WEBVTT

00:00:00.000 --> 00:00:04.410
JACK: Real quick before we get started; this is Part 2 of a two part series on Manfred.

00:00:04.410 --> 00:00:10.620
If you want to hear how he hacks online games for fun, check out Part 1 first. [MUSIC] The

00:00:10.620 --> 00:00:14.970
first hack I ever did was on a game called Sim City. It’s the original city-building

00:00:14.970 --> 00:00:19.410
game. My curious teenage self found where the save-game files were stored and began

00:00:19.410 --> 00:00:23.790
inspecting these files. It was gibberish as far as I could tell. I decided to load

00:00:23.790 --> 00:00:28.380
the file into a hex editor. This converts the contents of the file to a hexadecimal format.

00:00:28.380 --> 00:00:33.000
I started changing a few numbers around. I was just guessing and then loading the game back

00:00:33.000 --> 00:00:37.440
up to see if anything had changed. I knew I was in the right area because I was changing things

00:00:37.440 --> 00:00:42.210
like the year and the name of the town. I kept tweaking values and loading it again and again.

00:00:42.210 --> 00:00:47.010
Eventually I loaded the game and I was amazed at what I saw. I had given myself

00:00:47.010 --> 00:00:52.770
100 billion in game dollars. The feeling I got from hacking the game was so much

00:00:52.770 --> 00:00:56.100
more exciting than actually playing the game. With that amount of money,

00:00:56.100 --> 00:01:01.410
I built some very large cities. Hacking the money system in a single-player game is one

00:01:01.410 --> 00:01:06.420
thing. But what if you could hack the money system in a massive multiplayer online game?

00:01:06.420 --> 00:01:13.030
JACK (INTRO): [INTRO MUSIC] This is Darknet Diaries, true stories

00:01:13.030 --> 00:01:20.210
from the dark side of the internet. I’m Jack Rhysider. [INTRO MUSIC ENDS]

00:01:20.210 --> 00:01:23.135
JACK: In this episode we pick back up with Manfred.

00:01:23.135 --> 00:01:23.420
MANFRED: Hello.

00:01:23.420 --> 00:01:28.640
JACK: As you heard in the last episode, he hacks online video games, but the last episode was all

00:01:28.640 --> 00:01:33.740
just fun and games. In this episode it’s all business. There’s lots of money to be made in

00:01:33.740 --> 00:01:38.780
hacking online games. Let’s dial back the clock to the late 90s when he first started making

00:01:38.780 --> 00:01:44.960
money hacking online games. [MUSIC] The game he was playing at that time was Ultima Online,

00:01:44.960 --> 00:01:49.370
and was just like any other MMORPG where you level up your character, equip items,

00:01:49.370 --> 00:01:54.680
and slay monsters. Manfred had played the game, got good at it, and then got bored, so he started

00:01:54.680 --> 00:01:59.900
tinkering and reverse-engineering the client and manipulating the packets. In Ultima Online players

00:01:59.900 --> 00:02:04.820
could buy houses and place them on the map. This would be a safe place for your character to store

00:02:04.820 --> 00:02:11.300
things and rest. The houses took up space on a map though, just like houses do in real life. The game

00:02:11.300 --> 00:02:15.560
developers added the feature where you could demolish a house. Then they also added another

00:02:15.560 --> 00:02:20.870
feature; houses would become abandoned and fall down if the owner did not go in it for a while.

00:02:20.870 --> 00:02:28.040
MANFRED: Initially I was trying to find out how the process of demolishing your own house

00:02:28.040 --> 00:02:32.390
worked. You could demolish the house and get the deed back. I was curious to see how that

00:02:32.390 --> 00:02:38.270
worked at the protocol level. Like, what was the client sending to the server to cause the house

00:02:38.270 --> 00:02:43.910
deletion event to happen? When I saw that, it was pretty simple. The operation code that said hey,

00:02:43.910 --> 00:02:49.760
let’s delete this house and it was the ID of the house. I was like wow, that’s pretty simple. There

00:02:49.760 --> 00:02:55.520
has to be more to it like how the server must be checking if you own this house. I was like okay,

00:02:55.520 --> 00:03:02.630
then I went over to my neighbor’s house, got the house’s ID by interacting with it a little

00:03:02.630 --> 00:03:08.990
bit and looking at the packets. I saw that the ID was this, so I sent a house deletion event

00:03:08.990 --> 00:03:16.850
with that house ID. Nothing happened. I was like, this is weird. Why isn’t this working?

00:03:16.850 --> 00:03:24.170
Then I did the same thing again with my house. I opened up my house menu and I sent the deletion

00:03:24.170 --> 00:03:29.780
packet and it deleted my house. [DEMOLISH SOUNDS] I was like huh, maybe they fixed it. Maybe server

00:03:29.780 --> 00:03:35.270
sites are checking if I’m the owner of the house or not. I tried it once more just to

00:03:35.270 --> 00:03:40.370
make sure. I opened up my house menu item just to double check on some information in the packets,

00:03:40.370 --> 00:03:48.080
and I left my house menu up. Then I sent my packet with my neighbor’s house ID. To my surprise,

00:03:48.080 --> 00:03:53.390
my neighbor’s house just disappeared. [DEMOLISH SOUNDS] Everything that was in that house,

00:03:53.390 --> 00:04:00.290
the furniture, equipment, everything he ever collected, he or she, just was laying there

00:04:00.290 --> 00:04:05.660
on the ground ‘cause the house wasn’t there to hold it anymore. At first I was like oops,

00:04:05.660 --> 00:04:10.190
my bad. I fully didn’t mean to do that but there’s [00:05:00] nothing I could

00:04:10.190 --> 00:04:15.140
do to undo it. I just kind of threw up my hands and said crap, sorry.

00:04:15.140 --> 00:04:20.240
The conclusion was that no, the server doesn’t check if you’re the owner of this house when you

00:04:20.240 --> 00:04:26.480
send the delete packet. The thing that it wants is it wants you to make sure that you have a

00:04:26.480 --> 00:04:33.500
house menu dialog up when you’re interacting with the house. As long as you’re interacting with a

00:04:33.500 --> 00:04:41.000
house that you own, you’re able to control another player’s house and ultimately delete it if that’s

00:04:41.000 --> 00:04:48.812
what you want to do. [MUSIC] I think initially I started deleting players’ homes of rival guilds

00:04:48.812 --> 00:04:56.000
[DEMOLISH SOUNDS] ‘cause it was a game censored around PVP and there were a lot of griefing and

00:04:56.000 --> 00:05:01.310
controlling guilds on the server I was playing on. I think I took a bit of retaliation on them and

00:05:01.310 --> 00:05:08.420
started deleting their guild headquarters and stuff like that. One of the guilds was called

00:05:08.420 --> 00:05:14.300
Players of Asia and they were mainly Chinese players that were accused of hacking themselves.

00:05:14.300 --> 00:05:19.460
The GMs didn’t really like specifically that guild and guilds associated with them,

00:05:19.460 --> 00:05:26.030
so I’m not sure if they ever sent us a complaint ticket. I’m sure they did and I think the GMs just

00:05:26.030 --> 00:05:30.944
ignored it. Then after I’d delete their house, I’d place a house of my own up there. [BANGING]

00:05:30.944 --> 00:05:35.180
JACK: When Manfred would delete another player’s house, the deed to that house

00:05:35.180 --> 00:05:39.860
would show up in his inventory. Not only was he able to collect all the items that were stored

00:05:39.860 --> 00:05:44.540
in that house but he would also essentially take ownership of that house since he now had

00:05:44.540 --> 00:05:48.200
the deed and could build it right back in the same spot where he deleted the house.

00:05:48.200 --> 00:05:54.140
MANFRED: After a while I’d have a dozen houses and I was like, what am I gonna do with all

00:05:54.140 --> 00:06:01.790
these houses? That’s when eBay came into play. I noticed that houses were selling for hundreds,

00:06:01.790 --> 00:06:06.350
sometimes thousands of dollars depending on the size of the house. Usually most players had a

00:06:06.350 --> 00:06:11.810
house that was just a single room where they could store minimal items. The largest house

00:06:11.810 --> 00:06:19.070
was a castle, which was huge to accommodate a guild and all their items. A castle could easily

00:06:19.070 --> 00:06:25.640
sell up from between two and maybe ten thousand dollars. As this turned into a business model,

00:06:25.640 --> 00:06:34.490
I needed more and more houses ‘cause everything I’d put up on eBay would sell out pretty quickly.

00:06:34.490 --> 00:06:42.380
I couldn’t – I ran out of guilds or rival guilds to demolish their houses so I started looking for

00:06:42.380 --> 00:06:50.600
houses that were in danger of collapsing. Seven days passed and they were about to collapse.

00:06:50.600 --> 00:06:55.700
Usually when the house is about to collapse, there’s a huge collapsing party, tons of players

00:06:55.700 --> 00:07:00.530
come in, they try to place their house on top of a house that just collapsed. I don’t want to compete

00:07:00.530 --> 00:07:07.130
with like, twenty other players trying to place a house. So I’d go around looking for a house that’s

00:07:07.130 --> 00:07:13.100
in danger of collapsing that had no players around it. I could go in, delete this house, place my

00:07:13.100 --> 00:07:20.060
house on top of it without anybody suspecting anything. Except in this one case, I go in,

00:07:20.060 --> 00:07:26.900
I find the tower, which is pretty big. It’s a big rectangular structure that’s pretty tall. This

00:07:26.900 --> 00:07:31.622
thing is in danger of collapsing. I look around, there’s nobody around so I run the exploit,

00:07:31.622 --> 00:07:37.205
[DEMOLISH SOUNDS] collapse their tower and place three small houses in its place. [BANGING]

00:07:37.205 --> 00:07:42.920
Shortly after that, maybe a couple minutes, this guy comes in and he’s

00:07:42.920 --> 00:07:47.510
totally baffled. [FOOTFALLS] He’s looking around, running back and forth, he thinks

00:07:47.510 --> 00:07:55.790
maybe he came into the wrong section of town. He’s like hey, was there a tower here? I’m like,

00:07:55.790 --> 00:08:03.270
I don’t know. I was just – I was on the newbie character. I was Level 1. I had nothing on me,

00:08:03.270 --> 00:08:07.710
just a t-shirt and some torn pants so I was like, I don’t know what’s going on. The guy waits a

00:08:07.710 --> 00:08:15.270
few more minutes and a few more members of his guild join in. I guess they’re pretty silent,

00:08:15.270 --> 00:08:21.210
I guess they’re talking of a band of like, IRC or something but there was a lot of commotion

00:08:21.210 --> 00:08:28.050
going on. I’m just standing around going hey, let’s see where this goes. I’ve never been in

00:08:28.050 --> 00:08:35.280
a situation like this. I was kind of afraid that a GM would pop in and they’d see that – I thought

00:08:35.280 --> 00:08:40.020
that maybe the GM would be able to see that I had deleted this house and placed these three

00:08:40.020 --> 00:08:44.640
in place of it. I was like, I might as well just hang around and see if that’s the case. Let’s

00:08:44.640 --> 00:08:49.290
see how good the GM tools are and how good the server logging is when they manage their houses.

00:08:49.290 --> 00:08:55.620
I was pretty nervous ‘cause this turned into a pretty good business model and here I am thinking

00:08:55.620 --> 00:09:02.490
I’m going to lose it any minute. I’m really curious to see how this is going to play out so

00:09:02.490 --> 00:09:09.630
I hang around. [BACKGROUND COMMOTION] While the commotion happens, a GM pops in. [00:10:00] The

00:09:09.630 --> 00:09:13.680
GM is pretty much clueless. Everybody’s basically shouting at him in the game,

00:09:13.680 --> 00:09:19.740
going hey, what’s going on? I kind of felt sorry for the GM ‘cause after a few

00:09:19.740 --> 00:09:24.570
minutes I could tell that the GM had no idea what was going on. Five minutes in,

00:09:24.570 --> 00:09:31.950
he has no answer and the GM tools weren’t mature enough or advanced enough to get a tracking;

00:09:31.950 --> 00:09:38.010
was there a house here, who deleted it, and who placed these houses and when?

00:09:38.010 --> 00:09:45.510
Ten minutes in, no answer. He had lots of angry players around him. After twenty minutes it was

00:09:45.510 --> 00:09:50.670
obvious that the GM had no idea what was going on. Then the famous quote of this guy going,

00:09:50.670 --> 00:09:58.560
“It was either GMs or hackers.” They were accusing the GM of deleting the house, or hackers. I knew

00:09:58.560 --> 00:10:06.750
I was off the hook for getting banned in a game that exploit fixed right there and there.

00:10:06.750 --> 00:10:11.460
It was obvious that they didn’t have any records of what transpired,

00:10:11.460 --> 00:10:17.850
so I was relieved at that point. For all the GM knew, maybe they were totally

00:10:17.850 --> 00:10:24.690
fabricating the story, trying to defraud me with three houses on that spot. Yeah,

00:10:24.690 --> 00:10:30.900
that’s one of my favorite moments in my career of hacking online games.

00:10:30.900 --> 00:10:36.660
JACK: Manfred then found a bug that gave him the ability to build a house underground. This

00:10:36.660 --> 00:10:40.560
was interesting because if somebody walks over the house, the game would think they’re in his

00:10:40.560 --> 00:10:45.420
house so he could kill them without repercussion. Because this bug was not important to Manfred,

00:10:45.420 --> 00:10:51.000
he reported it to the GM. The GM reported it to the developers and the game company fired

00:10:51.000 --> 00:10:55.890
the GM. The game company thought the hackers who reported this must have gotten some kind of inside

00:10:55.890 --> 00:11:00.780
information from the GM to find these exploits, so the company thought the GM was working with

00:11:00.780 --> 00:11:05.850
the hackers to hack the game. On top of the GM getting fired, Manfred and his friends got banned.

00:11:05.850 --> 00:11:09.810
Manfred was just trying to help the game developers by reporting these bugs,

00:11:09.810 --> 00:11:16.140
so he was upset that they reacted this way. So Manfred waited until late Sunday night when GMs

00:11:16.140 --> 00:11:21.910
and developers were asleep and created a new character. He ran around the game

00:11:21.910 --> 00:11:27.850
deleting every house he could find. He deleted twenty houses, fifty houses, a hundred houses,

00:11:27.850 --> 00:11:32.980
and then switched to another server and deleted all the houses there. Two hundred houses were

00:11:32.980 --> 00:11:38.170
deleted and he kept switching servers and deleting even more houses. Three hundred houses deleted,

00:11:38.170 --> 00:11:44.650
four hundred, five hundred. Eventually he ran out of houses to delete and he waved one last

00:11:44.650 --> 00:11:51.130
goodbye to the game and said farewell. He logged off for the last time and never returned. That

00:11:51.130 --> 00:11:55.900
Monday morning there were so many complaints and such chaos in the game that the developers had

00:11:55.900 --> 00:11:59.650
to roll back the servers to a save point on Sunday before the houses were deleted.

00:11:59.650 --> 00:12:04.960
All players had their houses restored. The developers did acknowledge a bug in the game

00:12:04.960 --> 00:12:10.030
and apologized to players for the roll back. They even disabled the house features until they

00:12:10.030 --> 00:12:16.120
could fix the bug. Manfred’s cash cow of making money selling houses in Ultima Online was dead.

00:12:16.120 --> 00:12:20.380
MANFRED: That was back in my crazy college days where – I’m going to ask this screen shot

00:12:20.380 --> 00:12:26.380
show that I was causing the players harm. After seeing the impact that it caused the players,

00:12:26.380 --> 00:12:33.520
basically all – everything I did in online games went even more undercover than it was,

00:12:33.520 --> 00:12:42.820
meaning that any exploit I ran was completely invisible to the players and also importantly,

00:12:42.820 --> 00:12:44.560
was also invisible to the game developers.

00:12:44.560 --> 00:12:47.980
JACK: Manfred slipped into the shadows and became invisible.

00:12:47.980 --> 00:12:51.100
Manfred then found an amazing bug in another game.

00:12:51.100 --> 00:12:56.230
MANFRED: Shortly after the Ultima Online house deletion fiasco,

00:12:56.230 --> 00:13:00.820
I moved onto a game called Dark Age of Camelot. That one was the same story;

00:13:00.820 --> 00:13:06.130
I played the game, get bored of it, start reversing it, learned about the packets. Then

00:13:06.130 --> 00:13:13.690
I noticed that one of the packets would allow me to log in twice. Basically I’d be in-game,

00:13:13.690 --> 00:13:20.770
I could pass off my items, my gold, to another player like a mule character,

00:13:20.770 --> 00:13:28.180
and then I’d cause myself to log in again without logging out the previous character. What would

00:13:28.180 --> 00:13:34.060
happen server side is I’d get a fresh [00:15:00] reload of the database and I’d have all my items

00:13:34.060 --> 00:13:42.400
and my gold again. Basically this is called a dupe glitch where you duplicate items, or in this case,

00:13:42.400 --> 00:13:48.760
I duplicate my entire character. In-game, if you were to look at me, you’d see two copies

00:13:48.760 --> 00:13:52.900
of the same character standing in-game, which was pretty unique. I’ve never encountered a game

00:13:52.900 --> 00:13:59.170
like that where you could log in two characters at once that were the same database instance.

00:13:59.170 --> 00:14:04.390
JACK: Duplication exploit is the jackpot of exploits. Just the ability to duplicate

00:14:04.390 --> 00:14:09.010
in-game gold alone is a jackpot. Even if he started with one gold coin,

00:14:09.010 --> 00:14:13.210
if he duplicated it twenty times he’d have over one million gold.

00:14:13.210 --> 00:14:17.560
He possess the ability to make as much gold as he wants, whenever he wants.

00:14:17.560 --> 00:14:23.470
MANFRED: For a little bit I tweaked out my character, got the best items and all that.

00:14:23.470 --> 00:14:30.520
Then I went on eBay and I noticed that people were selling items and gold in

00:14:30.520 --> 00:14:36.910
Dark Age of Camelot. I was like hey, I have lots of items and gold. So I made an eBay

00:14:36.910 --> 00:14:48.700
account and started selling Dark Age of Camelot platinum and items on eBay. This particular bug,

00:14:48.700 --> 00:14:59.110
where you can log in twice and duplicate the character’s inventory lasted until 2013,

00:14:59.110 --> 00:15:07.960
I believe. It lasted for about fourteen years. Initially I sold on eBay. I think around 2003 or

00:15:07.960 --> 00:15:16.300
2004 eBay banned the sale of virtual goods using their platform. But the thing is, is it created

00:15:16.300 --> 00:15:23.470
this huge black market economy on the internet for virtual goods. I started selling directly to a

00:15:23.470 --> 00:15:35.040
Chinese supplier back then. It was ige.com. I went from selling on eBay to ige.com for a few years.

00:15:35.040 --> 00:15:38.760
JACK: I want to step in here for a sec and underline the situation;

00:15:38.760 --> 00:15:44.520
by using a duplication bug in the game, Manfred is able to create an unlimited amount of in-game gold

00:15:44.520 --> 00:15:50.940
and then sell this gold to players who are paying real US dollars for it. By using the bug he found,

00:15:50.940 --> 00:15:54.870
he could single-handedly meet all market demand for people who were willing to pay

00:15:54.870 --> 00:16:00.240
for in-game gold. As you can imagine, this could become a very lucrative business model.

00:16:00.240 --> 00:16:06.510
MANFRED: Yeah, you have as many dollars as the market dictates.

00:16:06.510 --> 00:16:10.020
JACK: Remember that long list of video games he said he hacked?

00:16:10.020 --> 00:16:12.090
MANFRED: Word of Warcraft was the only one,

00:16:12.090 --> 00:16:16.350
the only game that I never found a way to hack the money system.

00:16:16.350 --> 00:16:22.860
JACK: Let’s go over some more games he’s hacked. Asheron’s Call 2; he used an exploit that would

00:16:22.860 --> 00:16:27.330
allow him to crash an instance, so he’d move all his items to a friend. That friend would

00:16:27.330 --> 00:16:32.490
then log off. He’d crash the instance and then when they’d both log back in they’d both have

00:16:32.490 --> 00:16:37.770
the exact same items. This gave him the ability to duplicate anything he had, including gold.

00:16:37.770 --> 00:16:39.120
MANFRED: Anarchy Online.

00:16:39.120 --> 00:16:42.300
JACK: He found an integer overflow bug that allowed him to subtract

00:16:42.300 --> 00:16:48.300
his strength beyond zero, which gave him 65,000 strength points. He did the same

00:16:48.300 --> 00:16:50.760
thing for Intelligence, Dexterity, and Stamina.

00:16:50.760 --> 00:16:51.430
MANFRED: Lineage II.

00:16:51.430 --> 00:16:56.160
JACK: He found a bug when buying items from a vendor he could change the item ID the vendor was

00:16:56.160 --> 00:17:01.050
selling and buy any item he wanted for any price he wanted, even items that were not allowed for

00:17:01.050 --> 00:17:06.150
players to have. The reverse was true; he could sell a stick to a vendor but change the item ID

00:17:06.150 --> 00:17:09.690
in the packet and the vendor would pay as if it was a high-level, expensive item.

00:17:09.690 --> 00:17:13.170
MANFRED: Final Fantasy Online, the first one.

00:17:13.170 --> 00:17:15.900
JACK: He found numerous integer overflow exploits in this game,

00:17:15.900 --> 00:17:19.500
like when he’d try to give another player a negative amount of something,

00:17:19.500 --> 00:17:22.410
that player would end up with the maximum amount of it instead.

00:17:22.410 --> 00:17:23.910
MANFRED: Lord of the Rings Online.

00:17:23.910 --> 00:17:27.210
JACK: You could sell a rock to a vendor but say it was a diamond

00:17:27.210 --> 00:17:29.610
and the vendor would buy rocks at diamond prices.

00:17:29.610 --> 00:17:30.840
MANFRED: RIFT Online.

00:17:30.840 --> 00:17:35.670
JACK: He could withdraw negative platinum from the guild bank which would result in positive platinum

00:17:35.670 --> 00:17:39.360
in his inventory, allowing him to create as much gold as he wanted out of thin air.

00:17:39.360 --> 00:17:40.860
MANFRED: Final Fantasy XIV.

00:17:40.860 --> 00:17:45.690
JACK: It had the same exact exploits as the first Final Fantasy. One allowed him to split stacks of

00:17:45.690 --> 00:17:49.890
items like potions and conduct an integer overflow during the split, like trying to

00:17:49.890 --> 00:17:55.470
take negative one potion from the stack. This resulted in him getting two billion potions.

00:17:55.470 --> 00:18:04.440
MANFRED: WildStar Online. That one was creating a bid on an auction house, so the specifics of that

00:18:04.440 --> 00:18:15.540
one were, you’d create a maximum signed 64-bit integer bid, which was around 9 quintillion,

00:18:15.540 --> 00:18:20.010
whatever, you’d have to Google it to get the exact number. The game would

00:18:20.010 --> 00:18:25.980
take that maximum bid of nine quintillion and it would add a twenty percent fee on top of that,

00:18:25.980 --> 00:18:33.030
which would put it up into you know, eleven [00:20:00] quintillion or whatever. When I

00:18:33.030 --> 00:18:39.210
tried to subtract eleven quintillion from [inaudible] it would roll your money amount

00:18:39.210 --> 00:18:43.200
back into the positive and you’d end up with nine quintillion in game platinum.

00:18:43.200 --> 00:18:47.910
JACK: If you were to take all the WildStar Online platinum that Manfred had and sell it

00:18:47.910 --> 00:18:56.430
for real money in today’s market value, Manfred would have 397 trillion US dollars. Of course,

00:18:56.430 --> 00:19:00.190
there isn’t enough market demand for him to sell that much platinum. He

00:19:00.190 --> 00:19:03.780
was only able to sell to people who were willing to buy in-game platinum.

00:19:03.780 --> 00:19:11.910
MANFRED: This was my one and only job. Everything went on my taxes. It was legit income. I was

00:19:11.910 --> 00:19:16.590
basically extending the – or expanding the game’s functionality to provide players with

00:19:16.590 --> 00:19:25.830
in-app purchases before in-app purchases were a thing. I like to think of it as ethical black-hat

00:19:25.830 --> 00:19:31.290
hacking ‘cause I really was providing a service that the game companies weren’t providing yet.

00:19:31.290 --> 00:19:32.880
JACK: I’ve never heard the term before.

00:19:32.880 --> 00:19:35.130
MANFRED: Ethical black-hat hacking.

00:19:35.130 --> 00:19:38.880
JACK: I spent a long time talking about this with Manfred to really understand

00:19:38.880 --> 00:19:43.410
what he means. To understand this, let’s use an analogy. Let’s go back to the 1920s

00:19:43.410 --> 00:19:48.270
when movie theatres didn’t sell popcorn or snacks in the theatre. Imagine that Manfred

00:19:48.270 --> 00:19:52.590
is the guy who sold popcorn outside the movie theatre. People want some kind of snack while

00:19:52.590 --> 00:19:56.430
watching the film but since the theatre didn’t sell any, they turned to the guy

00:19:56.430 --> 00:20:01.200
selling popcorn outside and they’d sneak it in. The popcorn seller isn’t competing with

00:20:01.200 --> 00:20:05.220
the theatre in any way. But then the movie theatre saw how much the popcorn seller was

00:20:05.220 --> 00:20:09.900
making and couldn’t keep the popcorn outside the movie theatres, so they decided to start

00:20:09.900 --> 00:20:14.310
selling it themselves. Now the popcorn seller would be competing with the movie theatre.

00:20:14.310 --> 00:20:20.580
In fact, today movie theatres make more money selling snacks than they do selling movie tickets.

00:20:20.580 --> 00:20:25.680
Manfred would only sell gold to players for games that weren’t already doing that themselves. He

00:20:25.680 --> 00:20:30.720
thinks it would be unethical to compete with game companies that sell gold to players since it hurts

00:20:30.720 --> 00:20:36.330
their revenue. Just like how movie theatres make more money selling snacks today, game companies

00:20:36.330 --> 00:20:41.640
make more money through in-app purchases today than they do actually selling the game. Some game

00:20:41.640 --> 00:20:46.170
companies have stopped charging entirely for their game because of how profitable in-app purchases

00:20:46.170 --> 00:20:52.350
are. While Manfred tries to stay ethical while hacking, there are a lot of hackers that don’t.

00:20:52.350 --> 00:20:56.520
MANFRED: A lot of the Chinese and Russian hackers that are involved with this,

00:20:56.520 --> 00:21:01.800
and there’s a lot of them, they hack in the way that’s completely black-hat and

00:21:01.800 --> 00:21:08.250
completely unethical. They don’t care about compromising servers. They’ll send malware

00:21:08.250 --> 00:21:13.950
to people that play the game just so they could install a key logger and steal their

00:21:13.950 --> 00:21:19.770
game credentials. They’ll log into hundreds of accounts at a time and basically strip

00:21:19.770 --> 00:21:24.900
the characters and accounts naked, immensely hurting the players that are playing this game.

00:21:24.900 --> 00:21:32.370
[MUSIC] Also, another little insight secret is, let’s say you’re playing World of Warcraft and you

00:21:32.370 --> 00:21:38.100
go to a World of Warcraft fan website, where players talk about the game and the upcoming

00:21:38.100 --> 00:21:45.370
patches, and maybe databases of items in the game. It’s a community for World of Warcraft

00:21:45.370 --> 00:21:53.680
players. Often these community sites will be ran by either the Chinese or the Russians

00:21:53.680 --> 00:22:00.340
and you want to take a guess as to why the Chinese and Russians would want to run the

00:22:00.340 --> 00:22:07.810
fan site for video game players? It’s really simple ‘cause the main reason is people tend

00:22:07.810 --> 00:22:14.290
to re-use their e-mail addresses and passwords. If you log into a fan site for World of Warcraft,

00:22:14.290 --> 00:22:18.070
chances are pretty good that same username and password you’re using

00:22:18.070 --> 00:22:21.280
for that fan site will also work on your World of Warcraft account.

00:22:21.280 --> 00:22:25.480
JACK: This is probably the most unethical way of getting in-game gold. It hurts the

00:22:25.480 --> 00:22:29.230
players who love and play the game but these kind of hackers didn’t stop there.

00:22:29.230 --> 00:22:38.500
MANFRED: Denial of service attack game companies game servers in retaliation. They’ll try and root

00:22:38.500 --> 00:22:44.830
through systems to get ahold of the databases, which happened to Guild Wars II and probably a

00:22:44.830 --> 00:22:52.690
lot of other games. It’s the Wild West, it’s a multi-billion dollar industry and you have

00:22:52.690 --> 00:22:58.840
a lot of hackers out there that don’t care or are out of reach of the long arm of the law

00:22:58.840 --> 00:23:03.820
‘cause they’re in China or Russia and they don’t care about breaking any US laws.

00:23:03.820 --> 00:23:08.830
JACK: As a quick side bar, in 2011 the New York Times reported hackers that were sponsored by

00:23:08.830 --> 00:23:15.160
North Korea and Kim Jong-Il were caught hacking into the Lineage video game servers. The story

00:23:15.160 --> 00:23:19.450
says they were doing it to raise money for North Korea. This is the only time I’ve ever heard of

00:23:19.450 --> 00:23:23.860
a nation state sponsoring a hack against a video game company. It’s also unique because

00:23:23.860 --> 00:23:28.930
most nation state hacks aren’t done simply to make extra money. The article says North Korea

00:23:28.930 --> 00:23:34.510
hackers made six million dollars in their [00:25:00] hacks against Lineage servers.

00:23:34.510 --> 00:23:39.070
Manfred did not believe he broke any laws doing what he did. Yes, it was against the game rules

00:23:39.070 --> 00:23:43.450
and if he was caught he was banned. At one point he was even sent a cease and desist letter,

00:23:43.450 --> 00:23:48.340
but never did the game company try to come after him using any law enforcement. He’s

00:23:48.340 --> 00:23:52.030
also proud that he didn’t harm any other players and he didn’t compete with the

00:23:52.030 --> 00:23:57.070
video game makers’ business model. This is why he calls it ethical but he still calls

00:23:57.070 --> 00:24:01.310
it black-hat hacking since he’s breaking the rules of the game and the client to

00:24:01.310 --> 00:24:05.705
accomplish his hacks. The line is certainly gray on where ethics and laws meet here.

00:24:05.705 --> 00:24:12.320
MANFRED: The way game companies look at security, they frown upon people modding their clients,

00:24:12.320 --> 00:24:17.450
people reverse-engineering, but I think they really should take a step back and

00:24:17.450 --> 00:24:26.180
try and work with hackers in the community to help secure their games. Because over

00:24:26.180 --> 00:24:30.620
the past twenty years, every single game has integer overflow and that’s

00:24:30.620 --> 00:24:35.840
something that really shouldn’t happen. It’s akin to having SQL injection in a

00:24:35.840 --> 00:24:41.060
website. It happens but it shouldn’t be in every single instance of the game.

00:24:41.060 --> 00:24:46.730
For example, WildStar Online, I think that their budget to create that game

00:24:46.730 --> 00:24:51.650
was in excess of fifty million dollars and they had extremely simple exploits

00:24:51.650 --> 00:24:57.110
in that game. They didn’t allocate just a small percentage of that budget into

00:24:57.110 --> 00:25:05.960
spending even a day – even testing some of the publically player-facing functional that the

00:25:05.960 --> 00:25:12.590
key server provides. I think most of these bugs or exploits, especially the integer overflows,

00:25:12.590 --> 00:25:21.680
could be identified and fixed within just a week’s worth of time. It’s time to take

00:25:21.680 --> 00:25:29.210
a different approach to trying to assist people. If somebody comes forward with a hack, don’t ban

00:25:29.210 --> 00:25:36.380
them. Don’t be a dick. Just work with them and say thanks. Don’t ban them and create more problems.

00:25:36.380 --> 00:25:40.460
JACK: It sounds like these online games don’t give people any incentive

00:25:40.460 --> 00:25:44.780
to report the exploits they find. A lot of companies today offer bounty rewards

00:25:44.780 --> 00:25:48.710
for people who find bugs, but not very many game companies are doing this yet.

00:25:48.710 --> 00:25:54.020
MANFRED: As you said, the game companies are moving into providing the sale of virtual goods

00:25:54.020 --> 00:25:59.720
directly through their in-game interface mechanics. This is exactly why I decided

00:25:59.720 --> 00:26:08.200
to leave. [MUSIC] This is really going from a gray area to almost illegal but it would

00:26:08.200 --> 00:26:14.380
be unethical for me to go in and undermine a company’s in-app purchase business model,

00:26:14.380 --> 00:26:23.500
so that’s why last year I threw in the towel and I moved on. It’s kind of interesting ‘cause there

00:26:23.500 --> 00:26:28.960
were a few discussions online about the Defcon talk and people were saying people

00:26:28.960 --> 00:26:33.820
frowned upon companies doing in-app purchases. They’re like, why is this guy stepping away now

00:26:33.820 --> 00:26:39.490
when he should be going in right now and undermining their entire business model

00:26:39.490 --> 00:26:47.530
that’s screwing players over? My main point is that I did this as a business while I felt it

00:26:47.530 --> 00:26:53.170
was ethical and legal. Last year I stopped doing it ‘cause I thought I was encroaching

00:26:53.170 --> 00:27:01.070
into unethical territory by competing with the game’s in-app purchase business model.

00:27:01.070 --> 00:27:05.240
JACK: For the last twenty years, Manfred has been able to support himself solely

00:27:05.240 --> 00:27:10.970
through exploiting online video games but his epic journey now comes to an end. He no

00:27:10.970 --> 00:27:15.800
longer exploits games and sells virtual items. Now Manfred works for a security

00:27:15.800 --> 00:27:21.260
assessment company and has gone completely white-hat. This is why he’s now able to

00:27:21.260 --> 00:27:25.850
tell his story about what he’s been doing for the last twenty years. Even though he

00:27:25.850 --> 00:27:30.530
thinks it’s unethical to compete with companies who have in-app purchases, there are still many

00:27:30.530 --> 00:27:36.080
other hackers who continue to exploit online video games. This will probably continue until

00:27:36.080 --> 00:27:41.122
there’s no longer a demand for virtual goods. But that is not going to happen anytime soon.

00:27:41.122 --> 00:27:50.960
JACK (OUTRO): [OUTRO MUSIC] You’ve been listening to Darknet Diaries. There’s a

00:27:50.960 --> 00:27:54.350
bunch of screenshots of Manfred’s adventures at darknetdiaries.com.

00:27:54.350 --> 00:27:57.500
Be sure to check them out as well as links to some of the stories that were

00:27:57.500 --> 00:28:02.510
mentioned. Music is provided by Ian Alex Mac, Kevin MacLeod, and Tabletop Audio.