E-Sports Entertainment LLC (ESEA) Consent Judgment For Creating ESEA Botnet And Violation Of CFA And CROA

E-Sports Entertainment LLC (ESEA) Consent Judgment For Creating ESEA Botnet And Violation Of CFA And CROAE-Sports Entertainment Association (ESEA) has been facing the Bitcoin fiasco for some time. Bitcoin is a secured digital currency that is in great demand these days. There is also a wider acceptance of Bitcoins as a digital currency for various purposed and for numerous goods and services.

ESEA also decided to experiment with Bitcoins in the past. However, the experiment actually resulted in violation of the laws of United States. So what exactly happened that has resulted in pressing of serious criminal charges against ESEA? The details of the case are available through the document titled E-Sports Entertainment LLC (ESEA) Consent Judgment for Creating ESEA Botnet and Violation of CFA and CROA (PDF).

According to this document,  the prosecution has argued that ESEA’s conduct constitutes deceptive and unconscionable commercial practices pursuant to the New Jersey Consumer Fraud Act, N.J.S.A. 56:8-1 et seq. (“CFA”) and unauthorized access pursuant to the New Jersey Computer Related Offenses Act, N.J.S.A. 2A:384-1 et !gq. (“CROA”).

A details analysis of this case is beyond the scope of this article and we would cover the same in our subsequent article. Sufficient is to say that ESEA secretly updated its client software with Bitcoin-mining code that tapped players’ computers to mint more than $3,600 worth of the digital currency.

Acting Attorney General John J. Hoffman, the Division of Law and the Division of Consumer Affairs has recently announced that on-line video gaming company E-Sports Entertainment, LLC, has entered into a $1 million settlement that resolves allegations it infected thousands of personal computers with malicious software code enabling E-Sports to monitor what programs subscribers were running and illegally mine for Bitcoins.

The State alleges that E-Sports created and deployed malicious software code that infected the computers of thousands of customers who subscribed to its anti-cheat services for popular on-line video games.

According to the complaint, the malicious code enabled E-Sports to monitor users’ computers even when they were not signed onto or using E-Sports services. E-Sports also created a botnet – a network of computers running malicious software — using its customers’ computers. The botnet used the computing resources of users’ computers to mine for Bitcoins, a virtual form of currency. It is estimated that, during a single two-week period, E-Sports took control of approximately 14,000 computers in New Jersey and across the nation, and generated approximately $3,500 by mining for Bitcoins.

As part of its settlement with the State, E-Sports has agreed to refrain from deploying software code that downloads to consumers’ computers without their knowledge and authorization. The company also must submit itself to a 10-year compliance program and create a dedicated page on its Web site that specifies what type of data it collects, the manner in which the data is collected, and how the information is used. E-Sports must pay the State $325,000 of its $1 million settlement obligation. The remainder is suspended and will be vacated within 10 years, provided the company adheres to all settlement terms and avoids future violations of the law.

“Consumers who subscribed to E-Sports’ video game anti-cheat services paid for protection from cheaters – not to be cheated by the very services they’d purchased,” said Division of Law Director Christopher S. Porrino. “Companies that collect consumer information and access users’ computers have a duty to ensure that protocols and procedures are in place to protect the information they collect. Moreover, no company should obtain more access or information than is necessary to engage in the legitimate operation of its business.”

“Following our $1 million settlement with PulsePoint earlier this year, today’s settlement serves as another victory for consumer privacy for New Jersey consumers and consumers across the country,” said Division of Consumer Affairs Director Eric T. Kanefsky. “Whether through the circumvention of browser settings, unlawfully mining for Bitcoins or by failing to adequately protect customers’ personal data from breaches, our office will hold accountable those companies and individuals that violate consumers’ expectations of privacy.”

However, in an e-mail addressed to Ars Technica, Eric Thunberg, the head of ESEA, has given a statement that the company had “no further comments at this time”. That statement, in part, says “We want to make it clear to our community that we do not agree with the Attorney General’s account of the Bitcoin incident. The settlement that was signed makes explicitly clear that we do not agree, nor do we admit, to any of the State of New Jersey’s allegations. The press release issued by the Attorney General about our settlement represents a deep misunderstanding of the facts of the case, the nature of our business, and the technology in question”.

We would analyse the settlement in details and would cover more issues in this regard in our subsequent articles.