ESEA: Minecraft
ESEA turned their client into a Bitcoin miner without their customer's permission. Far from showing contrition the company now looks to shift the blame away from its executives.
The bar for dishonesty within e-sports has been raised to new heights overnight. The league component of the E-Sports Entertainment Association had converted their client into a miner of the virtual currency “bitcoins” on April 14th. For two weeks users of their competitive gaming service had their idle PCs used as extensions of the mining operation, without their consent or knowledge, with the money all heading into virtual wallets.
Several users during this time had reported hardware problems, or that the client was suddenly sending their virus checker haywire. Computers that had been stable were suddenly “blue-screening” and no-one could explain why. In an attempt to get to bottom of the sudden changes one user created a dump file for the software and saw that there was bitcoin mining process in place. It only took a few hours for the community to be up in arms about it, to piece together why their computers had been behaving oddly and the company, through the ill-advised forum posting of co-owner Eric “lpkane” Thunberg, had to admit culpability… Kind of. Their initial response was that it was an accident, an April Fools joke gone wrong. It wouldn’t take long for a technology savvy community to force them into some serious back-peddling.
The story sent a shockwave through e-sports and beyond, even troubling the mainstream media if today’s BBC report was anything to go by. Still, even if the story will eventually disappear from the front pages of websites, it’s unlikely that it will be forgotten about any time soon. ESEA representatives have seemingly been trying to prevent this chapter in their history being added to their Wikipedia page but as soon as it is removed it is re-added within moments. Users affected are grouping together and talking about legal action, filing lawsuits ahead of discussions for potential reparations. Reddit threads have also appeared advising rallying people to take action. ESEA’s virtual stock has never been lower and there are a lot of questions about the future.
Usually where there are questions, there are answers. However ESEA have provided few, ones that are coherent at least. The story surrounding their actions changed multiple times, almost as if they were looking to try and make light of it in the hope it would simply die down. The first response from joint owner Eric Thunberg borders on the insulting.
“lol that got aggressive quickly
back towards the end of march, as btc was skyrocketing, jaguar and i were talking about how cool it would be if we could use massive amounts of gpus logged into the client to mine
we went back and forth about it, considered doing something for april fools, didn't get it done in time, and eventually elected to put some test code in the client and try it on a few admin accounts, ours included
we ran the test for a few days on our accounts, decided it wasn't worth the potential drama, and pulled the plug, or so we thought
fast forward to 48 hours ago, a fuck up in the client server results in a restart which results in a setting getting changed which enables it for all idle users, and here we are
and the results for 48 hours of your combined efforts?
http://www.picsend.net/images/923377coin...
~2 btc, or roughly $280 usd at current exchange rates, not bad!
anyway, our bad, we just released a client update with the btc stuff removed, and your $280 is going into the s14 prize pot -- if you're still feeling sad, feel free to pm me and i'll attempt to buy back your love
but for the record, i told jag he shouldn't be lazy and run the miner in a separate process, rookie move”
This version of the event was quickly disproven, once again by the community, who had traced the transactions and showed that the there was more than two bitcoins mined and it was in fact 29.27627734, equivalent in value to $3,602.21. Even at this juncture, where it has become apparent that for a period of two weeks the client had been engaged in a criminal activity Thunberg remained completely unapologetic, even electing to make light of the situation in his second statement to the public.
100% of the funds are going into the s(eason)14 prize pot, so at the very least your melted gpus contributed to a good cause
Even if at this juncture there was no outrage about the actions that had been taken, even if this poor excuse for an apology had been accepted and even if the attempts to buy back love had been successful, it was already a PR disaster. It shouldn’t surprise anyone given the regular behaviour from Eric Thunberg who has treated his paying customers with absolute disdain for years. His manner of interacting with the members of the ESEA forums, who don’t forget all pay a premium for the service, has often been called into question. Not only that, he has been behind several unfair and inconsistent disciplinary decisions that seem more based on personal relationships or his desire to continually stir the hornet’s nest. As he himself famously put it when once again challenged about his behaviour “esea would die if i suddenly became cuddly.” His reaction to a thread created speculating about how many would unsubscribe from the service as a result of their actions saw him post simply “hopefully a lot”.
The sensible option as the story started to unravel would have been to have said nothing at all, however it wasn’t just Thunberg that was exacerbating the situation through their interacting with the public. Hours after the full weight of what had happened had sunk in, the person behind coding the client, Sean "Jaguar" Hunczak, had responded in private to the original poster via Skype to explain what was happening with the client. He outlined the possibilities of the client and once again tried to explain it away as an accident. The call was recorded and quickly uploaded to Twitch TV.
It took the arrival of the other co-owner, the respected Craig Levine, to instill some sense of professionalism into the proceedings. In his initial statement he denied all knowledge of the activity and profusely apologised for actions he said were not “company wide”.
The first I learned about any of this was last night (on any scale). I had no idea any of this was going on.
Needless to say I am completely embarrassed, disgusted, and ashamed.
There was a believable sincerity about the response and Levine’s standing within e-sports is a direct contrast to that of his partner. The vast majority of goodwill afforded ESEA during this time emanates from the respect he commands. Many were sympathetic of the individual even in instances where they were quick to condemn the company. However, by the time he arrived his involvement was too late to undo the vast majority of the damage and the resultant official response read as little more than a hollow PR 101 from a company forced into a humiliating climbdown from their initial nonchalance. Not only that but despite evidence to the contrary, they had decided to go down the route of blaming one – unnamed – employee as acting on his own, without even acknowledging what action would be taken against the anonymous individual.
What transpired the past two weeks is a case of an employee acting on his own and without authorization to access our community through our company’s resources. We are extremely disappointed and concerned by the unauthorized actions of this unauthorized individual. As of this morning, ESEA has made sure that all Bitcoin mining has stopped. ESEA is also in the process of taking all necessary steps internally to ensure that nothing like this ever happens again.
The owners and management at ESEA all apologize to each of you that were impacted by the recent events and intend to make things right. ESEA has issued a free month of ESEA Premium to all of our community members who were enrolled in Premium for the month of April. We also ask anyone who has experienced any physical damage to their computers to open an ESEA support ticket.
In an effort to maintain complete transparency, we have released all of the Bitcoin wallet addresses as well as data dumps of the wallets themselves. The value of the mined Bitcoins was $3,713.55 and ESEA will be donating 100% of the $3,713.55 to the American Cancer Society. ESEA will also match 100% of this amount for a total of $7,427.10 donated. ESEA is also increasing the Season 14 League prize pot by $3,713.55.
As a team, we work hard to create cool things and we’ve worked even harder to consistently do things the right way. While it’s incredibly disturbing and disappointing that this happened, we’re committed to improving ourselves and rebuilding trust with our community.
This slick PR response shows exactly why it makes perfect sense for communities to not allow people the time to collect themselves. In light of what had been said previously, that it was an aborted pre-planned April Fools joke, that it was no big deal, that people should console themselves that their damaged equipment had helped fund the professional scene at their expense, it reads like a bad attempt at satire. Had their been no furore in the first place this would likely have been the first response and there’s a real chance the story wouldn’t have been quite as damaging as it rightly should be.
The cynical deployment of a charitable donation as a means to show contrition is absolutely absurd within this context, a cheap trick to try and foster some good will. Right now what is clear is that ESEA would happily take being $7,427.10 out of pocket and a few subscription cancellations over any other repercussions that may or may not be looming in the distance.
Several people have debated the severity of the actions of the league. Following the official statement several notable figures within e-sports have called for an end to the “witch hunt”, that people should remember all the good ESEA have done and how in their absence many competitive gaming scenes would wither and die. Even if the last part of the argument were true, rather than some shared delusion of grandeur or a total naivety to the nature of competition (for surely they would be replaced), it is a simple matter of priorities. Does our shared love of e-sports mean that we should turn a blind eye to gross betrayals of customer’s trust and to crimes being committed.
The “C word” is one that many people have strayed away from for several reasons. Many people aren’t sure about the legal issues surrounding what happened, others simply don’t want to pile on to the organisation’s misery by pointing out the potential ramifications of what happened and the rest are probably worried about being deemed libellous. The actions to use their client as a conduit for the software against the knowledge of their customers falls under the computer fraud and abuse act, specifically sections 18 U.S.C. § 1030(a)(2): Computer trespassing, and taking government, financial, or commerce info and 18 U.S.C. § 1030(a)(5): Damaging a protected computer (including viruses, worms). It deems a criminal act has been committed if the following takes place:
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
(A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602 (n) [1] of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
(B) information from any department or agency of the United States; or
(C) information from any protected computer;
(5)
(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.
Clearly there is a case to answer here and one that transcends some of the more fluffy issues that people are talking about. A few piecemeal gestures, such as offering to pay for the damaged equipment, shouldn’t really appease those affected. In addition to that, the official version of events also should cause people some real problems when it comes to believing it.
It is clear who the rogue employee is meant to be. It could only be the coder Sean Hunczak who would have had the access and the know how to add the malicious code. Obviously ESEA are in a very difficult position in terms of disciplining the individual because, as anyone who uses their service knows, the client itself is the real jewel in their crown. Their anti-cheat software has been seen as unparalleled, rightly or wrongly, for many years and the last thing they would want is to have to let go someone who could not only go and work for a rival, but someone who – if disgruntled enough – could really cause them some issues with his knowledge about how it works.
There’s also the question of whether or not their version is true, which seems highly unlikely at this juncture. We know from their own admissions that this had been discussed internally from the initial “April Fools” joke version of events. However there is more evidence that suggests ESEA were intent on going ahead with the plan for some time, and a lot of that input came not from the coder who has been seemingly set up as a scapegoat, but from Eric Thunberg himself.
The website ran a poll asking their users about their experience of bitcoins as far back as the 17th September 2012. The person who had posted in it first was Thunberg with a seemingly innocuous “I’m curious”. Later he would mock suggestions to use the serves as miners on the grounds he could have “thousands” of users of the client do it for him. On this evidence alone it’s clear that driving force behind the idea, quite brazenly, was one of the co-owners of the company. While some might dismiss it as speculation, on this basis then is it probable that the person most vocal about doing it suddenly lost his nerve, or decided it was a bad idea? That a coder would act in such a manner and despite all his technical acumen not think to cover his tracks?
One thing is for certain though, given the ineptitude of its execution anyone trying to found conspiracy theories stating that it has gone on longer than the admitted fortnight are clearly wrong. It wasn’t brought to light through a serious investigation, or a technical whizz kid. Anyone could have had the foresight to check the client’s processes and a significant number of users had already noticed the difference. Any idea this was kept quiet for longer, that there is a secret stash of bitcoins we don’t know about, is ludicrious under the circumstances.
The point remains though whether it was two years, two weeks or two hours, the users who had their machines turned into money making extensions of ESEA’s business have been wronged. It transcends a standard betrayal of trust in the sense of a promise broken. It has actually taken something from the user in one form or another.
It is suggested by some commentators on the issue that if ESEA were to go bust as a result of community reaction, it’s e-sports that would miss out in the bigger picture. Right now, if that were to be the case, no-one should mourn their passing and everyone should want