Skip Links

Gaming company caught building Bitcoin mining botnet from users' computers gets off light

Is a $325K fine adequate punishment for subverting paying users' machines to mine Bitcoin?

By Mark Gibbs on Tue, 12/03/13 - 3:19pm.

Back in May Network World reported on the discovery of Trojan code in client-side gaming software published by the Commack, NY-based, E-Sports Entertainment Association. ESEA provides gaming services including matchmaking, league play, and cheat prevention for games such as League of Legends and Starcraft 2 for $6.95 per user per month. 

What ESEA did with the Trojan code was to create a botnet of some 14,000 of their claimed 586,000+ client base to mine for Bitcoins but, in the process, managed to damage some users’ computers by overheating due to unthrottled GPU processing.

The Trojan code in question was OpenCL miner, “a bitcoin miner that uses the OpenCL framework to perform the hashing computations. When used with a modern GPU, this can produce hash rates orders of magnitude higher than what can be achieved with a CPU.” Originally authored by Apple, the core of the miner, OpenCL, is “a framework for writing programs that execute across heterogeneous platforms consisting of central processing units (CPUs), graphics processing units (GPUs), digital signal processors (DSPs) and other processors.”

When the issue first came to light ESEA claimed it was an April Fool’s joke but the company changed its story and eventually ESEA co-owner Eric Thunberg ‘fessed up and admitted that the bit coin mining had been going on for two weeks and netted a total of 29 bitcoins worth, at the time, about $4,000 (today those 29 bitcoins are worth in excess of $30,000). It was claimed that a rogue engineer, Sean Hunczak, was responsible. ESEA said it would donate double the value of the bitcoins to chairty and began a program to compensate users whose hardware had been damaged.

But that wasn't the end of it for ESEA and at the end of November the New Jersey attorney general’s office announced that it had come to a $1,000,000 settlement with ESEA and placed them on a 10-year probation. The company must immediately pay $325,000 but if they behave during the probation period the remainder of the fine will be waived.

ESEA subsequently released a weaselly statement (full text below) that, in part, argued:

We want to make it clear to our community that we do not agree with the Attorney General’s account of the Bitcoin incident.

The settlement that was signed makes explicitly clear that we do not agree, nor do we admit, to any of the State of New Jersey’s allegations. The press release issued by the Attorney General about our settlement represents a deep misunderstanding of the facts of the case, the nature of our business, and the technology in question.

Curious; ESEA admitted to doing what was claimed in a forum but argues that the claims made by NJ attorney general were somehow erroneous. In fact, remarks by Ipkane (the alias of ESEA co-owner Eric Thunberg) in the commehts following ESEA’s statement makes it clear that the company isn't exactly repentant and implies they deny the AG’s claims that their client software:

… enables ESEA full administrative access of end-users' computers … [and] enabled Defendants to not only monitor end-user computer activity but also view and upload any and all end-users' computer files. / Among the many monitoring activities conducted by ESEA, the ESEA Software was programmed to automatically capture screen shots of computers, track computer mouse movements, and monitor end-users' computer activities even when they were not logged onto ESEA servers. … ESEA did not put policies and procedures in place to ensure its employees were not abusing their full administrative access privileges or inappropriately accessing end-users’ computer files.

The most egregious of the charges from a security viewpoint as well as underlining the intentions of ESEA was:

ESEA also programed the ESEA Software to reload the ESEA Monitoring Code even if end-users attempted to "unload" the driver.”

This is rootkit behavior and definitely way beyoind anything that could be considered acceptable in commercial software when users were not informed about how the software operated. Whichever way you look at what ESEA did it was opportunistic, illegal, and dangerous to the integrity of their users’ computers. 

I think ESEA got off light. What’s your take?

Let it all out below or to gearhead@gibbs.com then follow me on TwitterApp.net, and Facebook.

ESEA’s full statement:

As a result of the Bitcoin incident that occurred earlier this year, an investigation was opened by the Attorney General of New Jersey. We cooperated fully with the investigation and agreed to settle the matter so that we would be able to return our full attention to our business and serving the needs of the ESEA community.

We want to make it clear to our community that we do not agree with the Attorney General’s account of the Bitcoin incident.

The settlement that was signed makes explicitly clear that we do not agree, nor do we admit, to any of the State of New Jersey’s allegations. The press release issued by the Attorney General about our settlement represents a deep misunderstanding of the facts of the case, the nature of our business, and the technology in question.

Moving forward, it is our intent to provide our community with confidence that ESEA will be taking every possible step to protect your privacy. The employee who was responsible for the Bitcoin incident was terminated, and we are taking steps to ensure that nothing like this can happen again. In the weeks to come, you can expect to see a notice posted on our website that provides a detailed explanation of our privacy policy in a manner that can be easily understood. Additionally, regular audits will be conducted by a third party specialist in order to ensure that we maintain a secure environment and protect your privacy.

The ESEA Client remains to be a powerful tool that we will continue to offer our customers for a fair online video game experience. We remain committed to moving forward and focusing on delivering a high quality online video game experience for our customers.