
Hacking iWin and Why it Wasn’t Worth It - matt1
http://www.mattmazur.com/2010/01/hacking-iwin-and-why-it-wasnt-worth-it/
======
paulhart
Left a comment there, but may as well copy-paste here:

A few years ago I was working on a competition with a grand prize of several
new SUVs (part of a product launch for the vehicle). We did a very basic
version of the “riddler.com” model (remember them about 12-15 years ago?)
where our partner websites would put ‘badges’ for gamers to click on. Each
badge was worth some number of points.

Some smart souls figured out that the badge numbers were somewhat sequenced
(we had allocated up to 10 badges per partner, so we would start at ‘10′ for
instance and work our way up). Scripts were written that would hit our server
each day and collect the maximum number of points available.

The scripts weren’t that smart though, and there were gaps in the rewarding
badges. Our ‘fix’ for this was to create new badges in the gaps that were
worth massively negative numbers of points. In one day, the most problematic
players vanished.

------
tptacek
Anyone remember CDNow? They rewarded referral purchases with $5 gift
certificates. But they awarded the gift certificates before the referral
purchase cleared. At the time, you could also trivially acquire a "valid"
unique Mastercard number using $0-balance "Web Certificates". Long story
short, you could write a script that would generate an unbounded credit for
yourself at CDNow. People raped them with it.

Problems like this were really common in the late '90s. They persist today,
but are more subtle. We always test for $-1.00 input flaws, and they aren't
frequent.

The people who are actively exploiting these can give you any number of
rationalizations for how legal their actions are, but at the end of the day
what's protecting them is that they're staying below the noise floor for civil
and criminal attention. It's still just fraud.

------
yread
This is interesting:

 _At this point you might be wondering how iWin ever expected to make money
off of their originally business model. I wondered that for a long time too.

Here’s what I think: ... Most people probably quit long before they ever
earned enough to get anything._

This is perfectly true from my knowledge of a sms quizzes where less than 1%
of the people actually play the game (although 100% of them pay the
subscriptions).

------
zaidf
Did you ever go after Pointclick:)? They folded not long after launching.

~~~
Alex3917
I did, and I got a Rio 500 out of it. I didn't hack it though, basically my
method was this: during lunch my friends and I would go into the school
computer lab when no one was there and turn on every computer. Then we'd open
up as many instances of IE as I could, clicking on an ad and keeping the
browser open for the requisite amount of time. After about 8 instances of IE
were open the computer would crash, so we'd power cycle the computer and move
onto the next one. By the time this computer was rebooted we'd have already
gone through all the other computers, so there wouldn't be any loss of time.

The funny thing is that IIRC this wasn't even against the TOS until a few
weeks before they went bankrupt. I was also fourteen at the time, same as the
submitter. I don't really consider it unethical, or at least were weren't
hurting Point Click, because they were basically in the business of scamming
advertisers. And the advertisers didn't care because they were getting $800
million valuations because of all their hits. And the investors were happy to
invest at these prices even though they knew what was happening, because they
thought that the economics of business had changed forever and in just another
two years they'd be insanely rich. And all of my friends and I, being
fourteen, thought the investors were right.

So even now it's hard for me to feel bad about it. At the time it wasn't even
clear that Point Click would go bankrupt or that there was a larger economic
bubble, we all just thought the free stuff was somehow because of Moore's law.
And because we did legitimately work pretty hard for those points, we just
sort of assumed that whatever we were doing was somehow creating value.

~~~
zaidf
Haha, all the fourteen year olds doing silly things unite! Indeed, I was 14
too when I was going after them. It was one of the first bots that I wrote in
VB. Making the mouse move to simulate a real click automatically was tonnes of
fun:)

I also wrote a NetZero ad remover. Of course, every other kid on the block was
writing one too. Then there was allAdvantage. And the list goes on.

