Last week, we took a look at the new Vanguard anti-cheat system being used in Riot’s Valorant and the potential security risks of the kernel-level driver it utilizes. Now, in an effort to allow “players to continue to play our games with peace of mind,” Riot says it is “putting our money where our mouth is” with an expanded bug bounty program, offering more money for the discovery of Vanguard vulnerabilities.
Bug bounties aren’t new to the gaming industry or even to Riot Games, which says it has paid out nearly $2 million in such rewards since launching its bounty program in 2016. But Riot is now offering “even higher bounties” of up to $100,000 specifically for the discovery of “high quality reports that demonstrate practical exploits leveraging the Vanguard kernel driver.”
The largest bounties in Riot’s newly expanded program are available to attacks that are able to exploit the Vanguard driver to run unauthorized code at the kernel level—something of a nightmare scenario that could give an attacker full, low-level access to a machine—but exploits that merely provide “unauthorized access to sensitive data” will also be rewarded. The bounties apply to network-based attacks that need no user interaction, vulnerabilities that require user action (like clicking on a malicious link), and exploits that require “guest user” access to the system itself, in declining order of potential reward.
Offering bug bounties is an attempt to skew the incentive structure for potential Vanguard attackers, making it more lucrative to report flaws than to exploit them for use by cheating programs or hacking tools. Riot anti-cheat lead Paul Chamberlain said a similar issue of incentives was behind Riot’s decision to use a kernel-level driver for Vanguard in the first place.
Beating a kernel-level driver “requires a different (more strenuous) approach from cheat developers to attack,” Chamberlain told Ars. “For cheat developers operating at the kernel level, they need to work around the restrictions Microsoft places on kernel level software. This extra work reduces the incentives for cheat developers because their cheats become harder to make, less convenient for players to install, and just overall less profitable to sell.”
“We don’t expect that any protection will remain unbreached forever, but Vanguard’s protections are strong, and as cheat developers’ tactics evolve, so will ours.”
Earning player trust
In announcing the new bug bounties, a group of high-level Riot security employees wrote that they “understand the decision to run the driver component in kernel-mode can raise concerns.” That said, they also want to reassure players that “we would never let Riot ship anything if we weren’t confident it treated player privacy and security with the extreme seriousness they deserve.”
The statement reiterates that while the signed kernel-level driver runs at start-up “to prevent loading cheats prior to the client initialization,” a user-level client “handles all of the anti-cheat detections while a game is running.” At that point, the user-level client uses the driver “to validate memory and system state and to make sure the client has not been tampered with.” The driver itself “does not collect or send any information about your computer back to us,” they wrote.
“We’d never let Riot ship something we couldn’t stand behind from a player-trust perspective (not that we think Riot would ever try),” Riot’s security representatives wrote. “Players have every right to question and challenge us, but let’s be clear—we wouldn’t work here if we didn’t deeply care about player trust and privacy and believe that Riot feels the same way. We’re players just like you, and we wouldn’t install programs on our computer that we didn’t have the utmost confidence in.”
Former FBI special agent Vincent Pankoke was looking forward to a relaxing retirement hanging out at the beach when he left the agency. Instead, he was drawn into solving a famous cold case: the question of who betrayed Anne Frank and her family to the Nazis, leading to their arrest and deportation to a concentration camp. Only the father, Otto Frank, survived. To find his own answer to that question, Pankoke assembled his own crack team of dogged investigators. They spent five years poring over every bit of pertinent material, setting up an extensive online database, and developing an AI program to help them sift through it all and find new connections.
While admitting that the case is circumstantial and some reasonable doubt remains, Pankoke et al. believe the most likely culprit is a man named Arnold van den Bergh, a local Jewish leader who may have handed over lists of addresses where fellow Jews were hiding to the Nazis in order to protect his own family. The Pankoke team’s story was featured in a segment on 60 Minutes earlier this week (see video at end of post), and is covered in detail in a new book by Rosemary Sullivan, The Betrayal of Anne Frank: A Cold Case Investigation.
Millions of people have read The Diary of Anne Frank since it was first published posthumously in 1947. It’s been translated into 70 languages and inspired a theatrical play and subsequent Oscar-winning 1959 film, featuring Millie Perkins in the title role. Anne Frank was born in Frankfurt, Germany, but the family fled the country and settled in Amsterdam after Adolf Hitler came to power. They didn’t flee quite far enough: the Nazi occupation of the Netherlands began in May1940 and eventually forced the Franks (and many other Jews) into hiding.
Anne received the famous diary on June 12, 1942 for her 13th birthday, around the time the Gestapo began deporting Jews in Amsterdam. On July 6, the Frank family began their lives in the Secret Annex attached to the office building at Prinsengracht 263, where Otto Frank had worked. It was only accessible via a door on the landing, kept hidden by a bookcase. Victor Kugler, Johannes Kleiman, Miep Gies, and Bep Voskuijl were the only employees who knew where the Franks (and later, the Van Pels family) were hiding. The four supplied the families with food and other necessities, knowing full well that they could be condemned to death by the Nazis for aiding Jews.
Anne chronicled their lives in the Annex in her diary for the next two years, making her final entry on August 1, 1944. Just three days later, German police led by SS officers stormed the Annex, arresting the Franks and the Van Pels family and transferring them to the Westerbork transit camp after interrogation. Kugler and Kleiman were also arrested and held at a penal camp for “enemies of the regime.”
Gies and Voskuijl were questioned, but not detained, and found the pages of Anne’s diary strewn around the floor when they returned to the Annex, preserving it for posterity. As the whole world now knows, 15-year-old Anne Frank died (likely of typhoid fever) at Bergen-Belsen between February and April, 1945, the day after her older sister Margot. Their mother, Edith, had died of starvation the year before.
There were two separate official investigations into who may have betrayed the family: one in 1947-1948, and the second (conducted by the Dutch police) in 1963-1964. In both cases, the findings were inconclusive. Since then, there have been several independent investigations identifying different possible suspects.
For instance, Melissa Muller’s 1998 biography of Anne Frank concluded that a woman named Lena Hartog, wife of the company’s assistant warehouse manager, betrayed the family. In 2003, Carol Ann Lee came to a different conclusion in her biography of Otto Frank: the culprit was a man named Anton “Tonny” Ahlers, a member of the National Socialist Movement in the Netherlands. Stockroom manager Willem van Maaren was another suspect, and since several possible culprits knew each other, there is also the possibility that more than one person betrayed the Frank family.
A 2015 biography of Bep Voskuijl (co-authored by her son Joop) suggested that one of Bep’s sisters, Nelly, may have snitched on the Franks. Nelly fell in love with a young Austrian Nazi, had worked for a year on a German air base, and her political leanings had sufficiently estranged her from the family that she left their house. This theory holds that Nelly—who returned to Amsterdam in 1943 when her romance soured—may have been the anonymous female caller who (allegedly) tipped off the SS about the secret Annex, per the testimony of SS officer Karl Josef Silbauer, who made the arrests.
The Anne Frank House undertook its own investigation and arrived at a surprising new theory in 2017, thanks to the efforts of a historian named Gertjan Brock. It’s possible, Brock suggested, that there was no betrayal, and the SS raid was really part of ongoing attempts to track down purveyors of illegal goods. This theory holds that the officers just happened to stumble upon the Jewish families hiding in the attic.
Brock relied on Anne’s diary entries from March 1944 to confirm that the SS may have received a tip about ration coupon fraud or illegal workers, prompting the raid on Prinsengracht 263. Several diary entries noted the arrest of two men (identified only as “B” and “D,” for Martin Brouwer and Peter Daatzelaar) who trafficked in illegal ration cards. “B and D have been caught so we have no coupons,” Anne wrote on March 14.
This would almost certainly have attracted the attention of the authorities. Also, police reports indicated that the officers who arrested the Annex residents had primarily worked on cases involving cash, securities, and jewelry, rather than focusing on hunting down Jews. Those officers spent over two hours searching the property, suggesting they were looking for something other than the Jewish families.
All of these theories, and more, were considered and carefully studied by Pankoke and his team (standard cold case procedure). They enlisted the services of an Amsterdam-based data company called Xomia, who provided the foundation for a Web-based AI program developed by Microsoft. “[I]t would enable the team to marshal the millions of details surrounding the case and make connections among people and events that had been overlooked before,” Sullivan wrote.
Xomia’s scientists warned the team that because it was such an old case, with so much missing data, it was highly unlikely that even their advanced AI system would be able to completely solve the puzzle. However, the program would be enormously helpful in narrowing down the suspects and predicting the most likely candidate(s).
Of course, first they had to build a database by digitizing the many historical accounts and official records of what had happened. In addition to scanning, the program could convert video and audio recordings to text, translate them into English, and make the database searchable. Many street names in Amsterdam had changed since World War II, so the AI also included a program capable of converting street names from a current map to a WWII era map, complete with geolocation tags for all the relevant addresses.
Among the links that the program revealed were previously unknown connections between policemen who went on the same raids and female informants who had worked together. Team member Pieter van Twisk gave Sullivan an example of just how useful the program could be:
If for instance, an address of interest came up in one of the files I was examining, I could very quickly cross-reference it within the database. Running the address through the AI would provide me with all relevant documents or other sources in the data store in which this address was mentioned. Sources where it was mentioned the most would appear highest. It could also give me a graphic on how this address was connected to other relevant items such as different people who were somehow connected to this address. It could provide a map with all the connections between this address and others and would indicate which connections were the most common. It could also provide a timeline of when and where this address was most relevant.
The investigation also incorporated modern law enforcement techniques such as behavioral science (profiling), crowdsourcing, and forensic testing. Investigative psychologist Bram van der Meer was tasked with analyzing the data collected on all the witnesses, victims, and other persons of interest so he could profile them, noting especially their likely behavioral responses and decision-making in unusual or stressful situations.
All this helped the team identify about 30 different potential theories for why the SS had raided the Annex, and they closely examined each one—a process that led them down the occasional rabbit hole. Sullivan’s book covers several potential candidates in great detail.
For instance, one of many interviews Pankoke and his team conducted was with an elderly Holocaust survivor whose own family had been hiding in another house on the Prinsengracht, and had been betrayed to the Nazis shortly before the Frank family. The culprit in that instance was a woman named Anna van Dijk, a well-known informant. There was also a policeman who had participated in both raids, yielding helpful information about both operations, especially their similarities.
Van Dijk seemed like a promising candidate for the Frank family’s betrayal, especially given her role in the arrest of a Jewish couple who had been hiding in Utrecht. According to Sullivan’s account, the couple were friendly with the Frank family, traveling to Amsterdam every month to get food. They were arrested on one such trip, and van Dijk posed as a fellow prisoner, convincing them to reveal where other Jewish people might be hiding—ostensibly to “warn” them to relocate in case the couple cracked under interrogation.
Alas, the official reports Pankoke and his team finally dug up revealed that the couple had been arrested several weeks after the Annex raid, and there was no mention of a female informant’s involvement. Van Dijk and her husband weren’t even in Amsterdam in August 1944, having moved to a small town near Utrecht to infiltrate a resistance network.
By the spring of 2019, the possible theories had been winnowed down to twelve, further reduced to just four possibilities by midsummer—either because the team had concluded the discarded theories were improbable, or there simply wasn’t enough available information to warrant additional investigation. Among the discarded candidates was Nelly Voskuijl, whom Panoke et al. had initially taken seriously as a suspect. But then they found an interview with Otto Frank by a Dutch journalist in the late 1940s. Otto claimed that “they’d been betrayed by Jews and he did not wish to pursue the culprit because he did not wish to punish the family and children of the man who had betrayed them,” Sullivan wrote.
This focused the team’s attention on van den Bergh, especially since his possible culpability was bolstered by a piece of actual physical evidence. Someone had sent Otto an anonymous note. The note informed him that their family hideout had been revealed to the Jewish Council, a body forced to implement Nazi policy in the Jewish areas of Amsterdam. Van den Bergh was a member, and was named in the note. The original note has been lost, but Otto had made a copy of it, indicating he found the tip to be credible. The Council was disbanded in 1943, and its members were sent to concentration camps—all except for van den Bergh, who continued to live in Amsterdam. He died in 1950.
From Pankoke’s perspective, van den Bergh met all the standard law enforcement criteria. He insists that the Jewish Council almost certainly maintained lists of Jews in hiding, and as a member, van den Bergh would have had access to them. He also had a motive: protecting himself and his family from capture and deportation, by providing the Nazis with useful information. Finally, van den Bergh had opportunity, because he was free to move about, and was in regular contact with highly placed Nazis, so he could have passed on a list of addresses at any time.
This was also the only possibility consistent with Otto’s own cryptic statements over the years, although Pankoke’s reasoning on Otto’s behavior and motivations for keeping van den Bergh’s identity a secret are largely speculative. “Perhaps he just felt that if I bring this up again… it’ll only stoke the fires [of anti-Semitism] further,” Pankoke told 60 Minutes. “But we have to keep in mind that the fact that [van den Bergh] was Jewish just meant that he was placed in an untenable position by the Nazis to do something to save his life.”
The identification of van den Bergh has naturally caused a stir, although there is still skepticism about whether Pankoke et al.’s conclusion is correct. University of Leiden historian Bart van der Boom dismissed the theory as “defamatory nonsense” to the BBC, while Amsterdam University’s Johannes Houwink insisted that if lists of Jews in hiding had existed, they would have surfaced long before now. The Anne Frank House was more circumspect in its reaction, stating that the Pankoke team’s investigation was impressive, and had “generated important new information and a fascinating hypothesis that merits further research.”
A lawsuit filed by the Roblox Corporation, the operator of one of the most popular online games in the West, concluded last week with a rare order from a US District Court—that a defendant must be permanently banned from an online video game and its associated services.
The dubious honor goes to Benjamin Robert Simon, better known to the Roblox community as Ruben Sim, who had previously received an IP-based Roblox ban after allegedly violating the game’s terms of service. Simon operates a Roblox gameplay and criticism YouTube channel, which currently has 849,000 subscribers.
$150,000, not $1.6 million
The judgment, which came as a stipulated order agreed upon by both the plaintiff and defendant, also requires Simon to pay $150,000 to Roblox. Exactly how that number breaks down based on the suit’s allegations is unclear, but the original suit says that Simon posted a threat in October 2021 that apparently targeted that year’s Roblox Developers Conference. The tweet included a threatening statement without a clear indication of either satire or comedy and said, “San Francisco Police are currently searching for notorious Islamic Extremist [name redacted]. If you see this individual at RDC please call 911 immediately.” The post included a hyperlink to a video titled “SOMEONE BLOW UP ROBLOX NOW,” which had been deleted from YouTube in 2015 but was temporarily re-uploaded, and that video (now once again offline) included direct threats to the Roblox Corporation.
The September 2021 lawsuit (PDF) alleges that this post—along with a follow-up post saying, “Don’t come to RDC tomorrow”—contributed to the company putting the event into “a temporary lockdown while local police and private security conducted a search to secure the facility.” The lawsuit also alleged that this disruption cost Roblox Corporation “over $50,000.”
The January 14 judgment (PDF), which Ars Technica has reviewed, does not include a line-by-line accounting of Roblox Corporation’s many allegations about Simon’s activities related to Roblox, and the only other claim with a firm number attached references Simon’s alleged repeated efforts to evade Roblox’s bans, use the service, and share videos of his exploits. Roblox Corporation says that it spent “over $100,000” to “investigate and block” Simon’s repeated ban evasions. The final judgment is far less than the $1.6 million Roblox Corporation originally sought.
No legal precedent established
The suit says that Simon “repeatedly posts libelous statements about Roblox’s founder and CEO, attributing false statements and conduct to the CEO that Defendant Simon knows to be false and which he makes with intent to cause injury to the reputation of the CEO and of Roblox.” This, among many other allegations, might have been explored further with screenshots or archived social media posts had the suit gone to trial, though in the end, both parties agreed to the terms of the US District Court’s judgment.
In the case of some allegations, Roblox Corporation’s lawsuit includes extensive chat logs that were hosted by Simon’s YouTube channel as proof of his history with ban evasion and violations of Roblox‘s terms of service. Other allegations, including the ones about Roblox‘s CEO and about graphic imagery allegedly uploaded by Simon to Roblox‘s servers, are not accompanied by text or image evidence in the suit’s initial filing. Simon has agreed to delete any social media content that violates the terms of the court order. The original lawsuit sought the total deletion of Simon’s social media accounts and presence, but the final court order includes no such demand.
As a stipulated order agreed upon by both parties, this lawsuit’s conclusion does not establish a legal precedent for users who violate an online service’s terms of service, get banned, and evade that ban in one way or another to return to the game or app in question.
It has been a long, pandemic-fueled wait, but the second season of Star Trek: Picard is almost here, and we now have an official trailer. In addition to seeing Jean-Luc Picard (Patrick Stewart) encounter his mischievous former frenemy, Q (John de Lancie), fans’ hearts will warm to see the retired Starfleet captain reunite with Guinan (Whoopi Goldberg), the El-Aurian bar hostess from Star Trek: The Next Generation.
As I wrote in my review last year, the series is set 20 years after the events of Star Trek: Nemesis. The first season opened with Jean-Luc Picard (Patrick Stewart) having retired to the family vineyard. His bucolic existence was interrupted by the arrival of a mysterious woman named Dahj (Isa Briones) who pleaded for his help. Alas, Picard failed to save her. She was killed in front of him by Romulan assassins belonging to a radical sect known as the Zhat Vash, who is dedicated to eradicating all artificial life forms. Picard discovered that Dahj was actually a synthetic—technically Data’s “daughter”—and she had a twin sister, Soji, who was also in danger.
Resolved to save Soji, Picard asked Starfleet for a ship, but he had been gone a long time, and his entreaties were rebuffed. Never one to admit defeat, Picard amassed his own scrappy crew over the next few episodes for his unauthorized rescue mission. The crew included Cristobal Rios (Santiago Cabrera), a skilled thief and pilot of the ship La Sirena; Raffi (Michelle Hurd), a former Starfleet intelligence officer and recovering addict; Dr. Agnes Jurati (Alison Pill); and a Romulan refugee, Elnor (Evan Evagora).
Some details about the second season have been trickling out over the last year. We know, for instance, that even though Picard’s consciousness is now in a synthetic body, the show will still explore themes of dealing with the last stage of one’s life, the nature of connectedness—hence the return of Q and Guinan—and Picard’s struggle with his own personal history, which will include time traveling to the past. Per the official synopsis:
Picard takes the legendary Jean-Luc Picard and his crew on a bold and exciting new journey: into the past. Picard must enlist friends both old and new to confront the perils of 21st century Earth in a desperate race against time to save the galaxy’s future—and face the ultimate trial from one of his greatest foes.
Patrick Stewart personally invited Whoopi Goldberg to reprise her role as Guinan in S2 during an appearance to promote S1 on The View in January 2020. Paramount dropped an initial S2 teaser in April last year, on First Contact Day, that strongly hinted that fan favorite Q—an extra-dimensional being with power over time, space, the laws of physics, and reality itself—would return and that the second season would play with time. A one-minute teaser dropped last July, giving us our first look at Q.
That teaser also showed us that time has been broken in S2, with many significant changes. We saw Elnor and Raffi fleeing for their lives, Soji dressed all in white, Rios in a snazzy new Federation uniform with new insignia, and Agnes Jurati in civilian garb. Also, Seven of Nine awoke in an unfamiliar apartment, and when she looked in the mirror, her Borg implant was gone.
The full trailer has some of that same footage, and more. It opens with Picard ruminating on the moments that still haunt him, “moments upon which history turns.” Then, he wakes up in a different timeline, with Q welcoming Picard to the “road not taken.” The Federation doesn’t seem quite so noble as the version we’ve known in the past, and what is that mysterious blue substance in a vial that Q gives to Altan Inigo Soong (Brent Spiner)?
The Borg Queen (Annie Wersching) is also back and might be to blame for some time shenanigans that transport Picard and his crew back to 2024. Star Trek: Deep Space Nine fans will understand the significance of that year, detailed in the two-part episode “Past Tense.” It’s the year of the Bell Riots, a protest and crackdown that proved so violent that America embarked on a course of social and political reform that ultimately led to the formation of the Federation. So messing with that point in the timeline could have some serious repercussions.
Desperate for someone who can help him understand what is going on with the divergence in time, Picard walks into a bar that just happens to be run by Guinan—perhaps a bit less posh than Ten Forward, but still plenty cozy. “I’m gonna need some tea. Earl Grey. Piping hot,” Guinan says, wearing a truly spectacular red hat. She warmly embraces her old friend, assuring him, “I believe you have one final frontier yet to come.”
The second season of Star Trek: Picard premiers on Paramount+ on March 3, 2022. A third season filmed concurrently, so we’ll be getting even more adventures from the crew of La Sirena.