This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

Teenagers using Meta's virtual reality headsets to cheat at the popular game Gorilla Tag are unknowingly selling access to their home internet connections to potential cybercriminals, cybersecurity researchers found. The players have been side-loading Big Mama VPN, a free Android app, onto their VR headsets to create lag that makes it easier to win the tag-based game. However, the app simultaneously operates as a residential proxy service, selling access to users' IP addresses on a marketplace frequented by cybercriminals.

Cybersecurity firm Trend Micro discovered VR headsets were the third most common devices using Big Mama VPN, after Samsung and Xiaomi devices. The company's proxy services have been promoted on cybercrime forums and were linked to at least one cyberattack, according to research from security firms Trend Micro and Kela.

Huh?

[Viol8]

"create lag that makes it easier to win"

How can creating lag on your own connection help in any way in an online game? What am I missing here?

Re:Huh?

[Zarhan]

Modern multiplayer games use tricks to even out the disadvantage caused by latency for some players.

Essentially, it means things like input lag and illusion that input is still instant.

Assume that you have 10 ms ping time to a server, but another player has 50 ms ping time. For the 50 ms player, everything happens directly - when they click button to shoot, the server executes that action right away. However, when the 10 ms player shoots, the server receives the shoot command and adds 40 ms of lag to that action.

On the 10 ms player's *client*, there might be an illusion that the action was immediate, but it was not true.

Another example could be racing games. You are approaching a turn with very low latency. You rotate the steering wheel. You see the steering wheel and car turning right away on your screen. However, in "reality" as experienced by the server, your car actually continues in a straight line for 40 ms longer before starting to execute the turn.

Now, how does creating lag in your own connection help in online game? Well, basically because of the above mechanism. Look up terms like "delay-based netcode". More rudimentary games use lockstep mechanism, where game can only proceed to next frame after the inputs have been received from all players, but if even one player's input is missing, the whole game stalls - hence it's not really used in real-time games.

Re: Huh?

[ToasterMonkey]

Latency isn't added to your inputs.

What's happening is client side hit detection. Someone with 100ms lag can pop around a corner, fire/tag, jump back, and 100ms later your client gets the message it was hit. Your body drops to the ground where you were 100ms ago. That feels like lag on your end, but you're just seeing the effects of someone else's delayed inputs. That lag is only between that slower client and you.

If games didn't do this you'd have to always lead your targets by some amount depending on you

Re:Huh?

[Megane]

We need LAN play to become popular again. Not only does it eliminate lag, but you get to hear the other guys across the room when they get pwned.

Re:

[leathered]

Modern? Quake and its offspring was using prediction and other netcode tricks back in the 90s.

Since all of the Quake games are open-source I wouldn't be surprised if many modern games are still using that code.

Re:

[anonymouscoward52236]

Stupid kids. Use traffic shaping to create lag, this isn't rocket surgery. (No idea how it would help them win the game.) Don't they teach kids anything in school these days though?

Re:

[2TecTom]

cheaters are greedy, evil and abusive people who deserve to be cheated, nothing but karma to see here

Re:

[CEC-P]

Games still don't tend to use dedicated servers because it's expensive so they choose a "host" and their computer's final ruling on who did what when, when accounting for lag, is final. So if you detect you're the host and you have a button that puts a 200ms skip in when an enemy is near you, but you say you tagged them first, your decision is authoritative and you get the point.

Re:

[codebase7]

dedicated servers because it's expensive

It's no more expensive than putting out the Dedicated Server app on a community run host. (I.e. Exactly what matchmaking does: Make the players pay for hosting the game.)

The real reason is that matchmaking gives the developer / publisher a kill switch for the online multiplayer that they can use when the next game comes out. (Real world example: "Sorry guys Overwatch is dead, but you can play Overwatch 2 now!") Matchmaking also gives the developer / publisher absolute control over the multiplayer communi

Re:

[PPH]

and their computer's final ruling on who did what when

Not a game developer here. But it was my understanding that peer-to-peer gaming involves some sort of handshake so that both systems can agree when "now" is and mediate who was first. So a delay in the peer to peer link makes what you see on the screen effectively "in the future". Giving you time to react.

Re:

[douglasfir77]

I deal weekly with this even on xbox games.

https://security.stackexchange... [stackexchange.com]

"There is an attack that some people have dubbed "lag hacking", and its gaining popularity in multiplayer games. There are at-least two ways of creating artificial latency. One method of introducing artificial latency is using a lag switch, where the user intentionally disconnects their network cable. Another method is using a flood of syn or udp packets to cause controlled and predictable disruption in the game so that a player can

Re:

[MicroSlut]

This has been done for decades. There are LPBs (low ping bastards) and HPBs (high ping bastards). It was very popular in Quake III Arena 25 years ago.

Re:

[jonbryce]

I mostly see residential proxies advertised in the context of web scraping.
However, this one accepts payment only in crypto, so I would expect it is more about launching ddos attacks than monitoring prices of stuff on Amazon.

Re:

[Tokolosh]

The security-snooping complex is working hard on their aim of making IP address = person.

https://www.computerworld.com/... [computerworld.com]

Re:

[PPH]

their aim of making IP address = person

And it's not. The MAC address of the chip that they injected you with when you got vaxed for the coof is.

Move over TP-Link

[Vlad_the_Inhaler]

If this is genuine - and it sounds pretty weird - this makes TP-Link's deficiencies look like small fry.

so, Tor?

[EkriirkE]

Tor nodes, anyone?

Re:

[jonbryce]

Tor is generally useless for the sorts of things you would use a residential proxy for.

Re:

[r_naked]

Tor nodes, anyone?

Yup, that was my thought as well. Fucking hypocritical article (for /. at least).

Preach: "Run a Tor exit node!" (which I do -- and I think everyone should)

Article: "Sharing your connection as a VPN transit - BAD!!"

lol

Re:so, Tor?

[DarkOx]

Bid difference between being aware you are running a tor node, and being unaware though..

I think most thinking people would agree that PUAs are bad. I think a lot of people who would never set themselves up to be a tor exit node for a variety of reasons would install some vr head set stuffs to play with. If the hey and you'll be a vpn transit egress is not disclosed or buried down in the fine print, well that is kinda nasty behavior

Re:

[r_naked]

Bid difference between being aware you are running a tor node, and being unaware though..

I think most thinking people would agree that PUAs are bad. I think a lot of people who would never set themselves up to be a tor exit node for a variety of reasons would install some vr head set stuffs to play with. If the hey and you'll be a vpn transit egress is not disclosed or buried down in the fine print, well that is kinda nasty behavior

If they are unaware (and that is a very big if) then yes, PUAs are bad.

I was referring to the general tone of the article, and a lot of the comments -- that allowing VPN connections to exit *in general* is bad.

Re:

[PPH]

the general tone of the article, and a lot of the comments -- that allowing VPN connections to exit *in general* is bad.

Well, if it's not your connection then yes, it's bad. But like you said, it's the general tone of the article that a TOR/proxy/VPN is bad in general. I suspect that this is based on an increasing number of services who desire to, or demand to know where you are at all times.

Netflix sure doesn't want you to appear to be anywhere other that sitting comfortably at home when streaming content licensed for that location. They certainly don't want a few dozen people using your password and IP address to appear a

Well done - the first sentence is nonsense

[greytree]

"Teenagers using Meta's virtual reality headsets to cheat at the popular game Gorilla Tag"

They are not "using Meta's virtual reality headsets to cheat" at Gorilla Tag.
They are "using Meta's virtual reality headsets" to PLAY Gorilla Tag.
Meta's virtual reality headsets are what the game runs on.
They are using a side-loaded Big Mama VPN to CHEAT at Gorilla Tag.

Editors: Learn English.

Big Momma

[bobbutts]

This seems like a good product. With a name like Big Mama it has to be good. Big Mama's House was also a great movie.

Re:

[TheRealPhaser125]

Tyler Perry strikes again?

So now it begins....

[0xG]

VPNs are for cybercriminals.
And pedophiles.

Protect the children and outlaw VPNs!

Re:

[LazarusQLong]

Vice President Vance, I didn't know you were on Slashdot!

Seems to be cheating assholes anyways

[gweihir]

So my level of compassion is essentially nonexistent.