ESEA Users' Systems Plundered in Bitcoin Mining Scam
It started out as an idea for a joke. Then ESEA actually considered developing a Bitcoin mining system that it could run with users' willing participation. Ultimately, the idea was scrapped, but one employee decided to secretly deploy Bitcoin mining code anyway, for his own gain. It worked for a couple of weeks, but ESEA users soon caught on and blew the whistle on the scam.
05/02/13 3:22 PM PT
The E-Sports Entertainment Association on Wednesday admitted that users' graphic cards had been hijacked to mine Bitcoin virtual currency. The mining was surreptitiously set in motion by a rogue employee without the knowledge of other ESEA staff or users of the network.
ESEA is known for anti-cheat software and systems that allow players to compete in online matches. Cofounder Eric 'Ipkane' Thunberg acknowledged the incident, which ironically occurred through the use of the anti-cheat software.
The dollar value of the Bitcoins mined totaled US$3,602.21, according to ESEA. The association will give that amount to the American Cancer Society and match it 100 percent for a total donation of $7,427.10, it said. ESEA also promised to increase the Season 14 League prize pot by $3,713.55.
The ESEA did not respond to our request for further details.
What makes this particular crime unique is that the alleged rogue employee didn't actually use ESEA computers to do the illicit mining, but rather used the resources of those using ESEA software.
"He didn't steal company resources," said Rob Enderle, principal analyst at the Enderle Group. "He used the service to steal customer resources, which was worse. Why the company even considered this is beyond me because it could only end badly."
The chicanery came to light when ESEA users complained that the software was generating antivirus warnings, causing computer crashes and utilizing huge amounts of graphics processor power when computers were idle. In other words, the warning signs were there, and a few users realized something was going on. It turned out it was Bitcoin mining.
Legit and Illegit Mining
The ESEA had actually been considering the idea of adding a Bitcoin mining option to its client. Soon after this was nixed, the rogue employee distributed the code anyway, without permission. It was embedded into the anti-cheat client and then accessed the various gaming computers -- many of which were high-powered machines -- to mine the virtual currency without their owners' knowledge.
Mining for Bitcoins is in itself not a nefarious activity -- at least, not when it is carried out by informed people using their own hardware and electricity. In essence, it requires the completion of "proof-of-work" tasks. Computers are required to solve cryptographic problems, and for each block of data submitted, contributors are rewarded with a set amount of Bitcoins. Legitimate participants typically have powerful systems with multiple graphics processors that stream the problem solving.
"Bitcoin mining is a colloquialism for transaction validation," said Jeff Garzik, Bitcoin developer and member of the Bitcoin Foundation.
"All bitcoin miners perform useful work, providing strength against reversing a bitcoin transaction," he told TechNewsWorld. "However, stealing resources to perform Bitcoin mining is still stealing."
The rogue miner likely targeted machines running the anti-cheat software in the expectation that the activity would go unnoticed.
"Bitcoin mining kind of works like gold mining in the old days," Enderle told TechNewsWorld.
"You put in resources to dig the gold out of the ground and then you could enter the gold into the economy where it was exchanged for goods and services," he explained.
"Rather than looking for and digging up gold, you use computing cycles and electricity to create the coins and the process is very compute intensive -- ideal for GPU computing," he added. "It is also performance-based, so that if your miner is slow -- much like digging a hole where gold isn't -- you don't get the coins."
The New Gold
Just as gold rushes attracted actual miners followed by scammers looking to get rich from doing less actual work, the Bitcoin currency has attracted its share of scammers too. Malware used to mine Bitcoins without computer users' knowledge has been on the rise.
Bitcoins have attracted serious investors, but pricing of the four-year old currency has been volatile -- surging, then falling, then recovering. It has been compared to the tulip mania that crashed Dutch markets in the 17th century.
Unlike gold, Bitcoins can't be touched -- it's entirely virtual. The fact that it can be secretly mined by individuals through theft of others' resources is just one of the currency's problems.
"Trust is a big issue with Bitcoins," said Eric Bradlow, professor of marketing, statistics, and education at the Wharton School of the University of Pennsylvania. "Reverse data mining where people can infer who you are and your demographics from your behavior is also a real issue."
It is unclear why the market even needs Bitcoins, as there are other electronic payment systems in place said Bradlow.
However, perceived problems haven't stopped the currency from gaining traction. Moreover, unlike traceable currencies -- including PayPal -- it isn't just that Bitcoins can be mined by nefarious means. The currency can also be applied to nefarious uses.
"It really is an interesting currency, but there have been a number of problems, mostly connected to folks hacking the mining servers that have resulted in theft or loss of a significant amount of Bitcoin value," said Enderle. "It is believed that this currency is heavily used for illegal purposes to get around transaction tracking in banks."