William Larsen - Pexels

Authoritarian Governments with Kernel-Level Anti-Cheat Software

The precedent set by Saudi Arabia's questionable record in sports washing, coupled with its alleged involvement in human rights abuses should concern gamers

Who is snooping on your computer? In the world of video games, fast reflexes, skill, and strategy are supposed to dictate success. However, individuals seeking an unfair advantage can and do still cheat to achieve victory, or at least its rewards.

From “aimbots” that guarantee unerring precision to “wall hacks” that unveil hidden adversaries, unfair play is an increasing problem as the gaming industry grows. For online gamers, pursuing an equal playground has given rise to powerful tools such as kernel-level anti-cheat software. However, given recent developments in gaming platforms and the global politics surrounding esports, gamers should be cautious about nefarious actors having sensitive access to their computers. 

In the esports community, there has been a loud call for invasive anti-cheat software over the last several months. The primary driver of this conversation was the release of Counter Strike 2 in September of this year, which is the sequel to the widely celebrated Counter-Strike: Global Offensive. Like its predecessor, Counter Strike 2 grapples with a cheater problem that has antagonized a substantial portion of its player base. Cheating not only compromises the integrity of the gaming experience but also undermines the competitive spirit that has defined Counter-Strike as a franchise leader in esports. 

Counter Strike 2 uses anti-cheat techniques that some feel are archaic, such as machine learning programs that are meant to detect abnormal player behavior and community reports of cheating. Many in the community have clamored for kernel-level based anti-cheats similar to that found in other titles, like Counter Strike’s main competitor, Valorant, and Electronic Arts games like Apex Legends or FIFA. Many gamers have instead opted to play the game through the platform FACEIT, which provides kernel-level anti-cheat for those who play on its platform. 

Kernel-level anti-cheating software is a type of measure that works by operating at the core of an operating system. The kernel manages system resources and provides a bridge between software and hardware. Without the kernel, computers would not be able to run programs or perform essential tasks. Working at the kernel level allows the anti-cheat software to have deep access to the system and monitor activities that would be harder to detect at the application level of the video game. System calls, memory, mouse movements, and lower level computer processes can be monitored with kernel-level anti-cheat. This enables the software to detect manipulations of the game’s memory, injection of code, or other low-level exploits. 

Due to its nature and access to sensitive parts of a computer, the implementation of kernel-level anti-cheat software can introduce variabilities to a system. The extensive access granted to kernel-level anti-cheat software poses inherent privacy concerns. As many are well aware, the delicate balance between security and privacy becomes even more crucial when considering the potential misuse or mishandling of sensitive user information. 

As one seasoned kernel developer writes, “The kernel runs in a super privileged mode that allows calling any instruction your CPU can execute. This code also has free access to the internal data structures of the kernel, which are normally hidden from user processes. What this means is that this type of spyware can exfiltrate sensitive information, control your computer, and record all of your activities and running programs.” He adds, “…these kernel level systems are extremely dangerous. No game is worth the level of control you give to a developer…”

The recent acquisition of FACEIT, the most popular provider of kernel anti-cheat services for games like Counter Strike, by an arm of the Saudi Arabian government raises questions. Saudi Arabia’s strategic foray into the gaming industry, marked by ownership of the FACEIT platform, underscores a fusion of technological control and influence. 

Saudi authorities have a poor record when it comes to punishing online expression. A 2023 report by Amnesty International highlights at least fifteen instances of individuals being jailed between ten to forty-five years for “peaceful online activities” in 2022 while also noting that Saudi Arabia “also infiltrated at least one social media company to unlawfully obtain information on dissidents and control the information that is disseminated about the Kingdom online.” 

In many ways, the issue is similar to the concerns over the social media app TikTok. The argument goes that, as a Chinese company, ByteDance, the parent company of TikTok, is subject to the Chinese government’s cybersecurity laws, which authorize the government to compel data access. It is within the realm of possibilities that Saudi Arabians could demand user data or use their software to spy on dissidents. 

At least with TikTok, there are some layers of division between the social media app Americans use and the Chinese government. ByteDance is privately owned, and U.S TikTok user data is segregated from its parent company’s operations and employees, all while the American tech company Oracle referees TikTok’s data flows. The holding company for FACEIT on the other hand, Savvy Gaming Group, is owned by the Saudi Arabian Public Investment Fund, and the Crown Prince of Saudi Arabia, Prince Mohammed bin Salman, is the chairman of the board

The vulnerabilities of kernel-level anti-cheats are not simply theoretical. In 2022, Genshin Impact’s anti-cheat was abused to infect computers with ransomware. Back in 2013, E-Sports Entertainment Association League’s (ESEA) anti-cheat software was exploited to secretly mine Bitcoin using its customer’s computers. The scandal resulted in a consumer protection complaint filed by the State of New Jersey, and the company entered into a $1 million settlement

ESEA’s software was the primary alternative to FACEIT, before being bought by the same Saudi Arabian government-backed Savvy Gaming Group. Its services have since merged with FACEIT. 

The precedent set by Saudi Arabia’s questionable record in sports washing, coupled with its alleged involvement in human rights abuses, prompts a critical examination of the ethical implications of an authoritarian government holding such influential tools in the security sphere. The association with a government entity raises questions about potential influence, data usage, and the alignment of gaming platforms with broader governmental agendas. One hopes that market demand for alternative anti-cheating measures will spur innovation in the space. 

Jonathan Hofer is a research associate at the Independent Institute. He holds a BA in political science from the University of California, Berkeley. He has written extensively on both California and national public policy issues. His research interests include privacy law, local surveillance, and the impact of emerging technologies on civil liberties. He is the author of The Pitfalls of Law Enforcement License Plate Readers in California and Safeguards to Protect the Public, COVID in California and Automated License Plate Readers: A Study in Failure, and his articles have appeared in such publications as The Hill, Towards Data Science, Human Events, The American Conservative, Real Clear Education, California Globe, Orange County Register, and The Daily Californian.
Catalyst articles by Jonathan Hofer | Full Biography and Publications