Monday, April 11, 2011

CCP Sreegs' Role In EVE Security

After last Friday's post in which I wrote about a report on the virtual economy sponsored by the World Bank, I promised myself I would not bring serious real world matters into my posts this week.  But then the new Eve Online forums were taken down this weekend due to a major security hole concerning forum signatures

The reaction
from players, needless to say, ranged from "OMG, you suck!" to "can we keep the old forums for a couple of more years?"  Of course, the head of CCP's internet security, CCP Sreegs, came in for his share of criticism as this was a hole in security.  CCP Sreegs posted this response in the thread.
"My job is response, not reviewing every single line of code that gets written."
This is where the real world steps in.  The real world in the form of WikiLeaks, Anonymous and HBGary.  Back in January, the CEO of HBGary Federal Aaron Barr thought he had uncovered the identities of Anonymous and the media picked up on the story.  Anonymous got even, and among its actions obtained and made public over 40,000 emails.  Among the e-mails released was an exchange back in July between CCP Sreegs (aka Sean Conover) and HBGary president Penny Leavy (hat tip: Ecliptic Rift)  In the email CCP Sreegs explains what he will do for CCP.

"I’ve been hired essentially because CCP has recognized that  as the company grows they need to be more concerned about security in general. My background is primarily in incident response and forensics. I do know at this time that my forensic and malware experience was a big get for them in the interview process so I know that targeted malware is something they’re concerned about (as I believe pretty much any organization should be today) and part of my mandate is to ensure that I have the right tools to 'do my stuff' when the time comes."
I don't know what this means in relation to proactively preventing security lapses.  But between this letter and the security presentation at Fanfest last month I get the impression his main job is to fight hackers and botters (redundant, I know) after the fact.  I'm not exactly sure who is supposed to do the preventive security steps.

Well, I shouldn't say that CCP Sreegs has done no preventive measures.  At Fanfest this year he talked about some of the measures he's helped implement since he came onto the job.  For those interested I've embedded the presentation above.  I will really be interested to read the dev blog on his investigations that should come out this week.

Oh, and I should add that Penny Leavy's husband is HBGary founder Greg Hoglund, who apparently is a long time Eve player.  That's right, the guy who wrote Exploiting Online Games: Cheating Massively Distributed Systems is playing Eve.

No comments:

Post a Comment