"Security issues from our perspective extend beyond things like infrastructure, hardening the firewalls and all those fancy security things but I believe they also extend to the RMT and botting situation. I think that is a security problem. I see catching bad guys as catching bad guys. I don't see it as a customer service thing."
CCP Sreegs, Fanfest 2012
The year 2012 started off with one big question for those concerned about botting and illicit RMT: could CCP afford to continue the war it began in 2011? Following the Summer of Rage caused by the Incarna expansion and related events the number of subscriptions had fallen 8% down to 340,000 in December 2012. Many players had dug into CCP's finances in June 2011 and discovered a loan that was due on 28 October that probably contributed heavily to CCP announcing a 20% reduction in its workforce on 19 October. With all of this bad news could CCP really afford to ban any accounts no matter how shady?
CCP Sreegs Unleashed - Players received an answer to this question early in the year when the newly formed Team Security resumed CCP's anti-botting operations on 26 February 2012. Within 48 hours tears from the H-Bot forums leaked onto the official Eve Online forums, prompting a dev blog from CCP Sreegs on 1 March. In the dev blog he addressed the lull in the War On Bots™.
"As you are all aware the company has gone through a lot of changes in the recent months. Because of this there was a period of time where nobody had responsibility for handling the technology responsible for nuking botters. As of now there is a formal team on the EVE project devoted entirely to security, of which I am the product owner which is a fancy word for manager. This means that we've now thrown the switch again and turned on the catching bad guys machine because we own it and we don't like cheaters."In addition to announcing the banning of 1000-2000 accounts CCP Sreegs also announced that accounts receiving any type of ban for botting will have all the characters locked to the account. This was an additional signal that CCP didn't need the money from botters as botters had made a practice of laundering their discovered botting characters on the character bazaar. Before CCP Sreegs published his dev blog, a botter on the Questor mission bot forums wrote:
vicious666 (28 February) - "tbh is more than a year and never got such issue, so seams now ccp have some "will" to stop questor , or is an economycs trick, 3k account banished,so in 2 weeks all 3k gonna change account-transfer/sell chars ? is a 100000$ dollar operation for them (in plex used) and they not lose a single account"I'm not sure of the botter's math but at 20 EUR/USD per character transferred CCP had made a lot of money off of the War on Bots™. If CCP were still in financial difficulties I don't believe this move would have occurred.
Perhaps more importantly for the War on Bots™ CCP now has a formal team dedicated to security consisting of:
- CCP Sreegs - Product Owner
- CCP Stillman - Security analyst specializing in application vulnerability
- CCP Arkanon - Internal Affairs Investigator
- CCP Peligro - Internal Affairs Investigator
While this team is responsible for all internet security CCP Sreegs believes that anti-botting and anti-RMT efforts fall under his team's responsibility. As he stated at Fanfest, "I see catching bad guys as catching bad guys. I don't see it as a customer service thing."
Not A PR Stunt - CCP uses Fanfest not only as an event to reward players who brave Iceland's weather but as a giant marketing event. Many players, including veteran botters, look upon any security measures taken around the event as a public relations stunt and if botters just hunker down and act with care that CCP will eventually turn its attention somewhere else. CCP Sreegs job was to shatter that belief.
In a dev blog published on 4 April CCP Sreegs announced that the automatic banning process would run daily instead of weekly in order to deny botters any safe windows in which to operate. A bigger move that produced tears was that Team Security would seize all ISK gained from botting when the ban takes effect. During Fanfest weekend Team Security also struck illicit RMT operations, permanently banning 105 accounts, seizing between 1-3 trillion ISK in assets and reversing 500 billion ISK in RMT transactions. In the three weeks following that dev blog, Team Security continued its illicit RMT crackdown permanently banning 1268 accounts and seizing 4.2 trillion in assests. The crackdown also affected illicit ISK buyers as CCP reversed 1.5 trillion ISK in transactions from 524 additional accounts.
On the botting front bot improved detection methods appeared and were noticed by bot developers. Slav2, the developer of the Eve Pilot family of bots, had this exchange at the end of April:
Famine: "But i think Slav has mentioned that single users of his program have not been banned since the middle of 2011 or something."Unintended consequences - Team Security is not the only group of developers at CCP who can influence the War On Bots™. The news from May and June was dominated by the effects on Inferno on botters and thus on RMT operations. CCP Arrow's Unified Inventory system probably created more botting tears than any other single event in Eve Online's nine year history with the possible exception of Unholy Rage. Within 24 hours the tears started to flow onto the forums of all Eve bots. Usually after an expansion launches the bot devs can usually get their bots up and running within 1-2 days. On an expansion with a lot of changes possibly 3 or in extreme cases 4 days. But with Inferno I saw complaints up to 2 weeks later and some functionality was never restored, partly because of the continuous software fixes CCP was implementing that would break new things in bots. And during this whole time Team Security's automatic banning process churned away banning botters already frustrated with the patch. The Eve Pilot users were hammered once their bots were fixed, making June a particularly tearful month.
Slav2 (developer of Eve Pilot): "This statement was true before resent bans. Pre festival time has traditionally higher risk of a ban, when CCP collecting statistics to show in graphs. I think CCP made some changes in bot detection after festival. Some new ideas could appear when GMs collected statistics. Now single bots who use VMWare may be banned too."
A Sleepy Summer - The months of July, August and September were fairly quiet as Team Security's software continued churning out bans. This quote from the H-Bot forums summed up the feelings of many botters:
frblyes (H-Bot, 31 August) - "so are the bans still being given out like free candy from a pedafile to little school girls?"One of the most amusing episodes in the War On Bots™ occurred on 12 July as a botter decided to live stream his botting session on Own3d.tv. Not only was the botter used in a game of bot bowling by a group of developers but banned and then fired from his position working for Eve Hold'em.
In early August users of the Eve Pilot bots discovered that Team Security had put into place a system that would not allow players to log into the game from a computer previously detected as used by a banned player. Either the launcher of the client uploads hardware system data that allows CCP to digitally fingerprint a computer. Those attempting to create a new account reportedly just receive a message stating the account is waiting to be verified.
The Next Phase - With botting use suppressed Team Security decided to devote more effort in battling illicit RMT operations in New Eden. On 6 October at Eve Vegas CCP Stillman made the following statement:
"The point of this video is that the social acceptance of botting/RMT is going to come to a stop. We said at Fanfest this year that we were going to eventually look into it and we feel that we are at a point where we've dealt with the low-hanging fruit we can do in terms of detection of botting.CCP Stillman's presentation created a furor amongst those in null sec. In an interview published on 15 October CCP Sreegs clarified his position.
"The next big issue is really the alliance acceptance of this kind of bad behavior. So this was the first that we took a bunch of corporations we banned; we're going to wipe the POSes and everything they have. And what we are going to end up doing coming up is that we're going to make sure that if an alliance is hosting botting/RMT they're not going to continue doing that. We're going to make sure that they feel the pain. But we don't want this going on. We don't want it to be an alliance (unintelligable). It's crazy what's going to happen. And we're not going to do anything drastic or anything, really, like an Unholy Rage against alliances.
"We're going to adopt the same philosophy as we do with our botting/anti-botting work is that we are going to go for a slow burn. We're going to measure every step we take. We're going to see what impact it has. We're not going to kill the whole alliance overnight, like, 'Hey guys, bad luck,' at least not initially. We're going to make sure that everybody understands what's going on.
"If you're doing this it is not going to be a fun time for you. And we're going to see where it takes us because its one of the big elephants in the room right now. We're going to address that and its going to happen over the next couple of months." [emphasis mine]
"I believe there are some items being blogged about and coming out of EVE Vegas which are being severely misunderstood and I’d like to provide some clarification. In essence the alliance action system as discussed is being billed as making alliances responsible for botters and this is far from the mark I wanted us to be at. My first question in that when we discussed it internally was 'What tools would we give people to police actions against bots from an alliance level?' and the answer was clearly that we couldn’t so we weren’t going to go in that direction merely for botting. This is coincidentally one of the questions Stillman was asked in Vegas lest anyone feel our thoughts are out of sync with the players. That is not to say that we will never focus on bot-friendly alliances but that it’s not the scope of where we’re focusing today.
"Our efforts and actions we’re talking about here are purely related to RMT, which can take the form of botting but which takes other forms as well. We’ve seen alliances which have RMT as a part and parcel of their leadership structure. They use various methods to attempt to shield that from us but we’re seeing it anyway. We’re not naming names YET (though we may well do so) but those alliances should feel on notice that they can end their RMT related activities whether that be in the form of using 'Rental' agreements or private forums on their own alliance websites or any other methods they’re currently using to violate the EULA or we will end it for them.
"Forming an alliance and having a bunch of people join it or taking over an established alliance and twisting it into a personal business for the leadership does nothing to change people’s obligations under the EULA and we want to send a very clear message that if they think somehow it does they’re incorrect. Players who see this behavior should both report it to us and inform their alliance leadership that it’s unacceptable, or move on to other alliances because to be honest with you that alliance does not have a future given its current path.
"At this point in time, as Stillman stated later, we’re only referring to a very small number of alliances and the VAST majority of alliances need not be concerned. In this case we’re talking less than 10."The first indication of CCP making a major move against illicit RMT operations in null sec occurred on 31 October with a leak of an Eve mail stating that an Against ALL Authorities CTA was cancelled due to the banning of 20 logistics pilots for illicit RMT. Three weeks later CCP cleared the -A- pilot running all 20 accounts of wrongdoing but the rising price of illicit ISK indicated that Team Security succeeded in banning other operations supplying ISK sellers. One site, InGameDelivery, stopped selling illicit ISK sometime between 4-11 November. Another major gold selling site, the Hong-Kong based Koala Credits, ceased selling ISK on 21 November and resumed sales sometime between 3-6 December.
The rise in the prices Koala Credits offered to customers began to rise dramatically just after CCP apparently began their campaign. Another large gold selling site, the U.S.-based Avatar Bank located in Pompano Beach, Florida, never stopped selling ISK but kept its price to just under what a player could purchase ISK for buy purchasing PLEX from CCP from 18 November to 9 December. Interestingly Avatar Bank and InGameDelivery have some sort of relationship for delivering in-game currency in several games. The fact that InGameDelivery is still out of the ISK selling business could indicate that Avatar Bank is still facing supply issues.
Conclusion - This year opened with the question of whether CCP would decide to continue its war against botters and the illicit RMT trade. Some people argue that CCP want the extra revenue from botting accounts and don't mind the activity in their game. I personally believe that allowing botting and illicit in-game currency sales harm a game; the most recent example is when ArenaNet's Guild Wars 2 was overrun with botters earlier this year. That game eventually needed to hire an outside company to help take care of the problem. Getting a reputation as a game hospitable to botters is bad for business and I am glad that CCP looked at the longer term health of the game rather than go for a quick money grab.
The other major story for 2012 is how much progress Team Security made during the year. Beginning operations in late February, Team Security managed to suppress botting operations enough that efforts to tackle illicit RMT activities in null sec alliances was seen as a more efficient use of resources than increasing efforts against botters. The fact that such anti-RMT operations apparently affected supply for some of the largest gold-selling companies in the weeks leading up to the Retribution expansion calls into question just how big an influence some of the null sec alliances have on the illicit RMT trade. Perhaps that relationship is driving the next phase in Team Security's plans.
