E-Sports League Stuffed Bitcoin Mining Code Inside Client Software

← Back to Stories (view on slashdot.org)

E-Sports League Stuffed Bitcoin Mining Code Inside Client Software

Posted by Soulskill on Wednesday May 1, 2013 @09:08AM from the not-how-you-do-it dept.

hypnosec writes "The E-Sports Entertainment Association (ESEA) gaming league has admitted to embedding Bitcoin mining code inside the league's client software. It began as an April Fools' Day joke idea, but the code ended up mining as many as 29 Bitcoins, worth over $3,700, for ESEA in a span of two weeks. According to Eric Thunberg, one of the league's administrators, the mining code was included as early as April. Tests were run for a few days, after which they 'decided it wasn't worth the potential drama, and pulled the plug, or so we thought.' The code was discovered by users after they noticed that their GPUs were working away with unusually high loads over the past two weeks. After users started posting on the ESEA forums about discovery of the Bitcoin mining code, Thunberg acknowledged the existence of a problem – a mistake caused a server restart to enable it for all idle users." ESEA posted an apology and offered a free month of their Premium service to all players affected by the mining. They've also provided data dumps of the Bitcoin addresses involved and donated double the USD monetary value of the mined coins to the American Cancer Society.

23 of 223 comments (clear)

Min score:

Reason:

Sort:

Sounds handled fairly well by magarity · 2013-05-01 09:15 · Score: 4, Insightful

Sure, it was rather poor form to have started on this project, even as a joke, but it seems they've fessed up and handled it well.
1. Re:Sounds handled fairly well by Anonymous Coward · 2013-05-01 09:30 · Score: 4, Insightful
  
  Absolutely not, for an organization that is striving for legitimacy this is an extreme breach of trust.
2. Re:Sounds handled fairly well by girlintraining · 2013-05-01 09:49 · Score: 5, Insightful
  
  Sure, it was rather poor form to have started on this project, even as a joke, but it seems they've fessed up and handled it well.
  ... After they were caught with their hand in the cookie jar, yes. Meanwhile, were I, a non-corporation, to do something like this, the FBI would be coming through my door with a bunch of dudes with shotguns for an enhanced "interview" over my connections to terrorism, money laundering, etc.
  So, my question is... whether intentional or accidental, it happened. That means it's a crime. So... where is the charge sheet, mmm?
  
  --
  #fuckbeta #iamslashdot #dicemustdie
3. Re:Sounds handled fairly well by Anonymous Coward · 2013-05-01 09:53 · Score: 4, Insightful
  
  Absolutely not, for an organization that is striving for legitimacy this is an extreme breach of trust.
  So admitting wrongdoing, giving credit, and donating the money to a nonprofit is an "Extreme breach of trust"?
  How do you figure that?
4. Re:Sounds handled fairly well by fredprado · 2013-05-01 10:10 · Score: 4, Interesting
  
  What the GP said still stands. If he, as a person and not a corporation had done exactly that, admitting it, and donating the results would fall very short from freeing his ass from prosecution. He would more likely than not end in jail.
5. Re:Sounds handled fairly well by girlintraining · 2013-05-01 10:12 · Score: 5, Funny
  
  What the GP said still stands. If he, as a person and not a corporation had done exactly that, admitting it, and donating the results would fall very short from freeing his ass from prosecution. He would more likely than not end in jail.
  Shhh... don't spoil it. I'm enjoying the slashdotters trying to rage against overbearing police authority and misunderstanding technology ... while at the same time having to balance out corporate versus private individual rights, and for the bonus round it's something that ties directly in with their online privacy. I got some popcorn, wanna share? This is gonna be good...
  
  --
  #fuckbeta #iamslashdot #dicemustdie
6. Re:Sounds handled fairly well by Anonymous Coward · 2013-05-01 10:14 · Score: 5, Insightful
  
  I figure that because it happened in the first place, which is completely inexcusable. What were they thinking? What's to say it won't happen again? You know that old saying from Tennessee, well, from Texas, but probably from Tennessee too: fool me once, shame on, hmm, shame on you, fool me... well, you can't get fooled again.
7. Re:Sounds handled fairly well by Goaway · 2013-05-01 10:28 · Score: 5, Insightful
  
  They hardly "admitted wrongdoing". They made up absurd stories about how it was all an April Fool's joke, and lied about how long it had been active and how much money they had made.
  (Consider this: Which part of this "April Fool's joke" was supposed to actually be FUNNY? It was installed in secret. If it was hidden from you, how were you supposed to laugh at it?)
8. Re:Sounds handled fairly well by IndustrialComplex · 2013-05-01 10:59 · Score: 4, Insightful
  
  Yeah, it shouldn't be illegal to rob a bank if you give the money back... right?
  There is a problem with your post. They didn't rob a bank. So it's not like that at all.
  
  --
  Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
9. Re:Sounds handled fairly well by Dunbal · 2013-05-01 11:17 · Score: 5, Insightful
  
  We're also supposed to take them at their word that only 29 bitcoins were mined. Sure they provided the dumps. How much are they holding back?
  
  --
  Seven puppies were harmed during the making of this post.
10. Re:Sounds handled fairly well by Hatta · 2013-05-01 11:40 · Score: 5, Funny
  
  Consider this: Which part of this "April Fool's joke" was supposed to actually be FUNNY?
  I ask myself that every time I visit /. on April 1st.
  
  --
  Give me Classic Slashdot or give me death!
11. Re:Sounds handled fairly well by Anonymous Coward · 2013-05-01 13:56 · Score: 4, Insightful
  
  They're making amends for getting caught. Consider: "Tests were run for a few days, after which they 'decided it wasn't worth the potential drama."
  They intentionally included the code. They were planning on continuing. The only reason they stopped is that the cons (user backlash, possible lawsuits) outweighed the pros (making money off of suckers). If their mining operation had been successful enough, they'd still be doing it now.
  Hell, even EA didn't hide the contents of their games. People buying the new SimCity knew it would be online only (and to a lesser degree people buying Dead Space 3 knew it would have microtransactions) and still bought it knowing they would be unhappy. The real shitstorm happened because EA didn't do enough QA or server stability tests, and it continues with in-game advertising. So, yes, there is a difference. EA committed gross ineptitude. ESEA committed borderline fraud. But, trust who you will with your credit.
12. Re:Sounds handled fairly well by IndustrialComplex · 2013-05-02 00:23 · Score: 4, Insightful
  
  No, because this was not a bank robbery.
  You might as well say, "Because it's bad to damage streetlights, but fine to set fires?" The robbing a bank analogy just doesn't need to be applied because the situation doesn't require an analogy. Everyone on this site is capable of understanding the technical details of what they did, we don't need to obfuscate the problem by unnecessarily applying analogies.
  Besides, it didn't even TRY to include a car.
  
  --
  Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
Computer Trespass by Peter+Mork · 2013-05-01 09:16 · Score: 5, Insightful

This sounds an awful lot like computer trespass: coercing somebody else's computer into doing something on your behalf. If an individual pulled this stunt, he or she would be in prison.
1. Re:Computer Trespass by ThorGod · 2013-05-01 09:21 · Score: 5, Insightful
  
  Yep, but instead the company involve just pays a fine. That's the only way companies pay for crimes...with dollars.
  Even if you're BP and you severely damage one of the world's oceans and kill an uncountable amount of wildlife and destroy whole ecosystems.
  
  --
  PS: I don't reply to ACs.
2. Re:Computer Trespass by Anubis+IV · 2013-05-01 09:27 · Score: 4, Interesting
  
  Probably so. Of course, the question this begs, at least in my mind, is not one of, "Why aren't these people in prison?", but rather, "Why does anyone go to prison over something so innocuous?"
  Granted, you can definitely engage in forms of trespass that are much worse than this, but for something like this situation, which was promptly handled, had no major ill effects, and was responded to in a way that indicates it truly was a mistake, I don't see why anyone should be up for prison time, whether as an individual or a part of a company.
3. Re:Computer Trespass by lgw · 2013-05-01 09:29 · Score: 5, Funny
  
  See, BPs big mistake was to put out the fire. As everyone knows:
  Birds soaked in oil: evil
  Birds fried in boiling oil : tasty!
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
4. Re:Computer Trespass by arkhan_jg · 2013-05-01 10:48 · Score: 5, Interesting
  
  Probably so. Of course, the question this begs, at least in my mind, is not one of, "Why aren't these people in prison?", but rather, "Why does anyone go to prison over something so innocuous?"
  Granted, you can definitely engage in forms of trespass that are much worse than this, but for something like this situation, which was promptly handled, had no major ill effects, and was responded to in a way that indicates it truly was a mistake, I don't see why anyone should be up for prison time, whether as an individual or a part of a company.
  Leaving it running for at least 2 weeks is not exactly promptly in my book. Even putting it in the release code disabled, without notification, is shady as hell. The forums are apparently riddled with complaints about gpu problems, including dead graphics cards on machines running the bitcoin software. While it's entirely possible it's pure co-incidence, it's also entirely possible they damaged thousands of dollars worth of high end graphics cards - which given they can easily cost $500 a pop, wouldn't take many. Consumer grade GPUs aren't designed to run full throttle for weeks at a time. Especially if, for example, a gamer has a manual fan control so they can shut up the half dozen case fans when idling, and ramp them up when they start a gaming session (I use this exact setup). A couple of generations back, I fitted after market copper heatsinks and fans to my GPUs to improve cooling at lower fan speeds, but the downside was they had to be manually controlled via a rheostat, so if something like this had been running without my knowledge it could easily have literally cooked my gpus without me being any the wiser as I ramped them down when to cut noise I was just browsing slashdot et al. Those cards are still trucking in a friend's machine several years later, incidentially.
  Criminal damage in the course of trespass for profit? Seriously bad judgement, and really not funny. Worth jail time? No. Worth some real consequences? Yes.
  
  --
  Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
Computer hacking... by aaronb1138 · 2013-05-01 09:20 · Score: 5, Informative

I advocate the involved parties all be arrested and charged with relevant computer hacking charges. The software development community needs a clear message sent that such activities are federal crimes and will not be allowed. I don't understand why we are still tolerating a Wild Wild West attitude to computer crimes by corporations when the laws are on the books and quite clear.

Also, trying to pass it off as merely an April fools joke is insulting as well. The closest part to a joke was the Office Space grade conversation about skimming from their own customer base.
1. Re:Computer hacking... by NIK282000 · 2013-05-01 09:36 · Score: 4, Interesting
  
  I think it sounds like a pretty awesome business plan if you are not underhanded about it. Release your software for free with a note in he TOS that you will be mining bitcoins for the developer whenever you are using the software. Users get "free" software and developers get incentive to make software that people want to use. If you release rubbish not many people will continue to use it and you won't get paid.
  
  --
  Dear aunt, let's set so double the killer delete select all
April Fools? Sure thing... by h8mx · 2013-05-01 09:51 · Score: 5, Insightful

It began as an April Fools' Day joke idea
How exactly does that work?
"We were using your electricity and potentially damaging your computer for a whole month without your permission! APRIL FOOLS! Ha we got you good!"
Re:How much? by Guspaz · 2013-05-01 10:01 · Score: 4, Informative

Sure they are (making money). It's estimated that Satoshi Nakamoto (the anonymous inventor of BitCoin) got somewhere between one to one and a half million bitcoins in the early days, when they were very easy to generate (see the "total bitcoins" graph on wikipedia). Assuming he hasn't sold them off at some point in the past, they're currently worth somewhere between $120 million USD and $180 million USD. That's a pretty tidy profit for one person.
Don't forget the human victims by dutchwhizzman · 2013-05-01 10:12 · Score: 4, Insightful

Several people died in the explosions on the drilling rig. However (un)important the damage to the economy and the wildlife is, no human being gets away with killing someone and getting convicted to "only a fine", but a company like BP does.

--
I was promised a flying car. Where is my flying car?