Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Games

Hacker Charged With Fraud After 'Stealing' In-game FIFA Currency (cnet.com) 149

The FBI said it believes a group of hackers made millions off a scam to defraud publisher Electronic Arts. From a report on CNET: A US man is facing felony wire fraud charges for the theft of digital currency from game developer Electronic Arts. According to an FBI indictment, Anthony Clark and his co-defendants are being charged with conspiracy to commit wire fraud for "stealing" in-game currency in multiplayer football game FIFA Ultimate Team for Xbox One, PS4 and PC. The indictment details that Clark and three others, named as Ricky Miller, Nicholas Castellucci and Eaton Zveare, members of hacking group RANE Developments, designed an app using the game's source code and developer kit. This app fraudulently told EA's servers that thousands of matches had been completed in the game. These completion reports were rewarded with FIFA coins, which the group sold to what the FBI called "black market" coin dealers. Between them, the group earned $15-$18 million.
This discussion has been archived. No new comments can be posted.

Hacker Charged With Fraud After 'Stealing' In-game FIFA Currency

Comments Filter:
  • If real, that is more lucrative than most apps that are developed!
    • by zlives ( 2009072 )

      why is this fraud?

      • by msauve ( 701917 ) on Tuesday November 15, 2016 @12:29PM (#53290187)
        Fraud is deliberate deception to secure unfair or unlawful gain. How is it not fraud?
        • by H3lldr0p ( 40304 )

          Well, who did they deceive? The blurb says that everything was done through the game's API. If EA wasn't keeping track of how often games were reporting as being finished, how is this an exploit or deception? AFAICT, everything was done out in the open. So it goes back to how is this deception?

          • by msauve ( 701917 ) on Tuesday November 15, 2016 @12:39PM (#53290257)
            Really? I mean really? Is English a second language for you? They were telling the system that games were played which had not been played.
            • by Anonymous Coward

              But is deceiving a computer fraud?
              What if my level 14 thief steals an dagger from an NPC?
              What if I sell that dagger to another player for real money?
              What's the functional difference between game rules and an API?
              A clickthrough ToS?

              • But is deceiving a computer fraud?

                Someone is facing 30 years in prison [slashdot.org] for deceiving High Frequency Trading algorithms. These guys allegedly sold $15-$18 million worth of FIFA coins they obtained by deceiving EA's algorithms. If they'd just harvested a few hundred dollars worth of FIFA coins for their own use, probably nobody would have noticed or cared, but when you do it for profit and millions of dollars are involved, you can bet it's going to be considered a crime.

                • by zlives ( 2009072 )

                  real money vs FIFA coins which have no value from the manufacturer... as in you can;t buy them from EA

                  • by zlives ( 2009072 )

                    also is EA out that money (18 mil?) or just some tokens that you can;t buy from EA

                    • by fedos ( 150319 )
                      The law doesn't require EA to have lost money on the transaction for it to be considered fraud, only that the perpetrators profited through deception. But if you're only going to be satisfied if a monetary loss was involved, remember that the people they sold the ill-gotten coins to are out the money (since EA would have deleted the coins and anything they were used to purchase), and that EA would have had to sink man-hours into the forensics to track what happened who ended up with the coins. This was not
              • But is deceiving a computer fraud?

                YES! This is exactly what computer fraud is!

                What if my level 14 thief steals an dagger from an NPC?

                Depends on the nature of the game and the real world value of the dagger.

                What if I sell that dagger to another player for real money?

                If you cheated then it's potentially fraud. If you didn't then it's not.

                What's the functional difference between game rules and an API?

                The game rules give the intent. The API gives the actual results. Breaching the game rules is what makes it

              • But is deceiving a computer fraud?

                No, not at all!

                I mean, if I manage to deceive my bank's computer into depositing $100,000,000 into my account, well that's just totally legal!

                • by zlives ( 2009072 )

                  10000000000000000000 in FIFA money is worth what to you?

                  • 10000000000000000000 in FIFA money is worth what to you?

                    I have no idea, but I bet it's worth something to somebody. So I suppose whatever they'd pay is what it would be worth.

            • by rtb61 ( 674572 )

              Dude it is a digital simulation and they were just simulating the simulation being played ;D. Are you saying that was one layer of simulation too much, I struggle to see it beyond civil suit. Post simulation trade of virtual toy currency into real currency, is neither here nor there. All the did was cheat computer cycles into creating virtual outcomes.

              Keep in mind this is really, really, dangerous territory and quite a dangerous precedent. Corporations can create any kind of digital evidence they wish, f

          • by Rei ( 128717 )

            At the very least, their API was terrible if it permitted this.

          • Isn't the real fraud here committed by E.A. in converting real money to worthless in-game "money"?
          • Neither TFS or TFA use the term API, or the phrase Application program interface. What it says is "designed an app using the game's source code and developer kit". The app was not part of the game, and was not commissioned by the owners of the game. The purpose of the app was to report the completion of matches that never happened, purely for the self enrichment of the app developers. If someone tells you they will pay you X to dig a hole at a certain location, and you report back to them that you have comp
            • by zlives ( 2009072 )

              again my question is FIFA money is valid tender?!! if so are they giving out 1090's or w2's

              • It has nothing to do with tender, anything of value (i.e. convertible to or exchangeable for something else of value) can be involved in fraud. Jack traded the family cow for some magic beans. There was no fraud because the beans were in fact magic... they also took Jack down a path of crime that ended in a perfectly normal giant being killed for trying to defend his home and property... but still no fraud involved... just burglary and murder. Had the beans been fake, THAT would have been fraud.

                All money is

          • Well, who did they deceive? The blurb says that everything was done through the game's API. If EA wasn't keeping track of how often games were reporting as being finished, how is this an exploit or deception? AFAICT, everything was done out in the open. So it goes back to how is this deception?

            So, let's get this straight. You argument is that since the supposed victim didn't immediately identify the exploit, there's no fraud? So like if I take a car from the local dealer in broad daylight and no one notices for a few days, there's no theft either right?

            "The victim was stupid" has never been a working defense. If it you think it should be, take a few minutes and ponder the implication to the legal system.

        • What is the value of the FIFA Coins? Is there a line in the TOS that says the Coins have no value? I will laugh if this gets thrown out on a technicality of value of virtual currencies.

          • IRS to go after any one that wins in game cash now?

            You won in game cash and you need to pay us for it.

            • IRS to go after any one that wins in game cash now?

              You won in game cash and you need to pay us for it.

              Aren't things like "XP" (experience points) earned in-game and used to purchase items/abilities/etc the same thing?

              If criminal currency laws apply to in-game currencies, will people who play computer games that use XP or similar in-game transactional "currencies" need to fill out an IRS Form 1099 after every game session? What about the value of "property" bought within the game, is it taxable? Should State sales tax be levied against in-game currencies?

              I'd hate to receive a tax bill for the ~15 million C-B

            • IRS to go after any one that wins in game cash now?

              Hardly. But if you sell your in-game cash for $15 million in real money, the IRS will want their cut of the profit.

              • This is legally wrong. According to the IRS, if you, for example, receive something as a gift, you're supposed to declare that as "income", and pay taxes on it based on its fair market value, even if you don't actually sell it.

                I don't see how it's any different here.

                So yes, people who win a bunch of in-game cash need to report this to the IRS and pay taxes on it.

                Otherwise, these people should be cleared of the "fraud" charges.

                You can't have it both ways.

                • This is legally wrong. According to the IRS, if you, for example, receive something as a gift, you're supposed to declare that as "income", and pay taxes on it based on its fair market value, even if you don't actually sell it.

                  You do not have to declare a gift as income unless it's over the reporting amount of $16,000 (for 2016).

                  • sorry, $14,000. https://turbotax.intuit.com/ta... [intuit.com]
                    • $15 milion is a lot more than $14,000. We're talking about someone who "cheated" an online game for in-game funny money and sold it for $15M here, so that certainly qualifies for the gift threshold. It would be the same for anyone else who didn't cheat in the game and made a bunch of in-game funny money, and didn't sell it. So my point is: does the IRS actually go after people who are really serious gamers and amass lots of in-game "money" (without selling it for real money) and demand tax payments? If

          • by mark-t ( 151149 )
            Fraud does not necessarily have to involve monetary gain.
            • so what about in game stuff like a fake field goal, fake punt, etc = fraud?

              • by mark-t ( 151149 )
                Well, because they are in-game, there is no "real" field goal or "real" punt... they are all "fake", when you get right down to it. What makes something fraud is when there is deliberate deception involved.
                • I believe GP is talking about real world football. Faking a punt involves deliberate deception, but is part of the game.

                  Eve online players would have a hell of time convincing a court that in game ponzi schemes/protection rackets/piracy were illegal. All part of the game by design.

                  • Eve online players would have a hell of time convincing a court that in game ponzi schemes/protection rackets/piracy were illegal. All part of the game by design.

                    But what about the state prosecutor? Or say some kid loses in game to a in game scam and his not that tech dad who is a judge / cop / prosecutor things that is a fraud and under bad laws like the Computer Fraud and Abuse Act.
                    Maybe able to make it stick or at the very least have it come to court in some way. Even more so with games like EVE Online w

        • by jandrese ( 485 ) <kensama@vt.edu> on Tuesday November 15, 2016 @12:40PM (#53290267) Homepage Journal
          My guess is that it was the part where they sold the coins to other people knowing full well that EA could revoke the coins or terminate the accounts of anyone who bought them.

          But yeah, the actual crime of writing a bot to farm coins seems more like a TOS violation than a felony. Punishment should probably be limited to getting kicked out of the game and never being allowed back online. Maybe even kicked out of EA online servers entirely.
          • Can I sue the owner of a pinball game for make the outlines to wide? or the having the tilt set to high?

          • by MobyDisk ( 75490 )

            crime of writing a bot to farm coins

            If the both actually played FIFA games, then yeah, I too might call it a "bot" to farm coins. But the bot didn't actually play the games. It just lied, and said it played the games. That sounds closer to fraud.

            • by jandrese ( 485 )
              I really don't see the distinction there. Are you saying if the bots had to actually simulate the inputs and play a perfect game against one another for the purposes of farming coins it wouldn't be fraud? I'm still not sure I accept that it is fraud in any case. If this is fraud how is it not fraud when someone steals from the bank in Monopoly? Little brothers everywhere would be in so much trouble.
        • by Anonymous Coward

          Fraud is deliberate deception to secure unfair or unlawful gain. How is it not fraud?

          Because it didn't really happen in our universe. It virtually happened within a nested universe. It's a game, not real life. The "gain" is virtual.

          What's next? "You murdered that other player in the gladiator wave of Joust!" or maybe "Hey, someone came to my Clash of Clans base and stole some of my gold and elixer!" or maybe "you solicited sex for money in Leisure Suit Larry!"

          Congress coins money; EA does not. What happens

          • by Drethon ( 1445051 ) on Tuesday November 15, 2016 @02:07PM (#53290997)

            Fraud is deliberate deception to secure unfair or unlawful gain. How is it not fraud?

            Because it didn't really happen in our universe. It virtually happened within a nested universe. It's a game, not real life. The "gain" is virtual.

            What's next? "You murdered that other player in the gladiator wave of Joust!" or maybe "Hey, someone came to my Clash of Clans base and stole some of my gold and elixer!" or maybe "you solicited sex for money in Leisure Suit Larry!"

            Congress coins money; EA does not. What happens to EA currency isn't real. He should be charged for fraud (or justice dispensed however they do it) within the virtual universe, not within ours. If you kill me in Joust, I just kill you back (as deterrent; is 3000 points worth my wrath?); I don't go crying to mama outside of the game. And if I do go crying to mama, mama's job is to tell me to settle the fuck down.

            If you start getting confused about the nesting within universes, you're going to cause a lot of problems and paradoxes. I will eat YOUR dots, Pac-msauve. Don't, and don't legitimize those who do.

            "Between them, the group earned $15-$18 million."

            This appears to be real world cash they netted, at this point it has left the game world.

            Though if selling imaginary world things for real world cash isn't fraud, I have a great vacation home in middle earth to offer you!

            • They didn't steal those $15-$18 million from EA, though. They got that money from other players. If they didn't deliver on the virtual coins, then yes, that would be fraud. If the virtual coins arrived as paid for, it wasn't fraud.

              Let me put it another way. Let's say I sell my World of Warcraft account to another player. It violates Blizzard's TOS, but it's not illegal. I may have also obtained the characters on that account through illicit means - using bots. Again, that's not illegal (maybe a DMCA case
              • by bugnuts ( 94678 )

                IIRC, the glider case says that bots are illegal, due to copyright since it has to technically copy the code to run in memory, when you don't have a license to run it. And there are similar issues with selling your characters.

                Here's what I'm wondering, though: if this is considered fraud, and EA can pursue it, then EA is stating their in-game currency is worth real money. If it's worth real money, they can't simply forbid it from being sold. If they claim it's theirs (which virtually every game maker does)

            • Though if selling imaginary world things for real world cash isn't fraud, I have a great vacation home in middle earth to offer you!

              If online currency and items have real-world cash value, I'd like to see EA defend the illegal gambling in most of their games.

          • Because it didn't really happen in our universe. It virtually happened within a nested universe. It's a game, not real life. The "gain" is virtual.

            Nope. Definitely happened in our universe That's how we know about it. It happened on a network located at least in part in the US; hence the FBI's involvement.

            Fraud can be for anything of value, even if the value is just perceived. If I trick you into giving me 10000 Swiss Francs then it's fraud. If I trick you into giving me a first edition Harry Potter, it

        • by I4ko ( 695382 )
          You mean any guy who ever picked up any girl any place in the universe is guilty of fraud?
    • I realize that California does things a little differently, but it sounds like they used real money for these transactions:

      The FBI seized a home in California, over $3 million from several accounts listed under the names of all four defendants, and several cars.

  • lots of people lost their in game currency and items from exploits/hackers yet most of the time the company did nothing and if you as a plebeian tried to get the authorities to investigate you'd be told to beat it but BUT oh a corporation loses some in game currency and the FBI is on it.

    • Yeah, this.

      It never seems to rise to fraud when unplayable buggy games are shipped, or are missing advertised features. Nobody in power bats an eye when multiplayer games have their servers shut off and thus ruin the value of something I paid for, or when the first sale doctrine is violated and I can't sell my property due to DRM.

      So yeah, these guys behaved badly, but it sort of like finding out a mobster's house got robbed. I have no sympathy to spare, and kind of hope the thieves get off.

  • by freeze128 ( 544774 ) on Tuesday November 15, 2016 @12:57PM (#53290379)
    I like they way that you put "stealing" in quotes. It's not really stealing because EA did not lose any money. The hackers found a way to make the FIFA game CREATE money for them, and then they sold that in-game money for real money. The only people who are out "Real" money are the clients who bought the in-game currency, but they have something to show for it.

    If anything, the people who bought the in-game currency from the hackers should sue EA for making a crappy program that someone could abuse.
    • The real question is if the hackers declared the income. If they did, I really don't see how they managed to get in trouble for selling game data for cash... seems fucky. If it were earned the way EA expected the credits to be earned and then sold, would they still care?
    • Re:Stealing (Score:4, Informative)

      by Sowelu ( 713889 ) on Tuesday November 15, 2016 @01:52PM (#53290883)

      If you sell limited-edition prints of a painting, and people buy it because having one out of only a hundred has value to them, then someone making counterfeits is decreasing the value even if they don't directly take from the original creator.

      If these game points are considered to have value because they take time, effort or skill to obtain, and then someone finds a way to manufacture more of those points by deception, then clearly it's diminishing the value of the legitimate ones.

      • If you sell limited-edition prints of a painting, and people buy it because having one out of only a hundred has value to them, then someone making counterfeits is decreasing the value even if they don't directly take from the original creator.

        Yeah, that's competition for you. One has a right to the property itself, not the market value of the property. So long as this hypothetical competitor doesn't claim that the copies are either originals or authorized reproductions, no fraud has been committed. "Decreasing the value" is not a crime by itself.

        Calling this "wire fraud" is ridiculous. EA might have a case for regular fraud, in the sense that they were tricked into issuing the tokens (though that is partly their fault for blindly trusting whatev

      • Then in that case, you still make my point for me, because the only people who have anything to gripe about are the people who bought the in-game currency from the hackers. They paid more for the in-game currency than it was worth (because it was de-valued, like you said). However, free market rules indicate that the hackers can charge what the market will bear. So, I don't know, sue Ticketmaster instead.
    • Does EA sell this currency themselves? If so, then some people would buy cheaper illegal coins, rather than ones from official sources. If not, then anyone who legally sells them is losing money.

      • Yes. All of the EA Sports games with Ultimate Team modes offer the ability to purchase "coins" that can be used to buy in game "cards." The in game cards are also available for purchase directly with real money.
    • by rhazz ( 2853871 )
      I believe that the coins can be purchased from EA directly (in addition to being slowly earned via gameplay). The "black market" is black because it's against the TOS for the game, and essentially means that EA loses money when players get their coins from that market rather than from EA (there are apparently dozens of sites out there). If the black market undercuts EA too much then EA loses more sales, and flooding the black market with millions of ill-gotten coins likely leads to undercutting.

      This is jus
  • I could turn n a few people for on-line in-game murder.
  • If there is no currency exchange and it cannot be used to buy goods, it's property. The wire fraud charge is just bonkers. The reason the FBI would jumped to such a conclusion is that what was being done wasn't actually illegal. They were authorized to use the servers and nothing of value was taken because it was created by the hackers.

    • Actually it wasn't created by the hackers. It was created by the servers, and access was granted by the servers to the hackers through fraudulent identification.
  • This is an interesting situation, from my limited knowledge of it. It's the first time I'm aware of that something with no monetary value was taken from the issuer with no actual deprivation of services (i.e. it's not a limited resource; nobody was deprived of these coins), yet the criminals were able to literally receive millions of dollars selling them. It's as if someone was selling pirated Mp3s, except in this case, the coins aren't purchased in the first place; they're won through playing a game (whi
    • by Sowelu ( 713889 )

      In terms of "who's the victim and who benefits", this seems identical to art forgery. Nothing was taken, but value was removed from existing goods. If there is utility in scarcity, then removing scarcity destroys that utility.

  • Something that I have always had a beef with is software companies. Does Ford, Toyota, or any other hard goods manufactures state or enforce what I would call "left turn Sundays?" Where, as a part of a Ford EULA for example, states it is the company's right and requirement that you as an owner (not really) are required to make left turns only on Sunday. If you fail to do this, then we have a right to take you to court and prosecute. Let's not even talk about arbitration. If EA left a wide open window i
    • Ford, Toyota, or any others hide under there network of dealers both ways when it benefits them.

    • by Anonymous Coward

      Um, car manufacturers do this all the time. You buy a warranty, either separately or with the car. The warranty states that you must have service performed at X, Y or Z service locations. If you have the service performed elsewhere and something happens to the car, the warranty is void. If you force them to provide the service you paid for they will take you to court.
      How is this any different?

    • by Sowelu ( 713889 )

      If you social-engineer your way into a bank vault to steal stuff, then of course the bank employees are idiots and massively liable, but it's still your fault too.

  • Lets see if the hackers get harsher punishments than Sepp Blatter and Michel Platini.

  • How can it be "wire" fraud.

    Wireless.

    Means no wires.

  • This makes the game even more realistic. [pbs.org]

A Fortran compiler is the hobgoblin of little minis.

Working...