E-Sports League Stuffed Bitcoin Mining Code Inside Client Software 223
hypnosec writes "The E-Sports Entertainment Association (ESEA) gaming league has admitted to embedding Bitcoin mining code inside the league's client software. It began as an April Fools' Day joke idea, but the code ended up mining as many as 29 Bitcoins, worth over $3,700, for ESEA in a span of two weeks. According to Eric Thunberg, one of the league's administrators, the mining code was included as early as April. Tests were run for a few days, after which they 'decided it wasn't worth the potential drama, and pulled the plug, or so we thought.' The code was discovered by users after they noticed that their GPUs were working away with unusually high loads over the past two weeks. After users started posting on the ESEA forums about discovery of the Bitcoin mining code, Thunberg acknowledged the existence of a problem – a mistake caused a server restart to enable it for all idle users."
ESEA posted an apology and offered a free month of their Premium service to all players affected by the mining. They've also provided data dumps of the Bitcoin addresses involved and donated double the USD monetary value of the mined coins to the American Cancer Society.
Sounds handled fairly well (Score:4, Insightful)
Sure, it was rather poor form to have started on this project, even as a joke, but it seems they've fessed up and handled it well.
Computer Trespass (Score:5, Insightful)
Re:Computer Trespass (Score:5, Insightful)
Yep, but instead the company involve just pays a fine. That's the only way companies pay for crimes...with dollars.
Even if you're BP and you severely damage one of the world's oceans and kill an uncountable amount of wildlife and destroy whole ecosystems.
90C+ temperatures (Score:0, Insightful)
Users vented their anger on the ESEA forums claiming that their video cards were maintaining over 90 celcius+ temperatures for extended period
Aside from not opening the source code for their client, the ESEA handled this situation well.
Your problems with your video card do not come from them. If you care about longevity and reliability, you need to stop overclocking your GPU and follow the manufacturer's instructions. By default, the hardware WILL shutdown if the virtual Tj reaches an unsafe level. If you disable that feature, don't cry when your card blows up. It could have easily happened while gaming.
(I am an electrical engineer. All our products are tested up to 85C ambient temperature, at maximum load. We only use driver ICs with built-in protection from overtemperature, overcurrent, and short-circuit.)
Re:Sounds handled fairly well (Score:4, Insightful)
Absolutely not, for an organization that is striving for legitimacy this is an extreme breach of trust.
Re:Computer hacking... (Score:3, Insightful)
The laws on the books aren't as clear as you think. "Hey, I didn't ask to mine BitCoins for someone else - what gives?!" is a logical user position, but I'm sure the license agreement that user agreed to upon installing basically gave them carte blanche to do whatever they wanted with his/her computer.
Which would hold up in court - and are you sure enough to foot the bill for representation until (and possibly even if) you prevail?
I'm not. I agree with you in spirit, but in this case their response was pretty classy.
Re: Computer Trespass (Score:1, Insightful)
"Why does anyone go to prison over something so innocuous?"
Because when a group of people plan and execute it this type of thing it's called conspiracy. What if it was a big company using your CPU cycles for processing data for a third party? How about a government (foreign or domestic) processing data about people for the purposes of spying?
Is the difference the party stealing your CPU cycles, or what they are doing with it? If it was in the EULA would that make it OK?
It's NEVER right to use YOUR computer without YOUR knowledge and YOUR approval.
Re:Sounds handled fairly well (Score:5, Insightful)
Sure, it was rather poor form to have started on this project, even as a joke, but it seems they've fessed up and handled it well.
... After they were caught with their hand in the cookie jar, yes. Meanwhile, were I, a non-corporation, to do something like this, the FBI would be coming through my door with a bunch of dudes with shotguns for an enhanced "interview" over my connections to terrorism, money laundering, etc.
So, my question is... whether intentional or accidental, it happened. That means it's a crime. So... where is the charge sheet, mmm?
April Fools? Sure thing... (Score:5, Insightful)
It began as an April Fools' Day joke idea
How exactly does that work?
"We were using your electricity and potentially damaging your computer for a whole month without your permission! APRIL FOOLS! Ha we got you good!"
Re:Sounds handled fairly well (Score:4, Insightful)
Absolutely not, for an organization that is striving for legitimacy this is an extreme breach of trust.
So admitting wrongdoing, giving credit, and donating the money to a nonprofit is an "Extreme breach of trust"?
How do you figure that?
Don't forget the human victims (Score:5, Insightful)
Re:Sounds handled fairly well (Score:5, Insightful)
I figure that because it happened in the first place, which is completely inexcusable. What were they thinking? What's to say it won't happen again? You know that old saying from Tennessee, well, from Texas, but probably from Tennessee too: fool me once, shame on, hmm, shame on you, fool me... well, you can't get fooled again.
Re:Sounds handled fairly well (Score:1, Insightful)
Yeah, it shouldn't be illegal to rob a bank if you give the money back... right?
Re:Sounds handled fairly well (Score:5, Insightful)
They hardly "admitted wrongdoing". They made up absurd stories about how it was all an April Fool's joke, and lied about how long it had been active and how much money they had made.
(Consider this: Which part of this "April Fool's joke" was supposed to actually be FUNNY? It was installed in secret. If it was hidden from you, how were you supposed to laugh at it?)
Re:Sounds handled fairly well (Score:5, Insightful)
Yeah, it shouldn't be illegal to rob a bank if you give the money back... right?
There is a problem with your post. They didn't rob a bank. So it's not like that at all.
Re:Sounds handled fairly well (Score:5, Insightful)
Re:Sounds handled fairly well (Score:4, Insightful)
They're making amends for getting caught. Consider: "Tests were run for a few days, after which they 'decided it wasn't worth the potential drama."
They intentionally included the code. They were planning on continuing. The only reason they stopped is that the cons (user backlash, possible lawsuits) outweighed the pros (making money off of suckers). If their mining operation had been successful enough, they'd still be doing it now.
Hell, even EA didn't hide the contents of their games. People buying the new SimCity knew it would be online only (and to a lesser degree people buying Dead Space 3 knew it would have microtransactions) and still bought it knowing they would be unhappy. The real shitstorm happened because EA didn't do enough QA or server stability tests, and it continues with in-game advertising. So, yes, there is a difference. EA committed gross ineptitude. ESEA committed borderline fraud. But, trust who you will with your credit.
Re:Computer Trespass (Score:4, Insightful)
Modifying your analogy a little:
You took your car to a repair shop. The repair shop used your car as a taxi for a day (using your gas and adding miles to your car).
Re:Sounds handled fairly well (Score:5, Insightful)
No, because this was not a bank robbery.
You might as well say, "Because it's bad to damage streetlights, but fine to set fires?" The robbing a bank analogy just doesn't need to be applied because the situation doesn't require an analogy. Everyone on this site is capable of understanding the technical details of what they did, we don't need to obfuscate the problem by unnecessarily applying analogies.
Besides, it didn't even TRY to include a car.
Re:Sounds handled fairly well (Score:2, Insightful)
I ask myself that every time I visit /. on April 1st.
Exactly! April 1st is "Don't Read Slashdot Day".