Feeds

Gaming app ENSLAVES punter PCs in Bitcoin mining ring

Some secret software to go with your deathmatch, sir?

SANS - Survey on application security programs

A competitive gaming company has admitted that for two weeks in April its software client was hijacking league members' PCs to mine Bitcoins.

In an eyebrow-raising turn of events, the company, ESEA Gaming, admitted on Wednesday that its software client had been running Bitcoin-mining algorithms on customer PCs since April 14, generating over $3,700 worth of the virtual currency – not to mention a likely uptick in the electricity bills of the unwitting punters whose graphics cards' GPUs been forced to mine the virtual currency.

ESEA is a competitive gaming company that lets paying punters play various video games competitively, with the chance of a cash prize as they rise through the ranks. It uses a bespoke software client to prevent cheating, and it was this software client that was loaded with Bitcoin mining routines.

The Bitcoin mining software had been originally rolled out in a test on ESEA Gaming admin accounts, the company's co-founder Eric Thunberg explained in a forum post using the handle lpkane. But the test didn't generate many Bitcoins (two in two days) and was shut down – or so Thunberg thought.

In fact, the miner wasn't shut down. Rather, it was rolled out across ESEA's entire user base.

An ESEA employee who was involved in the tests "has been using the test code for his own personal gain since April 13, 2013," the company wrote in an official statement on Monday. "We are extremely disappointed and concerned by the unauthorized actions of this unauthorized individual. As of this morning, ESEA has made sure that all Bitcoin mining has stopped. ESEA is also in the process of taking all necessary steps internally to ensure that nothing like this ever happens again."

The program used player GPUs to perform the complex mathematical operations required to mine Bitcoins, and generated 29.27627734 Bitcoins for the ESEA employee.

ESEA became aware of the Bitcoin mining after concerned users made posts to the forum complaining of high GPU utilization, even when idle.

The unauthorized two-week long spell of mining apparently took Thunberg by surprise, who wrote in a later post to the forum:

as of the client update released in the last hour, all the btc stuff is out which should solve the gpu and av warnings, and in a blatant attempt to buy back your love (and less likely your trust), i'm going to do the following:

1. 100% of the funds are going into the s14 prize pot, so at the very least your melted gpus contributed to a good cause

2. every user who was premium this month will get a free one month premium code which they can use whenever and for whomever they like, and you'll find the code under manage accounts -> premium codes

Along with the prize pot, ESEA gaming is also donating double the value of the mined Bitcoins – $7,427.10 at current market rates – to the American Cancer Society.

"While it's incredibly disturbing and disappointing that this happened, we’re committed to improving ourselves and rebuilding trust with our community," the company wrote.

The case serves to highlight how the virtual currency's recent dramatic rise in valuation relative to the US dollar has attracted speculators, chancers, and criminals in droves. The ESEA case follows the re-emergence of Bitcoin-mining malware earlier in April, along with a variety of other money-grubbing squint-and-they're-legal schemes.

"If we had found out on our own that the miner was running we would have killed it anyway because a) we'd already decided it wasn't worth it, and b) there are far less shady ways to make money," Thunberg wrote in reply to a forum user. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.