Monday, August 6, 2012

CSM's Security Briefing From The Spring 2012 Summit

Often news concerning CCP's shadow war with botters and those involved in the illicit RMT trade takes weeks if not months to reach the outside world.  The information provided to CSM 7 at the CSM Spring Summit held 31 May - 1 June has taken two months to emerge.  While others can debate the reasons why the CSM minutes took so long to produce and approve, I'm more interested in what the minutes tell us about the progress of the conflict from CCP's perspective.

Before I continue, please remember that the information is two months old and that any figures that were presented to the CSM probably covered the period 26 February 2012 to 30 May 2012.

The goals of CCP Sreegs' strategy remain the same as he stated at Fanfest last year.  For those engaged in the illicit RMT trade and selling botting software he wants to make the business unprofitable.  For Eve players who bot or purchase illicit ISK, the goal is to convince them to stop and switch to legitimate means.  CCP saw success in changing player behavior by preventing players from transferring characters on accounts caught botting and seizing any illicitly obtained ISK.

The methods used to detect bots are, quite rightly, a closely held secret, however CCP Stillman revealed that the detection system uses a combination of behavioral and technical detections.  CCP Sreegs also revealed that information submitted using the "Report Bot" button is fed directly into the automated detection system.  Botters have wondered exactly how the detection system works and many are convinced that CCP has no automated detection system and just depend on other players using the "Report Bot" feature.  Apparently both camps in the debate are at least partially correct.

So how effective is CCP Sreegs' strategy and Team Security's efforts?  On the botting front, the automatic detection system was spotting 1,400 accounts every ten days.  In the weeks leading up to the Summit, that number was down to less than 10 accounts every ten days.  If anyone wants to know why I haven't posted more botting tears lately, that is the reason. 

On the illicit RMT front, the numbers sound impressive.  From the beginning of the anti-RMT push in mid-March to the Summit, 1705 accounts were banned for illicit RMT activities.  Of those, 1,354 accounts were less than a year old, indicating that many of the accounts were recently created.  The 192 accounts 500 days or older banned probably included many players trying to cash out of Eve.

The sheer amount of ISK and assets seized from the illicit RMT operations was breathtaking.   A total of 1.1 trillion ISK is cash and 4 trillion ISK in assets were seized in the space of about 2 months.  At the average sale price in Jita on 31 May, that comes out to be 10,808 PLEX, or over $189,000.  That would definitely help explain the rise in the price of illicit ISK in May.

The numbers concerning ISK buyers were a bit confusing, but I think broke out like this.  Of the 767 accounts caught purchasing ISK, 208 went on to purchase a total of 1621 PLEX legitimately after their illicit ISK was confiscated.  That is over $28,000 worth of PLEX.  Of the accounts, 63 cancelled their subscriptions while 330 accounts still have an ISK amount in the red.  I haven't figured out what a "disabled account" is, but 191 of the accounts caught are disabled.

Of course, given the havoc that the unified inventory change wrecked on bots and some bots were still not fixed by the time the summit began, the question came up about making it impossible to create a bot that would work in the game.  CCP Sreegs replied, "If our goal was eradication of the capacity for someone to automate process, then we will fail, it’s a waste of our time and someone is always going to do it."  While I would like to see CCP make bot developers work harder, history in the MMO industry suggests that CCP Sreegs is correct.  The most famous example of a developer who continued to try to make a game resistant to bots that I know of is Jagex with Runescape.  They kept trying, and failing, to break bots and in October 2011 wound up banning over 7.7 million accounts, 1.5 million of them in a single day.

CCP Sreegs also addressed that authenticators are coming soon, but CCP still needs to work on issues surrounding email verification.  Anti-hacking improvements, mainly concerning the client with process injection is still an issue on CCP's agenda as well, which is another item in the fight against botting.

I should add that some of the CSM members had their own concerns about illicit RMT.  UAxDEATH asked about tracking transactions for currency other than ISK that occur at out of game websites and trying to track down those renting 0.0 systems for real money.  Greene Lee brought up the issue of selling characters for real money.  Two step brought up the point that the New Player Experience should warn people not to buy ISK, at least from anyone but CCP.

For many of the concerns CCP Sreegs had to disappoint the CSM:
"CCP Sreegs says they haven’t really gone after character selling yet, but it is something they’re aware of. If they stumble across a business that also sells characters they’ll ban those characters. He goes on to say that they’re aware of most issues, but he doesn’t have the time to do everything that he wants to. While he’d love to go after people renting systems for real money and selling characters for real money, he just doesn’t have the time currently. Maybe in the future though." (p. 150)
So while Team Security has made a lot of progress this year, they still have a lot to do.  I hope no one told CCP Sreegs this was going to be easy.

1 comment:

  1. If you subscribed to the game using your credit card you have to actively cancel your subscription to prevent CCP from billing your credit card.

    If you started a trial account and activated via PLEX, you don't have a money subscription and have to add a PLEX every month to keep it alive. If you fail to do so, your account lapse. I think these are the "disabled accounts".