A popular PC gaming service which
“hijacked” its users PCs to mine Bitcoins by serving up malware
alongside its official PC software has paid out $1m in an official
settlement.
“These defendants illegally hijacked thousands of people’s
personal computers without their knowledge or consent, and in doing so
gained the ability to monitor their activities, mine for virtual
currency that had real dollar value, and otherwise invade and damage
their computers,” said New Jersey’s acting attorney general John
Hoffman, according to the BBC’s report.
The company, E-Sports Entertainment (ESEA), served up
malware which used PCs to mine Bitcoins, an attack which earned $3,602.
The malware was delivered surreptitiously alongside the company’s
official client. The company said that the incident was the work of one
former employee, whose contract was terminated in the wake of the
incident, according to The Inquirer.
“The press release issued by the Attorney General about our
settlement represents a deep misunderstanding of the facts of the case,
the nature of our business, and the technology in question,” ESEA said on its blog.
“Moving forward, it is our intent to provide our community
with confidence that ESEA will be taking every possible step to protect
your privacy,” the company said, “The employee who was responsible for
the Bitcoin incident was terminated, and we are taking steps to ensure
that nothing like this can happen again.”
The hidden Bitcoin-mining process was discovered by users
after they noticed PC graphics cards were still working while the
machines were idle.
“In the past two days I’ve noticed when my computer was
idle, my GPU usage was hovering 90%+ with temps in the high 60s low 70s
(hot for my card),” one gamer wrote in a post on the company forums, as reported by We Live Security here.
“Turns out for the past 2 days, my computer has been farming bitcoins for someone in the ESEA community.”
The company initially dismissed the incident as an April
Fool’s joke gone wrong. But in a later post, co-founder Eric Thunberg
admitted that “this is way more shady than I originally thought.” A
client update was released which removed the Bitcoin-mining software.
David Harley, Senior Research Fellow at ESET said at the
time, “I remember a time when distributed processing was a pretty
specialized area that was sometimes used for volunteer initiatives like
SETI@home and various medical research projects.” .
“Along came malicious botnets that harnessed the
capabilities of virtual networks for resource-intensive attacks like
DDoS and captcha-breaking. I suppose it was inevitable that the bad guys
would try harnessing the spare (and not so spare) processing capacity
of victim machines as a way of exploiting the much-abused Bitcoin
currency.”
ESET Malware Researcher Robert Lipovsky wrote in an earlier We Live
Security post that Bitcoin and other crypto-currencies are being
targeted by cybercriminals this year.“There are numerous malware families today that either perform Bitcoin mining or directly steal the contents of victims’ Bitcoin wallets, or both,” Lipovsky writes.
No comments:
Post a Comment