Monday, September 23, 2013

The Stillman Video Companion

Last Thursday CCP Stillman posted the slides from his presentation to the 2013 Nordic Security Conference, "Threats in a Virtual World," on Twitter. 

I haven't absorbed all the slides yet, although I think regular readers will follow along without too many difficulties.  But the presentation did have three slides that referenced YouTube videos that I wasn't too sure about.  So yesterday I spent a couple of hours watching the videos.  Since I haven't really put together a post that comprises all of this information in one place, I figure some people might find the information interesting.

The first video, "Hacking MMORPGs for Fun and Mostly Profit," features Mike Donnely, the creator of the WoW Glider bot, the most successful bot ever sold.  The video introduces the botters view of the world.  Just a warning for all the Inner Space fans.  Mike Donnely tells an Inner Space story from 40:12 - 44:00.

The second video, "Securing MMOs: A Security Professional's View From The Inside,"  is given by someone who worked at Bioware for 7 months.  Not exactly the most professional presentation but informative nonetheless.

The final video is of Greg Hoglund, the founder of HBGary and author of a bunch of security books.  The video below is from when he was promoting his book, Exploiting Online Games: Cheating Massively Distributed Systems, back in 2007I'm not sure but I think I know why CCP Stillman chose this video.  I set up the link to start at a very interesting place.

Hopefully between CCP Stillman's presentation slides and these YouTube videos people will get a better understanding of some of the issues surrounding botting and grey market RMT.

UPDATE:  CCP Stillman provided this input via Twitter...


  1. @Nosy, this is a comment from Goblin's post to which you responded. Would you comment on this statement by another player (not you or Goblin)?

    Bear in mind, if he's running a large ISBoxer fleet, he might not even be in the same system. You can easily set up 3 groups of miners in 3 different systems, all mining from just a single controlled client (which is why personally, I'm not a fan of ISBoxer being allowed).

    I thought I read on your form that ISBoxer modifies the client and breaks the EULA. Thank you.

    1. Technically, ISBoxer does perform client modification. But like cache scraping, CCP is not going to ban anyone for using ISBoxer at this time. However, ISBoxer users should keep an eye on the EULA and ToS changes that CCP Seagull and CCP's legal council spoke of at Fanfest that are coming by the end of the year.

  2. thanks for posting the vids, watched em all and enjoyed seeing the views from both sides. the security side as well as the hacker side (why) and i now understand why they build the bot programs... not that i agree with it but i do understand. who wouldn't like a few extra $ to play with each month.
    also, any chance you could ask CCP more about what they are doing in relation to tracking down bots, as this post has peaked my interest about that
    thanks noizy