E-Sports League Stuffed Bitcoin Mining Code Inside Client Software

hypnosec writes "The E-Sports Entertainment Association (ESEA) gaming league has admitted to embedding Bitcoin mining code inside the league's client software. It began as an April Fools' Day joke idea, but the code ended up mining as many as 29 Bitcoins, worth over $3,700, for ESEA in a span of two weeks. According to Eric Thunberg, one of the league's administrators, the mining code was included as early as April. Tests were run for a few days, after which they 'decided it wasn't worth the potential drama, and pulled the plug, or so we thought.' The code was discovered by users after they noticed that their GPUs were working away with unusually high loads over the past two weeks. After users started posting on the ESEA forums about discovery of the Bitcoin mining code, Thunberg acknowledged the existence of a problem – a mistake caused a server restart to enable it for all idle users." ESEA posted an apology and offered a free month of their Premium service to all players affected by the mining. They've also provided data dumps of the Bitcoin addresses involved and donated double the USD monetary value of the mined coins to the American Cancer Society.

Trust

It's all fun and games, until someone pokes a hole in your trust.

Sounds handled fairly well

[magarity]

Sure, it was rather poor form to have started on this project, even as a joke, but it seems they've fessed up and handled it well.

Re:Sounds handled fairly well

Absolutely not, for an organization that is striving for legitimacy this is an extreme breach of trust.

Re:Sounds handled fairly well

[girlintraining]

Sure, it was rather poor form to have started on this project, even as a joke, but it seems they've fessed up and handled it well.

... After they were caught with their hand in the cookie jar, yes. Meanwhile, were I, a non-corporation, to do something like this, the FBI would be coming through my door with a bunch of dudes with shotguns for an enhanced "interview" over my connections to terrorism, money laundering, etc.

So, my question is... whether intentional or accidental, it happened. That means it's a crime. So... where is the charge sheet, mmm?

Re:Sounds handled fairly well

Absolutely not, for an organization that is striving for legitimacy this is an extreme breach of trust.

So admitting wrongdoing, giving credit, and donating the money to a nonprofit is an "Extreme breach of trust"?
How do you figure that?

Re:Sounds handled fairly well

It was $4k in bitcoins, they fessed up, they paid back the users, they made a good faith payment to a charity....

If we're going to be a software "community" we have to have standards for people who make mistakes to address them and move on. They have have called foul on themselves and taken a two stroke penalty.

Let it go.

Re:Sounds handled fairly well

[fredprado]

What the GP said still stands. If he, as a person and not a corporation had done exactly that, admitting it, and donating the results would fall very short from freeing his ass from prosecution. He would more likely than not end in jail.

Re:Sounds handled fairly well

[girlintraining]

What the GP said still stands. If he, as a person and not a corporation had done exactly that, admitting it, and donating the results would fall very short from freeing his ass from prosecution. He would more likely than not end in jail.

Shhh... don't spoil it. I'm enjoying the slashdotters trying to rage against overbearing police authority and misunderstanding technology ... while at the same time having to balance out corporate versus private individual rights, and for the bonus round it's something that ties directly in with their online privacy. I got some popcorn, wanna share? This is gonna be good...

Re:Sounds handled fairly well

I figure that because it happened in the first place, which is completely inexcusable. What were they thinking? What's to say it won't happen again? You know that old saying from Tennessee, well, from Texas, but probably from Tennessee too: fool me once, shame on, hmm, shame on you, fool me... well, you can't get fooled again.

Re:Sounds handled fairly well

[fredprado]

By all means. I will bring the soft drinks.

Re:Sounds handled fairly well

Yeah, it shouldn't be illegal to rob a bank if you give the money back... right?

Re:Sounds handled fairly well

[Goaway]

They hardly "admitted wrongdoing". They made up absurd stories about how it was all an April Fool's joke, and lied about how long it had been active and how much money they had made.

(Consider this: Which part of this "April Fool's joke" was supposed to actually be FUNNY? It was installed in secret. If it was hidden from you, how were you supposed to laugh at it?)

Re:Sounds handled fairly well

if you steal 100$ from me, recompense me less than that, and donate either the remainder or more
to charity... you are still a thief. I will donate what I care to donate, when and where. No one has any right
to force me otherwise, 'cept of course my gov, through taxation.

esea = thieves... they gave it to the poor, but they sure as shit stole it... and those stolen from
have received a pittance.

Re:Sounds handled fairly well

[timmyf2371]

What they did was a mistake and it was wrong to do so. But are we sure it's actually a crime?

Looking at the facts:-

- ESEA released software which people downloaded and willingly installed so it would be a big stretch to call it a bot net.
- The software did what it said on the tin but it also did something else without advertising this fact to the users.
- What it was doing is probably only relevant if mining bitcoins was illegal anyway.

So what makes ESEA's software any different from operating systems which run processes in the background without explicitly stating which processes these are? What is the difference compared to some of the TV catch up services (e.g. Sky catch-up and BBC iPlayer) which use P2P to offload bandwidth usage from the providers onto the users of the software?

IANAL etc but I'm genuinely interested to understand what law might have been broken here and whether there is any legal precedent.

Re:Sounds handled fairly well

[IndustrialComplex]

Yeah, it shouldn't be illegal to rob a bank if you give the money back... right?

There is a problem with your post. They didn't rob a bank. So it's not like that at all.

Re: Sounds handled fairly well

How so, they blamed an unnamed employee claiming he did it for financial gain. Except somehow the have access to the wallet.

Re:Sounds handled fairly well

[IndustrialComplex]

Sure, it was rather poor form to have started on this project, even as a joke, but it seems they've fessed up and handled it well.

... After they were caught with their hand in the cookie jar, yes. Meanwhile, were I, a non-corporation, to do something like this, the FBI would be coming through my door with a bunch of dudes with shotguns for an enhanced "interview" over my connections to terrorism, money laundering, etc.

So, my question is... whether intentional or accidental, it happened. That means it's a crime. So... where is the charge sheet, mmm?

There is a subtle difference that you seem to be missing. The difference is 'mens rea'.

Re:Sounds handled fairly well

[fibonacci8]

No, it's more like plugging in a bunch of machinery using a bank's electricity to craft something, then giving the precedes to charity... but only after getting caught.

Re: Sounds handled fairly well

Doing it in the first place, I don't really get how their "apology", which basically came down to blaming an unnamed employee, makes up for stealing resources from your customers, and in some cases damaging their hardware.

Re:Sounds handled fairly well

[Dunbal]

We're also supposed to take them at their word that only 29 bitcoins were mined. Sure they provided the dumps. How much are they holding back?

Re:Sounds handled fairly well

[Dunbal]

No, they've admitted to $4k.

Re:Sounds handled fairly well

[SethJohnson]

That means it's a crime. So... where is the charge sheet, mmm?

Well, corporations are people, so a criminal charge against the ESEA should be forthcoming.

Re:Sounds handled fairly well

[networkBoy]

I've got some pizza.

Re:Sounds handled fairly well

[Hatta]

Consider this: Which part of this "April Fool's joke" was supposed to actually be FUNNY?

I ask myself that every time I visit /. on April 1st.

Re:Sounds handled fairly well

They didn't stop when they realized it because they are honest, they stopped when were caught. Then they told some story saying it was 2 days and 300$. They were caught again and admitted it was 18 days and 3000$. And they're trying to say, "we're sorry, but don't worry, we're nice, really. It was all a mistake". That's hard to believe. You don't make such an elaborate project work by mistake "because of a server reboot". And during this time they reveived plenty of reports from their users about weird gpu activity. It wasn't a joke or a mistake, they did it intentionally, and they're not even admitting it. So, no, they're not handling it well at all.

Re:Sounds handled fairly well

[TheRealMindChild]

Sure. What is wrong with a rootkit that comes with your audio cd?

Re:Sounds handled fairly well

[dantotheman]

You forgot to run that through ROT13 first. FTFY: V nfx zlfrys gung rirel gvzr V ivfvg /. ba Ncevy 1fg.

Re:Sounds handled fairly well

Whatever they said and for whatever reason, they're making amends for their mistakes. I'm willing to extend them credit on that basis.

Contrast that with blatant nonsense like "our DRM isn't DRM" from the weasels at EA and I have no problem seeing a difference.

Re:Sounds handled fairly well

The trust has already been irreparably breached, and no amount of donations or credit will change that. That isn't something someone does by mistake; customers were deliberately defrauded.

Re:Sounds handled fairly well

Meanwhile, were I, a non-corporation, to do something like this, the FBI would be coming through my door with a bunch of dudes with shotguns for an enhanced "interview" over my connections to terrorism, money laundering, etc.

Would you? If you were, say, a firefox dev, and you put bitcoin mining code in firefox that got released, and a month later you admitted it, did everything the company did, etc, would the FBI really be at your door? Stupid as it is, this wasn't actually stealing anything from the users besides their electricity bill costs. It certainly wasn't unauthorized access, it was just a stupid thing to do that breaches the trust of the users.

Re:Sounds handled fairly well

[flimflammer]

Except that this and that have absolutely no relevance to one another. That's like comparing the Hot Coffee code hidden inside GTA: San Andreas to a rootkit.

Re:Sounds handled fairly well

[Holi]

If any of the users were running their own bitcoin mining software then they definitely would have been stealing resources.

Re:Sounds handled fairly well

1 Rob bank
2 If not caught go to 5
3 Issue an apology, people will like you for owing up to your mistake (the mistake being getting caught)
4 Donate the bank's money to charity
5 Profit

Re:Sounds handled fairly well

[IndustrialComplex]

I guess I'm just so used to companies issuing non or backhanded apologies that when one actually does more than offer 10% off your next purchase, my outrage generator gets short circuited.

Thinking about it a bit more now that I realize that it wasn't just processing, but pulling in 100% CPU/GPU utilization, I'm a bit more upset. (mostly because how can you 'accidentally' leave in such a huge freaking mechanism for putting egg on your face)

Re:Sounds handled fairly well

[Khyber]

"The software did what it said on the tin but it also did something else without advertising this fact to the users."

And I sued the fuck out of EA for the EXACT SAME THING.

Looks like ESEA needs a visit from my legal team.

Re:Sounds handled fairly well

If you did something like this, the FBI might come knocking because someone reported it to them.

Corporations appear to have more sway than the average person int his because they can usually do a good job of documenting how they were fucked over and documenting how they aren't just some kooky-conspiracy-crank who reports their font yard's bushes to the FBI for suspicious activity.

just looking at this on the face of it, it seems like a pretty blatant criminal act with a good amount of evidence to back it up. The charge sheet is probably just waiting on the will of someone to bring it to the attention of law enforcement.

Re:Sounds handled fairly well

They're making amends for getting caught. Consider: "Tests were run for a few days, after which they 'decided it wasn't worth the potential drama."

They intentionally included the code. They were planning on continuing. The only reason they stopped is that the cons (user backlash, possible lawsuits) outweighed the pros (making money off of suckers). If their mining operation had been successful enough, they'd still be doing it now.

Hell, even EA didn't hide the contents of their games. People buying the new SimCity knew it would be online only (and to a lesser degree people buying Dead Space 3 knew it would have microtransactions) and still bought it knowing they would be unhappy. The real shitstorm happened because EA didn't do enough QA or server stability tests, and it continues with in-game advertising. So, yes, there is a difference. EA committed gross ineptitude. ESEA committed borderline fraud. But, trust who you will with your credit.

Re:Sounds handled fairly well

[dcollins117]

Bitcoin mining becomes much more lucrative if you use someone else's hardware and electricity. Certainly others have been charged under the Computer Fraud and Abuse Act for smaller shenanigans than this. I will be interesting to see how this plays out.

Re:Sounds handled fairly well

[aztracker1]

Still won't buy a sony product...

Re:Sounds handled fairly well

[lorenlal]

And the point that GP, and up are trying to make is... Yup, they're apologizing for getting caught. Unlike most non-apologies, at least some good is coming out of it, and they're at least putting up a good show to show they're sorry.

That's better than the vast majority of non-apologies, and they're at least acknowledging that their image is important enough to them to try to make some amends.

I'm sure you paid all those speeding tickets that you could've been cited for, so I should just leave well enough alone.

Re:Sounds handled fairly well

[Dexter+Herbivore]

He didn't forget, he just ran it twice.

Re:Sounds handled fairly well

[nitehawk214]

Absolutely not, for an organization that is striving for legitimacy this is an extreme breach of trust.

So admitting wrongdoing, giving credit, and donating the money to a nonprofit is an "Extreme breach of trust"?
How do you figure that?

They are only sorry because they got caught.

Re:Sounds handled fairly well

at first they said it only ran 24 hours and mined 2 bitcoins then they changed their story. this coupled with the bullshit about it being an april fools joke and now I won't believe anything they say ever.

Re:Sounds handled fairly well

[Nyder]

Sure, it was rather poor form to have started on this project, even as a joke, but it seems they've fessed up and handled it well.

No they didn't.

for example he said it was going to a S14 Pot: http://play.esea.net/index.php?s=forums&d=topic&id=492152

Yet now it's supposedly going to charity.

I bet it goes into the corporations or the CEO's pocket.

Re:Sounds handled fairly well

[dbIII]

The ponies were funny for a couple of hours.

Re:Sounds handled fairly well

[Drakonblayde]

While I think this was egregious, I also think it's wrong to immediately jump to malicious intent on the part of the companies management or PR folk.

I think it's far more likely that an employee was in a position to make a change and managed to sneak it past others, and management just caught asleep at the wheel. It's not too hard for me to imagine a situation where management told the employee to stop, the employee reported that they did, but either they didn't, or may have been incompetent enough to not permanently disable it.

Given the choice between malice and incompetence, I'm going to err on the side of incompetence every time.

In this case, I think they did a good job. They've admitted culpability, they've made more than appropriate restitution, and they've apologized. Personally, I think they can be given a little grace.

If they ever do anything that reeks of this again, however, I'd be more than willing to nail them to the wall for it.

Re:Sounds handled fairly well

[VortexCortex]

Shame me once, I'm the fool.
Shame me twice, the fool is you.

Re:Sounds handled fairly well

[VortexCortex]

We're also supposed to take them at their word that only 29 bitcoins were mined. Sure they provided the dumps. How much are they holding back?

Less than twice the stated amount. Follow the money.

Re:Sounds handled fairly well

Now reverse the positions: Its some teenager who wrote some code which does some rather harmless things on a coorporates computers (for example, calculating primes or the first 10000 digits of PI).

Do you think he will get away with an apology ? Or will he be thrown in jail for a couple of years, owing the coorporation a lot of money for the cleanup efforts of their computers.

And that is without even mentioning that the teenager could have made a couple of bucks off of the usage of those coorporate computers, which would probably make the teenagers efforts a "heavy criminal action".

"April joke" sounds good, but it has already gone too far when that joke-code went into production code.

As for apologies ? *They* should have been the ones telling their customers they did it (and ofcourse replaced the infected code at no charge). But they probably didn't as they knew that they already went too far and would loose trust.

But than again, coorporations are known to severely misbehave towards a (teenage) hacker who tells them they have a security hole -- trying to offload all costs in regard to actually installing any intrusion-detection software onto such a helpfull (or so he thinks) hacker. I can understand that a coorporation thinking that way will asume it goes the same the other way around.

Re:Sounds handled fairly well

I'm not familiar with that phrase, and neither, it seems, is Google. Did you just make it up?

Perhaps you were thinking of

Fool me once, shame on you.
Fool me twice, shame on me.

Re:Sounds handled fairly well

[19061969]

That doesn't change the company's guilt one iota because it was a post-hoc ("after this") act.

What the company's post-act actions do is allows a more lenient sentencing so that the judge can let them off with a slapped wrist for being naughty boys or imposing a lighter fine.

Re:Sounds handled fairly well

...The software did what it said on the tin but it also did something else without advertising this fact to the users. ...

Which is the exact definition of "trojan-horse" software, used to set up a bot net.

Re:Sounds handled fairly well

[complete+loony]

The traditional corporate response would be to blame a rogue programmer and fire them, then claim that they are improving their standards and processes to ensure nothing like it ever happens again. Perhaps the next manager or two up the food chain would also be in the firing line.

Re:Sounds handled fairly well

They wouldn't have done either of those things had they not been caught.

Re:Sounds handled fairly well

Well, you know, the fact that the money was made on the expense of the players' power bills? And had they not been caught, this would have gone on indefinitely.

They stole money from the players and gave it to charity. That's still stealing.

Re:Sounds handled fairly well

Bhoosh. http://politicalhumor.about.com/od/bushvideos/youtube/bushfoolme.htm

Re:Sounds handled fairly well

[Ash-Fox]

Khyber, what is your day job that can afford you a legal team?

Re:Sounds handled fairly well

[1s44c]

So admitting wrongdoing, giving credit, and donating the money to a nonprofit is an "Extreme breach of trust"?
How do you figure that?

That's all good. The breach of trust was deliberately slipping people a Trojan in order to make private profits without the knowledge of, and at the expense of, their customers. It's theft and owning up to it later doesn't make it OK.

Re:Sounds handled fairly well

[1s44c]

Because it's bad to rob a bank but fine to steal from people?

Re:Sounds handled fairly well

[1s44c]

1) Watch someone type their PIN in at an ATM.
2) Pickpocket their bank card or obtain it in some other non-violent way.
3) Withdraw as much cash as you can.
4) Get caught.
5) Claim it was all an April fools joke and donate the stolen money to Charity.
6) Somehow you are the good guy.

Re:Sounds handled fairly well

[1s44c]

Whatever they said and for whatever reason, they're making amends for their mistakes. I'm willing to extend them credit on that basis.

They are only making amends because they got caught. You don't need to extend them credit, they already stole enough of that.

Re:Sounds handled fairly well

[IndustrialComplex]

No, because this was not a bank robbery.

You might as well say, "Because it's bad to damage streetlights, but fine to set fires?" The robbing a bank analogy just doesn't need to be applied because the situation doesn't require an analogy. Everyone on this site is capable of understanding the technical details of what they did, we don't need to obfuscate the problem by unnecessarily applying analogies.

Besides, it didn't even TRY to include a car.

Re:Sounds handled fairly well

He apparently makes and sells grow lights. Check out his posts - somewhere there's a link to a video of his product.

Re:Sounds handled fairly well

Bush is from Connecticut not Tennessee, you dimwit.

Re:Sounds handled fairly well

I ask myself that every time I visit /. on April 1st.

Exactly! April 1st is "Don't Read Slashdot Day".

Re:Sounds handled fairly well

[HungryMonkey]

I figure that because it happened in the first place, which is completely inexcusable. What were they thinking?

The latest release from ESEA covers this. It was initially beta tested with client approval, then they decided against moving forward.

With the whole fervor around Bitcoin, we did conduct some internal tests with the Client on only two of our own, consenting administratorsâ(TM) accounts to see how the mining process worked and determine whether it was a feature that we might want to add in the future. We thought this might be an exciting new tool that we could provide to our community. Ultimately, we decided that it was not. On April 13, 2013, after the initial tests, ESEA informed those involved in the test that we were killing the project and they should stop using the beta test. It came to our attention last night, however, that an employee who was involved in the test has been using the test code for his own personal gain since April 13, 2013...

Re:Sounds handled fairly well

Wow, that woosh was moving so quickly that it became a Bhoosh!

Re:Sounds handled fairly well

Clearly, they were going to post some blog entry about how the GPU consumption was to your benefit, because they were engaging in a 0% profit sharing scheme with you. However, they decided to pull the plug. It doesn't mater if they made a million dollars on your CPU software. You choose to run the software you can say hey this stuff is banging the crap out of my system.

Complaing with your dollars and stop using the service till they restore some sense of performance. I can't think of any EULA that promises that a program is efficient because it only does what you think it should.

Re:Sounds handled fairly well

[dj245]

This is just one more reason why Microsoft needs to provide GPU performance indications in Taskmgr.exe. GPU's used to be somewhat specialty hardware, and only serious gamers, somewhat serious gamers, or professional graphic or CAD users had powerful ones. Nowadays with the new APU-type chips even the cheapest computers can have a reasonably powerful graphics processor.

Re:Sounds handled fairly well

[julian67]

It's funny because it happened to someone else. Ha ha!

Re:Sounds handled fairly well

[steelfood]

Actually, since the users probably downloaded the client of their own free will, it's not a breach of anything. There's probably some clause in the EULA that says they can't be held responsible if their software makes your computer explode. Parts of the EULA might not be enforcable, but these parts fall under common sense and may actually be applicable in this case.

As a user, it's up to you to ensure that the things you put on your computer is not harmful to yourself. If somebody's program that you downloaded included a keylogger, as long as they didn't actually try to use the information pulled off it, it'd be hard to charge them and have the charges stick.

Now, the issue with law enforcement going after the individual who did this is a completely different issue. Those are just bullying tactics, something that anyone with a lawyer and hidden behind a limited-liability corporation wouldn't fall for, but an individual would.

The moral of the story? Get incorporated and a good lawyer if you want to do anything. Not anything shady, anything.

Re:Sounds handled fairly well

[NemosomeN]

Bitcoin mining is not efficient. The cost of the mining was more than $3,600, therefore it was a reduction in the wealth of players of more than was gained. A reasonable user would not have agreed to the mining.

Re:Sounds handled fairly well

Just by the way it was handled, you can tell it wasn't EA that did this...

Re:Sounds handled fairly well

[Khyber]

>Doesn't know how networking works

Re:Sounds handled fairly well

[prelelat]

I think the whole point isn't that they are sorry and people might even forgive them for it, the point is do they deserve our trust? They don't quite frankly. Apologizing only goes so far they need to prove that they can be trusted again. That doesn't mean throwing credit at people and donating money to charity. All that shows is that they aren't assholes. It goes a long way to rebuilding their reputation but only time and good behavior can fix the trust issue.

All this apologizing does is show that they are capable of earning trust back, they don't yet deserve it and we shouldn't give it to them so freely just because they righted the wrong after they were caught.

I mean who does an April fools joke that's testing something and doesn't shut it off and tells no one they had the joke played on them? I robbed a bank on April 1st, but it's OK because it was an April fools joke.

Re:Sounds handled fairly well

[Ash-Fox]

>Doesn't know how networking works

Because lawyers have so much time to spend for free on other people's stuff? Yeah, no. I am not buying it, Khyber Kitsune.

Re:Sounds handled fairly well

[Khyber]

You demonstrate some pretty amusing ignorance of how the legal system works.

Go learn what pro bono means, and how it relates to class-action lawsuits.

Give you a hint: Most class-action suits are handled FREE by lawyers. All you do is walk up to them with a good case (or in my case, the lawyer hears about my issues through Slashdot) and if they think they've got a winning chance, they take it.

I've provided this law firm with several cases, all of them settled in our favor. I get my legal services for free as payment, much like other companies provide me equipment for free as payment for testing their products and telling them how to improve them.

You should probably leave your basement and venture out into the real world, sometime. Pick up a passport and maybe travel around the world like I have.

Re:Sounds handled fairly well

[Ash-Fox]

Go learn what pro bono means, and how it relates to class-action lawsuits.

And in this case, it's your legal team, not a class action legal team, your words, not mine. Your point is still invalid.

Re:Sounds handled fairly well

Right. It's only because they got caught that they're fessing up and paying out to charity. Otherwise, they probably would have let it go on indefinitiely while the top/senior staff have an extra night of steak and lobster a week.

Re:Sounds handled fairly well

[Khyber]

Uh, no my point is still quite perfectly valid. It's your ignorance that's making you try to segue out of being made a fool out of - AGAIN. You tried to ask a smartass question like 'How can you even afford lawyers?' and got your ass smacked down really quickly.

You still have no clue what networking is. You clearly demonstrated it. Not only is my point valid but you made yourself look a fool.

Re:Sounds handled fairly well

[Ash-Fox]

You tried to ask a smartass question

I didn't try, I pretty much asked a question in topic of the previous questions, you're the one whos trying to save your answer now by claiming the question wasn't in reference to my previous line of thought etc. And if you were genuinely trying to evade by going into a different topic as you claim, well, pretty similar conclusion either way. Your point has come across perfectly, Khyber.

You still have no clue what networking is.

Cool story bro.

Re:Sounds handled fairly well

[Khyber]

Still doesn't know what pro bono is, still doesn't know that lawyers will take a case for free (and in many times, class actions are handled pro bono.)

You didn't ask a question on the topic of previous questions, you were trying to be a smartass and imply I'm poor. Nobody's fooled by your bullshit.

Computer Trespass

[Peter+Mork]

This sounds an awful lot like computer trespass: coercing somebody else's computer into doing something on your behalf. If an individual pulled this stunt, he or she would be in prison.

Re:Computer Trespass

[ThorGod]

Yep, but instead the company involve just pays a fine. That's the only way companies pay for crimes...with dollars.

Even if you're BP and you severely damage one of the world's oceans and kill an uncountable amount of wildlife and destroy whole ecosystems.

Re:Computer Trespass

[Anubis+IV]

Probably so. Of course, the question this begs, at least in my mind, is not one of, "Why aren't these people in prison?", but rather, "Why does anyone go to prison over something so innocuous?"

Granted, you can definitely engage in forms of trespass that are much worse than this, but for something like this situation, which was promptly handled, had no major ill effects, and was responded to in a way that indicates it truly was a mistake, I don't see why anyone should be up for prison time, whether as an individual or a part of a company.

Re:Computer Trespass

[lgw]

See, BPs big mistake was to put out the fire. As everyone knows:

Birds soaked in oil: evil

Birds fried in boiling oil : tasty!

Re:Computer Trespass

[gehrehmee]

This is one of those cases where hitting a score of 5 doesn't quite cut it. The double-standard here is pretty stark and depressing.

Re: Computer Trespass

"Why does anyone go to prison over something so innocuous?"

Because when a group of people plan and execute it this type of thing it's called conspiracy. What if it was a big company using your CPU cycles for processing data for a third party? How about a government (foreign or domestic) processing data about people for the purposes of spying?

Is the difference the party stealing your CPU cycles, or what they are doing with it? If it was in the EULA would that make it OK?

It's NEVER right to use YOUR computer without YOUR knowledge and YOUR approval.

Re:Computer Trespass

[Jah-Wren+Ryel]

Granted, you can definitely engage in forms of trespass that are much worse than this, but for something like this situation, which was promptly handled, had no major ill effects, and was responded to in a way that indicates it truly was a mistake, I don't see why anyone should be up for prison time, whether as an individual or a part of a company.

But they are ignoring the costs of the clean-up. Every single user that had their system compromised like that needs to check everything from scratch to verify that the sports league software didn't compromise their systems in any other ways.

The costs of that is probably in the millions. I mean major companies who already have staff on hand to handle that sort of thing as part of their regular duties routinely claim tens if not hundreds of thousands of dollars in clean-up costs, multiply that by all the of the different users here and the cost is enormous.... :)

Re:Computer Trespass

[girlintraining]

Why does anyone go to prison over something so innocuous?

I broke into your car last night, but I didn't take anything. You wouldn't even know, if not for this message I'm leaving for you. Now, out of curiousity, does it feel innocuous to you to have your personal space violated? There was no harm done, right? Nothing was taken. You wouldn't even have known about it otherwise.

So, you have no reason to feel violated, correct? And I could do the same thing by coming into your house, correct? You know, where your computer is.........

Re:Computer Trespass

[Fnord666]

This sounds an awful lot like computer trespass: coercing somebody else's computer into doing something on your behalf. If an individual pulled this stunt, he or she would be in prison.

Based on this section of ESEA's statement, it was an individual who pulled this stunt.

It came to our attention last night, however, that an employee who was involved in the test has been using the test code for his own personal gain since April 13, 2013. What transpired the past two weeks is a case of an employee acting on his own and without authorization to access our community through our company's resources.

Re:Computer Trespass

[Anubis+IV]

Your analogy would suggest that they broke into these computers. Quite the contrary. A better analogy might be that you invited me into your car (i.e. willingly downloaded the software), and I left behind a magnet that would pick up any loose change you dropped, but then I later thought better of it, let you know what I had done, and tried my best to make reparations.

Again, innocuous.

Re:Computer Trespass

"innocuous"? Some people lost their GPUs.

Re:Computer Trespass

[fredprado]

Nah, a better analogy is, you hired me to change your tires, and I decided to put stuff in your car and copy your car lock to be able to access it and get my stuff whenever I wanted. Then when you found out I had copied the car keys I apologized and donated the results of my endeavor to a charity.

Analogies are always wrong in the end, but wrong as it may be mine is still a lot better than yours.

Re:Computer Trespass

I think it's more like "Whenever you're not using your car I take it out for a spin and use it for my own profit. I've earned like $3000 using your car in the past weeks. I'm very careful and cover my tracks well. If it wasn't for this note admiting my wrong doing you'd probably never find out, even though you've been suspicious for the past couple of weeks because the mileage keeps increasing and the tank's always running low. But, hey, no harm no foul, right? Right?!"

Re: Computer Trespass

[Anubis+IV]

Agreed, but that doesn't mean that prison time is warranted. Note that I never suggested that they should go unpunished. A fine would seem to make much more sense, or mandatory compensation/reparations to the victims. Something that fits the crime, essentially, rather than defaulting to prison time for no apparent reason.

Re:Computer Trespass

"innocuous"? Some people lost their GPUs.

Sure, but they still have their ABCDEFHIJKLMNOQRSTVWXYZs so it's no big deal.

Re:Computer Trespass

[arkhan_jg]

Probably so. Of course, the question this begs, at least in my mind, is not one of, "Why aren't these people in prison?", but rather, "Why does anyone go to prison over something so innocuous?"

Granted, you can definitely engage in forms of trespass that are much worse than this, but for something like this situation, which was promptly handled, had no major ill effects, and was responded to in a way that indicates it truly was a mistake, I don't see why anyone should be up for prison time, whether as an individual or a part of a company.

Leaving it running for at least 2 weeks is not exactly promptly in my book. Even putting it in the release code disabled, without notification, is shady as hell. The forums are apparently riddled with complaints about gpu problems, including dead graphics cards on machines running the bitcoin software. While it's entirely possible it's pure co-incidence, it's also entirely possible they damaged thousands of dollars worth of high end graphics cards - which given they can easily cost $500 a pop, wouldn't take many. Consumer grade GPUs aren't designed to run full throttle for weeks at a time. Especially if, for example, a gamer has a manual fan control so they can shut up the half dozen case fans when idling, and ramp them up when they start a gaming session (I use this exact setup). A couple of generations back, I fitted after market copper heatsinks and fans to my GPUs to improve cooling at lower fan speeds, but the downside was they had to be manually controlled via a rheostat, so if something like this had been running without my knowledge it could easily have literally cooked my gpus without me being any the wiser as I ramped them down when to cut noise I was just browsing slashdot et al. Those cards are still trucking in a friend's machine several years later, incidentially.

Criminal damage in the course of trespass for profit? Seriously bad judgement, and really not funny. Worth jail time? No. Worth some real consequences? Yes.

Re:Computer Trespass

Who was coerced into installing that software? Whether the software was malware or not, shouldn't they have called the police as soon as they had regained some safety? The coercion issue is way bigger than the bitcoin/powerdraining issue. Unless, that is, the coercion never really happened.

Re:Computer Trespass

This sounds an awful lot like computer trespass: coercing somebody else's computer into doing something on your behalf. If an individual pulled this stunt, he or she would be in prison.

Explain the coercion, and what law you think that relates to. You run the software, it did not damage the integrity your system, or violate any laws, it simply utilized system resources in a way any other application could legitimately have.

At worst, you could only classify this software as "malware", which is easily fully legal.

If you people think this is illegal, you should realize the only thing separating it from some open source software with a runaway CPU/GPU bug is intent..
You'll have a stupefying hard time [dis]proving intent of a computer program in court for one thing, and for another, almost every EULA written contains some not fit for a particular purpose legalese. I'm not sure I've ever heard that software authors need permissions to do any particular random thing with your system anyway after someone (anyone) puts it there.

Re: Computer Trespass

Except the law says otherwise. And to not apply the law because its a corporation reduces the deterrent value of the law.

Re: Computer Trespass

Honestly, if it was just an employee who snuck this in then how do they have access to the wallet?

Re:Computer Trespass

[IndustrialComplex]

But they are ignoring the costs of the clean-up. Every single user that had their system compromised like that needs to check everything from scratch to verify that the sports league software didn't compromise their systems in any other ways.

I'm sorry, but no. You could apply the same logic to any other piece of software that was ever installed on any system ever. Unless you verified every line of code, how can you be sure that there wasn't some reused code from another project which had unwanted, but unnoticed behavior? Do you realize how often even unintentional backdoors are discovered in software because pieces were (often lazily) included from other working pieces?

I'm sorry, but the instant you install ANY software that you didn't write yourself, or verify line-by-line, you cannot be certain that your system isn't compromised.

Re:Computer Trespass

[Anubis+IV]

I'd certainly agree. I definitely believe that they deserve to be punished, but I also believe that the punishment should fit the crime, and jail time seems to be excessive for something such as this. Reparations to the victims and a fine would seem to make the most sense.

Re: Computer Trespass

[Anubis+IV]

That's nice and all for the law, but as I pointed out with my first post in this thread, the question is not one of applying the law, but rather of why the law is what it is. I'd certainly agree that the law should be applied evenly both to corporations and individuals, but I'd also suggest that the law is providing an excessive punishment in cases such as these, and that it should be changed to something that better fits the nature of the crime. For instance, reparations to the victims and a fine, rather than jail time.

And, once again, that would apply to individuals as well.

Re:Computer Trespass

[Hatta]

Granted, you can definitely engage in forms of trespass that are much worse than this, but for something like this situation, which was promptly handled, had no major ill effects, and was responded to in a way that indicates it truly was a mistake, I don't see why anyone should be up for prison time, whether as an individual or a part of a company.

They deserve to face prison time because Aaron Swartz, Andrew Auernheimer, Matthew Keys, Eric McCarty, Stefan Puffer, Bret McDanel all faced prison time for less malicious activites. Either you throw the book at everyone, throw the book at no one, or you have a farcical justice system.

Re:Computer Trespass

[IndustrialComplex]

Here's a better analogy:

They included some code in their software that intentionally performed unnecessary calculations.

Re:Computer Trespass

No, it sounds an awful lot like READ THE TERMS OF SERVICE YOU DUMB FUCKS.
Just about any software that had you sign your life away could be running a bitcoin miner OR WORSE.

If an individual pulled this stunt, he or she would be laughing all the way to a... trip to vegas with that 4k.

Re:Computer Trespass

[Gary+Perkins]

Make companies who break serious laws start giving up patents and copyrights to the public domain. Watch big business become friendly REAL quick.

Re:Computer Trespass

[ThorGod]

Or any sort of threat other than cash.

Re:Computer Trespass

[fast+turtle]

Nope. It's fraudulent missuse of computer resources (Mine). and no, I didn't download their crapware but if I had and they got caught lying to me twice, I'd charge em with the federal crime of Fraudulent Missuse of Computer Resources along with suing their asses off for the same reason and No I wouldn't go for a class action status and if the lawyer was to suggest it, I'd kick em to the curb as they're not working for me, instead for themselves.

Re:Computer Trespass

[SSpade]

If they used fraud or deception to install malware to take control of peoples machines to, say, send spam, that'd be solidly criminal.

Sending spam probably costs the owner of the compromised machine much less than bitmining does (in additional energy costs, cooling costs and possibly accelerated degradation of the GPU, possibly leading to failure). I'm not seeing how the same standards don't apply.

Re: Computer Trespass

I think prison is a good penalty for this type of thing because others (individuals, companies, malware gangs, etc) need a deterrent that is greater than a "cost of doing business". What was done only differs from other misuses of someone else's computer by degree.
- hidden features were included in the software.
- these hidden features used the victim's computers without their knowledge or permission.
- these hidden features were used for the profit of the perpetrator (even though it did not steal BitCoins or cash from the victims).
- these profits were transfered to the perpetrator (via these victim's computers "phoning home").
- some people's GPU's needed to be replaced, which is a loss for the victim even though that "cost" did not go to the perpetrator.

The BitCoin angle seems to create "profit" out of thin air, but it was profit nonetheless (at least until the company tried to make good with donations).

Re: Computer Trespass

[flimflammer]

Kind of obvious, don't you think? It's not like he was a random guy on the internet that could just disappear when shit hits the fan. I'm sure if the guy values not getting in a lawsuit with his employer over these events, he would likely be more than willing to fork over the meager $4k he got from it.

Re:Computer Trespass

[socialleech]

You are forgetting that this is an e-sports software.. It calls home all the time anyway. So, maybe this would be a bit closer to me changing the tires on your car(the update that added the code), and I setup something in your engine that would make it idle even when you weren't there, generating something that you wouldn't have had in the first place. And then, every time you came back for more work(apparently, everday) I collected the generated whatever(bitcoins in this case).

It costs you a bit of gas, and I got something out of it for free. To cover the GPU's needing to be replaced could be compared to: If your car wasn't in the best of conditions, this might have put it over the edge, or not.

I used to run a small time mining op for a couple months. Dual GPU's working full tilt 24/7 cost about $30/month to run in increased electricity. So, the cost to the user(who's car didn't break) would likely be covered by their free month of the service.

Was what they did wrong? Of course. But is it some crazy thing we all need to be getting uppity about? Maybe. But these users did install this stuff of their own free will. If they had put it in the EULA, I don't see how this would be wrong.. granted most of us never read those things, but Sony removing my Other OS on my PS3 was in the EULA. Lots of us got mad about it, but it never changed. Want to keep your Other OS, then no online play for you.

Re: Computer Trespass

[Holi]

I did not know there were mandatory sentences for this crime. Whether jail time is warranted is up to a jury but they should definitely be charged and tried.

Re:Computer Trespass

What if...hear me out here...we built a prison...AROUND the company's home office? Or in it? I'm not choosy.

Re:Computer Trespass

[Lakitu]

Laws are prescriptive: they must be written and agreed upon beforehand. You cannot be punished for doing something which only becomes illegal after the fact.

Punishments for breaking laws generally provide for a range in sentencing, giving the judicial system some leeway in case the "crime" actually was something rather innocuous or unintentional. If you think the range of sentencing doesn't quite fit the magnitude of the crimes, then you believe the law should be changed. This also needs to be pre-scribed.

If the range of sentencing for crimes is decided right after it is committed, or if it can be nullified immediately, then there isn't much of a judicial system at all. It's just a mob.

Re:Computer Trespass

[fredprado]

Was what they did wrong? Of course. But is it some crazy thing we all need to be getting uppity about?

Sure it is. They abused the user trust, installed unauthorized software inside his machine and received unauthorized information from that machine. They should go to jail because of it.

Nothing regarding EULA applies to this case, but if you want to talk about it, even if they had put it in an EULA it would still be a crime in many countries, maybe even in US where legislation by EULA is a common practice.

Re:Computer Trespass

[Dodgy+G33za]

"You cannot be punished for something that only became illegal after the fact"

Tell that to the Australian government, who have done exactly that on more than one occasion.

http://www.ruleoflaw.org.au/campaigns/campaign-by-topic-area/retrospectivity/

Re:Computer Trespass

[Anubis+IV]

As the saying goes, two wrongs don't make a right. Just because someone else faced an injustice does not mean that it should continue to be perpetrated on others, which is what you seem to be suggesting. If anything, it should point to a need to reform the system and come up with a new standard that will apply to everyone, rather than continuing to apply the unjust one.

Re: Computer Trespass

[Drakonblayde]

Pretty simple, he likely cut a deal with the employer to turn over all information regarded to the activity to avoid prosecution from the company itself.

As an example, years ago, I worked for a hardware reseller. The guy who processed our RMA's was using the company to supply his ebay business. Since he was the one handling replacements, when he went into the cage where the expensive stuff was held, no one gave it a second thought.

He got greedy and sold off 20 grand of inventory, which was enough to trip an internal investigation. In order to avoid prosecution, he cut a deal with the company to turn over all the records for his side business and resign his position.

Re:Computer Trespass

[whoever57]

Modifying your analogy a little:

You took your car to a repair shop. The repair shop used your car as a taxi for a day (using your gas and adding miles to your car).

 

Re:Computer Trespass

[goose-incarnated]

While two wrongs do not make a right, the law is not about right or wrong. The reason courts place so much emphasis on precedence is to ensure that the law is dispensed fairly - so if someone in the past got X years in jail for committing activity Y with characterstics Y.a, Y.b ... Y.z, then it's only fair that the next person who did Y with Y.a ... Y.z should get a similar sentence. Let me emphasise: The law is not about doing no wrong, so we don't care if the second wrong doesn't make it right; we only care if the second wrong makes it fair.

Re:Computer Trespass

[Hatta]

Of course we should reform the system. But that's not going to happen unless we make powerful people, like those who run corporations, suffer like the rest of us. If you want to reform the CFAA, we need organziations like the ESEA on our side. Congress is a lot more likely to listen to them than to us.

Re:Computer Trespass

[Remus+Shepherd]

The difference is that most companies have their users or employees sign EULAs or waivers to protect the company from its actions.

So the question becomes -- is Bitcoin mining covered in the E-Sports EULA? If so, no harm and no foul. It still stinks, but legally that should cover them.

Re:Computer Trespass

YOU wouldn't charge them with shit, faggot. And you likely couldn't afford the legal council to sue them.

Re:Computer Trespass

[Lakitu]

I was talking about the only place that matters (America), where it is explicitly prohibited in the Constitution.

The UK and some of its former colonies aren't quite as big on writing things down beforehand, and most of the time it seems to work. Australia in particular does seem to have a lot of "well, whatever, you know what we meant" legislation from the news I see, which is really the only explanation for some of the crazy laws that I hear come out of there. But hey, if it works, then it works. I don't have much more than a passing knowledge of it.

Thank god it's not like that in the USA, though. It'd be a total madhouse. I don't know how you people do it.

Re:Computer Trespass

No, The analogy for this is you take a cross country trip and you rent a GPS system for the road. When you install the GPS system two hitch hikers hide in your trunk for the trip and get a free ride. The weight of the riders lowers your Gas Millage and takes up luggage space. When you stop using the GPS the hitch hikers get out no mater how far you drive and you return to running efficiently.

In reality you installed a software to participate in a service. That service was purposely designed to be extremely inefficient, but accomplished the intended goal and you were mostly happy with the service level provided, but complained that it seemed to drain to many resources while it ran. At any time you were able to stop running the service and your host device returned to normal.

The fact they made money off the programming doesn't really mater. After your paying them for the service to begin with. Indeed the purpose of this software and your experience is to make the owner money. Hell they could of called it ad revenue if it didn't burn out your GPU so quickly

Re:Computer Trespass

[fredprado]

Your car analogy is ridiculous. The "service" you participate in never warned that it was using your hardware to do another tasks that had nothing to do with the service you contracted, and never asked your permission to do such a thing.

You may delude yourself in any way you see fit, but installing a trojan to run an unauthorized program in my system is a criminal offence. Period. It doesn't matter what this program does. If I, had done the same thing with a program sold to the government for example, or to a bank, I would be in jail.

the clear takeaway

It's OK to add secret bit-mining code to client software as long as you do it on April 1.

How much?

[ArcadeMan]

29 Bitcoins, worth over $3,700

So one bitcoin is worth roughly USD$127? I imagine those who started all this bitcoin stuff are probably filthy rich by now... right?

Re:How much?

[Intrepid+imaginaut]

Heh, if they can find someone to buy their bitcoins, which I'd imagine is becoming increasingly difficult.

Re:How much?

Last price:$120.30000
High:$141.90000
Low:$104.00000
Volume:169141 BTC
Weighted Avg:$122.02937
- https://mtgox.com/

Re:How much?

No, they didn't hand out bit coins like water. There would be no value in that.

Re:How much?

[oodaloop]

It was up to something like $280 recently. But the people who started it aren't making that money. It's not like they made money out of thin air and sold it.

Re:How much?

[ArcadeMan]

If nobody's buying them or accepting them as currency, what is their value derived from?

I'll stick with my Canadian Tire dollars, thank you very much.

Re:How much?

[ArcadeMan]

All I keep reading is that it's costing more and more in processing time to mine a single bitcoin, so I'm assuming that the creators were able to mine a shitload of bitcoins with lesser resources at the very beginning.

Re:How much?

Ok, think for a second. The mining of coins get harder. At the very start, you could mine many bitcoins a day.
Now guess who were the first people that had the ability to mine these bitcoins?

The ones that made bitcoin likely have 1000s if not more. Of course there is a chance they already sold them all, but given that them and early adopters probably got the majority of bitcoins, they couldn't really dump them all in one go.

Re:How much?

[Guspaz]

Sure they are (making money). It's estimated that Satoshi Nakamoto (the anonymous inventor of BitCoin) got somewhere between one to one and a half million bitcoins in the early days, when they were very easy to generate (see the "total bitcoins" graph on wikipedia). Assuming he hasn't sold them off at some point in the past, they're currently worth somewhere between $120 million USD and $180 million USD. That's a pretty tidy profit for one person.

Re:How much?

It is so sad to see people speak on things they don't understand, particularly when the answer is in their own question. It doesn't even require knowledge; it just needs a bit of objective and clear minded reasoning.

When a thing is said to be currently traded at x dollars, it means that right now there are people buying and selling that thing for x dollars. Although volume is not explicit, it can be somewhat inferred from this as well.

Value is a function of subjective judgement, placed on two things by each individual. Some person A wants to prefers getting some bitcoin to not taking the time out of his day to do so. He wants y amount of bitcoin more than he wants x amount of his dollars. That is how value is 'derived'. That is who is buying bitcoin. Whether or not bitcoin is a useful and sound form of currency I cannot say, but these insipid FUD comments dismissing it are just stupid.

Re:How much?

But he invented Bitcoin as a small-scale experiment, so there's an excellent chance he deleted that wallet before anyone else started attaching value to them and never made anything.

Re:How much?

[joh]

The spooky thing about that is: There is a limited amount of Bitcoins that will ever exist and new ones are getting more and more expensive to mine. This means that if Bitcoin ever will take off every single one of them would get more and more expensive. Bitcoin will top out at 21 million bitcoins. If you have one million bitcoins you will own about 5 percent of everything that can be bought with it. As in: If Bitcoin would become THE world currency at some point you would own 5 percent of the world. Of course even owning one bitcoin would make you stinking rich then.

Re:How much?

Oh get fucked and play pyramid poker with someone else's money.

Re:How much?

[IndustrialComplex]

The big question is: How long did they hold onto that 'shitload' of bitcoins?

While mathematically clever, they were probably not also clairvoyant. Granted, with such low initial investment costs, they could afford to hold onto them for a longer time than people who invested at higher prices, but they would have had no way of knowing that $10/bitcoin wasn't the peak before the fall.

Re:How much?

[IndustrialComplex]

As long as a sufficient number of people didn't decide that they didn't want you owning 5% of the world and just said "Nope."

Re:How much?

Ok, think for a second.

If I wanted to do that, why would I be reading slashdot?

Re:How much?

Which is just as likely as nearly 300 million Americans deciding that they don't want a few dozen people owning the vast majority of the country.

Re:How much?

[IndustrialComplex]

It's a hell of a lot easier to switch from bitcoins than to switch from dollars.

Re:How much?

[r2kordmaa]

Tidy profit for sure, but what do you expect for creating something that is (arguably) worth $2billion today? Also chances are he/she has cached out long ago, for example when bitcoin hit 1$.I doubt Satoshi ever really thought that Bitcoin would ever be worth something (~100USD/BTC today), it was meant as a technology demonstration in the beggining, little else and worth exactly nothing. But as it turned out the system was bloody well designed and is now worth quite a lot. If it ever turns out to become really mainstream early adopters have every right to become billionaires, creating a whole new monetary system and economy is no small feat.

Donated double the amount to ACS

So, that's either a few fractions of a cent up to a million dollars....depending on the exchange rate at the particular time the money was donated.

Computer hacking...

[aaronb1138]

I advocate the involved parties all be arrested and charged with relevant computer hacking charges. The software development community needs a clear message sent that such activities are federal crimes and will not be allowed. I don't understand why we are still tolerating a Wild Wild West attitude to computer crimes by corporations when the laws are on the books and quite clear.

Also, trying to pass it off as merely an April fools joke is insulting as well. The closest part to a joke was the Office Space grade conversation about skimming from their own customer base.

Re:Computer hacking...

The laws on the books aren't as clear as you think. "Hey, I didn't ask to mine BitCoins for someone else - what gives?!" is a logical user position, but I'm sure the license agreement that user agreed to upon installing basically gave them carte blanche to do whatever they wanted with his/her computer.

Which would hold up in court - and are you sure enough to foot the bill for representation until (and possibly even if) you prevail?

I'm not. I agree with you in spirit, but in this case their response was pretty classy.

Re:Computer hacking...

[TheRealMindChild]

Because the geographical lines are blurry on the internet

Re:Computer hacking...

[NIK282000]

I think it sounds like a pretty awesome business plan if you are not underhanded about it. Release your software for free with a note in he TOS that you will be mining bitcoins for the developer whenever you are using the software. Users get "free" software and developers get incentive to make software that people want to use. If you release rubbish not many people will continue to use it and you won't get paid.

Re:Computer hacking...

[houghi]

Because it is corporations. We can not harm corporations. Next you know you can't even make serious mistakes (or doing fraude) as a bank and get away with it.

Re:Computer hacking...

[montre16]

Why would this activity even be illegal? It's proprietary software; the users have no right to see what's going on under the hood -- they have to take it as it is. They are willingly installing software without really being able to know what it does, and vendors aren't required in any meaningful way to disclose what the software really does. See, for example, Windows and MacOS. Furthermore, writing software to exploit users is certainly not uncommon practice, and using users to generate revenue is also not controversial, it seems. All we have here is a piece of really inefficient software that happens to have bitcoin generation as a side effect. The vendor could probably have fully disclosed this "feature" in the license agreement, which people would undoubtedly have agreed to without reading. I haven't bothered to find the license agreement for this particular piece of software, but it may well already be written in a way which absolves the vendor of legal responsibility for this unscrupulous activity.

Re:Computer hacking...

[aaronb1138]

Computer trespass laws are pretty clear. It is very reasonable to say that any use of computing resources used for purposes other than the stated, defined purposes, is trespass and hacking, otherwise, hacking becomes undefinable.

I'm not advocating for open source even, merely that software developers bear a legal responsibility that their code perform the job for which it was installed or purchased and that those jobs be clearly delineated.

Inefficient is not the same either as long as the goals for which the end-user installed the software are being approached.

The only grey area would be software which used generation of Bitcoin hashes or similar during an encryption handshake or some other silly method.

Re:Computer hacking...

[Holi]

until your software starts damaging your customers video cards by running them full bore 24/7

Re: Computer hacking...

[NIK282000]

That would be a good reason to not run your consumer's computer to death. It pays to play nice.

Re:Computer hacking...

[disccomp]

I had the exact same thought, a new way to subsidize "free" software so that developers can make back some cash on their investment. Be completely upfront about the fact you accept bitcoins as form of payment and give the user the option exchange cpu time for "credit"

Re:Computer hacking...

[pantaril]

I advocate the involved parties all be arrested and charged with relevant computer hacking charges.

Sure, charges should be brought to them, but is it necessary to imprison them for such minor offense? Prison time is not justified in this case. We always need to keep in mind that the sentence should be appropriate to the damages done. Charges and sentences unproportional to the (claimed) damages are not OK and can destroy innocent lifes (think of Aaron Schwarz for example).

What does...

[idontgno]

..."They've also provided data dumps of the Bitcoin addresses involved" mean?

I'm not up on bitcoin minutia. If these d-bags were running miners, that means that they own the coins... their wallet. So, what addresses do they mean? Specific coin IDs?

Re:What does...

I assume they posted the wallet files with the encryption keys. This pretty much destroys that wallet for any sort of encryption purpose.

Re:What does...

[Tynin]

..."They've also provided data dumps of the Bitcoin addresses involved" mean?

I'm not up on bitcoin minutia. If these d-bags were running miners, that means that they own the coins... their wallet. So, what addresses do they mean? Specific coin IDs?

Yes, they went to a wallet that the ESEA owned. In your wallet, you can setup numerous addresses that you can give to unique miners so you can see how many bitcoins specific miners are brining in. You can also just use a single address to have all of your bitcoins sent to. Either way, they'd all end up in the same wallet. As an example, here is the address I used when I first tried mining on a pool, you can use it to see how much I bothered to get from this specific pool.

1AiyVX1Ag87gar9E3oWb3QEziUHvDBRHax

90C+ temperatures

Users vented their anger on the ESEA forums claiming that their video cards were maintaining over 90 celcius+ temperatures for extended period

Aside from not opening the source code for their client, the ESEA handled this situation well.

Your problems with your video card do not come from them. If you care about longevity and reliability, you need to stop overclocking your GPU and follow the manufacturer's instructions. By default, the hardware WILL shutdown if the virtual Tj reaches an unsafe level. If you disable that feature, don't cry when your card blows up. It could have easily happened while gaming.

(I am an electrical engineer. All our products are tested up to 85C ambient temperature, at maximum load. We only use driver ICs with built-in protection from overtemperature, overcurrent, and short-circuit.)

Re:90C+ temperatures

[IndustrialComplex]

Users vented their anger on the ESEA forums claiming that their video cards were maintaining over 90 celcius+ temperatures for extended period

Aside from not opening the source code for their client, the ESEA handled this situation well.

Your problems with your video card do not come from them. If you care about longevity and reliability, you need to stop overclocking your GPU and follow the manufacturer's instructions. By default, the hardware WILL shutdown if the virtual Tj reaches an unsafe level. If you disable that feature, don't cry when your card blows up. It could have easily happened while gaming.

(I am an electrical engineer. All our products are tested up to 85C ambient temperature, at maximum load. We only use driver ICs with built-in protection from overtemperature, overcurrent, and short-circuit.)

It's good that your product can handle up to 85C at maximum load. That's a good way to check that your product can survive 85C at maximum load. But I'm a systems engineer, and the fact that your product can survive doesn't do me much good when I'm concerned about the increased failure rate when a product is run at 100% for an extended period of time.

Gaming Video cards were NOT designed to operate at 100% utilization for extended periods of time. That sort of activity will result in shorter lifespans regardless of the fact that it can survive a high temp environment for a short period of time.

Re:90C+ temperatures

So you are a hardware guy, expecting the software guys to kick in the fail safe when shit gets rough

No, I'm expected the hardware guys to do it. I only expect the software guys not to reconfigure the shutdown temperature to 200C.

Re:90C+ temperatures

[Khyber]

"Your problems with your video card do not come from them. If you care about longevity and reliability, you need to stop overclocking your GPU and follow the manufacturer's instructions."

Oh, yea? Is that why I sued EA for this exact same thing, forced them into settlement/bankruptcy?

Got some news for you...

If you're an EE, you're a pretty shitty one to not know that tons of GPUs use the world's shittiest urethane thermal transfer pads. Even without overclocking, they eventually lose that contact and begin the slow march to heat death. Especially in things like HP laptops and cheaper-grade discrete GPUs.

Crime?

[grumpyman]

Using somebody's resource for benefit for themselves, without consent? Like using using car repair shop to fix his car (or others) without telling the owner?

Re:Crime?

If you insist on making a car analogy, it'd be more like commandeering your car every night and pushing the engine to its limits to earn a quick buck, all without asking your permission or paying for the gas.

Now call it what you want but at least those people whose gpus are displaying symptoms of damaged memory chips and were left with the excess power bill of a gaming grade gpu running an inch of its full power envelope every minute their client was on would probably object to the legality of such practice.

A joke? On who?

[Bieeanda]

Giving these idiots the benefit of the doubt, how the Hell does something like this get past the planning stage, let alone into the release client, before someone realizes 'Hey! This could cause drama'? Fuck, Uber Entertainment apparently did the same thing with Super Monday Night Combat, but at least they had the guts to announce it, and offer company scrip in return for putting extra wear on your hardware and power bill.

Re:A joke? On who?

[TherilAlPenn]

Uber's thing is also a separate application that ran independently of the rest of their stuff, so not something you could just remotely turn on by accident. It's not even bundled with the game client or launcher; if you don't go looking for it, you won't have it.

Re:A joke? On who?

[Goaway]

Hint: They're lying.

EULA

[Registered+Coward+v2]

Next time don't forget to add a Bitcoin clause

And thats a lawsuit...

You admitted doing it... You're now on the hook for theft and computer tresspass. Which last i looked carried a potential jail time of 60 years.

Someone go get the lawyers. they'll love the easy money here.

Re:And thats a lawsuit...

[flimflammer]

Not really.

Re:And thats a lawsuit...

[Khyber]

Yea, really. I sued EA for pretty much this exact same thing, except the hidden unmentioned software was SecuROM and it fucked with my GPU to where it would no longer recognize my 32" LCD as a 16:9 1080p monitor. A windows install didn't repair it, a re-flashing of the firmware fixed it, about a year after the lawsuit got settled.

Computer Fraud and Abuse Act applies

[Animats]

This looks like criminal activity under the Computer Fraud and Abuse Act. The "obtains anything of value" clause there seems to apply. When can we expect arrests?

Re:Computer Fraud and Abuse Act applies

[Kaenneth]

This looks like criminal activity under the Computer Fraud and Abuse Act. The "obtains anything of value" clause there seems to apply. When can we expect arrests?

That would require the government asserting that bitcoins have actual value...

April Fools? Sure thing...

[h8mx]

It began as an April Fools' Day joke idea

How exactly does that work?

"We were using your electricity and potentially damaging your computer for a whole month without your permission! APRIL FOOLS! Ha we got you good!"

Re:April Fools? Sure thing...

[nitehawk214]

It began as an April Fools' Day joke idea

How exactly does that work?

"We were using your electricity and potentially damaging your computer for a whole month without your permission! APRIL FOOLS! Ha we got you good!"

Yeah, there is no way in hell this was meant as an April Fools joke. More of a "Lets steal resources from our customers to make $$$$!, Our customers are so stupid they would never realize that their video cards are melting!" And, as always for a business, they only came clean once caught, and are only sorry they got caught, not sorry that they did it.

This fiasco begs a question.

[bdwoolman]

If a developer was up front about a distributed bitcoin mining scheme being baked into their software, Would some people go for it as an option to amortize, or even pay for, some useful application? Is anybody doing this already? I am wondering about the economics of this. How much does it cost per hour of mining on a modern reasonably energy efficient x86 box?

Re:This fiasco begs a question.

If you agree to mine bitcoins on behalf of the vendor, the vendor is going to credit you with at most the expected value of the bitcoins. Which, as many recent articles have pointed out, is less than the cost of the electricity you'll burn through.

This only works for the user if someone else is paying for the electricity.

Re:This fiasco begs a question.

[IndustrialComplex]

I've never seen an instance of amortizing the cost of anything in which the total amount paid was less than paying for something outright. Cars, furniture, computers, phones, homes...

Don't forget the human victims

[dutchwhizzman]

Several people died in the explosions on the drilling rig. However (un)important the damage to the economy and the wildlife is, no human being gets away with killing someone and getting convicted to "only a fine", but a company like BP does.

Re:Don't forget the human victims

[Hatta]

14 people died in the West Texas fertilizer plant explosion last week. 3 people died in the Boston Bombings. One sparked a citiy wide lock down and door to door manhunt for the responsible party. In the other, the responsible party is well known, and remains a free man. I don't have to tell you which is which.

Re:Don't forget the human victims

One was malicious, one may have been an accident. The courts take motive into consideration.

Re:Don't forget the human victims

[Holi]

>one may have been an accident.
Or gross negligence.

Re:Don't forget the human victims

[dcollins117]

Or gross negligence.

I vote gross negligence. The West Fertilizer plant failed to notify the DHS of it' ammonium nitrate stockpiles. It is required to do under the Chemical Facility Anti-Terrorism Standards Act. They are not out of the woods by any means, someone is going to be held accountable.

Re:Don't forget the human victims

[vux984]

One sparked a citiy wide lock down and door to door manhunt for the responsible party.

Presumably out of fear he would strike again.

In the other, the responsible party is well known, and remains a free man.

No one thinks he intentionally blew up his fertilizer plant to kill 14 people. And no one thinks he's plotting to blow up another one.

I do hope they charge and convict someone for the negligence there, but lets not pretend its the same thing as a bomber on the loose.

That said, I disagree with some of what was done in the Boston case too. And I strongly disagree with some of the even more extreme measures that a lot of people advocated for.

Re:Don't forget the human victims

[Hatta]

No one thinks he intentionally blew up his fertilizer plant to kill 14 people.

Did he intentionally blow it up? No, but he intentionally neglected the safety precautions that would have prevented it from blowing up in order to increase his profits. That's not any better than deliberately tossing bombs at people, and on the whole employer negligence is a much, much bigger threat to the people of this country than terrorism is. Accordingly, it should be a higher law enforcement priority.

Re:Don't forget the human victims

[lars_stefan_axelsson]

Several people died in the explosions on the drilling rig. However (un)important the damage to the economy and the wildlife is, no human being gets away with killing someone and getting convicted to "only a fine", but a company like BP does.

Yes, there's a problem there, sometimes "I'm sorry" doesn't just cut it. However, history is not without precedent when it could be proven that corporate officers acted with intent and malice.

Sorry for Godwining the thread so early...

Re:Don't forget the human victims

What courts? There weren't any courts involved in Boston. Just a bunch of scared pussy Murikans, hiding in their holes.

Website with TOS?

[rthille]

I wonder about a website which embedded javascript which mined bitcoins as long as you were active on the page. You could burry in the TOS that you were doing it to be on the up and up. Of course you'd want to throttle the JS so the user's fans didn't spin up and alert them, but still if you had a popular enough site, you might be able to make a pretty bit-penny...

Re:Website with TOS?

[Shompol]

TOS:
...
279. By visiting this page you explicitly grant permission for our page scripts to run, regadless of the purpose, on your machine.

There. Any responsibility avoided. Furthermore, lately they are trying to push laws in the US that braking TOS is a federal offence, so blocking the "agreed-upon" scripts makes YOU a criminal!!

Re:Website with TOS?

[r2kordmaa]

Something must be horribly wrong if website can access your video card. And if it cant the whole affair becomes totally pointless, i think javascript implementation of bitcoin miner on webpage was made once, it worked but hashrate was so slow it would be entirely pointless to run. And that was a while ago when network hasrate and mining difficulty was much lower. Today when even gpu mining is going obselete fast and being replaced with asic mining it makes absolutely no sense. Unless you just want to slow users computer down. Migth make some sense for litecoin mining as that is more constrained by memory than computational speed

Re:Website with TOS?

[oreaq]

Something must be horribly wrong if website can access your video card.

It's called WebGL.

Re:Website with TOS?

[H0p313ss]

admitted to embedding Bitcoin mining code inside the league's client software

Right there in the summary. It's a trojan.

You failed at internet reading, on the upside you are now qualified to join the 99%.

Unfortunately...

... this will have zero negative effect on their bottom line. None.

This can actually be used as application payment.

An word processor \ spreadsheet manufacturer (Microsoft ?) can give people office software with a bitcoin client build-in provided they will pay using their free GPU time. This will reflect their usage so people who spend the whole day in front of the spreadsheet would be paying more than the average Joe who just types and reads the odd document once or twice a month.

Yeah... This could actually really work! Maybe even a whole linux distro (or at least a package) could get it's funding that way! They don't have to be greedy or anything so say, load balance the thing at 50% and provide a nice turn on\off widget or something for when people don't want it to work...

Sounds handled fairly well? WTF?

[csumpi]

How is this different than installing some trojan botnet app that does ddos attacks or steals your credit card number? They stole money from users by using electricity to mine bitcoins. Handled well? Not until their asses are thrown in jail.

calling bs on this one

none of this sounds like any kind of mistake.

New MMO Freemium model!

Would be interesting to see this used as a method to get the freemium content in MMOs : "You can F2P our MMO, but if you dont want to grind for the extras, you can either pay for it, or let your computer do the grinding!". (via bitcoin mining for the company)

Certainly beats the majority of the bots doing the same grinding in-game.

Fools.

If you believe this was an April Fool's joke then I have a bridge to sell you.

Mineware

[ubersoldat2k7]

Since I think this is a good idea (not doing it secretly of course), I'm going to coin this kind of software as "Mineware".

The main problem I see here is when you have 2 or more Minewares installed and all of them are reaching out for GPU time.

Free games and supporting FLOSS software

Hey, this is actually pretty cool idea to have free games. Either it runs only when you actually play, or for additional benefits you could leave it running during night and it produces you "game coins".

Or better yet, people could also donate e.g to FLOSS projects or whatever by running some bitcoin mining software. Leave it running for night and you just paid for your picked bug to be fixed. The upside is that not everybody is willing to ever use online money if it requires credit cards or is complicated or unavailable in some parts of the World.

double the amount of B.Cs on which day

[Infestedkudzu]

Breach of trust. yes. But I'd take this aftermath any day over how other companies would react.

Sounds handled fairly well? Really?

[sherrane]

What you are apparently missing is that they didn't make a mistake. They intentionally attempted to steal from people and were caught by those they stole from. They should be apologizing to a judge instead of in a PR release.

Re:Except...

[PlastikMissle]

RuntimeError: maximum recursion depth exceeded.

The role of analogies in moral discussion

[l2718]

I think you miss the point of arguing by analogy here, which is to establish a moral or legal reference point (depending on the discussion). Most of us have a personal idea of the moral weight of (relatively) common actions like robbing a bank, stealing a car for a joyride (you asked for it!) and helping an old woman cross the street. When we are faced with a new phenomenon (abusing the fact that users run your code to suborn their computing power for personal gain), we need to decide what moral weight to give it. The natural approach is not to start from first principles, but rather to compare it with our existing framework -- in other words to argue by analogy. We say "this was not nearly as serious as bank robbery" or "this is certainly more serious than selling crappy software". The situation is very similar when we address the legal question ("considering our existing set of legal rules, what should the punishment be?"). To me such thinking is very important, or you end up with the current US regime where criminal hacking into a computer can lead to more jail time than raping the sysadmin.

Re:The role of analogies in moral discussion

[IndustrialComplex]

I think you miss the point of arguing by analogy here, which is to establish a moral or legal reference point (depending on the discussion). Most of us have a personal idea of the moral weight of (relatively) common actions like robbing a bank, stealing a car for a joyride (you asked for it!) and helping an old woman cross the street. When we are faced with a new phenomenon (abusing the fact that users run your code to suborn their computing power for personal gain), we need to decide what moral weight to give it

I'm always against analogies, but I have two problems with this analogy:

1. The analogy presented is so far beyond what occured in terms of harm and ethical behavior that it fails in actually being a useful analogy.
2. The situation is not so new or complex that it cannot be understood on its own.

If you MUST use an analogy, I would suggest this:

A car dealership sells a digital dashboard system to a car owner. The man installs the system in his car. However the dealership included extra hardware called 'Automated Taxi Service' in the dashboard. When the man isn't using his car, the hardware activates and uses his car and gas as a taxi. Later, the man discovers that his car mileage is too high and discovers the automated taxi module.

There you go, an analogy which is MUCH closer to what actually happened, isn't hyperbolic, and in appropriate Slashdot fashion, is a car analogy.

exactly the kind of shit us poor diggers don't nee

[KingBenny]

d
the name is bad as is.
what kind of an april fool's idea is it to make money off of other people's electricity then?