[Updated with Blizzard response] Hacking World of Warcraft is like a national pastime among game-oriented hackers. So it’s no surprise that hackers have figured out a new way to circumvent the rules of the online role-playing fantasy game.
At the Defcon security conference in Las Vegas on Friday, a pair of hackers showed they could create automated robot characters who could walk around the game world doing the bidding of their masters. Such characters are usually considered unfair violations of the terms of service for the game, and accounts are deleted whenever they are discovered. It’s unclear whether the hackers built their automated characters in a way that is legally protected.
James Luedke and Christopher Mooney, working in their spare time, said they coded the “enhancement API,” or an applications programming interface that lets people change the user interface of World of Warcraft. You can use the API to change the look and feel of the client. By itself, that isn’t a violation of service rules, as game publisher Blizzard Entertainment makes it easy to do this.
But Blizzard has frowned upon the creation of automated characters who can cast spells and level up quickly. Normally, players have to “grind” their way to more powerful characters. That means they have to tediously wander around the world, fulfill various kinds of missions, and thereby earn their rewards. In past patches, Blizzard has disabled the ability to do tasks in an automated way in the name of making sure the game is balanced for all.
[Update: In a statement today, Blizzard said, "Any 'bot' or in-game helper designed to play World of Warcraft automatically with little or no player input is strictly forbidden. We take violations of this policy very seriously and have consistently worked to identify the use of bots in game and suspend or close the associated accounts. We remain vigilant in defending our games against cheaters and unauthorized third-party hack programs, and to that end, we will continue to take any measure necessary to protect our games and our intellectual property rights."]
Luedke and Mooney said they tried to avoid a direct violation of terms of service. It remains to be seen how Blizzard will react to it. While Blizzard prevailed in a Digital Millennium Copyright Act complaint against WoW bot Glilder, Luedke and Mooney said they restricted their code to certain programming techniques that use Blizzard’s own WoW API. They are also careful to call the automated characters “helpers” rather than “robots,” though they let the “robot” word slip a number of times in their talk. They are able to do a variety of things automatically, like getting a character to cast spells, select targets, and move around. The behavior looks just like a regular player fighting with a group of characters, but it’s all automated.
The hackers say they also programmed their helpers to give automated responses under questioning by Gamemasters, who are Blizzard staffers that police the online world.
The hacker’s tool is available at this site and more information is available here.
Don't let cyber attacks kill your game! Join GamesBeat's Dean Takahashi for a free webinar on April 18 that will explore the DDoS risks facing the game industry. Sign up here.