join Synack co-founder and CTO Mark Kuhr and Sabre application security principal Cris Rodriguez for a webinar to learn of a better way to pentest for APIs. They break down the top API vulnerabilities and share best practices for securing this critical part of organizations’ attack surfaces. Learn more and view the webinar on demand here.

Flash memory

It’s been one year since Ukraine Vice Prime Minister Mykhailo Fedorov called on hackers from around the world to join the IT Army of Ukraine and, well, essentially conduct DDOS attacks on Russian websites.

We grappled with the legality of participating in these activities last March. The consensus at the time was that Russia had better things to do than target individual hackers, but also that joining the IT Army of Ukraine probably wasn’t the best way to help the country defend itself.

Max Kukurudziak / Unsplash

This Newsweek report suggests that understanding hasn’t changed much, though the Internal Committee of the Red Cross said last week that hacktivism “could undermine the protection of civilians who must be spared from the effects of armed conflict,” according to The Record.

Local files

TechCrunch: The U.S. Department of Defense secured—by which I mean, “added a password to”—a server with “internal military email messages, dating back years, some of which contained sensitive personnel information” after a researcher noticed its contents were unprotected.

BBC: Royal Mail said this week that it was finally ready to restore international mail services more than six weeks after it was targeted by the Lockbit ransomware gang, with the company telling BBC that it’s now handling “close to normal daily volumes” of these packages and letters.

CyberScoop: Russia’s influence operations have degraded in quality following the country’s invasion of Ukraine last year, according to Meta, which said that efforts to use Facebook and other social platforms to sway public opinion in Russia’s favor are less sophisticated than they used to be.


I watched “Snatch” for the first time this week. It’s a 2000 movie starring Jason Statham, Brad Pitt and Benicio del Toro in the most ridiculous crime film this side of “The Nice Guys.” (Which is excellent, and includes my favorite performances from both Ryan Gosling and Russell Crowe.)

Arisa Chattasa / Unsplash

“Snatch” ain’t perfect—there are several continuity errors, it leans a bit too heavily on coincidence for some people’s tastes and it’s fairly violent. But it’s also a lot of fun, not least because Pitt’s character is damn near incomprehensible, as this profanity-laden YouTube montage makes clear.

It turns out crime can be awful fun… especially when you aren’t the one who has to worry about being fed to a bunch of pigs if things go poorly.

That’s all for this week’s installment of Changelog. I’ll be taking a break from the newsletter for the next few weeks, so please send any tips or feedback to Blake Sobczak, who will be taking the reins! See you again soon.