October 11th, 2010

ESPN Security Issue Provides Fantasy Lesson

Monday, October 11th, 2010

A Sunday post in the Fifth Down blog on The New York Times’ website took a somewhat fun look at the interaction between fantasy players and a couple of prominent NFL receivers, but the third aspect could induce chills for anyone running fantasy games or contests.

The final item included by author Toni Monkovic deals with a “notorious prankster” who hacked into ESPN’s fantasy system to “have a little fun with the bugs I discovered.” Fortunately for all involved, the fantasy hackster was playing in a league with friends and had no interest in actually affecting outcome. He merely decided to use his expertise to play a trick on a leaguemate by adding Rex Grossman to the person’s roster. (In an even funnier move, he also impersonated Grossman via e-mail and sent a plea to the leaguemate for a fantasy start that week.)

ESPN ostensibly got wise to the issue and filled in the gaps but not before Deadspin caught wind of it.

The situation also brought to light another tech blogger who said he had been researching the issues with ESPN’s fantasy interface, sharing extensive details of what he had discovered. To an untrained tech eye, this seems to have been the issue: In trying to offer more customization to league managers, ESPN.com inadvertently left open loopholes that allowed for manipulation of league play.

The revelation made its way to ESPN message boards and obviously forced action by the site when administrators became aware of the issues.

The fortunate part in all of this flak for ESPN was that no one involved seemed to have any ill intentions. However, if tech-savvy folks such as these were willing to spend the time to root out such issues merely for the sake of pointing them out, one would have to imagine there are geeks out there with an eye toward manipulating a contest for monetary gain. Success in such an effort must be about the worst fear for anyone running an online contest.

At the least, the whole thing serves as a tip to game/contest providers to check up on similar aspects of their own products and services to make sure similar entry points don’t exist.

The Web has enabled the explosion of fantasy sports throughout the nation and world, but we can never forget the inherent dangers.