Hearthstone hacked by Google's anti-hacking chief, but he won't release it

Elie Bursztein is kind of a behind-the-scenes guy at Google, where he heads up anti-abuse research and figures out new ways to "protect our users against cyber-criminal activities and internet threats." He recently redesigned Google's Captcha system and implemented improved cryptography in the Chrome browser; he also figured out a way to "hack" Hearthstone by using machine learning to predict opponents' decks with what is apparently a game-breaking degree of accuracy.

Bursztein first revealed the results of his efforts during an address at Defcon 22 in August, and has now placed a video of that talk on his blog, along with a PDF of slides he used during the presentation. "In our talk, Celine and I show how to use data analysis to find undervalued cards and how to exploit game structure using machine learning to predict your opponent's deck," he explained .

He originally intended to release the predictive software to the public, but changed his mind after talking to Blizzard following the Defcon presentation. He said the company is "very enthusiastic and supportive" of his research, but are concerned that the advantage it offers to players using it could "break the game balance." The software also provides replay functionality to help players improve their game, but the Hearthstone team told him that feature is already planned for a future release, making his "sub-par" implementation unnecessary.

"It was a difficult decision — I invested a lot of our time building our real-time dashboard tool with Celine — but we agree with the Hearthstone team and will not release the tool publicly," he wrote.

Even though he's not releasing the Hearthstone prediction tool, Bursztein did post links to more detailed breakdowns of his research, including an explanation of how he came up with his predictive algorithm in the first place. It's almost certain that someone else will figure it out, in other words, and those follow-on discoverers may not be quite so ethical about what they do with it. That represents a potentially big problem for Blizzard: Conventional bugs and exploits, like the one that turned up on Reddit last week, can be fixed with relative ease, as Blizzard apparently did shortly after it came to light. But a system that simply figures out the plumbing and how to take advantage of it is a much more difficult, and potentially damaging, challenge to overcome.

Andy Chalk

Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.