Home / Software & Gaming / Security / Gaming agency settles $1 million in bitcoin botnet case

Gaming agency settles $1 million in bitcoin botnet case

Esports gaming organisation, ESEA, has settled out of court with its bitcoin botnet case, agreeing to pay the State of New Jersey a million dollars to make the case go away. That case of course, is the one where it illegally installed bitcoin mining software and spyware on its user's PCs and then used them to create its own money making botnet.

This scheme was detailed in the release by the New Jersey attorney general, who explained how the bitcoin miners were hidden within the company's anti-cheating software and that ultimately as many as 14,000 customers were affected – though this is somewhat lucky, since the ESEA boasts over half a million members.

The code installed itself and then detected when a user was away from the machine – referencing mouse movement data to determine it – and would activate the bitcoin mining software when it was free. On top of that if anyone tried to uninstall it, the trojan would just load itself back in and start the mining all over. In some instances, it's said that ESEA employees copied files straight to client computers.

Over the three weeks it took for the company to get caught in these actions, over $3,500 worth of Bitcoins were generated. With today's value, it would probably be much more.

This wasn't some lone mole within the organisation creating this though. It involved the company's lead programmer, Sean “Jaguar” Hunczak, and was even given the go ahead by one of its co-founders, Eric Thunberg. The excuse by all those involved was that it was originally planned as an april fool's prank of sorts, but that it was implemented and forgotten about.

Of course also, no word on whether the ESEA will compensate people's electricity bills, which no doubt took a hike during the mining

This seems a little difficult to swallow when you factor in that the programmer responsible, created bitcoin wallets to receive the generated funds and then sold them for real dollars, before depositing them in his own bank account. On top of the million dollar settlement, he'll be forced to pay a further $60,000.

However, only $325,000 of that initial fine has to be paid now. If the ESEA keeps it nose clean for ten years, the rest will be waived. However, if it slips up just once, the rest will be due immediately.

Of course the ESEA settled so that it wouldn't have to admit to any of this and understandably, those involved don't agree with the attorney general's playthrough of events. Posting up on the official site, the company said:

“The settlement that was signed makes explicitly clear that we do not agree, nor do we admit, to any of the State of New Jersey's allegations. The press release issued by the Attorney General about our settlement represents a deep misunderstanding of the facts of the case, the nature of our business, and the technology in question.”

It further announced that the person who was responsible for the illegal mining operating was fired – that's the programmer, not the co-founder. It will also be updating its privacy policy and will inform all users of code changes to its anti-cheat sofware going forward, though how it'll convince anyone to download it now is beyond me.

A third party audit will also be conducted on a “regular,” basis, though it didn't allude to who that third party may be.

Kitguru Says: It all sounds rather shady if you ask me. The original programmer may have been fired, but the people that signed off on it are still there. I'm not going to tell anyone to do anything, but there is no way I would ever download anything from the ESEA ever. Backdoor spyware and GPU melting bitcoin mining on my hardware without my position? Have fun without my business.

[Thanks Polygon]

Become a Patron!

Check Also

Sony investigating claims of major security breach

This week, a ransomware group claimed to have breached "all of Sony's systems", putting the stolen data up for sale on the dark web. Sony has yet to confirm that an attack has taken place but the company is now investigating.