My wife alerted me to the March 2007 Chicago Tribune article “Cheating a real problem in Club Penguin’s virtual world” as we discussed ideas for tomorrow’s “family Sunday school lesson” we’re co-teaching about the Biblical story of Jacob and Essau. I thought I was pretty up to speed on Club Penguin, but apparently I’m behind the times. According to the article:

Across the Internet, blogs, message boards and even video clips on YouTube.com offer preteens tips and tricks on how to steal coins at ClubPenguin.com or cheat their way to a higher salary at Whyville.net. A simple Google search pops up hundreds of places to find such insights. Over the last three months, cheating has become such a concern at Club Penguin that on Tuesday the Canadian company approved new guidelines banning the practice, said Lane Merrifield, co-founder and chief executive.

I think this article may be yet another example of the mainstream press focusing on the bad and ignoring the good when it comes to digital social networking. Has the Chicago Tribune run articles on the engaging fun and safe digital social networking available on sites like Club Penguin? If so, I haven’t read them yet. The issues they raise ARE real, however, and worth exploring in greater depth.

I performed a domain specific search for clubpenguin.com on Google this evening for the word ‘cheating’ and didn’t turn up any results. Similar searches for the words “hack” and “hacking” also turned up zilch. I couldn’t find cheating specifically addressed in any of the HELP or PARENTS OF PENGUINS pages of the site either. If ClubPenguin still has a formal policy about cheating and hacking, apparently it is not listed on the main site available to the public without a login.

Screencasts about ClubPenguin are definitely plentiful on YouTube. Keyword searches on YouTube for “club penguin cheats” and “club penguin hack” turn up 639 and 798 different videos each, respectively. This video, viewed over 4000 times with 35 comments, shows how to use “Cheat Engine 5.3″ (for Windows computers only, it appears) to hack Club Penguin and illegally (in violation of the AUP I assume) obtain more coins for your Penguin when playing games. The screencast (apparently edited with Windows Moviemaker, judging by the titling) suggests “Cheat Engine 5.3″ instead of “Winsock Packet Editor (WPE) Pro,” which is mentioned in the Chicago Tribute article, because evidently the vigilant Club Penguin programmers have figured out how to defeat WPE. According to the WPE website the program:

…is a packet sniffing/editing tool which is generally used to hack multiplayer games. WPE Pro allows modification of data at TCP level. Using WPE Pro one can select a running process from the memory and modify the data sent by it before it reaches the destination. It can record packets from specific processes, then analyze the information. You can setup filters to modify the packets or even send them when you want in different intervals. WPE Pro could also be a useful tool for testing thick client applications or web applications which use applets to establish socket connections on non http ports.

Apparently the program can also be helpful for dishonest gamers who want to hack online games. Good grief. How sad the creative people at Club Penguin are having to deal with unethical behavior like this. :-( Whenever you hear or read the term packet sniffer, it’s probably a good idea to pay attention and ask more questions. While there are licit and legitimate uses for these tools to test and monitor software, hardware and networks, often packet sniffers are used for malicious and unethical purposes. At the university where I worked previously, the IT department used an intrusion detection system which could immediately detect when an unauthorized packet sniffer was being used on the network, and then shut down the port the person was using to access the network. That sort of functionality is not even being discussed by most school district technology departments I work with now, but it should be. Not all solutions offering intrusion detection are expensive, SNORT is open-source and VERY capable.

I suppose we should acknowledge the creative skills and saavy knowledge-base which is being applied in these screencast videos about hacking Club Penguin. Like email spam and blog spam, however, I personally wish there was more encouragement for people with these formidable technology skills to apply them in constructive versus destructive ways. (Become white hats versus black hats.) A cursory read of some tutorials available for hacking online games (like this one posted on a forum of Cheat Engine about Club Penguin) reveals a GREAT deal of troubleshooting and programming is going on among users in this demographic. Many if not most are likely script kiddies, but among the users clearly there are some smart people doing some real hacking that takes know-how and skills.

Another example of a Club Penguin hacking screencast is the YouTube video “Club Penguin coin hack,” which has been viewed over 53,000 times. It shows a screencast of a penguin whose user utilizes the aforementioned WPE packet sniffer and manipulator program to earn thousands of coins in my own son’s favorite game in Club Penguin, “Cart Surfer.” Of course the penguin does this after changing his wardrobe into black, “secret agent” style apparel. Cute and funny, but unethical hacking none-the-less. I’m going to use this to introduce our lesson on Jacob and Essau tomorrow morning. :-) (Thank you Unplug.)

What are the lessons and takeaways from this story? Well, if your own children or students have installed and use the WPE program on your (or their) Windows-based computer, you might strike up a conversation about how and why they are using it. More reasons for ongoing digital dialog.

We can’t just ban young people from using the Internet, we have an obligation to regularly engage in conversations with them about what they are doing online and why they are doing those things. Are they putting themselves at risk by talking about sex with strangers online? Are they using unethical (and possibly illegal, depending on the network they are using) means to cheat in online games? Or are they simply spending an inordinate amount of time in front of a digital screen, when they should be playing outside more, riding their bicycle, finding frogs in the neighborhood, or building a treehouse? All important questions to ask and answer.

Technorati Tags: , , , ,


Please support my STEM classroom Donor's Choose project: "Applying STEM Skills with Robotic Sphero Balls. Use the promo code INSPIRE at checkout to double your donation (up to $100) thanks to a match from DonorsChoose.org.

Did you know Wes has published 3 eBooks, and 1 of them is available free? Check them out!

Do you use a smartphone or tablet? Subscribe to Wes' free magazine "iReading" on Flipboard!


If you're trying to listen to a podcast episode and it's not working, check this status page. (Wes is migrating his podcasts to Amazon S3 for hosting.) Remember to follow Wesley Fryer on Twitter (@wfryer), Facebook and Google+. Also "like" Wesley's Facebook pages for "Speed of Creativity Learning" and his eBook, "Playing with Media." Don't miss Wesley's latest technology integration project, "Mapping Media to the Common Core / Curriculum."

On this day..

Share →
  • http://www.districtadministration.com/pulse Gary Stager

    Wes,

    You provided a vital public service when you fact-checked the article about the rampant crime perpetrated on the streets (ice?) of Club Penguin.

    However, elevating the manipulation of the environment, by users, into some sort of mortal sin of biblical proportion seems a bit much. Given the veracity of the other claims and the technical difficulty involved, I would not be too sure that more than a handful of children are engaged in hacking Club Penguin.

    Let’s say that kids ARE packet sniffing to win more bananas for their penguins… Is this really stealing or an example of Modding? What if this is just the manifestiatin of a very human desire to control their environment?

    When I was a kid, I could change the code in timeshare games to help me win with a key press or greet me with “Hello, Gary! How are you today?” when a kid who knew nothing about computing was looking over my shoulder. This is how most programmers learn to program.

    Isn’t creating and publishing video-based tutorials an example of sharing, the opposite of stealing?

    Given the fact that schools seem to have taken a sacred oath to deny students any real knowledge of or agency over computers, “hacking” Club Penguin seems quite reasonable and expected.

    -=Gary

  • http://not.telling.youll.bann.me CP Hacker 1571214

    HAHA EHEHEH!! I HACK CP ALL TEH TIME!! I HAVE ABOUT 321,124 COINS!! AND EVERYTHING IN MY IGLOO!! I ITEM HACK AND BE ROCKHOPPER!

  • Patrick M

    Nice… you completely missed the point. First off no-one hacked club-penguin cheating in games is called hacking because the first game cheats used modified or “hacked” game clients. Packet Sniffing has many, many, legitimate uses and cheating in games by packet sniffing is in no ways illegal, although it may violate the MMO’s TOS. And, club penguin does absolutely nothing to prevent this, it has no security and all it’s packets are sent in plain text where they can be read by anyone. I actually think this is a good thing. It means that children are getting exposed to STEM and computer science at an early age. Someone should create an MMO like this, but specifically designed to be reverse engineered. This is teaching kids. It’s not turning them into rabid monsters. Get a life dude, if you don’t like it then don’t let your kids do it, stop telling other people what their kids should or should not do.

  • http://wfryer.wpengine.com Wesley Fryer

    Did you read my entire post before commenting? In this post (from 2007) I acknowledged that packet sniffers DO have many legitimate uses. I also acknowledged the digital literacy skills which people (of any age) are exhibiting and developing when using packet sniffers in situations like that referenced in the Chicago Tribune article.

    In terms of your assertion “Club Penguin does nothing to prevent this,” I’m pretty sure they monitor their server activity logs to address this. There may be some performance reasons why they don’t run all their traffic through https connections, it would be interesting to ask them. I will see if they’ll reply via Twitter to this.

    I certainly did not assert or argue in this post that Club Penguin is “turning kids into rabid monsters.” I think it’s a great game platform and environment. Five years ago when I wrote this post, I was surprised to learn about people hacking Club Penguin. Then as now, I’d love to help people who have technical skills learn constructive ways to use them. This is one of the things I try to do regularly, as a digital learning consultant. It’s a big reason I’m an advocate for kids learning Scratch Software at a young age. I think more people should learn to program and develop software for computers, rather than just use/consume media and software others create.

    Sharing advice and my opinions is a right I take seriously and enjoy exercising both here, on my blog, as well as on other social media channels. I think you may have misunderstood my position in 2007. I wasn’t discouraging people from using Club Penguin, or saying all packet sniffers should be banned. I was trying to draw people’s attention to how some people were hacking Club Penguin, and lamenting that those obviously saavy users were using their skills in an unethical way. If you think it’s good for people to hack sites like Club Penguin with packet sniffers, you’re certainly entitled to that opinion.

  • Patrick M

    I don’t believe that hacking is good. Nor do I agree with your blanket statements though. What I take issue with is the fact that people assume that cheating in games is hacking, when actuality it is merely manipulating the packets being sent to the server. Truly hacking the game would be if someone used an exploit to break into the club-penguin servers, that would be hacking, and that’s illegal. What people were doing with club-penguin was harmless little exploits found in the packets like the “moonwalk” exploit which allowed people to send a packet that played the walking animation while they were standing still. What someone does to their own computer is their own business. I don’t see how cheating in a game where no-one is competing for anything and you can’t even trade money or items violates any laws or rules except maybe the club-penguin TOS.

    I don’t see a bunch of kids cheating a system or breaking the rules what I see is a bunch of kids trying to see what cool things they can make there in-game character do, like moonwalk.
    But never-mind, I evidently took your article out of context, My Apologies.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.

Made with Love in Oklahoma City