Skip to main content

Hearthstone hacked by Google's anti-hacking chief, but he won't release it

Elie Bursztein is kind of a behind-the-scenes guy at Google, where he heads up anti-abuse research and figures out new ways to "protect our users against cyber-criminal activities and internet threats." He recently redesigned Google's Captcha system and implemented improved cryptography in the Chrome browser; he also figured out a way to "hack" Hearthstone by using machine learning to predict opponents' decks with what is apparently a game-breaking degree of accuracy.

Bursztein first revealed the results of his efforts during an address at Defcon 22 in August, and has now placed a video of that talk on his blog, along with a PDF of slides he used during the presentation. "In our talk, Celine and I show how to use data analysis to find undervalued cards and how to exploit game structure using machine learning to predict your opponent's deck," he explained .

He originally intended to release the predictive software to the public, but changed his mind after talking to Blizzard following the Defcon presentation. He said the company is "very enthusiastic and supportive" of his research, but are concerned that the advantage it offers to players using it could "break the game balance." The software also provides replay functionality to help players improve their game, but the Hearthstone team told him that feature is already planned for a future release, making his "sub-par" implementation unnecessary.

"It was a difficult decision — I invested a lot of our time building our real-time dashboard tool with Celine — but we agree with the Hearthstone team and will not release the tool publicly," he wrote.

Even though he's not releasing the Hearthstone prediction tool, Bursztein did post links to more detailed breakdowns of his research, including an explanation of how he came up with his predictive algorithm in the first place. It's almost certain that someone else will figure it out, in other words, and those follow-on discoverers may not be quite so ethical about what they do with it. That represents a potentially big problem for Blizzard: Conventional bugs and exploits, like the one that turned up on Reddit last week, can be fixed with relative ease, as Blizzard apparently did shortly after it came to light. But a system that simply figures out the plumbing and how to take advantage of it is a much more difficult, and potentially damaging, challenge to overcome.

Andy covers the day-to-day happenings in the big, wide world of PC gaming—the stuff we call "news." In his off hours, he wishes he had time to play the 80-hour RPGs and immersive sims he used to love so much.