devtrackers.gg
8 months
ago -
EVE Online
-
Direct link
Transcript (by Youtube)
| 0s | welcome |
|---|---|
| 1s | 20 years |
| 3s | what a ride |
| 5s | but you know what's been around there |
| 7s | for a little bit less than 20 years |
| 10s | anybody I guess |
| 12s | Bots |
| 14s | and they suck right |
| 17s | with exception of Ibex our friendly chat |
| 19s | support bot |
| 21s | but then again he is dealing with you |
| 23s | guys so it's just a matter of time until |
| 25s | he follows the footsteps of Skynet |
| 28s | but welcome to team security |
| 29s | presentation I'm CCP stinger and let me |
| 32s | introduce the team we have CCP grimy |
| 35s | our security analyst |
| 38s | our Auntie a credit card fraud and the |
| 41s | rmt Internal Affairs and spin with CCP |
| 44s | since 2003. |
| 46s | we have CCP hugin on our team senior |
| 49s | game master watchful hack excuse me |
| 51s | watchful Hawk who restores the Hacked |
| 54s | accounts |
| 55s | who is tackling the problem of hacked |
| 58s | accounts is anti-rmt and deals with the |
| 61s | most complicated |
| 62s | cases of account sharing and has been |
| 65s | with CCP since 2005. |
| 67s | then we have me CCP Stinger I'm security |
| 70s | analyst I take care of the Bots |
| 73s | I also handle anti-rmt |
| 76s | and I've been with CCP since 2012. |
| 79s | and you can see already |
| 81s | that all the free members of the team |
| 83s | security |
| 84s | we have something in common |
| 86s | it's anti-rmt |
| 88s | because credit card fraud hacked |
| 90s | accounts and botting is all connected by |
| 93s | Real Money Trade |
| 94s | and our speakers for today is CCP grimy |
| 98s | he's gonna continue a little bit a |
| 100s | little bit later after me and me |
| 103s | so let's see the menu for today what do |
| 106s | we have we have the team introduction we |
| 108s | have the voting recap of last year |
| 110s | anybody been last year here in Fan Fest |
| 113s | did you guys see the presentation last |
| 115s | year |
| 116s | okay great then we have top secret |
| 119s | middle secret bottom secret and let's |
| 121s | see how much time we have left for Q a |
| 124s | but let's start with the recap |
| 127s | last year I told you |
| 130s | I showed you some information on what |
| 132s | we're dealing with |
| 133s | right this year we're going to show you |
| 135s | how we're dealing with it |
| 138s | but to recap we were speaking about |
| 141s | organized bot Farms you know those bot |
| 143s | Farms that are there just for one |
| 145s | purpose and one purpose only is the bot |
| 148s | to generate currency that is being then |
| 150s | sold |
| 151s | on auction sites |
| 153s | vrmt they're easy to spot tough to |
| 156s | remove multiple accounts are created |
| 158s | with just one click |
| 160s | the accounts are running 24 7 in batches |
| 164s | and they use Virtual machines like the |
| 166s | user 1 Hardware machine with huge amount |
| 169s | of RAM and then spin up smaller virtual |
| 172s | machines with Windows and Eve online |
| 175s | clients to such an extent |
| 177s | that they even have a snapshot image |
| 179s | saved so to create a new virtual machine |
| 181s | takes them minutes right |
| 184s | they are fast and efficient |
| 187s | and the battle never stops |
| 190s | it's like a game |
| 192s | of whack-a-mole we remove one batch |
| 194s | another one takes over we remove another |
| 196s | one takes over |
| 198s | take a look at that smile |
| 200s | that's how I look like when I'm Banning |
| 202s | the Bots |
| 204s | so we have to take a step back |
| 206s | take a look at the situation and change |
| 209s | our tactics |
| 210s | because the organized bot Farms right |
| 213s | they are there just for one purpose |
| 215s | to generate the currency |
| 218s | to be sold that is a business model |
| 222s | they don't have a normal gameplay |
| 224s | Behavior like our players have you know |
| 226s | you start you start with Venture then |
| 229s | you play you play you play we all know |
| 231s | how hard it is to get the next ship and |
| 233s | the next ship and the next ship they |
| 235s | don't do that they just get something |
| 238s | injected assets a currency from somebody |
| 240s | and they immediately start boating |
| 243s | minimizing the time spent and maximizing |
| 246s | profits |
| 247s | so we have to change our tactics and go |
| 250s | after the financers |
| 252s | like burn all the bridges because it |
| 254s | didn't work just to remove the batch we |
| 256s | had to go after the financers who are |
| 259s | injecting |
| 261s | and this is how it looks like this data |
| 264s | what you see is an actual Farm bot farm |
| 267s | that started operating around Christmas |
| 270s | and this is a real data this is not made |
| 272s | up by us this was a proof by our legal |
| 275s | team so we can show it with the |
| 278s | character names |
| 280s | because they don't interact with normal |
| 281s | players they interact just with self and |
| 284s | it's for us safe to show and you can see |
| 286s | here is 150 accounts from a total of 117 |
| 290s | of this bot operation right |
| 294s | so 317 accounts |
| 296s | how many characters can account hold |
| 300s | up to three so that immediately spikes |
| 303s | up to one thousand one thousand |
| 305s | characters |
| 308s | and new players still say that our locks |
| 312s | show nothing I mean in the beginning of |
| 314s | Eve it's been 20 years our logs show |
| 317s | nothing this has changed and has changed |
| 320s | a lot the logs shows something actually |
| 323s | they show a lot |
| 326s | imagine somebody would be following you |
| 328s | throughout the day right and record |
| 330s | every interaction you have |
| 333s | so you wake up |
| 335s | at seven in the morning right you put |
| 337s | your socks on you put your pants on you |
| 339s | go to the toilet and you jettison |
| 342s | a container into space |
| 344s | and that continues throughout the day |
| 346s | now the question is what is interesting |
| 348s | for our investigation are those the |
| 351s | socks are those the pants or is it that |
| 354s | jettisoned space container that you did |
| 358s | so we need help |
| 361s | and let me introduce you our superhero |
| 364s | maltego |
| 366s | Montego is open source intelligence |
| 368s | software |
| 369s | doesn't mean that the software itself is |
| 371s | open source but the intelligence |
| 374s | there are 96 different information hubs |
| 377s | available in multigo where you can pull |
| 379s | and mine different data starting from a |
| 383s | simple Network mapping |
| 386s | to a complicated investigation into |
| 389s | social media presence of a person of |
| 391s | interest |
| 392s | and my take was mostly used by antivirus |
| 396s | manufacturers for the threat analysis |
| 399s | it's used by Interpol for cyber crime |
| 402s | investigations |
| 403s | and it's used by US |
| 409s | and in this particular example like a |
| 412s | simple example what Montego can do is a |
| 414s | network lookup Network mapping right so |
| 417s | we put in if online.com and we run |
| 420s | different transforms transforms when we |
| 422s | run transforms we're pulling the |
| 423s | information the different information |
| 424s | that is available for us a simple thing |
| 427s | is to take a look the DNS records where |
| 430s | they are stored when you type in |
| 431s | ifsonline.com where are you actually |
| 433s | going you know first and then |
| 436s | continue the network path |
| 438s | of course with if online.com you have |
| 441s | Associated the support if online.com |
| 443s | that's where you file your reimbursement |
| 445s | requests that are being denied |
| 447s | constantly |
| 449s | then you have the forums if online.com |
| 451s | Where You Are |
| 453s | trolling your position in the game |
| 455s | then you have the secure if online.com |
| 457s | hopefully that's where you're buying |
| 459s | Omega and Plex right |
| 461s | you're not going anywhere on auction |
| 463s | sites yeah I see you I see you |
| 467s | and then of course you have like |
| 469s | community evenlight.com and so on and so |
| 471s | on so this is just a simple example what |
| 473s | material can do but |
| 478s | I was speaking about open source |
| 480s | intelligence right |
| 482s | and this is not how we're using it |
| 483s | because we are having one huge Advantage |
| 486s | together with our PX tools team with our |
| 489s | programmers we took Montego and we |
| 492s | banned it |
| 493s | to our own needs and purposes |
| 496s | to investigate |
| 498s | the botting |
| 499s | credit card fraud and rmd and hacking |
| 506s | which is a second I lost my |
| 508s | adrenal thought |
| 511s | because we have a huge Advantage all the |
| 513s | data |
| 514s | is out there it's on our service |
| 517s | we don't need to look for open source |
| 519s | intelligence we have it |
| 521s | and this is how I'm gonna show you today |
| 524s | this investigation of the bot Farms |
| 528s | early this year |
| 530s | where we transform from this logs |
| 532s | and just a spoiler alert in this logs |
| 535s | there is a character already found from |
| 537s | 1 000 characters potentially 1000 |
| 539s | characters has already been found who is |
| 542s | Distributing the assets |
| 544s | so try to First find the character that |
| 546s | is a lot of a lot of man hours |
| 549s | and I'm gonna take you |
| 551s | where we gonna take a look you guys know |
| 554s | what this is |
| 555s | what is it |
| 557s | no not Russian bottom it's the matrushka |
| 560s | dolls right |
| 562s | and we're gonna take a look we're gonna |
| 564s | peel |
| 565s | the layers away from that organized bot |
| 567s | Farm to try and find our financers to |
| 571s | try and find that injection of currency |
| 574s | or ice assets or items so in the end |
| 580s | we have this nice looking graph in my |
| 582s | Tigo because maltigo is able to pull the |
| 585s | data |
| 586s | to display it on a graph and to display |
| 588s | the relationships between the entities |
| 591s | like when we put something on the graph |
| 593s | it's an entity |
| 596s | so let's start by peeling the first |
| 598s | layer right so we know the characters |
| 602s | who are doing the butting |
| 604s | ah sorry not the characters the accounts |
| 606s | that are doing the botting yeah but they |
| 608s | are not the ones |
| 610s | who are interacting in the game accounts |
| 613s | cannot interact in the game it's the |
| 614s | character so our first thing would be is |
| 617s | to take the first layer off |
| 619s | and take a look what's inside the |
| 622s | characters and this is what is happening |
| 625s | in this particular recording just on a |
| 628s | side note |
| 629s | the recordings that I have are from |
| 631s | multigo 4.2 |
| 633s | the version is outdated nowadays there's |
| 636s | 4.5 which even brings more capabilities |
| 639s | of the software itself |
| 642s | and here I place the users that are that |
| 646s | we know that are botting and place them |
| 648s | on the graph and I have a simple |
| 650s | available transforms to me that's how I |
| 653s | pull the information first one would be |
| 655s | like you know |
| 656s | to actually not work with the IDS |
| 660s | but work with the usernames so the |
| 662s | simple transform is like okay tell me |
| 664s | the username of the account |
| 668s | and then that's what you get uh you get |
| 670s | the username the account you get the |
| 672s | alpha or Omega state |
| 675s | and then you get |
| 677s | a little red bookmark |
| 679s | you see on on the slides the red |
| 681s | bookmark indicates |
| 683s | that the accounts have been banned of |
| 686s | course they've been banned they've been |
| 687s | operating since January we will not |
| 689s | allow them to operate until September so |
| 692s | we ban them another set of transforms |
| 695s | it's where we're gonna peel our first |
| 697s | layer is to take a look at the |
| 699s | characters |
| 700s | character names |
| 702s | their wallets |
| 704s | their skill points right and very |
| 707s | important there's a user link between |
| 710s | the account and character |
| 713s | so let's get back so we got our |
| 715s | characters right |
| 718s | what would be the next step for us |
| 723s | copper good that's actually good but in |
| 726s | this particular case Corporation as you |
| 729s | maybe saw a few slides back |
| 732s | excuse me I'll |
| 734s | go back |
| 736s | they are all in NPC corporations |
| 740s | so in |
| 750s | for example so the next step would be is |
| 753s | actually to peel another layer but for |
| 755s | that we need to do a middle step the |
| 757s | middle step would be |
| 759s | is actually to grab |
| 761s | all the characters and try to pull all |
| 764s | the information that we have |
| 767s | and that's what you get so this is the |
| 770s | result of that transform and you see |
| 772s | immediately that something is off |
| 775s | on the graph the characters are bookmark |
| 778s | purple |
| 780s | now in this particular case our PX tools |
| 782s | have made it if the character is deleted |
| 786s | it's bookmark purple now why would |
| 788s | somebody delete a character I mean you |
| 790s | guys have been deleting characters here |
| 792s | and there because it didn't like the |
| 794s | name you didn't like the race and so on |
| 796s | and so on but this is a bot Farm you |
| 798s | know it's designed to do one thing and |
| 800s | one thing only so that means somebody |
| 803s | a person went in there and actually |
| 806s | deleted it why |
| 816s | in this particular case this is |
| 818s | immediately jumps into our eyes that we |
| 820s | need to investigate deleted character |
| 822s | it's odd in this particular |
| 824s | investigation are they trying to hide |
| 825s | something are they trying to destroy the |
| 827s | evidence we'll need to find out |
| 830s | but the next step would be is actually |
| 831s | to find all the interactions in terms of |
| 834s | assets movement so we need to peel |
| 836s | another layer to go a little bit deeper |
| 839s | for that I'm gonna grab all the |
| 841s | characters that came from the users our |
| 844s | known Bots and I'm gonna bookmark them |
| 847s | blue |
| 848s | it's just for me to know that those |
| 850s | characters are known to us |
| 853s | they're known to us so later on the |
| 855s | graph and an investigation we can see |
| 857s | clear results a little bit |
| 860s | for us to easier spot something |
| 863s | and now unfortunately when we're gonna |
| 865s | be peeling another layer |
| 868s | there is more transforms available for |
| 870s | us we can look at different information |
| 872s | but I'm not gonna show you what is |
| 874s | available to us right now because it's a |
| 877s | constant battle that we're fighting we |
| 879s | still want to have one ace up our |
| 881s | sleeves but you already know that we're |
| 883s | looking here in this particular |
| 885s | investigation when we're peeling another |
| 887s | layer is all the interaction |
| 891s | regarding assets movement in particular |
| 893s | items and currency not the jettison |
| 896s | container yet but we could and you can |
| 899s | see I selected everything I'm running |
| 901s | the transforms and now would be the time |
| 903s | for me while it's completing to go grab |
| 905s | a cup of coffee |
| 907s | no of course I'm gonna |
| 909s | skip the waiting and gonna show you the |
| 911s | result |
| 912s | and this is |
| 914s | what happens when we're feeling another |
| 916s | layer |
| 919s | this |
| 921s | transform showed all the interactions |
| 923s | all the assets movement between the |
| 926s | characters and you can immediately spot |
| 929s | in this particular layer of |
| 931s | Investigation |
| 933s | how one character is Distributing left |
| 935s | right and Center into the bot Farm |
| 938s | but there's something interesting |
| 940s | happening there right so you see the one |
| 943s | character |
| 945s | and then suddenly |
| 947s | more characters appeared and they don't |
| 950s | have a bookmark |
| 953s | remember we bookmarked our characters |
| 955s | because they are known |
| 956s | and these ones are not |
| 958s | so maltego pulled them out of the locks |
| 962s | there because they exactly you got it |
| 966s | because they |
| 968s | came up |
| 970s | because they injected assets or currency |
| 975s | and those are the guys |
| 977s | that we need to investigate they are the |
| 980s | financers |
| 981s | they interacted with the bot Farm in |
| 985s | terms of assets movement |
| 988s | and I will |
| 990s | need to skip because now we are doing |
| 993s | the same thing that we did with the |
| 994s | first layer is actually to take a look |
| 997s | who are they get all the information get |
| 1000s | all their usernames |
| 1002s | uh their accounts and so on and so on |
| 1004s | and it continues three four layers a |
| 1007s | little bit further |
| 1008s | until we arrive at our destination in |
| 1011s | this particular investigation |
| 1015s | and we'll find out |
| 1017s | that those guys who got the assets |
| 1020s | and the items they were credit card |
| 1022s | fraudsters |
| 1024s | they exposed another set of accounts |
| 1027s | that were focusing just on credit card |
| 1029s | fraud |
| 1030s | where Grimmie was taking care of them |
| 1031s | but some assets |
| 1034s | were invested |
| 1037s | into the bot Farm |
| 1040s | and this is it this is our small |
| 1043s | presentation of the investigation where |
| 1046s | we take multigo and its capability to |
| 1049s | mine data display data with |
| 1050s | relationships |
| 1051s | and this is how we transform from |
| 1054s | reading logs |
| 1056s | following maybe that that and leads |
| 1060s | instead we're doing nice looking graphs |
| 1063s | and multigo just helps us a lot in this |
| 1066s | particular case how we are using it it's |
| 1068s | very unique even unique to the the team |
| 1071s | itself of maltego |
| 1074s | this is our huge Advantage because we |
| 1077s | have all the data and multigo helps us |
| 1079s | to reduce man hours spent on an |
| 1083s | investigation |
| 1084s | and keep my sanity |
| 1086s | in place |
| 1088s | big investigations that were taking days |
| 1090s | now take hours |
| 1093s | trivial tasks that were taking hours for |
| 1095s | us to complete not take minutes |
| 1098s | and because of that because of the time |
| 1100s | that we have we can also help our other |
| 1103s | departments in CCP for example Alliance |
| 1106s | tournament that just finished our |
| 1108s | prestigious esport event |
| 1110s | back then every character that signed up |
| 1114s | for the alliance tournament had to be |
| 1116s | checked manually and the aliases too |
| 1119s | because we don't want bad guys |
| 1121s | participating and winning |
| 1124s | those prestigious ships |
| 1126s | so now this year team Securities would |
| 1129s | was helping with that we punched all the |
| 1131s | information we run our transforms |
| 1133s | multigo even supports machines where we |
| 1136s | just simply set different types of |
| 1138s | transforms and it was like punch the |
| 1141s | information in |
| 1142s | run the transforms and then really just |
| 1145s | take a look at those guys that have |
| 1147s | something on them that are suspicious |
| 1149s | that were misbehaving and then you know |
| 1153s | instead of finding them we have them and |
| 1155s | now we can spend time to make the |
| 1156s | decision if we allow them to participate |
| 1158s | or not |
| 1160s | with it a small thing together with the |
| 1163s | multigo team we published a case study |
| 1166s | it's available on multigo.com under |
| 1169s | block on the resources block case study |
| 1171s | and white papers it's a small summary |
| 1174s | but we're we're gonna be also looking to |
| 1177s | do something bigger in the coming months |
| 1180s | but that is it from me I hope you |
| 1183s | enjoyed the small presentation of our |
| 1185s | small investigation and I'm giving the |
| 1187s | stage to my colleague CCP grimy |
| 1196s | thank you Stinger for this onto the hood |
| 1198s | view of boat hunting |
| 1201s | I will be doing a little more |
| 1203s | traditional things for a Scenic like |
| 1205s | this |
| 1206s | some numbers some graphs |
| 1208s | always enjoyable |
| 1211s | we'll go through the numbers of accounts |
| 1214s | we plan for rmt related activities |
| 1216s | and first on the list is account hacking |
| 1219s | which is a |
| 1220s | quite an annoying and a nasty problem |
| 1224s | obviously people lose their skill points |
| 1227s | their assets even characters are |
| 1230s | destroyed and deleted you know it's just |
| 1232s | complete Devastation and it takes a long |
| 1236s | time to fix and it's a very very |
| 1239s | all of it obviously sold to other |
| 1242s | players in the game |
| 1244s | so something that we |
| 1248s | tastes like quite a lot next on the list |
| 1251s | is the Bots |
| 1255s | so this is mainly multico results and |
| 1260s | clearly ruining the gameplay for |
| 1262s | everyone |
| 1264s | doing |
| 1265s | their automated tasks |
| 1272s | financed by fraud account hackers it's |
| 1276s | all basically the same groups of people |
| 1280s | then this payment fraud this is a very |
| 1282s | nasty problem as well |
| 1284s | obviously a real world crime |
| 1286s | not a lot of good things to say about |
| 1288s | these people |
| 1290s | this incurs all kinds of operating costs |
| 1293s | we have to |
| 1295s | refund this charge box there's all kinds |
| 1298s | of fees |
| 1299s | and various problems obviously |
| 1302s | negative effects on the ink Market |
| 1306s | and |
| 1307s | prices and availability of offers you |
| 1310s | had to restrict offers or even remove |
| 1312s | offers due to abuse |
| 1317s | selling This is the End station of it |
| 1319s | all generally all these accounts |
| 1322s | previously could be |
| 1324s | classed as isk selling but these are |
| 1327s | actual accounts that are sort of |
| 1330s | getting assets from hacked accounts and |
| 1333s | then selling onwards |
| 1336s | mostly it's organized networks of of |
| 1340s | non-players but there are also some |
| 1342s | players in there that are trying to make |
| 1344s | a buck on the side |
| 1346s | everyone gets the same end result we |
| 1348s | permanently ban everything we find |
| 1350s | connected to them |
| 1352s | so I don't want to be doing that |
| 1354s | also we see accounts that have obviously |
| 1357s | been sold at entropy and used for any of |
| 1360s | these |
| 1361s | previously mentioned activities and we |
| 1365s | will go and find all your accounts all |
| 1367s | their accounts not necessarily you guys |
| 1369s | but |
| 1370s | all other accounts that we find and |
| 1371s | close them as well |
| 1374s | so this is all about the isk and Plex |
| 1377s | and the skill injectors that you people |
| 1379s | are |
| 1380s | buying on the market |
| 1383s | and this is various websites across the |
| 1387s | world |
| 1388s | getting all this from stolen accounts |
| 1390s | from credit card fraud |
| 1392s | so it's easy to lower your prices if |
| 1395s | it's not your things that you're |
| 1396s | actually selling |
| 1398s | so that's |
| 1400s | easy to give that discount but there's a |
| 1403s | price |
| 1404s | because we have always since all these |
| 1407s | 20 years we've always removed whatever |
| 1410s | assets we find that people have been |
| 1412s | paying from these people |
| 1414s | and this is a |
| 1416s | a long history by now 20 years |
| 1420s | and if we you buy something at a |
| 1423s | discount and we |
| 1424s | find you and take your stuff then |
| 1427s | there's some bad things that can happen |
| 1431s | we will go and find the use a lot of |
| 1434s | people use throwaway arts for this but |
| 1436s | you know we find connections through |
| 1438s | musty go through all kinds of things and |
| 1440s | in the end we find the main characters |
| 1442s | where we will take the value of whatever |
| 1446s | they're getting |
| 1448s | and this means in many cases |
| 1450s | unfortunately that people are put into a |
| 1453s | negative wallet |
| 1455s | so that's never good because you can |
| 1458s | have problems with using the market you |
| 1461s | can have problems with creating |
| 1463s | contracts all kinds of problems |
| 1465s | and obviously all accounts connected |
| 1468s | will be flagged for scrutiny and if |
| 1471s | there's other you know if you catch you |
| 1473s | again or them again |
| 1476s | they will get in the end permanently |
| 1478s | banned as well |
| 1481s | so we will |
| 1484s | it's a long history we didn't go back 20 |
| 1486s | years but five years |
| 1487s | we had a look of confiscated stuff |
| 1492s | so we take let you take a minute to let |
| 1495s | this sink in this is |
| 1497s | so some big numbers |
| 1499s | so the this is isk that we've removed |
| 1502s | plaques that we moved and we also have |
| 1506s | removed skin in textures these are not |
| 1509s | the only items of the sold people are |
| 1511s | selling all kinds of ships tags |
| 1516s | whatever it is like but these are the |
| 1517s | most commonly traded rnt Goods |
| 1521s | and you know we are talking |
| 1524s | trillions and trillions and trillions |
| 1528s | what are we 130 33 and a half trillion |
| 1532s | isk in the last five years |
| 1534s | on top of all this we have |
| 1538s | we have a Titans and all kinds of shapes |
| 1540s | and all kinds of assets and characters |
| 1542s | on these accounts |
| 1544s | so this is just a part of it |
| 1548s | and um |
| 1550s | it continues and we still do this and |
| 1553s | we'll continue doing this |
| 1558s | just for uh for the sake of looking at |
| 1562s | it or kind of hypo hype |
| 1565s | hypothesizing |
| 1567s | um |
| 1568s | we did we did earlier this year we did a |
| 1571s | little uh scientific |
| 1574s | calculation on the prices involved |
| 1576s | actual real world Monies |
| 1580s | so you know this is a this is the assets |
| 1584s | obviously these prices go up and down on |
| 1587s | on these rmt websites and you know |
| 1589s | they're quite lower at the moment and we |
| 1592s | went with |
| 1593s | but this is a |
| 1595s | like a rule of thumb |
| 1597s | kind of average price |
| 1599s | but these are still some you know |
| 1603s | still some some impressive |
| 1606s | amounts |
| 1608s | and I will now read the statement that |
| 1610s | we have prepared |
| 1614s | we want to use this opportunity to |
| 1616s | dispel any vicious rumors |
| 1619s | uh that this is team Security retirement |
| 1622s | fund or even or even |
| 1625s | that's such a such a fund exists at all |
| 1629s | we of course emphatically deny this |
| 1632s | ridiculous allegations |
| 1633s | and will most certainly not be spending |
| 1636s | it on lab's trip to the Bahamas or Vegas |
| 1641s | we'd also like to make it absolutely |
| 1644s | clear here that our Villas or lake Grand |
| 1646s | Lake Garda |
| 1648s | are nowhere near as large and |
| 1650s | preposterously luxurious luxurious as |
| 1653s | some people have erroneously even |
| 1655s | maliciously claimed |
| 1658s | now that |
| 1659s | I think we have time oh I must have left |
| 1661s | the Rolex in the Lamborghini |
| 1665s | anyway I think we have time for some |
| 1667s | questions |
| 1669s | from the audience |
| 1679s | so we have a just a little bit um |
| 1682s | limited limited time for a few questions |
| 1685s | so make them count |
| 1695s | ing in data centers by remaining abuse |
| 1699s | because actually it's it's fraud in |
| 1701s | every country we have okay so |
| 1703s | um I will rely the question because |
| 1705s | we're recording the question is are we |
| 1707s | taking any actions uh on uh the auction |
| 1710s | sites that are running uh because every |
| 1713s | site needs to have a legal contact |
| 1715s | person |
| 1716s | uh and if we're taking actions towards |
| 1718s | that yes we are |
| 1720s | but |
| 1721s | um it's not always as simple some |
| 1724s | countries do take down the stuff |
| 1727s | some countries just |
| 1729s | we don't care you know |
| 1732s | and again there's multiple it's the same |
| 1734s | scenario as whacking the Bots you take |
| 1736s | them down |
| 1737s | they will appear somewhere else it's not |
| 1739s | only just the problem of if online and |
| 1741s | CCP there's multiple games who have this |
| 1745s | issue going on |
| 1747s | yes |
| 1752s | generally always gets away around it I |
| 1755s | know that's an always an ongoing process |
| 1757s | but you always actively trying to stop |
| 1760s | the new way of certain circumventing |
| 1762s | those Batmans so the question is |
| 1765s | um |
| 1768s | the question is like |
| 1770s | well this goes to me |
| 1775s | yes |
| 1776s | yes |
| 1780s | okay so um when we ban the Bots what |
| 1783s | other actions are we taking against them |
| 1785s | to make sure they're not gonna come back |
| 1788s | into the game unfortunately we will not |
| 1790s | disclose this information uh because |
| 1793s | um again as maybe you saw from the |
| 1797s | presentation virtual machines |
| 1799s | they're trying but failing and I will |
| 1802s | and we will not comment into further |
| 1804s | because we need to keep some information |
| 1805s | to ourselves |
| 1807s | because it's an ongoing operation and |
| 1809s | balance we do know that obviously they |
| 1812s | will be changing their past tense so |
| 1815s | the fact that they're changing the |
| 1816s | pattern is also suspicious so we look at |
| 1819s | that you know we're but mostly vpns are |
| 1821s | used and we cannot ban the vpns because |
| 1824s | they are actually used by some actual |
| 1826s | players not bot Farms |
| 1829s | yes please |
| 1837s | oh so are we doing something against the |
| 1840s | Intel Bots who are not actually |
| 1841s | generating currency that is the question |
| 1844s | and answer we are |
| 1846s | but they are tough |
| 1848s | Bots to spot |
| 1850s | and I already know what you're referring |
| 1852s | to because that situation happened two |
| 1854s | weeks ago on Reddit |
| 1856s | and they were known to us |
| 1859s | I invested investigated them personally |
| 1861s | because they were reported via ticket in |
| 1863s | the beginning of August |
| 1866s | and when looking into our systems |
| 1870s | I see a picture |
| 1872s | and in this particular case it was for |
| 1874s | us inconclusive so I left a note for |
| 1877s | further reference if this becomes a real |
| 1879s | issue and we will need to you know dig |
| 1882s | super deep |
| 1883s | and then the situation |
| 1885s | what's happening on Reddit by |
| 1887s | whistleblowers and suddenly with the |
| 1889s | information that they provided us that |
| 1892s | was the missing puzzle piece |
| 1894s | the whole picture became clear and in |
| 1896s | that case it became clear a clear |
| 1898s | violation of our rules of our Eula and |
| 1902s | toss and we were able to take action |
| 1904s | which brings me back again to you guys |
| 1907s | if you see something create a support |
| 1910s | ticket |
| 1911s | it our GMS will pass it on to us and we |
| 1915s | will investigate the situation and we |
| 1917s | will take actions where we can |
| 1919s | you can also use bot reports but the |
| 1921s | problem with bot reports they are being |
| 1922s | abused because everybody who is in Gita |
| 1925s | right oh that spammer he's a bot report |
| 1929s | him as a bot so a lot of players are |
| 1932s | reporting false positives and the data |
| 1935s | is just watered all around the place or |
| 1937s | even in a huge flit flight with a huge |
| 1940s | tie-dye let's just simply report the |
| 1943s | enemy Fleet right |
| 1945s | come on guys if you see something please |
| 1948s | create a support ticket we take a look |
| 1950s | at every ticket we do our investigations |
| 1953s | if there is something we'll take action |
| 1956s | you'll get a thank you email for bot |
| 1959s | reporting if there is nothing |
| 1963s | next |
| 1975s | to take on uh punishment to perhaps the |
| 1978s | leadership of those groups so we're |
| 1980s | following up on the situation that |
| 1982s | happened uh |
| 1983s | if it's found for example in Alliance |
| 1986s | that some members of The Alliance are |
| 1988s | botting |
| 1989s | uh are we taking any further actions |
| 1991s | against the leadership of the alliance |
| 1993s | or the cooperation and so on and so on |
| 1995s | and the answer to that is yes we do |
| 1999s | follow |
| 2001s | the isk we do follow and see who is |
| 2004s | benefiting benefiting from that what is |
| 2006s | actually happening with that is and the |
| 2008s | assets are they being sold on the |
| 2011s | auction sites are they are they being |
| 2013s | injected into something else are they |
| 2016s | being injected into capitals and so on |
| 2019s | and so on that's why also agreement was |
| 2021s | speaking that ships we do try to |
| 2024s | confiscate as much as possible |
| 2027s | but we have a line that we try not to |
| 2030s | cross we try to keep the game Integrity |
| 2033s | in place |
| 2035s | but we're not trying to make |
| 2038s | uh |
| 2039s | players |
| 2041s | into no you can deposit it into the |
| 2045s | retirement fund |
| 2046s | but we're trying not to punish players |
| 2048s | who |
| 2049s | seem to have benefited from that but |
| 2051s | didn't know |
| 2053s | so |
| 2054s | we are not punishing everyone |
| 2056s | in the terms like okay that Alliance is |
| 2059s | bad let's ban the whole Alliance no we |
| 2062s | try to take action as far and as much as |
| 2066s | possible to the parties who were |
| 2068s | involved and who did benefit from it |
| 2071s | do you also make adjustments to the UI |
| 2074s | or design the UI in a specific way to |
| 2078s | harder for |
| 2080s | wow |
| 2082s | so the question is like are we making |
| 2084s | changes to the UI to the user interface |
| 2086s | to make it harder no unfortunately that |
| 2090s | would involve other teams in CCP has |
| 2093s | been discussed many times but it has |
| 2095s | been discussed and interesting enough |
| 2097s | when there is a UI change in the client |
| 2101s | we see that the Bots uh |
| 2104s | are not operating but it takes them |
| 2107s | three or four |
| 2108s | weeks and they're up again and running |
| 2111s | so |
| 2112s | we cannot do UI change every month |
| 2115s | unfortunately |
| 2128s | it's a game design we operate on our own |
| 2132s | and we are not in sync with the what is |
| 2134s | happening with game design and |
| 2136s | developers who are actually bringing new |
| 2138s | features sometimes we benefit from it |
| 2140s | sometimes we don't but we continue with |
| 2144s | our operations uh as they are |
| 2154s | information |
| 2155s | we have yes we have visited all the |
| 2159s | games for all kinds of information with |
| 2161s | customer support related issues with all |
| 2163s | kinds of these types of issues as well |
| 2166s | so yes we have we try to knowledge share |
| 2169s | and get other knowledge absolutely |
| 2181s | while uh it's uh the question is what is |
| 2184s | our opinion regarding the CCTV but |
| 2188s | and the answer to that is it's |
| 2191s | technically not a bot |
| 2193s | because a bot needs to do something on |
| 2195s | its own |
| 2196s | uh when we take a look at our Eula and |
| 2199s | toss there's a clear statement about |
| 2201s | third party |
| 2203s | software years right so if you have an |
| 2206s | account logged in 24 7 right |
| 2210s | and you're streaming it to Twitch or |
| 2212s | YouTube or whatever you're not violating |
| 2216s | anything technically |
| 2219s | but again the situation that happened uh |
| 2222s | two weeks ago we are after Fan Fest |
| 2225s | we're gonna sit down together with other |
| 2226s | departments and actually discuss |
| 2229s | uh the situation because it's not it's |
| 2232s | been known for us uh back then with the |
| 2235s | what was the tool called I already for |
| 2238s | Beacon |
| 2239s | if you if you guys like been around for |
| 2242s | a little bit longer there was a |
| 2243s | situation with the software called |
| 2245s | Beacon that was gathering Intel and we |
| 2248s | addressed that situation where it was |
| 2249s | reading the memory from the client right |
| 2251s | so this particular case again our |
| 2254s | players they are always one step ahead |
| 2256s | like if we cannot do this we're gonna do |
| 2258s | that |
| 2259s | and we'll need to sit down and analyze |
| 2261s | the situation and come up with new rules |
| 2264s | and policies to enforce that |
| 2268s | what sure |
| 2275s | against the option |
| 2277s | are you doing the same |
| 2281s | yes so we had one person uh uh you know |
| 2285s | him CCV Alpha he was actually doing it |
| 2289s | he was collecting the information from |
| 2291s | different Bots uh run run website |
| 2295s | websites that offer Bots and also the |
| 2298s | auction houses and |
| 2300s | she's cease and desist orders were sent |
| 2303s | out and yeah they're still online so um |
| 2307s | at some point when you're trying to |
| 2310s | pursue that particular path |
| 2312s | you'll hit the dead end so we're trying |
| 2314s | it's not always working |
| 2325s | um |
| 2326s | macros so how do we stand about uh using |
| 2330s | macros like our macros are bad |
| 2333s | like if you say macro itself |
| 2336s | it's bad you need to be more specific |
| 2340s | what exactly are you trying to do input |
| 2342s | broadcasting where you press one button |
| 2344s | and 20 clients do the same thing is bad |
| 2347s | automated bot is bad |
| 2351s | what else is bad are you guys gonna ask |
| 2353s | us again about this boxer |
| 2357s | is boxer for window management good is |
| 2360s | boxer for automation input broadcasting |
| 2363s | bad |
| 2365s | it's been constantly ongoing ongoing |
| 2368s | every Fan Fest |
| 2370s | so sorry that we need to continue just a |
| 2373s | second there in the back |
| 2394s | ground |
| 2398s | and like kind of |
| 2401s | the box so that the Box cannot be made |
| 2404s | anymore so yeah the question is like are |
| 2407s | we gonna be like pursuing legal actions |
| 2409s | against the bot makers and uh so on and |
| 2412s | so on uh people who are offering cheats |
| 2414s | and so on so the situation in the gaming |
| 2417s | industry uh we we are literally in the |
| 2420s | same boat as other companies for example |
| 2423s | blizzard with OverWatch that was News |
| 2427s | free four months ago you know when they |
| 2429s | were pursuing legal actions against the |
| 2432s | cheat Creator |
| 2433s | um it all depends uh we're trying to go |
| 2437s | that path but when it's when it starts |
| 2440s | to actually involve legal teams |
| 2443s | yeah it's uh we would love to do it but |
| 2447s | you know we have a legal team that needs |
| 2449s | to be able to actually do it |
| 2452s | and any clear opportunities probably |
| 2455s | would you know be worth pursuing in this |
| 2459s | but nothing so far |
| 2461s | okay last question Let's Make It Count |
| 2464s | here |
| 2472s | that's serious sorry can you repeat it |
| 2474s | again |
| 2485s | because they are less or because you |
| 2490s | know can you measure house |
| 2496s | it depends sometimes I mean you're there |
| 2499s | is a problem you go at the problem and |
| 2502s | you clean up the problem but there's |
| 2504s | another problem so there's always a you |
| 2506s | know they're always coming back they're |
| 2508s | always trying to find new ways to do it |
| 2510s | so |
| 2511s | you know for individual situations you |
| 2514s | do see the result when they try and go |
| 2516s | somewhere else but they always try and |
| 2518s | go somewhere else so you know I guess in |
| 2521s | regarding we're chasing our own tail a |
| 2523s | lot of the time in terms of the |
| 2524s | organized bot Farms that we were dealing |
| 2526s | last year we actually drove them out of |
| 2529s | TQ they disappeared like the last |
| 2532s | quarter of last year they were not |
| 2534s | running because we hid them so hard we |
| 2537s | hit them so hard where it hurts that |
| 2540s | they said okay we cannot run a |
| 2542s | sustainable business because you need to |
| 2544s | understand what they're doing is a |
| 2545s | business we cannot run a sustainable |
| 2547s | business and generate the currency so |
| 2550s | they disappeared until Christmas they |
| 2552s | came in |
| 2553s | oh |
| 2554s | we can operate again let's start up and |
| 2558s | then we started hitting them again and |
| 2559s | again and again and they disappeared |
| 2561s | after January like the bot the the data |
| 2564s | that you saw the 317 accounts that was |
| 2567s | their attempt for three or four weeks |
| 2569s | they disappeared |
| 2570s | with exception that starting on the 17th |
| 2573s | of August this year they came back |
| 2576s | and they came back with reinforcements |
| 2579s | and now we are working hard |
| 2581s | to drive them away again |
| 2584s | so |
| 2586s | in regards of metrics we'll also take a |
| 2588s | look at the average price of 5 billion |
| 2591s | isk on auction sites |
| 2593s | because we are driving like hacking and |
| 2598s | uh CC fraud and botting you know it all |
| 2601s | ends up in Mt and if the price for 5 |
| 2603s | billion is on the auction side is high |
| 2606s | we're doing fine |
| 2608s | if it's low |
| 2610s | there's something going on that we don't |
| 2612s | see and we need to dig into the data |
| 2614s | harder to see where is it coming from so |
| 2616s | so the player sentiment you know that's |
| 2619s | also an indication usually I hope you |
| 2622s | actually guys see it nowadays in game |
| 2625s | that there's less Bots around |
| 2628s | and you need to understand that if you |
| 2630s | take our effort from the team |
| 2633s | what you see in the in in the game you |
| 2636s | can divide that effort by 10. so there's |
| 2639s | a lot of going around in the background |
| 2641s | what you guys don't see but if you |
| 2643s | already see in the game that means that |
| 2645s | huge effort was put into it and the |
| 2647s | situation is changing |
| 2649s | but guys that is it we are out of time |
| 2651s | thank you very much |
| 2660s | We Wish You a pleasant fun first it's |
| 2662s | been 20 years |
| 2663s | and hopefully another 10 years and then |
| 2666s | another 10 years and another 10 years |
| 2667s | thank you guys |