Security Update - Q2 2018

What an interesting story, the link you provided. I never knew there was much of a bot problem on EVE.

Obviously therefore, I’m quite ignorant of the entire problem. However, after reading that thread on reddit, and watching the embedded video, might I suggest the following:

It seems that the entire operation relies on the bots being able to warp to a POS when troubled in whatever way. So again, this suggestion may be ignorant of the larger problem, but perhaps if CCP simply removed POSes from the game entirely this might solve the problem?

POSes are an archaic structure anyway, what purpose do they serve anymore (except shielding bot armies apparently) since the bonuses attached to them (reprocessing/industry, etc) have been removed from the game?

So perhaps simply removing them from the game all together would solve this issue? Or am I completely missing some critical point (which is entirely possible since I have no idea how this entire system is even done).

You’re correct. Removing POS would making it harder for such bots to easily “get safe”.
They’d have to warp to safe spot or outpost instead.

CCP are removing POS. Citadels are intended to replace them but they’re doing it gradually to allow players plenty of time to migrate assets because POS were central to old sovereignty mechanics as well as being used for moon mining for over a decade.

A bot would still be able to warp to a Citadel to tether instead but it takes more effort in time and ISK to place a Citadel in a system than a PoS so this does raise the bar. However, when you consider how much money these bots can make and also how widespread the problem is, even this is unlikely to have much impact.

EDIT: Proposal - RMT counter

Ah yes, I forgot about the tethering. Ok, well that’s that I guess (for my tiny idea).

Thank you,

How can anyone say “good job”? You have absolutely no frame of reference. How about we go back a year (month-by-month) and see what impact the mass CCP layoff had. Even better, let’s indicate how many bot reports players have submitted, how many hacked accounts and how many direct bans as a result of player actions have occurred each month.

Specifically, I’d like to know what impact players submitting bot reports has actually had. I’m guessing it’s insignificant because CCP doesn’t have the staff or resources to look at individual accounts to see what’s going on.

How is team security handling removing isk created through botting or assets.Since you ban in several month apart waves alot of the isk is already laundered and becomes a nightmare to track down.

Also I stated this before not that anyone capable of doing anything about it will read it,you need to secure alpha clones from being exploited by these people now that you gave alphas serious isk making potential.

Some ideas to curb botting;

• Make ice belts Cosmic Signatures and move them around randomly from system to system. (like the old grav sites) . There are still plenty of mining bots across New Eden.

• Major nerf to the Gila

• Remove the ability for alpha clones to use faction ships

• Remove local from null sec, making it harder to detect neutrals. I don’t hear much complaining about botting in wormholes.

• Something needs to be done with anoms, especially in null sec, but I don’t know what at this time.

• Give incentives to players who report bots and ONLY if those players/botters that are reported are perma-banned. Make it worth a players time to find and report bots, helping the game and CCP in the process. This is where CCP can step up and provide more details and numbers about the fight against bots, about how many are reported, where they are most likely to be found, how many were permanently banned, etc…

This thread is about Security, not if you can afford Omega. If you can’t buy the sub go find another game.

I’m sorry, but your blog post did nothing to communicate the steps you’re taking.

What is your response to the numerous bot reports that you’ve already received? Why are those people still botting? The messages of, “keep sending in reports” and “don’t forget to secure your account” do nothing to address the concerns that you aren’t detecting and banning people who bot.

Make the environment hostile for afk players. Use the new AI response fleets (at least they will be useful for something).

The true indication of how CCP plans to deal with botting and other illegal activities in the future, will be their response to the Reddit article. If the details of the article are true (nothing has been proven yet), then CCP needs to stand up and support their real players by dishing out severe punishment to the players and their cohorts that have been named in the Reddit post. If true, with players botting and using RMT at this scale, the punishment must fit the crime!

Considerations:
CCP is a very small business. On another forum someone who read the annual financial report noted CCP had 265 employees and a net profit of 3.5 million. (these figures are from my memory so …) WOW has 5,000 graphic designers. 265 people for a worldwide computer based game is both amazing and unlikely. I would assume the computer network staff has to be 80% of the total. Point is there is not much money or staff available to throw at the bot RMT problem. Self policing by the subscribers is probably the best CCP can do.

I am not a programmer but making Bot and RMT hunting profitable in game, as suggested above, seems an excellent suggestion. How about an in game training sequence on identifying BOTS and RMT perhaps including a “Request to fire authorization to CCP” just like real world rules of engagement. Make outing them part of the game and give the programmer killers in here something else to do for fun. Perhaps CCP could withdraw CONCORD protection for known bot ships, flag them as suspect, void their insurance, and let players kill them for profit. If haulers are fair PvP targets why not BOTS and RMT?

world of warcraft has an authenticator. A small keyring device that you press a button, it randomly generates a number you then type into your account. I would like to see eve supply us with one of these devices. Easy to store on your desktop or computer table when you need it. Perhaps this would help, just a thought.

Nope, they make you use Google Authenticator because they don’t have to do any work and it’s free.

Pretty sure you have to do significant work even with Google auth.
Also we are now in the smart phone era. Key ring auths date to before smart phones were common.

I’d say they double counted some numbers. 5377 bans for account hacking. At some point they said pretty much all account hacking is connected to RMT. So I guess the 5377 is already in the 8771 accounts bans for RMT related activities.

Furthermore the vast majority of these 5377 bans will be victims accounts.
Botters would probably use more than 1 account.

If I were to guess these bans were a 100 real baddies at the most.

@CCP_Falcon thanks for the update. Can we assume these are perma-bans and that this scum will not be allowed another chance to f*ck with our game?

Key ring auths don’t end up being screwed over by phone updates or other glitches, causing you to have to go through CS to get the auth removed, then re-apply the auth. I bought a key ring auth for FFXI when it first came out, continued to use it for FFXIV, and it still works to this day without one single hiccup. As a side note, have never had to charge the battery in all these years.

@CCP_Falcon

i will not contradict numbers etc., but i will ventilate my expierence with CCP regarding Botting.

A while back in my nullsec corp i noticed a guy that owns a super switch to a regular carrier.

He was playing almost 24/7, i found it suspicous and reviewed his habits myself and came to the conclusion he wasnt actually there himself. He was botting, most of the time. I reported him through the ingame report option, but now 1-2 months later, he is still botting every day.

Im considering kicking him, because obvious reporting to CCP doesnt actually do anything… or thats my expierence atleast.

My advise would be to send a GM to the reporting party, and collaborate, because sometimes people are not botting, but we the players know their habbits and can direct much better when they are botting.

Also this will educate players and reduce false positives.

Honestly, you can’t remove all the cheaters from NEW EDEN, it’s not possible no matter how good your detection software is.

What you will do by this is make the demand greater and the profitability that much greater for these said Botters and RMT.

There are reasons people feel the need to cheat …
Those issues, should be what is addressed,not how to stop them because you can’t entirely stop cheaters.

Now lets take into consideration why people cheat in NEW EDEN…

There is many reasons such as not enough REAL LIFE time, to how long it takes to train skills on a character.
There is bound to be tons more reasons,but those are just a few,I can think of right there.

Now, GM Arkanon says,

" We do not intend to allow people to ruin the gaming experience for other players through this most lazy and underhanded way of achieving your goals in EVE."

You’re ruining your own game!! LMFAO!!*
GM Arkanon’s opinion is obviously, from someone who clearly hasn’t had to actually grind in NEW EDEN from the ground up because he or she would know that it takes along time to achieve anything in NEW EDEN and by that time you do achieve anything in this place NEW EDEN should really be called “OLD EDEN”.

Here’s a list of other interesting facts about EVE online

EVE online’s RELEASE DATE:
May 6, 2003
on steam means the 16 year old game isn’t even close to competition with modern mmo’s, space simulators, or any other category that it tries to sit in.

Let’s also add the fact, that you have to pay per character monthly.

On top of this there are skills that take longer than a month,just to train,let alone a whole year.

So,you’re charging outrageous prices for an outdated game, and you’re upset people cheat?
The skills take hell of along time to train and you’re upset people cheat?
You make people pay per character on a 16 year old game and you’re upset people cheat?

That’s pretty underhanded and you’re ruining your own game CCP.

I’m just saying you may want to re-evaluate the way you’re thinking in CCP.

Now you can remove my post.
You can ban me from posting in the forums.
You could even ban all seven of my accounts of which only two I even pay for.
Because to me it’s not worth the money. It’s not worth the REAL WORLD TIME.

There tons of other options out there and all you do is drive your player base to those options.

CCP has alienated lots of it’s player base for a very long time, if I have to be the one to say it, then I will say it.

It’s a 16 year old over priced game.
It’s not the on the top streamed games on twitch.
It’s not on the featured games either.
It’s not on the top live channels
it’s not on the top PS4 channels
it’s not on the top XBOX one channels

This is just a game where people trying to make some isk and burn up some time during their day or night.

• Mia Handcock

That reddit article was fascinating.

Especially this bit:

“For such purposes I had to get some good hardware – solo Ryzen CPUs and two-headed Motherboards with Xeons. This equipment was supporting from 50 to 100 accounts per a single computer.”

Every PC has a unique MAC address.

I don’t know if this is technically possible, but if CCP can check MAC addresses on login, perhaps they could ban/disconnect MAC addresses running ridiculous numbers of accounts? It won’t stop botting from multiple PCs, but it could make the operation of large-scale botting a more expensive exercise.

Perhaps this idea has more holes than a block of Swiss cheese, but it’s clear CCP is outmatched by the botters and multiple AUTOMATED solutions will be required.

Every network card has (MAC addresses are layer 2 addresses, IP addresses are layer 3 in the OSI reference model) and they usually can be changed.