Network gaming company uses its "cheat-prevention" client to build a Bitcoin botnet

Filed Under: Botnet, Featured

In one episode of the nerdtastic TV sitcom Big Bang Theory, the socially-challenged Caltech physicist antihero, Dr Sheldon Cooper, has his World of Warcraft account hacked.

A giant shopping-list of Sheldon's virtual property gets plundered: his wand of untainted power, all his gold, and even Glenn, his beloved battle ostrich.

As Sheldon laments, "Three thousand hours. Three thousand hours clicking on that mouse, collecting weapons and gold. It's almost as if it was a huge waste of time."

And that's the problem with games that you play across the internet: how do you trust the other people in the contest?

Even when there's no money involved, it spoils the fun if the other guys aren't on the level.

That's where on-line communities like ESEA, or E-Sports Entertainment, come into play.

ESEA describes itself on Facebook as "the leading game play based community. With a sweet pick up game mod, a custom anti-cheat client that works, and cool statistics to log all of your activity, ESEA is the place to play!"

To join ESEA's network, you need to install and use the company's custom client software.

The client is designed, amongst other things, to maintain a level playing field by detecting cheats, such as players who programmatically automate tasks - rapid, accurate shooting, for instance - that are supposed to be a battle of dexterity between human opponents.

Imagine the stirrings of discontent when players on ESEA's network started wondering about symptoms such as their GPUs (graphics processing units, the special graphics cards that speed up the display) running at high utilisation.

Overcooking your GPU can be a costly exercise, since it increases electricity consumption and may shorten the life of your hardware.

What was causing the hot and heavy running?

Surreptitious Bitcoin mining, it seems!

One customer took the simple precaution of looking in the ESEA client log file and found this:

Another user got in telephonic contact with a sysadmin at ESEA to discuss what was going on, and received some surprising admissions during the call.

Here's a partial transcript of the sysadmin's comments:

It shouldn't be any surprise, but the [anti-cheat] client is capable of doing a lot of things that people don't know about. [...] They think the client does screenshots and that's about it. Truth be told...it probably does more than about 50 different things, because there are more than 50 ways to cheat.

[...] Funnily enough, there was a debate, a conversation, regarding the subject of using the client to mine Bitcoins. That was a joke, but at the same time it was half serious.

The high-performance GPUs that many gamers own are handy for Bitcoining, because the Bitcoin system relies on computing massive numbers of SHA checksums, a task that just happens to be ideally suited to today's graphics hardware.

The ESEA staffer continues, rather unconvincingly:

It turned out I actually did write code to do it, but it wasn't supposed to be code that was everywhere. [...] I restarted the server and the [configuration] setting got reset and [the mining code] actually got turned on, which was only, like, it wasn't for very long.

We calculated how much we would actually make, if we really wanted to do it. We would make hundreds of thousands of dollars if we actually did it with everybody. But that would be pretty intense.

[Voice of caller] Not to mention kind of illegal.

And that's the problem with software that you run across the internet: how do you trust the other people in the protocol?

Even if there's no money involved, it spoils the fun if the other guys aren't on the level.

ESEA head honcho Torbull has now tried to make a clean breast of it, admitting that the company had toyed with the idea of using its customers as a giant Bitcoin botnet, but decided not to go ahead.

Nevertheless, someone inside the company didn't listen, and ran a Bitcoin farm on ESEA customers' computers for the next two weeks.

The outcome fell far short of the hundreds of thousands of dollars predicted above, but was nevertheless a handy sum to accumulate for free: just under $4000's worth of Bitcurrency.

It's a funny sort of infringement, because the Bitcoins weren't actually stolen, and the client software was voluntarily installed by each user, no doubt under terms and conditions that permit fairly arbitrary remote updates and reconfiguration.

Indeed, the Bitcoins didn't even exist until before the unauthorised mining started.

ESEA has decided to donate the proceeds to charity, to chip in the same amount again itself, and to create a prize pool for customers that will return $3,713.55 back into its customer community.

Peace with honour?

Probably - but it does raise the age old question: who will guard the guards?

, , , ,

You might like

5 Responses to Network gaming company uses its "cheat-prevention" client to build a Bitcoin botnet

  1. Andy Bellini · 535 days ago

    These lines are repeated:

    And that's the problem with software that you run across the internet: how do you trust the other people in the protocol?

    Even if there's no money involved, it spoils the fun if the other guys aren't on the level.

    • Paul Ducklin · 535 days ago

      The first use of those lines (which uses slightly different words) expresses concern for how you level the playing field between customers in an online service; the second concerns itself with keeping a level playing field between the customers and the online service itself.

      It's a rhetorical device. It probably has a fancy Greek name but I don't know what it is :-)

  2. Rich · 535 days ago

    νέρδ τραπ.

  3. Abuse of software developers and you don't even have to get a virus, worse you actually pay for this abuse.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog