Back in August, Elie Bursztein, the man in charge of Google's anti-abuse research team, detailed how he developed a tool to exploit Blizzard's popular collectible trading card game, Hearthstone. Bursztein gave a lengthy presentation on how he accomplished the hack during the Defcon 22 hacking conference in Las Vegas, but broke from convention by refusing to release his work online.
Bursztein claims that the tool he had created to 'hack' Hearthstone made it much easier for players to beat their opponents. He claims that his tool "uses data analysis to find undervalued cards and exploits game structure using machine learning to predict your opponent's deck."
While he won't share the actual code of his hack, he did releases his entire Defcon 22 presentation on YouTube (which you can watch right now to your left).
So why won't Bursztein release the hacking tool? Because after Defcon he had a lengthy conversation with the Hearthstone team at Blizzard, who implored him to keep the hack under wraps.
"Following Defcon we had a series of conversations with the Hearthstone team about our research," Bursztein explained. "They like our research on game/cards balance and are very enthusiastic and supportive about it. On the other hand, they were very concerned that our real time dashboard that can predict your opponent's deck will break the game balance by giving that person (that is, whoever has the tool) an unfair advantage."
"They also expressed concern that such a tool makes the game less fun by taking away some of the decision-making from the player," he continued. "It was a difficult decision – I invested a lot of our time building our real-time dashboard tool with [my wife] Celine – but we agree with the Hearthstone team and will not release the tool publicly."
It will be interesting to see if any hackers out there who have read Bursztein's blog and watch his Defcon 22 are capable of figuring out how he accomplished his hack. For now it's his dirty little secret. You can read more about the hack here.