WEBVTT

00:00:02.330 --> 00:00:07.700
JACK: Back in 2002, I got banned from playing EverQuest. [MUSIC] This was a massive multiplayer

00:00:07.700 --> 00:00:13.670
online roleplaying game, or MMORPG. I spent years playing the game as a half-elf bard traveling

00:00:13.670 --> 00:00:17.660
through the world of Norrath. It consumed my life but I had ventures that I’ll never forget,

00:00:17.660 --> 00:00:22.640
like the time I got together with eighty other players and killed dragons like Lady Vox and

00:00:22.640 --> 00:00:27.380
Nagafen. But after years of doing the same repetitive things over and over and making

00:00:27.380 --> 00:00:32.570
it to the top, I got bored and I quit. But that didn’t last long because I found myself

00:00:32.570 --> 00:00:37.250
playing again a few weeks later. I had spent years working on my character and it was just too hard

00:00:37.250 --> 00:00:41.930
to let it go. I got to the point where I just couldn’t quit the game, so the only solution I

00:00:41.930 --> 00:00:47.240
could think of to force me to quit was to find a way to get banned. So I started using a bot.

00:00:47.240 --> 00:00:50.660
The bot would take control of my character and automate it for me.

00:00:50.660 --> 00:00:54.590
This was strictly against game rules. I would leave the bot run all night long,

00:00:54.590 --> 00:00:58.190
fighting monsters and gaining experience while I was sleeping. When I awoke,

00:00:58.190 --> 00:01:03.980
I was surprised to see that I was still fighting monsters, still not banned. I kept botting and

00:01:03.980 --> 00:01:09.080
letting it run night after night. Eventually players complained to a GM, or Game Master,

00:01:09.080 --> 00:01:15.470
which is like the game’s admin and I got just what I wanted - banned. While this story is epic

00:01:15.470 --> 00:01:20.630
in my own memories, it’s nothing compared to the story you’re about to hear. You’re about to hear

00:01:20.630 --> 00:01:26.780
possibly the most epic online video game story of all time. This tale is so crazy that it was even

00:01:26.780 --> 00:01:32.330
featured in Wired Magazine. The world will become altered in ways you’ve never expected. There will

00:01:32.330 --> 00:01:37.130
be massive amounts of gold and wealth, so gather around and listen to a tale of epic proportions.

00:01:37.130 --> 00:01:42.980
JACK (INTRO): [INTRO MUSIC] This is Darknet Diaries, true stories

00:01:42.980 --> 00:01:49.885
from the dark side of the internet. I’m Jack Rhysider. [INTRO MUSIC ENDS]

00:01:49.885 --> 00:01:54.520
JACK: I feel really lucky to have captured this story. This is one that

00:01:54.520 --> 00:01:57.940
almost got away and disappeared into the sunset forever. It’s a

00:01:57.940 --> 00:02:01.135
rare one to be heard. This is a story from a guy named Manfred.

00:02:01.135 --> 00:02:03.070
MANFRED: Hello. Hey, how’s it going?

00:02:03.070 --> 00:02:07.420
JACK: Manfred has kept his story quiet for twenty years. He’s never publically

00:02:07.420 --> 00:02:11.380
told these stories until this year. He first spoke about this at Defcon,

00:02:11.380 --> 00:02:16.600
the largest hacker conference in the world, but he didn’t get to say everything he wanted to say.

00:02:16.600 --> 00:02:22.720
MANFRED: I was going to show two zero-day exploits in a couple of games. I was in

00:02:22.720 --> 00:02:29.650
the Green Room at Defcon like, fifteen minutes before my talk. One of the Defcon team members,

00:02:29.650 --> 00:02:37.210
goons, they asked me what my talk’s about and began the subject of me demonstrating

00:02:37.210 --> 00:02:43.390
this exploit. He went to talk to another goon and they both came back to me and they’re like,

00:02:43.390 --> 00:02:47.140
you probably don’t want to do this. You can talk about the exploit;

00:02:47.140 --> 00:02:52.570
just don’t demonstrate how to reproduce it. Then I was like, you guys are probably right.

00:02:52.570 --> 00:02:56.470
JACK: He did talk about the numerous games he did hack during his Defcon talk,

00:02:56.470 --> 00:03:00.460
which was recorded and put on YouTube. But that didn’t last long.

00:03:00.460 --> 00:03:05.500
MANFRED: My Defcon talk got taken down due to a copyright claim by ArenaNet,

00:03:05.500 --> 00:03:06.670
the makers of Guild Wars 2.

00:03:06.670 --> 00:03:10.660
JACK: As you can see, the story is not only rare but in some ways,

00:03:10.660 --> 00:03:17.800
forbidden. So let’s begin, shall we? First off, what kind of name is Manfred?

00:03:17.800 --> 00:03:24.310
MANFRED: Back in the early days of Ultima Online I did a lot of PKing and griefing and

00:03:24.310 --> 00:03:34.330
all that good stuff. Originally my name wasn’t Manfred. It was Phuckchop. P-H-U-C-K-C-H-O-P. I

00:03:34.330 --> 00:03:40.420
guess it kind of added insults to injury to the players that I’d kill. They’d [inaudible] their

00:03:40.420 --> 00:03:46.810
hard-earned resources. All good fun, you know. It’s not me in real life. It was just a game.

00:03:46.810 --> 00:03:52.750
I did it all in good fun. Under that name of Phuckchop I player-killed, PKD, as it’s called,

00:03:52.750 --> 00:04:01.350
for weeks and maybe months. Then one day I was just sitting AFK in town under guard protection

00:04:01.350 --> 00:04:07.680
next to an in-game bank. Then I went out to get some Krispy Kreme doughnuts for lunch. That was

00:04:07.680 --> 00:04:13.920
my usual lunch. I get a dozen of those. They’re pretty awesome. [00:05:00] I came back and I

00:04:13.920 --> 00:04:20.910
looked at my character and my name was Manfred. I was like hmm, this is interesting. I looked at the

00:04:20.910 --> 00:04:27.750
chat log and I saw that a GM told me that he can’t have me going around killing players as Phuckchop.

00:04:27.750 --> 00:04:34.680
He’s like, you can kill players or whatever, it’s part of the game, but we can’t have that name

00:04:34.680 --> 00:04:40.260
so he just changed my name to a random name and it happened to be Manfred. It stuck ever since.

00:04:40.260 --> 00:04:45.690
JACK: That story took place twenty years ago. Manfred has been playing MMORPGs ever

00:04:45.690 --> 00:04:51.210
since. It always starts out the same way; he’ll play, have fun, learn the game inside and out,

00:04:51.210 --> 00:04:54.330
and then eventually get bored and start to tinker with it.

00:04:54.330 --> 00:04:58.440
MANFRED: For fun I reverse-engineer games and I reverse-engineer how the protocol

00:04:58.440 --> 00:05:02.970
talks to the server and vice versa, how the server talks back to the client.

00:05:02.970 --> 00:05:07.950
JACK: He hacks online video games. This is what he’s good at. After twenty years of doing this,

00:05:07.950 --> 00:05:12.000
he is an expert at finding bugs in MMOs. He captures the packets and

00:05:12.000 --> 00:05:15.990
analyzes what’s in them. He’ll injects his own data into packets and see how the game

00:05:15.990 --> 00:05:19.800
responds. He’ll find ways into the game client and manipulate what traffic is

00:05:19.800 --> 00:05:24.180
sent to the server. The exploit he finds in almost every game is an integer overflow.

00:05:24.180 --> 00:05:29.430
To understand this, imagine you have a clock and the time is 1:00. Now, if you were to

00:05:29.430 --> 00:05:34.980
subtract one minute from it, the time would then be 12:59. Do you see how by subtracting,

00:05:34.980 --> 00:05:40.200
it resulted in a larger number? Computers have a limit of how high they can count and once they

00:05:40.200 --> 00:05:45.420
hit that limit it rolls all the way around to the lowest number they can count. Video games

00:05:45.420 --> 00:05:50.040
don’t always check if you can subtract from the lowest amounts, so Manfred tries to subtract

00:05:50.040 --> 00:05:54.660
from zero and he sometimes gets surprising results. He’s doing this at the packet level,

00:05:54.660 --> 00:05:58.650
sort of like a man-in-the-middle. When a packet is sent from his computer to the server,

00:05:58.650 --> 00:06:03.660
he captures it, changes some values, and sends it off. He’s been doing this for a

00:06:03.660 --> 00:06:10.320
long time so he can pretty much find bugs in any game. So far he’s found bugs in all these games.

00:06:10.320 --> 00:06:15.240
MANFRED: Ultima Online, Dark Age of Camelot, Anarchy Online, Lineage II, Final Fantasy Online,

00:06:15.240 --> 00:06:20.790
the first one, World of Warcraft, RIFT Online, Elder Scrolls Online,

00:06:20.790 --> 00:06:25.830
Lord of the Rings Online, RIFT Online II, Final Fantasy XIV,

00:06:25.830 --> 00:06:30.510
Guild Wars II, and WildStar Online. I’m sure I forgot five or six more.

00:06:30.510 --> 00:06:34.920
JACK: Because I personally played a lot of World of Warcraft, let’s start

00:06:34.920 --> 00:06:40.725
there. World of Warcraft was leading the pack as the most popular MMORPG in 2007.

00:06:40.725 --> 00:06:44.400
MANFRED: Back when I was playing it I think it had close to ten million players.

00:06:44.400 --> 00:06:48.450
JACK: Manfred had been playing for a while and he was having fun leveling up his characters,

00:06:48.450 --> 00:06:52.500
fighting creatures, and exploring the world. This game had a thing called a talent system,

00:06:52.500 --> 00:06:56.610
and for every level you level up, you get one talent point to put into improving your

00:06:56.610 --> 00:07:00.300
character. Manfred became curious what packets the computer was sending to the

00:07:00.300 --> 00:07:05.040
server when he would use a talent point, but there was a problem. The packets between his

00:07:05.040 --> 00:07:08.400
computer and the server were encrypted so he couldn’t see what was inside

00:07:08.400 --> 00:07:13.290
them or inject his own data in it. But he’s a reverse-engineer, so he starts to tinker with…

00:07:13.290 --> 00:07:20.310
MANFRED: Slightly modifying the game client so I could take over the communication before

00:07:20.310 --> 00:07:24.000
encryption happens, when the packets are outgoing. Then I take over communication

00:07:24.000 --> 00:07:26.520
after encryption happens, when they’re coming from the server.

00:07:26.520 --> 00:07:30.720
JACK: Once he has his hooks in the game communication, he played the game and

00:07:30.720 --> 00:07:35.940
spent a talent point to boost his character. He saw what the data looks like when this happens.

00:07:35.940 --> 00:07:40.410
He tried replaying that same packet back to the game client. What he was expecting

00:07:40.410 --> 00:07:44.160
to see was that he had spent one talent point and his talent would go up by one.

00:07:44.160 --> 00:07:51.180
MANFRED: I noticed that my skills didn’t match up with the talent points I spent. There was a

00:07:51.180 --> 00:07:59.280
disconnect. Supposedly I had, for example, like fifteen skill points in this one skill tree but

00:07:59.280 --> 00:08:06.990
I didn’t use any of my talent points, which was weird. Somehow at least initially I thought was

00:08:06.990 --> 00:08:13.710
just a client-side glitch where I raise my talents without using any skill points. I logged out of

00:08:13.710 --> 00:08:18.750
the game, closed down the client, and I pull up a fresh copy of my character from the server

00:08:18.750 --> 00:08:25.290
that told me the true story of what’s going on. I log into the game and I still have my whatever,

00:08:25.290 --> 00:08:30.630
fifteen points in my talent tree, and I still have my fifteen skill points. I was like okay,

00:08:30.630 --> 00:08:32.790
this is interesting. Let’s see what’s going on here.

00:08:32.790 --> 00:08:37.290
JACK: [MUSIC] Talent points are rare and you can only get a certain amount.

00:08:37.290 --> 00:08:41.400
You can only spend a maximum of five on a specific skill but Manfred found

00:08:41.400 --> 00:08:45.720
a way to spend talent points without using talent points, and to spend more than five.

00:08:45.720 --> 00:08:50.190
MANFRED: I was able to boost it up to fifteen points using only

00:08:50.190 --> 00:08:55.080
five points. Any exploits that improves your character’s strength or gave you an

00:08:55.080 --> 00:08:59.820
advantage over another player were pretty significant ‘cause you gain an advantage,

00:08:59.820 --> 00:09:03.000
an unfair advantage, over ten million players, basically.

00:09:03.000 --> 00:09:07.950
JACK: After Manfred overloaded his talents with this exploit, he became god-like in

00:09:07.950 --> 00:09:12.570
the game. His powers were far more superior than any other player. [00:10:00] He started

00:09:12.570 --> 00:09:16.710
decking out his character in all the best equipment and made himself even more powerful.

00:09:16.710 --> 00:09:20.280
MANFRED: Then I went to see if I could complete a dungeon solo.

00:09:20.280 --> 00:09:24.510
JACK: He was able to easily clear dungeons that normally takes five people to complete,

00:09:24.510 --> 00:09:29.490
allowing him to gather even better equipment and improving more. He kept pushing his abilities

00:09:29.490 --> 00:09:34.380
to see what was possible to do with this super character. At one point his goal became Molten

00:09:34.380 --> 00:09:39.750
Core. This was a raid-level dungeon which required forty people to clear. He tried to solo it.

00:09:39.750 --> 00:09:46.470
MANFRED: My character wasn’t powerful enough to complete Molten Core so we started getting some

00:09:46.470 --> 00:09:53.670
friends together. I’d buff up my characters and my friends’ characters and we’d go and

00:09:53.670 --> 00:09:57.630
complete Molten Core, which I think was a forty-person dungeon. We’d do it with like,

00:09:57.630 --> 00:10:05.400
eight people. It was a lot of fun. It was challenging. We used this talent

00:10:05.400 --> 00:10:10.890
exploit to complete dungeons with very few people for probably eight to nine months.

00:10:10.890 --> 00:10:18.620
JACK: [MUSIC] The game developers never detected or caught Manfred doing these exploits.

00:10:18.620 --> 00:10:23.750
MANFRED: You’d think they’d have metrics on all these dungeons and they could see how

00:10:23.750 --> 00:10:29.600
quickly a group of players could finish a dungeon or whatnot, but they didn’t.

00:10:29.600 --> 00:10:33.590
JACK: He went back to reverse-engineering the client. He found there were debug

00:10:33.590 --> 00:10:38.030
packets that were enabled in production servers. After spending time analyzing

00:10:38.030 --> 00:10:41.600
the debug packets he found ways of doing some amazing things.

00:10:41.600 --> 00:10:47.330
MANFRED: Things like broadcasting messages to the entire server, like teleport directly to a player.

00:10:47.330 --> 00:10:51.530
JACK: Even after using these exploits for a few months he still wasn’t caught or detected,

00:10:51.530 --> 00:10:53.270
so he eventually started getting bored with the

00:10:53.270 --> 00:10:56.420
game and decided to see how far he can push this before getting banned.

00:10:56.420 --> 00:11:02.750
MANFRED: Usually the way this ends is in PVP. People complain when they get killed

00:11:02.750 --> 00:11:10.730
instantly. We started going out into the PVP lands and just basically one-shotting people,

00:11:10.730 --> 00:11:16.580
killing the person, like a super buffed-up Level 80 person or Level 50,

00:11:16.580 --> 00:11:22.070
whatever the level cap was back then, in a single hit or a couple of hits. The players would start

00:11:22.070 --> 00:11:29.360
complaining. They’d take screen shots, they’d call GMs, and fairly quickly,

00:11:29.360 --> 00:11:34.160
maybe one or two weeks, maybe three weeks afterwards, we all get banned.

00:11:34.160 --> 00:11:38.930
JACK: What surprises me most about this story is how a game the size of World of Warcraft

00:11:38.930 --> 00:11:43.790
can have these exploits in them. The game had ten million players who were all paying

00:11:43.790 --> 00:11:49.100
$15 a month to play. The game developers were bringing in over $100,000,000 a month

00:11:49.100 --> 00:11:55.370
or $3,000,000 a day. With a budget like that you’d like they’d have solved every exploit.

00:11:55.370 --> 00:12:01.940
MANFRED: That was a huge oversight on the developer’s part. They shouldn’t have included

00:12:01.940 --> 00:12:07.970
development packets in their production MMORPG on the scale of World of Warcraft.

00:12:07.970 --> 00:12:12.920
JACK: While Manfred was banned from World of Warcraft, it was no problem for him because he

00:12:12.920 --> 00:12:17.600
could just move on to another game. [MUSIC] A few years before that, he played a game called

00:12:17.600 --> 00:12:23.690
Shadowbane. It was an MMORPG. You level up your character by killing monsters, equip new items,

00:12:23.690 --> 00:12:28.700
and you fight other players too, but only in certain areas. Manfred was amazed at how buggy

00:12:28.700 --> 00:12:33.590
this game was. He concluded the game must have skipped any Alpha testing, any Beta testing,

00:12:33.590 --> 00:12:37.940
and went directly to final release. In all his twenty years of hacking video games,

00:12:37.940 --> 00:12:41.960
none have come close to how bad Shadowbane was in terms of bugs.

00:12:41.960 --> 00:12:47.120
MANFRED: I think Shadowbane deserves its own category and maybe a movie

00:12:47.120 --> 00:12:52.730
made after it. Shadowbane was so hopelessly insecure that – no,

00:12:52.730 --> 00:12:55.880
if I were to write a game to demonstrate the game developers,

00:12:55.880 --> 00:13:01.760
no, do not write the game like this ‘cause this is very insecure. I’d basically give them Shadowbane.

00:13:01.760 --> 00:13:06.950
JACK: The story starts the same way as others. Manfred played the game, got good at it,

00:13:06.950 --> 00:13:11.420
and then got bored and started reverse-engineering the client. He saw that when you get experience

00:13:11.420 --> 00:13:15.410
points, [NOTIFICATION SOUNDS] a packet is sent to the game indicating how many experience points you

00:13:15.410 --> 00:13:20.360
just earned. He captured that packet, sent it a second time, and sure enough he got experience

00:13:20.360 --> 00:13:25.580
points in the game just for resending that packet again. He could keep getting unlimited experience

00:13:25.580 --> 00:13:30.860
points by just sending specially crafted packets to the server. Within a few minutes he gained over

00:13:30.860 --> 00:13:37.910
100 levels. [00:15:00] He found that there was no server side validation for any packet he sent,

00:13:37.910 --> 00:13:43.220
so he could do almost anything he wanted. He could open up other players’ bank vaults,

00:13:43.220 --> 00:13:48.290
take items from them, he could load any piece of equipment into his inventory;

00:13:48.290 --> 00:13:52.661
he could even gain massive amounts of strength and HIT points. [LEVEL UP SOUND]

00:13:52.661 --> 00:13:56.450
MANFRED: Pretty much anything that I tried,

00:13:56.450 --> 00:14:01.790
any exploit I tried, worked. It was like, is this real life?

00:14:01.790 --> 00:14:06.710
JACK: He tried to see if anyone would be willing to buy equipment, gold, or characters from him for

00:14:06.710 --> 00:14:10.910
real dollars. But there just wasn’t enough demand because there wasn’t enough players

00:14:10.910 --> 00:14:15.890
playing Shadowbane. He decided the game was so buggy and he didn’t want to play it anymore.

00:14:15.890 --> 00:14:21.710
MANFRED: We just decided to do a grand finale hack and basically uninstall the game and move

00:14:21.710 --> 00:14:29.910
on. I knew if we made this super obvious that servers would get rolled back, so we

00:14:29.910 --> 00:14:33.720
did have to kind of go over the top. ‘Cause if we killed a few players here and there and blah,

00:14:33.720 --> 00:14:39.060
blah, blah, they’d complain to developers on the forums and they’d ignore it. But if

00:14:39.060 --> 00:14:46.800
we do a mass scale game-mechanics changing attack where it kills hundreds of players,

00:14:46.800 --> 00:14:55.170
totally alters the rules of the game, then they’d get rolled back. One of our grand finale acts was

00:14:55.170 --> 00:15:01.800
to basically teleport high-level monsters into safe haven cities that new players would start

00:15:01.800 --> 00:15:05.910
in. Let’s say, create a new character in Shadowbane, you’re sent into this little

00:15:05.910 --> 00:15:10.080
island where the game teaches you how to play. It’s supposed to be completely safe.

00:15:10.080 --> 00:15:16.650
But we teleported like Level 200 monsters in there to kill anybody that joined the game.

00:15:16.650 --> 00:15:20.610
You joined the game as a new player, and then suddenly this Level 200 dragon just

00:15:20.610 --> 00:15:27.960
totally decimates you. On this little island of new players, we probably killed dozens and

00:15:27.960 --> 00:15:33.780
dozens and dozens of them. New players joined the game and were respawning over a course of

00:15:33.780 --> 00:15:43.890
thirty minutes to an hour. We teleported an entire town full of people under the ocean. They’d slowly

00:15:43.890 --> 00:15:50.730
drown. They weren’t drowning fast enough, so we also teleported monsters with them so that the

00:15:50.730 --> 00:15:57.250
monsters would kill the drowning players. [MONSTER SOUNDS] We’re killing newbies joining in the game,

00:15:57.250 --> 00:16:07.030
we’re killing active players, we’re teleporting players into the ocean; it’s just complete chaos.

00:16:07.030 --> 00:16:12.760
It was yeah, it was pretty funny. It was all in good fun. I was kind of in shock and awe. It

00:16:12.760 --> 00:16:19.780
was funny that the events that were going on; players being teleported into the sea, monsters

00:16:19.780 --> 00:16:24.880
being teleported into newbie areas where players are supposed to be safe. It was shocking that,

00:16:24.880 --> 00:16:29.200
you know, how is it possible that we could pull this off in a supposedly final game?

00:16:29.200 --> 00:16:33.220
JACK: But still, that wasn’t enough. He decided to make every safe zone in the

00:16:33.220 --> 00:16:37.840
game a PVP zone. This means the players could attack other players anywhere in

00:16:37.840 --> 00:16:42.700
the world. There was no place to hide. Manfred had used his exploits to level

00:16:42.700 --> 00:16:45.940
his character high up and gave his character all the best equipment in

00:16:45.940 --> 00:16:51.070
the game. Now that the whole world is a PVP area, you can guess what he did next.

00:16:51.070 --> 00:16:57.580
MANFRED: Me and my friends just going in and decimating everybody with highly overpowered

00:16:57.580 --> 00:17:06.360
characters. [FIGHTING SOUNDS] Yeah, it was complete chaos and disorder. All in good fun.

00:17:06.360 --> 00:17:16.500
JACK: Manfred’s chaos impacted everyone on the entire server. There were hundreds of tombstones

00:17:16.500 --> 00:17:21.810
everywhere you looked and everyone was wondering what in the world is happening? Some people are

00:17:21.810 --> 00:17:26.580
saying the gods went crazy and other people are saying there’s bugs in the game. After about an

00:17:26.580 --> 00:17:32.460
hour of total chaos the servers went offline. Him and his friends were banned from the game

00:17:32.460 --> 00:17:37.860
and the server rolled back to a save point before the chaos began and all players were restored.

00:17:37.860 --> 00:17:43.530
MANFRED: Initially the Shadowbane people thought somebody [inaudible] their servers,

00:17:43.530 --> 00:17:48.060
gained illegal access to their servers and they thought their servers were compromised when all

00:17:48.060 --> 00:17:54.720
we were doing was just using in-game mechanics. I look at the aftermath in the Shadowbane forums

00:17:54.720 --> 00:17:58.590
and some of the players were saying this should happen more often, this was like,

00:17:58.590 --> 00:18:04.920
the most fun they’ve ever had since they bought the game. There are some players that were kind

00:18:04.920 --> 00:18:08.610
of annoyed and some players were like hey, this is pretty cool. Let’s do it again.

00:18:08.610 --> 00:18:14.910
JACK: This Shadowbane hack was so ridiculous that Wired wrote an article about it back in 2003 when

00:18:14.910 --> 00:18:20.910
it happened. Nobody ever knew who was behind this until now. Wired posted a comment from the game

00:18:20.910 --> 00:18:25.410
developers which said, quote, “We’re working with law enforcement and we promise all of you

00:18:25.410 --> 00:18:29.550
that these individuals will be prosecuted to the full extent of the law.” End quote.

00:18:29.550 --> 00:18:34.290
MANFRED: That was all bark. I think they realized that their servers

00:18:34.290 --> 00:18:38.220
weren’t [00:20:00] compromised and we were just using the game protocol and

00:18:38.220 --> 00:18:44.220
the game logic against itself by finding unattended features in the protocol.

00:18:44.220 --> 00:18:49.110
JACK: Manfred was never contacted by game developers or law enforcement for this event.

00:18:49.110 --> 00:18:54.450
Manfred has tried working with game developers to responsibly disclose the bugs he finds.

00:18:54.450 --> 00:18:59.400
MANFRED: Back in the early days when I started doing this, I tried to work with the game

00:18:59.400 --> 00:19:07.740
developers. It’s always backfired. For one example would be Anarchy Online. I think it came out in

00:19:07.740 --> 00:19:16.170
2000 or 2001. I paged GM in the game and I go hey, I want to talk to one of your developers

00:19:16.170 --> 00:19:25.510
about some exploits I’ve found. We go in; we talk in the IRC, try and go out of the band,

00:19:25.510 --> 00:19:32.260
outside the game, and talk over IRC. We’re like, here’s the exploits, here’s how to reproduce them,

00:19:32.260 --> 00:19:39.160
here’s how to do them. They’re like okay cool, thanks. The next day we wake up and our accounts

00:19:39.160 --> 00:19:48.640
are banned. This happened twice early on and if it happens twice or it if it happens in one game and

00:19:48.640 --> 00:19:52.240
then it happens in another game, typically it’d be different development game. You’ve

00:19:52.240 --> 00:19:57.670
got to assume maybe the game industry doesn’t want to work with people responsibly disclosing hacks.

00:19:57.670 --> 00:20:01.960
I think their main point is they don’t want people reverse-engineering their client in

00:20:01.960 --> 00:20:07.690
the first place. Maybe, I think, that’s their motive for banning people that find these sorts

00:20:07.690 --> 00:20:11.290
of things. It was kind of counter-intuitive because you don’t want to ban the people

00:20:11.290 --> 00:20:14.980
that are trying to help you out. You’d think they’d want to give us resources or additional

00:20:14.980 --> 00:20:20.140
resources or be like hey, here’s some free accounts and here’s our private test servers,

00:20:20.140 --> 00:20:26.740
have at. The opposite happened. They just said we’re gonna ban you; don’t come back.

00:20:26.740 --> 00:20:32.230
JACK: This year Manfred gave a talk at Defcon. He was going to expose two unfixed bugs in

00:20:32.230 --> 00:20:37.240
Elder Scrolls Online and WildStar Online. He decided not to demonstrate the hack.

00:20:37.240 --> 00:20:43.540
MANFRED: After the talk, one of the companies that was behind Elder Scrolls Online came up

00:20:43.540 --> 00:20:50.470
to me. [MUSIC] They were like here’s my business card, let’s talk. I talked to them. I showed them

00:20:50.470 --> 00:20:57.310
the exploit shortly after Defcon. While we were still in Vegas I showed it to them in person.

00:20:57.310 --> 00:21:05.410
They were like cool, thanks. The other one for WildStar Online, I sent him an e-mail describing

00:21:05.410 --> 00:21:15.760
the issue at hand and its ramifications. They got back to me and said cool, thanks. That’s about it.

00:21:15.760 --> 00:21:26.050
For Elder Scrolls Online I last checked about a month and a half ago, which was about six weeks

00:21:26.050 --> 00:21:33.370
after Defcon and disclosure. It still hasn’t been fixed. WildStar Online, I haven’t checked since.

00:21:33.370 --> 00:21:39.010
JACK: But this is just Chapter One of Manfred’s epic journey. All of these

00:21:39.010 --> 00:21:43.450
exploits you’ve heard are just for fun but he found exploits in other games that would

00:21:43.450 --> 00:21:49.780
change his life for decades. He found ways to turn his virtual items into real US dollars.

00:21:49.780 --> 00:21:54.520
No longer was this about fun and games. It became a serious full-time business.

00:21:54.520 --> 00:22:00.670
MANFRED: Let me just say that given the option of getting a day job as a software engineer,

00:22:00.670 --> 00:22:05.980
and you can imagine how much a software engineer makes these days, given the option of doing that

00:22:05.980 --> 00:22:13.210
versus hacking online video games, I chose to hack online video games because the pay

00:22:13.210 --> 00:22:19.270
was good but also because I was running my own business and making my own hours.

00:22:19.270 --> 00:22:22.660
JACK: Join us in Part 2 of this story as we shift

00:22:22.660 --> 00:22:26.110
from putting coins into the game to taking coins out of the game.

00:22:26.110 --> 00:22:34.530
JACK [OUTRO]: [OUTRO MUSIC STARTS] You’ve been listening to Darknet Diaries. There’s

00:22:34.530 --> 00:22:38.010
a bunch of screenshots of Manfred’s adventures at darknetdiaries.com.

00:22:38.010 --> 00:22:41.160
Be sure to check them out as well as links to some of the stories that were

00:22:41.160 --> 00:22:46.200
mentioned. Music is provided by Ian Alex Mac, Kevin MacLeod, and Tabletop Audio.