28th September 2020

Esports Integrity Commission Findings from investigation into CS:GO Spectator Bug Exploitation

Overview

On 4 September ESIC announced an investigation into the historical abuse of a bug in CS:GO’s spectator mode (Spectator Bug). ESIC contracted the services of Michal Slowinski (the discoverer of wrongful use of this exploit) to work with ESIC in the fulfilment of the inquiry. This statement sets out the findings of the first part of our investigation. ESIC has also decided to include additional information annexed to this statement in order to ensure the greatest possible transparency and understanding of our process and outcomes.

Investigation Outcomes

Summary of outcomes

Below is a summary overview of the outcomes of the first part of our investigation:

• ESIC initially estimated that it would need to review 25,000 demos in order to assess the exploitation of the Spectator Bug. When accessing the demo databases of both the ESEA and HLTV, ESIC retrieved 99,650 demos (approx. 15.2TB of data);
• As of the date of this statement, ESIC has reviewed approximately 20% of the total demos available for review. However, ESIC notes that the demos already reviewed (which form the conclusions identified in this statement) likely comprise the most substantial cases of abuse.
• Importantly, only 0.1% of the total demos available for review (99,650) have, as at the date of this statement, returned a positive indication of Spectator Bug abuse.
• Upon investigation, we have identified evidence that the Spectator Bug had previously been referred to admins in various non-ESIC member tournaments as far back as 2017. ESIC is not aware of how these reports were treated by non-members as we do not have operational visibility of any actions that were taken. Accordingly, ESIC will not make any comment relating to prior reports of the Spectator Bug to tournament admins by individuals.
• As a result of our investigations to date, ESIC has issued sanctions against 37 offending parties. The details of these sanctions are found in Annexure A attached to this statement which is titled ‘Sanction Outcomes’.
• It is noted that ESIC could not ascertain, with any reasonable certainty, whether the teams related to the offending parties were complicit in the exploitation of the Spectator Bug at the time that the offences took place. As such, ESIC will not make a comment in this regard and encourages the community to refrain from speculation on this element.
• ESIC anticipates that it will only need to issue one further report at the end of October which will conclude the investigation into Spectator Bug abuse (subject to additional complications that may arise during the investigative process).

What ESIC has done

In investigating the large volume of data provided to us by HLTV (some 15.2TB of demo footage), ESIC undertook the following methodology (more complex in reality, but simplified for ease of comprehension):

1. Securing data from HLTV and ESEA servers;
2. Parsing of data through particular parameters in order to detect bug exploitation;
3. Flagging of key suspect demos for manual review;
4. Manual review and analysis of key suspect demos and removal of false positives;
5. Collation and categorization of positive instances of abuse;
6. Various models of sanctioning matrix and concession matrix to act as standardized matrix to be used for determinations;
7. Consultation with various industry stakeholders regarding reasonableness and proportionality of various models of sanctioning matrices and concession matrices;
8. Identification of best suited sanctioning and concessions matrix and application to data set; and finally
9. Determination of net bans on a per offender basis in accordance with the finalized sanctioning and concessions matrix, review and sign off by the commissioner.

ESIC wishes to commend HLTV and ESEA for allowing us full and unfettered access to their database of match demos. This allowed our investigators to quickly and effectively scan in excess of 96,500 demos for the purposes of the investigation. The results of this investigation along with the evidence relevant are set out in Annexure A.

Standardised sanctions and concessions matrix

ESIC believes that all sanctioning decisions must be proportionate, fair and consistent and we have gone to great lengths to ensure that the calculation of the sanctions imposed on the offending coaches comply with these standards. After modelling numerous options, we adopted the model outlined in Annexure B titled ‘Sanctions and Concessions Matrix’ as being the most appropriate.

In brief summary, the method utilised by ESIC allows it to:

1. Identify trends in abuse of the Spectator Bug by analysing data points relevant to ‘frequency’ and ‘duration’ of abuse;
2. Create consistent sanction tiers based on data within the sample being assessed;
3. Apply appropriate and proportionate sanctions consistently across the entire data set based on the model;
4. Apply appropriate and proportionate concessions for defined circumstances (e.g. confessions or assistance with investigation);
5. Arrive at a net sanction which is consistent, data driven, and objectively ascertainable by reference to the model for each offending party.

Changes in prior bans issued by ESIC

ESIC notes that all three previously sanctioned coaches have had their penalties amended as a result of additional evidence uncovered during the investigation.

Applicability of sanctions issued as a result of the investigation

Sanctions issued by ESIC as a result of this investigation will mean that coaches affected:

• must not actively or passively communicate with the team starting 15 minutes prior to the official match start up until the end of the match
• must not be physically present around the team starting 15 minutes prior to the official match start up until the end of the match
• must not be on the game server during official matches
• must not be on the official match channel on the Discord server
• must not be part of the official map veto process nor be in communication with the team during this process

As per all investigations conducted by ESIC, our determinations have effect across all of our membership, including ESL, DreamHack, WePlay, BLAST, Nodwin, Eden, LVP and others.

ESIC also asks all non-ESIC member tournament organisers to honour these bans for the purpose of protecting the CS:GO esports scene internationally.

ESIC welcomes any dialogue with these non-ESIC member tournament organisers relating to bolstering and harmonising competitive integrity for CS:GO.

Appeal Process

Any coach who wishes to contest his guilt may write setting out the grounds of his appeal to the Chairman of the Independent Disciplinary Panel, Kevin Carpenter, at kevin@captivatelss.com. Full terms and conditions and details of procedure and requirements will be sent to any appellant on request. Any party to an appeal will bear their own costs of appealing, but the Chairman may, in his entire discretion, make an award of costs against the losing party and that may include, if ordered, the costs of the hearing itself including his time or that of any panel member used.

Further Investigations and Reporting

ESIC originally estimated that the investigation would take approximately 8 months to complete, but, due to techniques developed in the interim and the extraordinarily hard work and dedication of the investigative team assigned to this project, we now expect to issue one further report at the end of October which will complete the investigation (subject to additional complications that may arise during the investigative process).

Investigation Funding

ESIC is a non-profit association which often faces large operational burdens in its efforts to maintain integrity within the esports industry. After the commencement of this investigation, ESIC made a request to its members for contributions towards the costs of the investigation. ESIC would like to make special mention of Rivalry.gg, DreamHack, and WePlay who have all made contributions to ESIC’s investigation into historical abuse of the spectator bug.

ESIC also acknowledges the various other ESIC members and industry stakeholders who have separately funded investigative activities prior to the commencement of ESIC’s formal investigation. Your commitment to integrity is valued and appreciated.

Message to the CS:GO community

We understand that these revelations have been tough for many people within the CS:GO community, but we believe it is in the long term best interests of the game and all of esports for integrity breaches to be dealt with head on. We know that most coaches, players, tournament organisers, publishers and developers, fans, sponsors and broadcasters want CS:GO and esports to be clean and a fair competition between players and teams doing their very best to win. We see our job as being to ensure that that happens and that corrupt and bad actors are rehabilitated or removed.

• This media release was published by the Esports Integrity Commission (ESIC) on 28 September 2020. Click here for the original.

You may also like...

Pin It on Pinterest

Share This