
ESEA turned anti-cheat client into BTC miner - dvt
http://play.esea.net/index.php?s=forums&d=topic&id=492102
======
pale_rider
The thread is closed, which links to an explanation, which is below:

\-----------------------------------

[lpkane] - 5.1.13 at 1:46am

lol that got aggressive quickly

back towards the end of march, as btc was skyrocketing, jaguar and i were
talking about how cool it would be if we could use massive amounts of gpus
logged into the client to mine

we went back and forth about it, considered doing something for april fools,
didn't get it done in time, and eventually elected to put some test code in
the client and try it on a few admin accounts, ours included

we ran the test for a few days on our accounts, decided it wasn't worth the
potential drama, and pulled the plug, or so we thought

fast forward to 48 hours ago, a fuck up in the client server results in a
restart which results in a setting getting changed which enables it for all
idle users, and here we are

and the results for 48 hours of your combined efforts?

<http://www.picsend.net/images/923377coin..>.

~2 btc, or roughly $280 usd at current exchange rates, not bad!

anyway, our bad, we just released a client update with the btc stuff removed,
and your $280 is going into the s14 prize pot -- if you're still feeling sad,
feel free to pm me and i'll attempt to buy back your love

but for the record, i told jag he shouldn't be lazy and run the miner in a
separate process, rookie move

~~~
dvt
And then _that_ thread was closed. And this one was opened:
[http://play.esea.net/index.php?s=forums&d=topic&id=4...](http://play.esea.net/index.php?s=forums&d=topic&id=492152)

Turns out the ~$280 turned into over $3,500. And the 48 hours turned into 8
days.

~~~
makomk
Yeah. Only after several people in the first thread figured out that their
antivirus software had been detecting the miner for much longer than 48 hours,
and one of them contacted the pool used to confirm how much had actually been
made, though.

------
shitlord
This isn't surprising in the least. Anti-cheat clients are the worst, ever
scummier than anti-virus clients.

If anyone here has ever played a game that used Inca GameGuard, you know what
I'm talking about. If you open a page in your web browser with a title that
seems _suspicious_ to GameGuard, it can fucking REBOOT your computer without
warning! And that's not the only client with such problems. From my
experience, it has been a problem shared by many anti-cheat clients: they're
all a bit too trigger-happy, even though they shouldn't be holding that gun in
the first place. And if that wasn't bad enough, these clients are also
notoriously buggy. They will corrupt the state of your kernel (they will do
things like overwrite entries in your SDT/SSDT, making various system calls
fail; in fact, it's very common practice for some of these tools to outright
disable the use of functions like NtOpenProcess or ZwWriteVirtualMemory, and
then not even bother to reallow them after the anti-cheat client exits), they
will litter your Windows folder, and wreak havoc however they want.

And here's the kicker: these anti-cheat clients aren't even that effective if
you know what you are doing.

~~~
leethax0r
...did you just imply that anti virus programs are shady?

~~~
lmm
Isn't that common knowledge? Many antivirus programs have a worse effect on
system stability/performance than the things they're supposed to prevent.

------
nyar
From what I understand the guy who runs ESEA is pretty much saying "Yeah, we
were talking about this one day and did it. Now you've caught us, so we'll be
removing it and giving everyone a free month. We also made $3000 something
dollars by mining with your computers, but we don't want you to be mad at us,
so we won't do it again. But we totally had no problem with this earlier."

~~~
luke_s
Do you have a link to that post on the forum? I don't feel like digging
through 4 pages of replies to find it.

~~~
UberMouse
[http://play.esea.net/index.php?s=forums&d=topic&id=4...](http://play.esea.net/index.php?s=forums&d=topic&id=492152)

------
saurik
One of the times that I accessed this page I was given this error, for people
who aren't using a browser capable of detecting this kind of thing (although I
don't know how serious these detections really are).

Danger: Malware Ahead!

Chromium has blocked access to this page on play.esea.net.

Content from bjskosherbaskets.com, a known malware distributor, has been
inserted into this web page. Visiting this page now is very likely to infect
your Mac with malware.

~~~
ninguem2
Is this for real? I just went to this page on a mac. Did not get any warning
or any other signs. What should I look for? Finally can the mods please remove
this link, if this is confirmed?

~~~
saurik
The second time I accessed it I did not get that; I imagine it is from some
kind of rotated-in advertisement provider (although I don't see any ads).

------
DigitalSea
It was only a matter of time before someone tried this, if I were in their
position I would contemplate it too given the rise of the cost of a Bitcoin
and they won't be the last to try something like this. I the day a widely used
software application like uTorrent decides to remove the malware and banner
ads and instead bundles in a Bitcoin miner that runs when your machine is
mostly idle (like download a torrent over night).

------
lifeformed
Let me provide some background on ESEA:

It's a paid service ($7/month) that lets you set up competitive matches of
Counter-strike (and TF2 and LoL) with other ESEA players. It has it's own
ranking system, it's own league/ladder, and anti-cheat system. It has over
20,000 subscribers. It's the most popular of such services for Counter-strike,
and has been around for many years.

This incident is really serious. People have reported damaged hardware from
this. Mining bitcoins can run _quite_ hot if your system is not built for it.
ESEA has been known for being scummy in the past - this is a huge breach of
trust and security that I can't believe so many players are overlooking it.

The worst part is their response to all of this. They're playing it off like a
joke and think it's no big deal. The $3600 they made came at the expense of
far more than $3600 in electricity costs from the community. They lied about
the whole thing, and keep changing their story as people figure out more of
it. There's more discussion on this on the csgo subreddit:
[http://www.reddit.com/r/GlobalOffensive/comments/1dgad2/esea...](http://www.reddit.com/r/GlobalOffensive/comments/1dgad2/esea_client_basically_a_virus/)

------
Pyramids
This is about as bad as you can get for any kind of software developer. I'd
rather run an installer that tries to install a toolbar than one that secretly
mines Bitcoins. At least those which bundle toolbars generally inform you and
provide an opt-out.

Although IANAL, the legality of this is highly questionable, considering the
recent (mis?)usage of the Computer Fraud and Abuse act, and the fact that
nothing in their EULA/ToS permits this kind of use case.

------
tantalor
I'll bite. Why not sell a service to a mining pool? Many services are free
anyway. I'd fork over an hour of GPU per day to see fewer the ads.

~~~
seanp2k2
BTC mining on GPUs uses a ton of power, like quadruple-the-monthly-power-bill-
in-your-apartment kind of power. If you're willing to pay the energy company
and bring more harm to the environment for something, I don't feel like you're
really thinking about the true cost. I'd rather just pay up-front on simple
terms.

~~~
thaumasiotes
The monthly power bill in my apartment is consistently $7 / month. If it went
up by a factor of 5, I'd never notice; a while ago I got fed up and paid
several months in advance because it seemed so ridiculous to have a $7 bill
every month.

What's a typical power bill like, and what's going on with mine?

(my power uses - lights, fridge, and one to two old computers in a 400 sq. ft.
apartment in downtown SF)

~~~
dm2
Do you not have A/C or heat? Microwave? Dryer? Water heater?

My apartment is only about $110 per month but there is also a $50 gas bill.
And I like to think that I live pretty minimally...

~~~
thaumasiotes
I do not have A/C, heat, a microwave, or a dryer (I'm not even allowed to
install a washing machine...). I get hot water, but I imagine there's a
central source of that for the whole building.

------
johnyzee
New business model for games: Free-to-play with embedded Bitcoin miner!

------
jacobquick
Should change this link to an actual news item, currently it goes to their
front page which of course provides no information. I know reddit's crappy but
this post is actually doing a good job aggregating info as it becomes
available:
[http://www.reddit.com/r/Games/comments/1dglil/popular_compet...](http://www.reddit.com/r/Games/comments/1dglil/popular_competitive_gaming_league_esea_admins/)

This should probably be a really big story covered and analyzed by all the
serious video game journalists... just kidding those don't exist. If we're
lucky maybe Forbes will cover it or something.

------
pcieee
Mirror: <http://www.webcitation.org/6GHYnetpc> and
<http://www.webcitation.org/6GHYhQL72>

~~~
makomk
Failed both times, only mirrored the splash page and not the forums.

------
mooism2
Redirects to welcome page.

~~~
dvt
I think they use a cookie for the front page splash (the second load usually
works afaik).

~~~
lucb1e
Oh, I thought they took it down! Thanks for saying this, the second try
worked.

------
stoic
This subscription has been cancelled.

~~~
stoic
well, looks like word travels fast:
[http://play.esea.net/index.php?s=forums&d=topic&id=4...](http://play.esea.net/index.php?s=forums&d=topic&id=492152)

