Credit to Author: Emanuel Maiberg| Date: Tue, 17 Oct 2017 14:00:00 +0000
Phil was having a normal evening when his son called him over to the computer. He was playing Roblox, a popular computer game similar to Minecraft. Phil’s son said something didn’t look right, that something was wrong with his game.
At first, Phil (he asked that we change his name to protect his family’s anonymity due to fear of harassment) assumed the game had bugged out and his son needed him to fix it. “I thought I had to do some troubleshooting,” he told me over the phone. What he saw shocked him. “It looked very different, it was very dark. One of the characters in the game had [the word] Hitler written all over him. I looked around and saw nude pictures all over the place.”
Roblox is a big deal—roughly 30 million people play it monthly. At its heart, the game is a playground—a loose collection of servers in which players use Playmobil style avatars to navigate through user-generated content. There are simple Counter-Strike knock offs, pizza place job simulators, and natural disaster survival servers. Roblox even allows creators to make cash off their content—some make as much as $50,000 a month selling Roblox assets for a virtual currency they can trade for cash from Roblox Corporation.
Roblox is billed as a family-friendly game that kids can enjoy. It’s got a number of parental controls, including chat and voice communication restrictions for users under 13.
Even so, the game is full of Nazi imagery.
What happened to Phil’s son’s Roblox game is uncommon but not unheard of. YouTube is filled with videos of griefers—people who play the game only to ruin other’s experience—and script kiddies trolling Roblox roleplay servers, using cheats to disrupt streamers, and breaking the rules of popular gametypes.
The “hackers” use premade exploits that use the Lua programming language to inject C code into Roblox. It allows them to run simple scripts that do things such as spraying hundreds of Hillary Clinton faces off of their avatar, playing obnoxious and repetitive music, or changing the server’s assets into anime porn and swastikas.
Videos and screenshots Phil took of the hack showed a Roblox world gone wrong. I logged onto the server his son was in and saw the Nazi carnage for myself, as well as a link directing me to a Discord channel where users could buy the hack for themselves.
Phil pushed his son’s Roblox avatar around in horror and looked at the giant Reich-style eagles, Hitlers, and pornography. Phil had turned the parental controls on—stuff like this wasn’t supposed to happen. He called several other parents and asked them to double check and make sure he wasn’t crazy. He wasn’t, they we.
“It was Nazi stuff all over the place,” Phil said. “I saw that and reported it. Then [my son] went back on and it was fine. I forgot about it. The next morning he was playing again and then, all of a sudden, it’s dark and scary and Nazified.” Roblox customer support sent him an automated response, acknowledging the complaint and promising to take a look.
“We are aware of this hack and are deleting the accounts of those who are using it on the platform,” Brian Jaquet, the senior director of public relations for Roblox Corporation told me via email. “There is no tolerance for these violations of our terms of service. Unfortunately, the software is being distributed via a third-party service and we have requested that the offending Discord server be shut down immediately.”
Discord took down the channel that advertised the exploited server in late September, but I was able to take a look before it went away. The channel was just a simple storefront selling an exploit for Roblox called “Asshurt” for a “donation” of $10 delivered via PayPal or Bitcoin. The exploit gave users the tools to disrupt Roblox servers. In this way, it played upon one of the game’s great strengths—its open-source nature.
Users can crack open the game, mess around with its code, and create different game types, avatars, and assets. But that open source philosophy makes Roblox prone to hacks and exploits such as Asshurt. Griefers can hop onto a server and, with a few mouse clicks, fill the sky over a Roblox world with Swastikas or even play the sounds of screams pulled from the opening scene of Saving Pvt. Ryan.
“Open-ended programs like Roblox are more susceptible, but the creativity usually shines through much more than the vulgarity,” David Jagneaux, journalist and author of The Ultimate Roblox Book, which includes a chapter aimed at helping parents keep their kids safe in the game, told me via email. “I’d just recommend that parents take a very hands-on approach and interest into what their kids do online. There are hundreds of great games for kids to play online, with or without friends, and it’s the responsibility of both the kids and the parents to seek out the appropriate content.”
Phil has been doing just that. Over the past few weeks he’s been keeping an eye on his kid’s Roblox games. Every time he sees something, he reports it to Roblox. Eventually, the company finally gave him a personal reply.
“While we cannot disclose actions taken against players, please be assured that those found to be violating our rules and guidelines will be dealt with appropriately,” a Roblox Corporation representative told Phil in an email. “However, we take seriously all reports of users who are exploiting, hacking or otherwise violating our Terms of Service…all accounts caught violating ROBLOX rules will be moderated. Additionally, reporting does indeed work! We do have moderators online around the clock reviewing reports and helping to keep ROBLOX fun and safe for all players.”
Discord told me it took down the channel selling the exploit. “Discord does not read or moderate people’s private servers,” Tali Fischer, public relations director for Discord told me in an email. “When we are made aware of any violation of our ToS by a server or individual through a report to our [customer experience reps] or social media or through reporting, we will immediately investigate and take appropriate actions which can include taking down the server and banning the individual user.”
The Discord server that used to sell Asshurt is gone, but the hack is still in the wild and weeks later Phil is still seeing the Nazi imagery pop up in his son’s games. It’s unlikely to go away entirely anytime soon.
“As the platform continues to grow…there are going to be more issues that keep popping up and it’ll continue becoming harder and harder to keep things locked down,” Jagneaux told me. “I’d say they’re doing about as good as could be expected thus far.”
Exploits and hacks such as these aren’t unique to Roblox. Minecraft also has its share of players how just want to watch the world burn. The Nazi angle isn’t surprising either. Internet trolls love playing pretend Nazi for the shock value. Roblox even has some Nazi roleplay servers.
As Roblox Corporation bans people and plugs the holes in its code, the users create new accounts and develop new tools. There’s already a new Lua C code injector called Flame V2. It looks a lot like Asshurt.
Phil still checks his kid’s game regularly. He said the Nazi imagery his kid runs into seems to have decreased, but other hacks and exploits are messing with his game. Recently, the sky darkened and a MIDI version of Smash Mouth’s All-Star played through the speakers.