Presenting at security conference about EVE - need input from corporation heads

Hello all,

I’m a security researcher currently preparing a conference talk on ‘security within virtual worlds’ - I will be covering EVE Online as one of my topics as an example of how ‘corporations’ deal with insider threats.

I need an ‘introduction’ to various corporation leaders to talk through issues/problems they’ve had with insiders stealing virtual assets and how they deal with these threats.

This will be presented at an international security conference in 2021, possibly both in the USA and Europe. Attendance at these is very high with anywhere from 10,000-30,000 attendees and many of the talks are broadcoast internationally and covered by the media.

The chats will be relatively informal and can be in whatever format you choose (e-mail, video chat, voice chat, etc.) Most of the information presented will remain anonymous, but if you are happy to have your corporate name used in the presentation that’s fine too.

I’ve been in touch with CCP and they suggested coming here first. If you’re a head of corporation or currently deal with ‘security’ within your corp I’d love to speak to you so feel free to reply to this threat so I can pick your brains.

Thanks.

EDIT: For those that just prefer to post here, I’ve listed the questions I’m interested in getting answers/information to below. It also helps if you list your corporate name/size so I can organise my notes . For those of you that prefer to maintain some privacy you can send me your answers at EveResearcher@outlook.com and I’ll happily communicate that way:

Have you or your corporation experienced any insider threats - anything ranging from theft/destruction of assets/in-game currency or any other malicious activity? Can you describe them and what impact it had on you/the corporation? If you’re able to put a number of the amount that was stolen/defrauded, this is also very interesting.

How do you vet/deal with operational security matters?

Do you use ‘external’ sources of information to enrich background research on new players entering your corporation? ie. Do you research social media profiles, etc.

How do you ‘segregate’ or ‘contain’ new players. Is there some kind of ‘probation’ period and what kind of goal posts do you set before someone is allowed to take over critical functions within the corporation (for example, finance or any ‘privileged role’ within the corporation)

Has you/your corporation ever experienced ‘out of band’ attacks (ie. account takeover attempts for the purpose of in-game theft)

Please feel free to use my corporation’s name as much as you want. Say it as loudly as possible, in front of crowds that are as big as possible. Displaying it using a big font on official PowerPoint slides is a plus (anime slide backgrounds are a requirement).

Any chance u’ll be posting the talk here? Sounds interesting.

Thanks for responding so quick. I’ve setup an e-mail at EveResearcher@outlook.com to take this offline so we can chat more in-depth about your corporation.

Hi,

Certainly, will definitely be posting the final talk here if there’s interest. It won’t ‘just’ cover EVE but will cover ‘security within virtual worlds’ - for example, I’ll also be taking examples from world of warcraft and covering the whole gamut of security threats that players/guilds/corporations experience within virtual worlds such as insider theft, fraud, phishing, etc.

You can ask stuff here. Anything that would need to be “offline” is probably something I wouldn’t answer anyway.

This sounds very interesting!

What was your name again, OP?

Thanks. Whatever you prefer. I’ve listed the questions below, I’ll also update the original post for those that want to just pile in here. You can feel free to answer with as much/as little detail as you like.

Have you or your corporation experienced any insider threats - anything ranging from theft/destruction of assets/in-game currency or any other malicious activity? Can you describe them and what impact it had on you/the corporation? If you’re able to put a number of the amount that was stolen/defrauded, this is also very interesting.

How do you vet/deal with operational security matters?

Do you use ‘external’ sources of information to enrich background researcher on new players entering your corporation? ie. Do you research social media profiles, etc.

How do you ‘segregate’ or ‘contain’ new players. Is there some kind of ‘probation’ period and what kind of goal posts do you set before someone is allowed to take over critical functions within the corporation (for example, finance or any ‘privileged role’ within the corporation)

Has you/your corporation ever experienced ‘out of band’ attacks (ie. account takeover attempts for the purpose of in-game theft)

Hi,

Here’s my author bio from some publications if you’re interested but essentially I publish research/articles on offensive security and ethical hacking.
https://www.infosecurity-magazine.com/profile/alex-haynes/

Before I (and others) can answer anything, I’m curious: are you an actual EVE player, or are only here for the research? Because the answers can have some very technical, game-specific concepts in them which you might not necessarily “get” (in the meta sense of the word) unless you’re an experienced player.

So I used to play EVE online for about 5 years some time ago, I guess the last time I dipped my toes in the water was about 2 years ago, so feel free to use whatever terms you’re used to, and if I get lost or don’t understand an explanation I’ll just ask for some clarification if that’s ok.

There’s an article on how to be a spy in EVE, which by its very nature also gives valuable tips on counterintelligence efforts within corporations and alliances. Worth a read.

Part 1, Part 2

spai?

Obligatory

You MUST include this in your presentation.

Try to interview The Mitani or Vily

I’m with Pandemic Horde Inc. and although I’m a line member I’ll give you some info.
We’re a new-player focused corp, so we don’t require any ESI stuff to join Horde Inc. as a line member. Anyone with enough brain cells to rub together can spin up a new alt and impersonate a newbie well enough to get in anyway, so ESI/API stuff wouldn’t do much except delay an actual new player’s entry into the corp. We do have some security measures though.
For example, we have certain areas of space that are only accessible to players in corporations that do require ESI verifications. Players in Horde Inc. who enter those areas are politely asked to leave, and removed if they continually cause problems there. This allows our veterans with shinier stuff to engage in PvE activities while being at less risk of an awox.
Stuff and information is also given out on a “need to know” basis. We have hangars of ships for new players, but instead of granting them direct access to them they ask one of our helpers to give them a ship. This ensures that a goon alt doesn’t clean out said hangars every other day. I suspect that most corps have similar policies with such information release as well, i.e. only cap group needs to know about what caps are doing, fleet advertisements don’t usually contain a lot of details such as the destination of the fleet, and jump freight schedules aren’t published to make ganking them harder.

To give specific answers to your questions:
Corp: Pandemic Horde Inc.
Size: We sometimes have to kick inactive players because the corp is full, lol. Dotlan puts our corp membership at more than 10,000.

1. Yeah, goons like to put awox alts in and try to find a rattlesnake or carrier to tackle and drop bombers on. It’s hard to give a specific number, mostly because it’s an ongoing problem.

2. Generally people who are active and helpful and don’t have sketchy stuff in their ESIs are the ones that get more responsibilities. A lot of roles have time in corp requirements attached to them. This helps keep spies out but isn’t a perfect system, it just weeds out impatient ones.

3. Aside from ESI stuff for higher-security corps/positions, no. If I was joining a corp and they asked me for my facebook that would be a deal breaker for me. Keep your nose out of my personal life!

4. Like I said, Pandemic Horde Inc. players are not allowed in ESI-gated space. Other than that, not really. I don’t handle anything involving privileged roles so I couldn’t tell you about the specific goal posts beyond having a good, long history in corp.

5. I don’t think anyone has tried to hack Gobbins yet, but sometimes leadership creates a character for the purpose of accumulating money for things such as application fees for cap group or donations for a keepstar, and some jackwad will create a similar character with a lowercase L instead of a capital I in the name or something, hoping that people who are sending ISK will send them the money instead of the proper character. In case you aren’t aware, this is hella against the TOS.

Thanks for this detailed rundown. I have a follow up question. When you do the ESI checks what kind of info do you look at in particular?

I don’t do the ESI checks myself, but stuff like wallet history is important. If your character has unexplained ISK transfers from your main in another alliance, that’s a red flag. What corps your other characters are in is also something that gets looked at, because most corps request ESI access to all your accounts. It’s not a perfect system because a good spy will use out-of-game communications and a clean account, but it helps.

Looking forward to reading about this when you post the talk here. Sounds interesting.

Thank you all for the great responses so far - had lots write to me direct to keep things confidential which is great. I’m also interested in hearing any tales of when insiders did successfully make off with your ships/isk/stuff - keen on seeing what happened (did the corporation fold, rebuild, etc.)

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.