Bungie Wins Default Judgment Against Danish Cheat Purveyor In Ruling That Encourages More CFAA Abuse
from the well,-'win'-might-be-overstating-things dept
A lawsuit [PDF] against a cheat creator has swung almost completely in Bungie’s direction, mainly thanks to the Danish defendant being unwilling to travel across the pond to defend himself in court. The claims are numerous, ranging from copyright infringement to trademark infringement to CFAA violations to the ever-popular (but rarely successful) RICO.
While Bungie seems willing to fight against bogus DMCA claims that affect its fans, it’s also apparently willing to wield the same law to punish people who sell cheats to other users. This doesn’t always work, but it works well enough that Bungie continues to aggressively protect its products from hacks offered by developers to people unwilling (or unable) to compete on a level playing field.
This case centers on the “Wallhax” cheats for Destiny 2 apparently developed by Canadian company Elite Boss Tech and Denmark resident Daniel Larsen, along with a handful of others Bungie managed to unmask after obtaining a settlement from two defendants last October.
The default judgment awarded here comes with a $16 million price tag. But that number really means nothing. If Bungie was unable to persuade Daniel Larsen to engage in its extraterritorial lawsuit, it’s unlikely it will be able to convince him to hand over millions of dollars in response to this judgment.
Citing the settlements Bungie has already been able to obtain from cooperating defendants, the court pushes forward with the default judgment. The court agrees with pretty much every claim raised by Bungie, including the civil version of RICO most plaintiffs fail to apply as carefully as Bungie does here.
Specifically, Bungie has alleged and provided evidence that Larsen and the enterprise engaged in criminal copyright infringement and money laundering in violation of 18 U.S.C. §§ 1956 and 1957. As to criminal copyright infringement, Bungie must demonstrate that Larsen willfully infringed on a valid copyright for purposes of commercial advantage or private financial gain. See 17 U.S.C. § 506(a). Here, the allegations and evidence suffice to show that Larsen willfully accessed and utilized Bungie’s Destiny 2 software in order to develop the Wallhax cheat, which directly infringed on Bungie’s two valid copyrights for Larsen’s personal gain. The allegations and evidence are also sufficient to satisfy the predicate act of money laundering. A defendant engages in money laundering under 18 U.S.C. § 1956(a)(1)(A)(i) when they (1) conduct (or attempt to conduct) (2) a financial transaction, (3) knowing that the property involved in the financial transaction represents the proceeds of some unlawful activity, (4) with the intent to promote the carrying on of specified unlawful activity, and (5) the property was in fact be derived from a specified unlawful activity. 18 U.S.C. § 1956(a)(1). Bungie has shown that Larsen and the Wallhax enterprise obtained financial proceeds from the sale of the Wallhax cheat, which was the product of criminal copyright infringement.
I haven’t read all the predicate acts for money laundering, but the criminal act suggests actual “laundering” of proceeds to disguise their illegal origin. But it appears I have that all wrong: simply depositing proceeds from crimes into any financial institution is apparently “laundering,” even if no steps are taken to obfuscate the illegal origins of the funds. Weird.
It’s a default judgment so there are no counterarguments to consider. But the judge decides Bungie’s CFAA arguments have enough merit to be carried along with the rest of the allegedly illegal flotsam:
Bungie has provided sufficient allegations and evidence that Larsen violated the CFAA when he intentionally accessed the Destiny 2 servers to obtain the Destiny 2 software to create the Wallhax cheat without authorization. By doing so, Larsen violated that terms of the LSLA and manipulated key elements of the Destiny 2 software through the Wallhax cheat…
That’s not very descriptive and nothing in this decision explains what exactly constituted this CFAA violation. For that, we have to go back to Bungie’s amended complaint, which provides some helpful context:
Defendants, acting in concert with users who deploy their cheat software, obtain data from within the Destiny 2 client software’s memory space that the users are not authorized to access – specifically the positional information used in Defendants’ “ESP” display.
In addition, Defendants are fully aware that users who deploy their cheat software do so in violation of the LSLA, and that access to the Destiny 2 client software memory space by such users is entirely unauthorized.
In accessing the Destiny 2 client software’s memory space without authorization, Defendants’ software obtains information from the Destiny 2 system to enable the presentation of the “ESP” display on the users’ computers.
In addition, by accessing the Destiny 2 client software’s memory space without authorization, Defendants’ software takes control of the aiming function of the Destiny 2 client software, enabling the player to fire with perfect accuracy every time.
As a result of this conduct, Defendants’ software endows cheating users with significant advantages not available to players who play the game honestly.
This is all very unfortunate but companies like Bungie have plenty of options to deal with cheaters and cheat purveyors. Violating a user agreement should be grounds for banning or account suspension. But they really shouldn’t be considered violations of the CFAA, even in civil cases. While it’s always fun to pile on charges (we learned it from you, prosecutors! [intense sobbing]), it does very little for the internet at large to treat end user license agreement violations as malicious acts. While the acts alleged here appear to be deliberate circumvention, treating any unexpected (or exploratory) use of software as an illegal act (as the court does here) makes it that much tougher to discover and report security flaws or engage in research that utilizes methods service providers may not expect.
It’s not that Bungie is wrong to deter cheaters and those selling cheats to cheaters. It’s that it had a lot of options to deploy that didn’t bring the oft-abused CFAA into the mix. Bungie was always going to win, especially when the defendant no-showed the entire case. Portraying exploitation of areas left unprotected by Bungie as a criminal act in and of itself does no one any favors.