Friday, March 2, 2018

CCP's War On Bots and Illicit RMT: Fast And Furious Dev Blogging

"The damage the bots do is not to the game’s economy, it is their visibility and the perception that CCP isn’t doing anything about them that causes hurt. The developers know there will always be some bots to combat - 'No game has ever completely gotten rid of this problem,' CCP Guard says. 'We think of it more like a war of attrition.' Even so, CCP need to convey that they /are/ fighting them and that players who report bots are helping to clear the game of RMTs."

One of the major challenges to covering CCP's War On Bots and Illicit RMT is detecting ban waves. CCP didn't make a big deal out of them. In January, I had the surreal experience of watching a major anti-RMT/botting operation unfolding while at the same time the EVE Online sub-reddit, official forums, and even the gaming media exploded about CCP's inaction against botting. Apparently, CCP has changed its strategy, offering up the security team for interview with outlets like Kotaku and PCGamersN. CCP Guard, CCP Peligro, and CCP Grimmi even showed up on the Talking in Stations podcast to talk about their efforts.

Going along with the new publicity drive, yesterday Team Security published its second security dev blog in three weeks. Based on past history, I thought I had time to blog about the first dev blog at my leisure, but now I have to play catch-up. In some ways, writing about both at once is a benefit as the second provides some nice updates to the first. Case in point: the new ban policy for bots.

In the first dev post, a change to the ban policy was announced:
As of March 1st, 2018, botting bans will be handled as follows:

Macro use/modified client

1st offense – 3-day temporary ban.

2nd offense – Permanent ban

The change is for the 1st offense which currently is a 30-day temporary ban. This is done to streamline the process and to make it all more user friendly. Players caught botting will get a painless chance to mend their wicked ways, and if they don't then they simply get removed from the game pronto and we can all move on.
The cynic in me looked at the change and figured the "painless chance" also referred to CCP allowing people to continue playing after three days while any appeals against the ban filtered through the system. I thought the reduction in penalty for a first-time offense flew in the face of the outrage until I read the second dev blog:
"In addition to bans issued this month, we’ll also be increasing the level of account restriction that those who’ve been reprimanded for botting in the past will face going forward.

"Currently, accounts that have served temporary bans in the past are locked out from character transfers. While they can receive characters, they are not permitted to send characters to another account to prevent evasion of further reprimand.

"With the March release we’ll be extending restrictions so that these accounts will also be unable to extract skillpoints. This further reduces the ability of those who’ve previously breached our rules to be able to avoid further reprimand."
The March release should hit Tranquility on 20 March. From the Talking in Stations podcast, the change to the skill extraction policy wasn't set in stone, so reading about the update was very encouraging.

One of the controversial items coming out of the recent CSM summit was the disclosure that Team Security considered account hacking a bigger threat to EVE than botting. The first dev blog addresses the issue:
"With Alpha access and Skill Trading we have seen a very dramatic increase in account hijacking and theft by RMT operatives. The value of accounts has increased as the thieves now steal all the skill points, along with all the hard-earned ISK and assets. At this point, most of the ISK and other stuff sold on the shady RMT sites out there comes straight from other players' hijacked accounts.

"Compromised emails is THE way thieves get into your accounts to steal your stuff. If somebody has access to the email that you have registered on your EVE Online account, then they will pretty much be able do whatever they like with YOUR account. They can change your password, change the email to lock you out entirely and log into the account and sell YOUR stuff at massive discount. What you're left with is a ruined account, useless characters with no skills and, of course, a hijacked email which you have probably used to sign up for lots of other stuff too.

"Making sure your email is secure is obviously of utmost importance."
On Talking in Stations, CCP Peligro revealed that over 30,000 accounts had been hacked, with approximately 1000 users logging into a hacked account and contacting customer support to have the account restored.

He also pointed out that with recent changes to CCP's login processes that now don't allow the bypassing of two-factor authentication using emails, he was now encouraging people to use some sort of 2FA to secure their accounts. As of last Sunday, only about 1% of accounts were protected.

While the dev blogs lacked graphs and charts, Team Security did provide some statistics. In January, CCP banned 1800 accounts for botting or other prohibited automation. Mining bots were the largest group of bots banned, followed closely by ratting bots. One-third of the accounts were permanently banned, with the other 2/3 of the bans of the 30-day variety.

For February, the security team broke down the bans slightly differently. Of the 1882 bans issued:

  • 896 bans related to account hijacking.
  • 511 bans related to macro use and botting.
  • 253 bans relating to ISK selling.

The account hijacking bans really stand out. If I understand the process correctly, when an account is hacked, CCP bans the account to prevent hackers from using the account for nefarious means such as botting or as a disposable character to distribute ISK and items to buyers. Also, the ban notification lets a returning player know something happened and to contact CCP for further action.

The increased communication is good, as reading the forums and Reddit I see a lot of people who have no idea what Team Security does and the measures they put in place to combat botting and illicit RMT over the years. The latest dev blog also produced an amusing reaction from one botter:

Maybe a little publicity could lead to some people not even trying botting software in the first place.

No comments:

Post a Comment