Team Security: 2021 in Review
It's been a while since our last update on the efforts of the Security team in their battle against Real Money Trading (RMT), botting, account hacking, and fraud – so without further ado, let's jump right into this comprehensive overview and update on EVE’s security!
Who is Team Security?
First, we’d like to cover who exactly is on the team, and what each member does. In the past year there have been both leavers and joiners, with the current team comprising:
- CCP Grimmi and CCP Stinger, two full time security analysts whose existence is dedicated to hunting down bot farms and credit card fraudsters.
- Senior GM Aisling and Senior GM Huginn, who focus on anti-RMT (ISK or Item selling/buying) and account security.
- A team of programmers who work on bot detection software tools while also sharing their time across other Customer Support projects.
Team Security members contribute to each other's investigations, and we regularly update one another on different trends and discoveries. We also had a Team Sec Q&A panel during Fanfest where we talked a little bit more about what we do and answered some questions from attendees – which you can check out on YouTube.
Bans Issued by Team Security in 2021
During 2021, Team Security banned a total of 70,492 accounts. This is certainly a lot of bans – but it's worth pointing out that throughout 2021 a significant number of accounts were created automatically (a violation of the EULA) and were proactively banned before they were able to log into the game. More details regarding the different ban types can be found below.
Automation Use (Botting)
There is no upper limit to the variety of software and modifications that might be developed and used for dubious purposes – necessitating a team that can flexibly identify, understand, and adapt to any new methods of automation as rapidly as possible. Our efforts on the anti-botting front involve a constant race to learn and improve our capabilities, allowing us to overcome whatever old or new challenges present themselves.
Last summer we decided to make some changes to our Security Team, and invested a lot in the learning and development of its members. New tools and programs had to be learned from scratch, presenting some challenges – but in the end the team has now become stronger in capabilities and more efficient than ever before.
As we operate with a lot of data, we’re constantly looking for ways to make it more usable and easier to obtain, verify, and interpret. Our continual aim is to ensure that every Capsuleer in New Eden can enjoy their beautiful home without bots being an issue.
“How can I help identify bots?”
The simplest and by far the most effective tool at your disposal in this fight are In-Game Bot reports. In 2021 alone, we received 137,183 reports via the in-game bot reporting tool against 41,651 separate users. We want to confirm that every single report is looked at, and this tool has proven to be extremely effective in investigating and taking down bots.
One problem with bot reporting is that the tool can sometimes be interpreted as a universal way to report something out-of-the-ordinary. Say overly foul language was used in the chat, or someone is posting the same link again and again, or perhaps some pilot has a wildly inappropriate name; in these cases, it's best to create a Support Ticket – which is guaranteed to get attention from a Game Master.
The more details, the better! This applies to all reports – be they about RMT (buyers or sellers), suspicions of a hacked account or anything else. We always appreciate it when players include the basis for their suspicions, as this enables us to rapidly identify where to start looking. Be sure to include the character name you suspect of botting along with any other details you feel may be useful. In fact, a staggering number of bots and RMT dealers who would otherwise still be lurking in the shadows have been caught solely because of the help of our players!
Fighting in-game bots is a never-ending process simply because it's not just our team that evolves constantly. The software used by botters gets updated frequently, often responding to an EVE Online update, and we always see it as a challenge to face. It is not so easy to catch up with all the newly discovered trends, but we do our best thanks to our brilliant programmers. All bots and all the macros are always leaving some traces behind, and eventually they'll become known. Logs do show a lot.
Hacked accounts are most likely to be associated with RMT activity. When a player's account is hacked, their assets (ships, modules etc.) are quickly sold on the in-game market for ISK, which is then sold to ISK buyers (other players) or used to purchase items such as skill injectors, PLEX or expensive ships which are sold via third party websites. Some of the worst hacks involve accounts belonging to corporation CEOs or directors, who may see their corporations' assets mercilessly stripped and sold off to fund RMT.
Victims of account hacking may find that their whole accounts or characters are being sold for real life currency. Even after this, it's not uncommon for sellers who have completed the illicit sale of an account to then attempt to contact customer support themselves to claim “their” account was hacked, with the goal of having the hacked account restored to their control again. The unwary buyer is locked out of the hacked & sold account, and often has their other accounts suspended as well (as they are implicated in account hacking), while the hacked account seller can regain control, pocket the money their “customer” paid, and can attempt to sell the account all over again to a new victim.
With how complex hacking situations can become, we always do our absolute best to properly assess and see what really happened (which can take time), and we are obliged to act according to our rules. At the end of these investigations, characters or accounts might be lost forever for both sides; sellers could find themselves in a payment dispute, and buyers can be left with neither an account nor their money. Please, to avoid any danger of this nature, do not buy accounts.
Real Money Trading (RMT)
Despite whatever a seller may claim, it’s safe to presume that any ISK or in-game items purchased from third parties come from botters, credit card fraudsters, or from hacked accounts belonging to fellow players; exceptions to this rule of thumb are near-zero. Anyone who buys ISK or items on a third-party website encourages and further motivates those responsible to continue to expand their illicit operations in pursuit of ill-gained profit.
It is very important to understand that Real Money Trading (RMT) is never simply the private business of a shady Capsuleer looking for side cash; instead, almost without exception, it is conducted by organized groups who are willing not only to violate EVE’s EULA, but to make full use of illegal tools and techniques like hacking, payment fraud, identity theft, and more – knowing full well what they are doing.
Payment fraud has been part of RMT operations for as long as EVE Online has existed. In these cases, miscreants use stolen credit cards to purchase PLEX and other assets before selling them at a discount to anyone who is either sufficiently ignorant about the rules regarding RMT or is knowingly seeking it out. It's trivial to give discounts on stolen goods acquired at no personal cost, and sadly, much of the ISK offered by RMT operatives at "good" prices is sourced from this serious real-world crime. These bad actors are far from being Robin Hoods.
These actions also hurt the wallets of people without any connection to EVE Online, as stolen credit cards or financial information used to purchase PLEX & items to be sold on a third-party site that try to give the impression of legality might come from anywhere on the internet. RMT is fueled by the theft of hundreds and thousands of dollars from innocent people, whether they are connected to EVE or not.
Real Money Trading (RMT) involves this sort of activity alongside all other evils we seek out in the game, such as botting, account theft, exploits and more. Sooner or later, all such actions are discovered, and we will swiftly act according to our policies. Known RMT Sellers will be permanently banned with no recourse, while buyers lose their ill-obtained ISK and risk getting banned as well – so just say no.
“How can I protect my account?”
- Above all else, enable two-factor authentication! This is by far the most essential step you can take to ensure the safety of any account – from your EVE player accounts to your personal email.
- Do not share your account. While we do not treat shared accounts as hacked, as more people gain access to an account, the likelihood that it might be hacked or sold increases dramatically. If we establish that the account was first shared between multiple people validly before being compromised, we may be left with even fewer avenues through which we might help, if any.
Team Security has tools in its arsenal to repair hacked accounts, but there is a limit to what we can do. This is especially true if an account was hacked years ago but is only now being reported; if you consider the various ways an item might be transferred between players, then apply this to every item held by a hacked account, you can begin to understand just how gargantuan a task it can be to investigate assets lost to hacking.
Hackers tend to leave evidence or an identifiable signature when hack takes place, however, which adds an extra element to any investigation, allowing specialists in the Security team to study both known and new patterns whenever they emerge, we always jump on them headfirst to gain chances to learn and adjust our procedures.
Final Words: How can YOU help fight bots and RMT?
The answer is simple: never buy ISK or items from third parties, and don't do business with those involved. Once discovered, anything you purchase through RMT will be removed from your account and you will be warned or banned; you will end up with neither the ISK or items you purchased, nor money you spent, while the seller walks away with their profits.
If you suspect botting, use the In-Game Bot Reporting tool as detailed earlier; if you suspect RMT, report it through a support ticket. Include as many details as possible: character names, character's activities, reasons to think why you suspect them, and anything else you can think of.
The fewer people purchase illicit ISK and items from third parties, the less motivation bad actors are given to hack, steal, defraud, or otherwise harm EVE players, and the less incentive there is for botters involved in these offenses to continue to operate.
We wish you all a safe and successful rest of the year in 2022 – see you in space!