Thursday, April 10, 2014

CCP's War On Bots And Illicit RMT: First Impressions

Since CCP Stillman left CCP for an information security think-tank in Reykjavik at the end of 2013, I've wondered about the organization of Team Security.  Who was left?  We found out yesterday with the release of the latest Security dev blog.

CCP Bugartist, Questions Everthing
First, the new Director of Information Security is CCP Bugartist.  Not much is known about him except that he was apparently hired in October.  I am assuming CCP Bugartist is a he based on the portrait, but that is possibly a false lead.  We apparently will find out for sure at Fanfest in a few weeks.

Next, the team is split into two functional groups, InfoSec and Team Security.  I refer to functional teams, as the two teams have a lot of overlap.   The first team, InfoSec, has a more traditional role in Internet security.  CCP Bugartist described InfoSec in the dev blog:

CCP InfoSec is a team of selected and dedicated security focused individuals who help to ensure the availability, integrity and confidentiality of CCP's Virtual Worlds. Information Security has many definitions. Some are purely technical and others are purely virtual. It is their daily work to strategically combine the strengths of both to find practical solutions for the real and the virtual worlds of CCP. 
The members of InfoSec are:

  • CCP Random, His Divine Shadow™, Security Engineer
  • CCP Bugartist, Questions Everything, Director of Information Security
  • CCP Blofeld, People Person, IT Director
InfoSec’s latest projects include network security enhancements for CCP's worldwide data-center and office locations, security minded code-reviews, fresh company-wide security policies, and improvements of CCP's internal information structures for process-oriented security workflows.
CCP Random, His Divine Shadow™
CCP Random is another new face, apparently hired in January of this year as a security engineer.  Based on his position on both InfoSec and Team Security, CCP Random is filling the rather large shoes of Charlie Eriksen (aka CCP Stillman).

The final member of the team is CCP Blofeld.  Despite the label "People Person", I have no information about CCP's IT Director, not even a portrait.  That could indicate he (or she) is not worthy of actually flying on Tranquility with the rest of CCP.  After all, the C C P Alliance is known as a group of l337 PvPers and perhaps the alliance leadership is afraid he will mess up their killboard.

The second team, Team Security, is the group who is the main focus of my posts on the War on Bots and Illicit RMT:
Team Security handles game-related security matters for CCP's products. CCP prohibits behavior such as botting and Real Money Trading ("RMT") to protect the integrity of our Virtual Worlds, and Team Security is tasked with enforcing these policies
The members of Team Security are:
  • CCP Peligro, The enforcer of the law™, Security Specialist
  • CCP Grimmi, Der Equalizer™, Space-Lanes Cleaner-Upper
  • CCP Random, His Divine Shadow™, Security Engineer
  • CCP Bugartist, Questions Everything, Director of Information Security
Team Security’s duties include waging war against real-money transactions (RMT).  Since the last Team Security blog we have been busy chasing down RMT operatives and their corrupt ilk, applying bans and removing the ill-gotten proceeds from the EVE universe.  

CCP Grimmi, Der Equalizer
I assume that CCP Grimmi is GM Grimmi moving from leading up the game masters to a new, dev role some time last month.  Grimmi is now the veteran bot banner on the team, having served on the original Eve Security Task Force back in 2011 before joining Team Security last year.  In addition to having served as a game master since the game launched, Grimmi is one of the people most familiar with the logs at CCP.  If Grimmi is moving over full time to the security side, that could mean some trouble for botters.

CCP Peligro, The Enforcer of the Law

Last, but not least, is CCP Peligro.  Unlike CCP Grimmi, CCP Peligro is based in the Atlanta office, giving Team Security coverage across both the EU and NA time zones.  Peligro is very adept at tracking down botting RMTers and is the CCP employee most likely to send out permanent bans to the botters.  I also see he is now listed as a security specialist.  With Peligro on the job I think I might find more tears to post in the future.

Apparently CCP Bugartist is a traditionalist because he concluded the dev blog with a nice graph.

Graph from CCP dev blog

The amount of ISK seized so far in April, 4.21 trillion ISK, is impressive.  Using the price of PLEX in Jita on 30 March as a reference, that's over $105,000 USD worth of ISK.  I also think that Team Security managed to seize the stock of a couple of ISK selling websites before they were able to sell a large portion of it to players.

Prices in U.S. Dollars
On Sunday I noticed that two ISK sellers, Online-Gold and MMOGA, raised their prices to over twice the U.S. dollar value of a billion ISK sold in Jita.  This is often done by ISK sellers who get large portions of their stock seized by CCP.  In this case, I believe close to all, if not all of the stock of these two websites was seized.

I found the amount raised a bit excessive, as most companies will raise prices to discourage people from buying, not drive them away forever.  But then I realized that both websites cater to Europeans who are charged a VAT by CCP in addition to the PLEX.  Converting the prices to euros, the gap between the CCP price and the ISK sellers price became more noticeable.  But either way, those two ISK sellers are out of the ISK selling business for at least another week.

Prices in Euros
If CCP Bugartist wanted to make a good first impression, he certainly succeeded with his inaugural dev blog.  Explaining the changes to the team's structure, explaining why RMT is bad, and a nice graph showing hundreds of thousands of USD in ISK seized from RMTers is a really nice way to get acquainted with the community.  Also finding out why a couple of European ISK sellers got knocked flat on their backs was a nice bonus I don't think he knew he was giving us.  I think I'm really going to enjoy the Security presentation in a few weeks.


  1. The dev blog states that the big spike in November was due to CCP using new tools or techniques. I can understand the dropoff in December as sellers laid low. I can even understand the Jan mini-spike as a lot of new players who started at Xmas possibly bought, and got caught. But then we see this big big climb in the past 2 months. What changed that so much ISK was suddenly available?

    When was the big fight in null sec that so many ships destroyed? Right about the time we see that huge drop in RMT seized. Could it be a lot of null sec players were replacing ship losses, or rather, alliances? Then we see this huge spike over two months in RMT, which coincides nicely with the period of relative peace in null sec, at least for pl and cfc.

    Yes, it could be that CCP is suddenly better the last 2 months in nailing RMT, and they have found a new trick like in November. Or it could be that there is a huge influx of ISK available.

    The more I look at this, the more I find this RMT thing analogous with the united states failed "War on Drugs". Yes, they nailed almost a record amount last month. But how much is getting through?

    One thing that drives me the most nuts is are they catching buyers or sellers? And how can there be "privacy concerns" over fictional characters. Surely CCP could out fictional alliance names as ones they have caught.

    CCP is interested in RMT for 2 reasons:
    1. Credit card theft and ultimately chargebacks and penalties that CCP must incur from these frauds.
    2. RMT competes with their own plex sales.

    But what if some enterprising group did like we see in the movie Clear and Present Danger? You know, some group with very close ties to CCP, with a number of their members working at CCP in key positions? One that could say to CCP "look, RMT is going to happen. You can't stop it. But, if you leave our group alone, we will run a RMT service that guarantees no credit card fraud, plus we have so many spies in the other organizations with Eve that we can point you to a whole lot of people that are also doing it, who actually cause you those credit card headaches. And oh, we can also send you a little something every month as a thank you, to help offset your plex sales losses.

    Based on your calculations, and throwing out last month's 4.21 trillion, we see 1.84 trillion the month before, which is worth, what $40-45,000? And how much does CCP catch? 30%, 20%, 10%? You can bet that the RMT they did not catch in the 2nd last month on that graph has to be worth at least $100,000.

    To suggest that the largest null sec cartels are not hugely invested in this would be silly, and CCP is very likely protecting them.

    1. The more I think about it, the more I think Dinsdale is Mittens trolling us all. Makes about as much sense as this does.

    2. This is one of the more coherent explanations Dinsdale has given for his paranoia. Sure, it could be true. Is it? He hasn't convinced me yet. I'd need to see the numbers, but #2 in his list is far more likely than #1. I just don't believe CC fraud and chargebacks are as big a deal as CCP makes it out to be. The part about, "leave our group alone and we will steal from your revenue stream nicely" made me laugh.

      They say all good rumors turn out to be true. Unfortunately this was never even a good rumor.

    3. dude... unwrap the tinfoil.... its cutting off the blood flow to whatever is left of your brain.... your confirmation bias is worse than Gelvon... and that is saying something

  2. I always enjoy these. My favorite part of just about any Eve blog.

    1. Yes I love to read these stories too. So if Dinsdale's hypothesis is correct, I'd say Mittens is running everything and resistance is futile - we will lose everything -- insert "X Files" theme here:-)

  3. For the paranoid-inclined out there in the player base, the new tools include monitoring your computer for certain tell-tale activities and scanning for certain processes. Is CCP looking to capture your credit card numbers or porn viewing habits? Don't be silly. Absolutely not. But the tools *are* looking for indications that you are using bots, as well as certain hardware devices, which "help" you play the game 24/7. They are also looking for signs that you have been doing business with certain known ISK sellers.

    I don't do anything that I'm not supposed to be doing on my computer, so I don't care. And, our company's tools (we're an anti-virus software company) guarantee that the tools embedded in EVE are all benign. But, I can sense a great disturbance in the Force, as the guilty are running about to clear their browser cache... lol.

    1. That contradicts what CCP has always said: they don't look at anything on the client outside of the EVE process. Looking through people's emails and contacts would also be quite illegal in many places. Methinks you're full of shit, old sport.

    2. @Anon1:10 -

      First, CCP has never said "they don't look at anything on the client outside of the EVE process". Of course they do, which is why players have been banned for things they were doing outside of the EVE client process. What CCP *has* said is that they don't collect personal information on your computer, outside of the EVE client process.

      Second, "Looking through people's emails and contacts would also be quite illegal in many places..." is an incorrect statement. Digital privacy laws are intended to protect personal information and do not provide you protection to hide any unlawful activity. As long as process & content scanners are not designed to collect personal information, they can be legally used to detect suspicious activity (which is how both virus detectors and spam filters work, incidentally).

  4. Very interesting numbers. On a "bad" month, CCP will seize over 5 trillion isk. If my memory serves, Jita plex sales are about 2000 a day, or 1.4 trillions... if the cash going towards that would be directed towards plex, the plex supply would increase, making the game more affordable and helping CCP's financial situation.

    So this really matters.

    @Dinsdale: if you really want to worry, don't worry about isk being sold for cash. Worry about *sov* being sold for cash... all those rental agreements, are people paying in isk or money?

    1. I don't have the link, but when PL started taking sov and creating its rental empire, Shadoo and the PL leadership was quite amused by the offers to pay for sov via PayPal.

  5. another interesting perspective:

    He's right, this *IS* an important isk sink...

    1. Here's a video from Fanfest 2012 to put some of the numbers into perspective.