Wednesday, June 20, 2012

CCP's War On Bots: Zeroing In On Eve Pilot

Last week CCP Stillman told me over Twitter that I might notice a new trend in what botters were crying over insofar as Team Security's actions were concerned.  I thought that he meant all the negative balances I kept reading about.  But just in case I missed something, I started reading the various botting forums again looking for anything unusual.  And I found it.

A theory that I have heard on the Eve Online forums and even in the comments on the blog is that Team Security is ignoring the little guy running single bots and concentrating on the botters running large scale operations designed to fuel illicit RMT rings.  Apparently that belief was prevalent amongst users of the Eve Pilot family of bots.  The following exchange I just found from the end of April is why I wrote "was prevalant".

28 April 2012
Famine:  "But i think Slav has mentioned that single users of his program have not been banned since the middle of 2011 or something."

Slav2 (developer of Eve Pilot):  "This statement was true before resent bans. Pre festival time has traditionally higher risk of a ban, when CCP collecting statistics to show in graphs. I think CCP made some changes in bot detection after festival. Some new ideas could appear when GMs collected statistics. Now single bots who use VMWare may be banned too."
I've heard mention of using VMWare to disguise a botter's IP address and to run multiple bots.  I've also caught other mentions where users of VMWare are getting caught, although I've intentionally shied away from spelling out avoidance methods in great detail.  If using VMWare is a practice that is likely to get a botter noticed, then I'm anxious to watch the tears flow.  The botters know that Team Security uses IP addresses to ban players so they use VMWare to disguise them.  But if VMWare is a red flag, what's a botter to do, go straight?  That's crazy talk!
What appears is occurring is that Team Security's technical detection methods were first extremely reliable detecting botting fleets or people stupid enough to bot longer than 12 hours a day, so that is what was banned.  As time moved on and the detection methods improved, VMWare users of Eve Pilot are now detectable even if botting by themselves.  No grand strategy of going after the illicit RMT trade first involved.  CCP was just picking off the low hanging fruit and they now have brought out a ladder and are reaching a little higher.
 

Now if only we can get a new Security dev blog with an update.  CCP Sreegs showed the CSM some fascinating stuff and I'd really like to hear the unclassified version.

7 comments:

  1. I'm still amazed at the naivety of the botters.
    They install a program on their pcs that is several GB total (hint: it's EVE) and wonder why they get caught when doing something with that PC while playing that game?

    No, I didn't read if there's something in the EULA mentioned about that in lawyer speak.

    I'll bet a billion ISK on it that they don't use IPs and shit to detect anything.
    Instead they use Memory-Dumps, Process Lists etc. do get them.

    I would do it that way anyways.

    ReplyDelete
  2. urm... dear Mr "Anonymous June 20, 2012 10:02 AM",
    You may want to be careful about making such claims. You are basically insinuating that CCP is interfering with a computer system collecting and sending harvested data to CCPs servers without (and possibly against) the consent or knowledge of the systems owner. If I am not mistaken, there are strict laws against that, some of which with drastic consequences (think: state sponsored holiday on a US military base on cuba). As such, your insinuation would constitute libel and might land you in hot water.

    ReplyDelete
    Replies
    1. Hit a nerve? Then it must be true. AND FURTHERMORE.. I'd now bet that CCP's snooping is FAR worse than what anyone would sujuest based soley on THIS comment.

      Anytime you have to bring out the lawyers.. You're doing something unethical.

      So what is it? Eve client really got a vnc built in without the users knowing? Your admins getting their jollys kicking back watching peoples webcams?

      Like that would be ANYTHING next to some of the REAL horrors that American corporations have done to the public..

      Delete
  3. Perhaps all these botters should ban together and launch an attack against CCP's login servers.

    CCP is already engaging in digital warfare with everyone of their users. They have written features into their game client to spy and monitor users files and setting. Writting that they have the ability to do something in a TOS does not make an illegal activity legal.

    They steal the contents of your ram, containing all kinds of personal information that is not in anyway connected to Eve online.

    I think an engagement in digital terrorism warrants one in return.. IMHO.

    ReplyDelete
    Replies
    1. A lesson in biting the hand that feeds them?

      Delete
  4. I got banned for not having a computer :( was mining for like 13 hours straight trying to save up for a hulk.

    My crime? Having a thinclient for a computer. Seems ccp is so hysterical over vmware that they have begun targeting innocent people as botters and thus committing merchant credit card fraud by banning people from a service they have paid for.. Let the class actions begin.

    ReplyDelete