EVE Online is under siege. The invasion isn't masterminded by one of EVE's infamous misanthropes or some grand armada worth hundreds of thousands of dollars -- it's an invasion of exploiters, botters and hackers. This time, instead of the players battling in space, CCP Games' Security Team is on the front line.
Since the Ascension expansion added the option to play EVE for free in November 2016, the community has been affected by more and more account thieves and bots. "EVE getting a free to play option has changed our job quite a bit," CCP Peligro, a Security Analyst for EVE Online, explained to me during an online interview.
"There are groups out there that systematically attack free to play games." These attacks include hackers stealing accounts, both active and inactive, as well as an influx of bots that disrupt EVE's already complex and chaotic economy.
When an old or inactive EVE account was compromised prior to the free to play option, the damage was limited, as there was far less value in an account with no in-game access. Now, every account is always able to log into the game and liquidate assets such as a player's ships, their stockpiles of materials, or even the very skills they use to play.
The Ascension expansion introduced Skill Extractors, items that allow a player to drain the Skill Points - or Experience in traditional MMO terms - of a pilot and trade them with other players or sell them on the market for a profit. Compromised accounts are now being found stripped of all in-game assets and with their pilots' skills removed and being sold on the open market.
When an account is breached in this manner, the in-game currency made off the breach can be sold for real money, profiting the hacker and ruining the legitimate player in the process. In a dev blog published today about new security measures, CCP noted.
"At this point, most of the ISK [EVE's currency] and other stuff sold on the shady RMT [real-money trading] sites out there comes straight from other players' hijacked accounts."
Through player contributions and the game's security team digging into EVE's complex backend logging system, CCP reports over 1,800 botter accounts received bans in the month of January, with nearly a third of them receiving permanent bans as repeat offenders.
These bots include automated miners, which collect mineral resources 24 hours a day 7 days a week; ships that hunt NPC pirates without player input in order to fill the botter's wallet with bounty payments; and even chatbots that attempt to run automated scams in the game's market hubs.
What can players do to stop this from happening to them? CCP Guard, EVE's Lead Community Developer, told me over a phone in a conversation with them and Peligro, "Use two factor authentication on everything. You have to constantly be on high alert." Peligro also added, "Do not reuse the same password. They're not hacking anything, they're finding credentials and just trying them on every single thing."
Today's dev blog stressed the importance of reporting players who are acting suspiciously. Alongside encouraging players to report bots, CCP also hopes to further involve players by giving them feedback and updates on accounts they have reported.
In an effort to streamline their processes surrounding the removal of bots, CCP has announced a harsher policy for players found to be running them. Beginning March 1st, the first punishment will be a three day ban in order to give accused players "a painless chance to mend their wicked ways."
If further scripted activity on the account is found after the ban, botters' accounts will be permanently closed and their assets will be removed from the game entirely. This is in stark contrast to the current system, where those found botting were given are given up to four warning bans, lasting between three and 30 days, before a permanent account closure.
Sometimes when an account is banned, it results in quite a bit of, for lack of a better term, 'space trash' being left in the star systems that the bots occupied, such as space stations that are now unmanned. CCP Guard informed me that during a summit with the Council of Stellar Management, the player-elected governance body, the idea of a bot-hunting live stream hosted by CCP was brought up.
Guard chuckled at the idea: "We've done this before! At Fanfest! We've had footage of the security team blowing up bot structures and ships playing in front of the crowd!" CCP Peligro was quick to chime in, "If you're cheating in game, we'll see you on the stream!"
CCP has always been active in their efforts to ban bots and hackers, but the influx of them since Ascension has made things more difficult. CCP Guard elaborated grimly, "Bots are negative for us in every single business sense ... they are way more intense on the server than a normal player, and they drain the morale of actual human players."
He paused for a moment, his tone returning to a jovial one, "It's like if you're running a club, you don't just look at someone's ticket at the door, you have to enforce the dress code, you have to keep the crazies out, people come to the club for the atmosphere. It's the same with the game."
In their dev blog, CCP Games promises to do everything in their power to stem the tide of botting and account theft in EVE Online, but there are always new threats. Peligro elaborated in our interview, "The entire online landscape has changed since EVE's inception.
The internet has changed, the players' computers have changed, everyone has much more access now. From the perspective of a security guy, this has resulted in massively amplified threats."