Friday, January 25, 2013

Analyzing The Honey Botter Expose - CCP

The Eve News 24 article, "The Honey Botter Coalition – An exposé on Botting within Eve Online’s biggest Coalition,(1)" has a lot of players upset because they believe they were unfairly painted with the bot brush.  Others are perhaps upset for having activities made public they wish had remained hidden in the shadows.  But today's post will look at the other target of the EN24 article, CCP.

Eve Online, like every other MMORPG with a halfway decent number of players, has issues with botters and/or 3rd party in-game currency sellers.  CCP has created a visible task force known as Team Security that combats RMT and botting operations as well as other security issues such as phishing attempts against subscribers.  Over the past two years teams led by CCP Sreegs have resulted in bots running 23/7 down to a recommended 6-8 hours per day.  Team Security had a very active 2012 so the article's conclusion was a bit surprising.  Here are two quotes from the end of the article.
"However, with checkable logs and related information sent to them (our readers will kindly understand that certain names and chat-log details could not be published here, but were sent to CCP Sreegs when the source agreed)… perhaps it would be in the best interest of CCP Games to set an example?..."

"We live in a New Eden where getting a ban for botting is more akin of a pat in the hand than anything else. Whether this is CCP GAMES’ fault for either a lack of capacity or interest to crack down the biggest botters in Eve Online and while cynicism is the last refuge of the bitter-vets, many are of the opinion that there are protected characters – like Montolio – and groups in the EvE community. Mostly those which bear the large paying customer base for CCP Games."
I can understand the frustration seeing some of the biggest botters evading or just shrugging off bans.  In my months of reading the botting forums I've read the procedures posted that allow for serious botters/RMT to return to the game time after time despite any bans issued.  But to insinuate that CCP is protecting favored players is an extremely serious charge.  Needless to say, CCP Sreegs responded on the Eve Online forums.

The first post was a pretty standard affair stating that he would look into the charges, that CCP took the matter seriously but doesn't just accept anything that is submitted at face value.  He also promised a dev blog with new information on Team Security's efforts.  The security chief's second post stirred up the pot among some at EN24.
"Oh I also want to mention in case anyone is paying attention that if you really care about this issue this is the polar opposite of how to get a result.

"We'll use the security world as an example because that's what I'm most familiar with. If I discover a vulnerability on a website it is completely irresponsible for me to go and publish that vulnerability in the public without first notifying the responsible parties and giving them time to act.

"In this case you're basically telling these people someone's watching them and you think they'll continue doing bad things if they think we're going to look into this?

"This is completely irresponsible and in the future if you honestly care about an issue you will report it to me and give us time to look into it before telling the world about it. I'm not saying not to write about it at all, but saying we've been notified and publishing all the potatoes without giving us an opportunity to look into it is more than a bit disingenuous."
The second post led to a response from riverini on the Eve Online forums two hours later.  Besides showing some animosity towards CCP Sreegs, the post actually provides the timeline for EN24's communications with CCP Sreegs:
I first broke the "core ****" to Sreegs early in December.

The tip was more or less like this:
- Check out Blood and Sands
- Gummi Worm ****
- TEST / PL might be involved.

Yet I promised him the full exposure after we were done with the article, we had sent the full logs past Wednesday.

Regarding CCP Sreegs telling us to that we should have waited for him to act might be too much for us. We gave him a heads up, we sent the logs on Dec 26th.

Keep in mind CCP Sreegs, while grateful of any help we could give him regarding EULA violations, he has always been clear that he nor CCP Games will not disclose any actions taken toward those infractors. So we could have waited 1 day, 1 week or 1 month and it wouldn't had made any difference for us given than there is no feedback from CCP if we should keep tabs on things or not.

I do disagree with CCP Sreegs saying that us "blowing the beans" would be a step back given that people would simply stop botting activity. If for him it is strictly necessary to caught the offenders "in blazing offence", then he should close shop and rethink his approach against botters.
This background is important when dealing with the situation.  The first point is establishing the timeline.
  • early December - riverini sends CCP Sreegs a bare bones tip with no actionable information.
  • Wednesday, 26 December - riverini sends CCP Sreegs the full set of logs.
  • Sunday, 30 December - the article is published.
A look at the calendar shows that Iceland had public holidays from 24-26 December and 31 December - 1 January.  So the logs were sent on a day when CCP is closed and on a Sunday when CCP is expected to run a skelton staff for the following two days.  I know from following Twitter that CCP Stillman had taken time off on the two work days between the time the logs were delivered to when the story was published.

So why is catching botters in the act important?  Riverini believes that all Team Security needs to do is look at server logs and start banning people for botting.  But as was explained in the article all of the botters involved were using Questor, which is a bot that uses python injection.  Python injection is a type of modifying the game client and makes those users eligible for a permanent ban if caught.  But because everything occurs on the client CCP needs to catch the botter in the act.  One of riverini's complaints is that botters get off too lightly for breaking the EULA/ToS.  But if the botter is caught using python injection then the ban is permanent for a first offense instead of 14 days.  Isn't that what many want?

I thought that the complaint about not receiving notice of the results of an investigation was valid.  How could a news organization know when releasing a story would not interfere with an investigation if they never know the results?  The answer is simple: ask.  I contacted CCP about this issue and asked how long is reasonable to wait before publishing.  CCP Sreegs replied with the following:
"There would never be a set amount of time. It would however be something we’d discuss with you. If you had information we’d say hey guy give me x time to check this out. The right thing then would be to follow up with us to ensure we’re done and we have no problem saying 'Yep, you’re clear to publish'. We’re not trying to keep people from sharing information, even if in some cases it’s basically all made up. What we’re trying to do is ensure that in cases where people do have legitimate concerns and want to have problems solved rather than collect attention and foster conspiracies we have an opportunity to perform an investigation without the subjects being aware that they’re being subjected to a higher degree of scrutiny. Articles published naming names and methods with no communication with us really aren’t going to solve as much, given that no matter how much someone may fancy themselves Woodward or Bernstein they simply don’t have access to the data required to prove their accusations or run down any further leads which will likely go dead the second they mash submit on their blog software."
That addresses the conflict that appeared on the forums.  But what about the article?  I did find a couple of unusual items.  The first was the new policy that Team Security announced in October.  Here is what appeared in the article:
"It will be of great interest to see how – if these allegations end up in bans – would scalate throughout the powerbloc ladder. You might recall how back in October CCP Sreegs mentioned how alliance leaders would be accountable for harbouring botting corps / renters.(2)"
The only problem is that the link points to an article which covered CCP Stillman's presentation at Eve Vegas.  Because of some misunderstandings of what the policy actually is, CCP Sreegs answered some questions I had and EN24 published the post.(3)  Here is the passage that contradicts what the article purports as CCP Sreegs' policy.
“Our efforts and actions we’re talking about here are purely related to RMT, which can take the form of botting but which takes other forms as well. We’ve seen alliances which have RMT as a part and parcel of their leadership structure. They use various methods to attempt to shield that from us but we’re seeing it anyway. We’re not naming names YET (though we may well do so) but those alliances should feel on notice that they can end their RMT related activities whether that be in the form of using ‘Rental’ agreements or private forums on their own alliance websites or any other methods they’re currently using to violate the EULA or we will end it for them."
To clarify, not all botting is related to RMT.  Going through the allegations published in the EN24 article, only one was related to RMT.  The article presented a lot of information about both Montolio and Blood and Sand but none of those allegations involved RMT.  I did ask CCP Sreegs about the level of investigation performed after he receives a tip and they do not limit themselves to the charges within the tip.  For example, since Horus is involved I would expect Team Security to conduct some forensic accounting on the financial tranactions between The Jagged Alliance and TEST.  I would expect the results of that examination would raise some eyebrows even if everyone in TEST was as innocent as a newborn babe.  Having someone like Horus around will do that to a game.

I should add one other amusing fact about the EN24 article.  At the same time the article speculated that the leadership in major alliances was receiving special treatment for botting riverini added an article to the piece linking to the banning of leetcheese, at the time a director in TEST.  Reading the link would show that leetcheese not only received the standard 14-day ban for botting but an unheard of at the time punishment of the loss of all assets and a negative wallet of 6.9 billion ISK.  Remember, this was back in 2011.  More recently we know that CCP has begun to hit null sec operations, although the one we know about turned out to be a false positive.  I really would like to see the promised dev blog to see what the damages to the RMT operations totaled.

I don't want anyone reading this post to believe that I think the botting and RMT situation in Eve Online is made up of rainbows and unicorns because it isn't.  I do think that the game is in a lot better shape than when I started playing in 2009.  I also don't believe that CCP Sreegs can just snap his fingers to solve the problem either.  Eve Online is not the only game I play and I see problems with bots and RMT everywhere.  But I think to call out CCP and suggest that they think that players who engage in large-scale botting and RMT are not harming the game indicates someone needs a new tin-foil hat.

In conclusion I'll end this post with a quote I obtained for another post I'm working on.  I asked CCP Sreegs why 3rd party RMT is evil and I thought his reply fitting for this post...
"If nothing else RMT is evil because people (who tend to be shady and occasionally are criminals) are selling something which doesn’t belong to them against the very legal agreements they entered into. The bottom line is that everything in the EVE Universe is our property. Unless given grant to do so it is not yours to sell. Then once you consider the fact that these folks are very often involved in various forms of credit card fraud and account hijacking in addition to the fact that they don’t follow the same play patterns and enjoy the game but rather suck up resources which could be better devoted to things our players are actually paying for it becomes fairly obvious that these are undesirables.

"We frankly and clearly don’t want them near our servers. They’re not welcome. We will take everything they have and we won’t apologize for that because we don’t see this as any different from someone walking into our house, taking our personal property and setting up a yard sale on our lawn selling said property." 


EN24 has had issues lately.  Below are some cached links if the main ones do not work.

(1) -  Honey Botter Main Story
(2) -  Eve Vegas Coverage
(3) -  CCP Sreegs Interview 


  1. Honestly, the only reason why I'd ever consider playing Eve is your blog. I don't know how much feedback you get, but I love this articles, and frequently return to the blog to read them.


  2. Quoting from within your article: "We’ve seen alliances which have RMT as a part and parcel of their leadership structure. They use various methods to attempt to shield that from us but we’re seeing it anyway." says CCP Sreegs. May I ask why, if CCP already has the evidence, no action has been taken, other than a general warning to stop doing it? At the very least, CCP should be naming and shaming the alliances involved.

  3. Let's be honest here. I believe what Sreegs says is totally accurate and I also believe he is being truthful on his and CCPs stance on these matters.


    This IS a political, financial, marketing issue as much as anything and those issues require a deft hand when navigating them. Care must be taken in how this is approached. I would not be surprised if for example a Montolio is contacted by CCP, shown evidence of malfeasance and then he is given a chance to deal with it within the confines of the game simply to allow him to save face and not force CCP to drop the hammer on a TEST for example.

    The Coalitions in EVE have massive playerbases and CCP is mindful of the damage they could do to EVE if CCP acts unilaterally and crushes some Players/Corps/Alliances with justification or not. You cannot strangle the golden goose because she lays a few bad eggs every now and then.

    What you can do is crush the outliers, and the unaffiliated abusers, doing it publicly, while also waging a campaign of quiet warnings to those within the game in a position to fix it from the inside.

    At least that's what I hope is happening.

    As for EN24, its obvious they jumped the gun and its even more obvious they did it with the intention of rubbing CCPs nose in it at the same time. It was a self serving, poorly researched hit piece plain and simple.

  4. Great artical - thanks for taking the time to write it.

  5. Sreegs has the unfortunate habit of responding as one would expect a Goon to answer (lets be honest, there's no such thing as a "former" Goon). He becomes combative and engages on entirely the wrong level, clearly poking people with a stick.

    If it is necessary to "catch them in the act," then Riverini is correct, Sreegs needs to pack up and go home. Because the only way he's going to catch people is for someone to report them and then "investigate" in real time. If they're hiding out in nosec somewhere that most people will never see them, who will be doing the reporting? Also, how many of you want to make a bet that botters are smart enough to deploy "chaff" by making all kinds of reports that need to be looked into in real time?

    Let's face it, botters are getting to play the best EVE out there. The actual game is non-grinding for them, they're rich and can do pretty much whatever they want in EVE. PLUS they get a live dungeon master to direct their very own, human-directed "war" of bots. Who wouldn't want to match wits with a computer security nerd for fun?

  6. Sreegs' phrase "very legal agreements" in the last quoted section is a loaded one. Their EULA is an agreement, sure, and such things are legal in the sense that they are permitted under, say, US law. That doesn't make these things legally binding agreements; law enforcement doesn't come and get you for violations.

    No, "very legal agreements" is a typical corporate-speak overreach. Microsoft and Google *wish* they could throw you in jail for ToS violations, but thankfully we're not there yet.

    I understand why would ban RMT fraud anywhere they find it in the game, and I have no interest in such misbehavior--but calling everything in EVE their "property" implies that the police can come and get someone for selling it. If the FBI, for instance, can be interested in "thefts" such as this, CCP should press charges and see offenders prosecuted. That's deterrence. A two-week ban is insignificant (why not permaban?), but taking all assets and applying a negative ISK load makes perfect sense.

    And yet the buying and selling of the characters (plus game assets) occurs all the time, openly, on CCP's own forums. I can't help but have a sad when the rulers of the only MMO I've ever wanted to play fall back on corporate-speak weenie words.

  7. They are legally binding, just ask the guy who wrote and sold Glider. In fact, at Eve Vegas in 2011 the organizers brought in a lawyer to talk about the EULA and ToS. Of course, just because EULAs are legal doesn't mean that a court will uphold all aspects of the EULA as binding. Courts have been known to rule some pieces as violating law and invalid.

    You seem to be confusing criminal law with civil law. You don't go to jail for breaking a EULA unless the country you are in has imposed criminal penalties to the breaking of a EULA. For instance, you can go to jail for botting and RMT if you are in South Korea. So while the FBI wouldn't really care except if massive credit card fraud were involved, the South Korean authorites may take a different view.

    1. The difference between civil and criminal law is my entire point. Sreeg's claiming ownership of "property," as though selling it without their permission is some sort of theft. It's not. It's a ToS violation, and CCP's only legal recourse is to sue.

      And they'd lose.

    2. Just like the Glider case Blizzard lost?

      Oh, that's right, Blizzard won a $6 million judgement against MDY Industries for selling botting software for World of Warcraft. In that case the court held, in part, that the copies of the World of Warcraft client are licensed from Blizzard and that users do not own them. Looked at that way, one could see why Sreegs said CCP owns everything in Eve. Unlike Second Life where people actually own virtual property, players only rent their internet space pixels, they don't own them. And if you listen to CCP, they always state they sell a service, which is access to the content on their servers. But you are right in that CCP still retains control over the pixels as they remain on the servers. I guess "fraud" against another player might be a better term than "theft" from CCP.

      Also, the U.S. 9th Circuit Court of Appeals ruled that the makers of the Glider bot violated the Digital Millennium Copyright Act. The DMCA is a nasty little piece of legislation passed in order to comply with treaties passed by the United Nations' World Intellectual Property Organization. Here was a fact I didn't know. People can be prosecuted criminally under the act. Here are the penalties.

      "If the circumvention violations are determined to be willful and for commercial or private financial gain, first time offenders may be fined up to $500,000, imprisoned for five years, or both. For repeat offenders, the maximum penalty increases to a fine of $1,000,000, imprisonment for up to ten years, or both. Criminal penalties are not applicable to nonprofit libraries, archives, and educational institutions."

      So I guess we were both wrong in saying that you can't be jailed in the U.S. for botting. I highly doubt that will happen, but the law is on the books.

  8. CCP is undercutting any claims of property when they encourage the sale of characters and assets. If they want to put the DMCA to work in their quest, they'll need to reassert control of all the things, not just some things when it's convenient.

    But they're not interested in doing so, which is why they're treating RMT as Tos violations.

    1. I know everyone, I shouldn't feed the troll. But since this anonymous commenter continues to make the legal and moral case for the RMT sites to operate within all games, not just Eve Online, I'll bring out the food. Besides, he's brought up some points that will make a post I'm going to write better.

      I don't see how CCP is undercutting any claims to property. All the assets in the game are their property (yes, your arguments have convinced me that the in-game assets are CCP's property) and as long as the users abide by the rules that CCP has established in the EULA and ToS then character transfers from one account to another are allowed. This means paying CCP $20/€20/£17/599 RUB in real world currency or 2 PLEX to do this. If you perform the character transfer outside the game by selling accounts, then CCP can close down the account and delete/destroy all assets. Why can they do that? Because the EULA is a legal agreement, which is something that you dispute.

      If you are talking about the sale of assets, the EULA/ToS only allows the use of in-game currency and assets. Your argument is that because CCP has a market that allows the transfer of assets between players that it is okay for people to sell these assets for real world currency. I would strongly disagree with that logic.

      As for why CCP is treating this as a EULA/ToS violation, the simple answer is money. It is a lot easier and cheaper for a company to just close out accounts than it is to hire lawyers and go after every single bot developer and ISK seller. The Glider case was different because of the sheer popularity of the bot (at least 100,000 copies sold) and what it was doing to the game. In going after Glider Blizzard could theoretically recover their legal expenses. Do you think CCP could do the same by going after a bot dev who only makes $1000-$2000 a month?

      Also, I'm not sure how much use the DMCA would be to CCP. It was available to Blizzard because the company is based in the United States. CCP is an Icelandic company with the servers physically located in London so I'm not sure they could bring suit in a U.S. court if the party they are pursuing is located outside the U.S.