CCP Sreegs, AKA Darius JOHNSON, former leader of Goonswarm and currently Senior Security Administrator, Virtual World Operations, for CCP.
Sreegs starts off by talking about his background in computer forensics and incident response.
Where Does Security Sit?
Security touches everything, and needs to be built into your organization from the ground up – it’s not a plugin or an add on.
Unique Gaming Issues
Gaming always involves complex applications that are basically their own world. They inherently get people really worked up and emotionally involved, which leads people to test boundaries more often.
You’re also going to have tighter competition for resources within a company. Security isn’t flashy, and if you’re doing your job right customers never think about you, so it’s hard to get buy-in from the management and executive levels. Security is a way of doing business that ensures the confidentiality, integrity and availability of business assets.
Aspects of Security
Every area of security is very focused, and it takes a really experienced and talented individual to cover all the categories. Asking one person to do all of it in a big company is asking too much.
ESTF – EVE Security Task Force.
A CCP group – Small group with members representing each area, QA, OPS, Customer Service, Programming. Members were tasked in their downtime – working around their regular work. Their focus was on enforcing the EULA.
Showing a slide now showing the levels of activity (number of characters undocked for more than 20 hours a day) during a period from October 2010 to May 2011. There’s an astonishing drop in activity during Chinese New Year, another huge one during Hulkageddon, and then a very consistent low level when the ESTF started taking action on botters. Graphs are showing vast improvement on previous levels.
Now showing numbers and figures on total number of bans. Total number of bans to date is 3945.
The goal was not to ban lots of botters – the goal was to change behavior and make it no longer a worthwhile thing to do.
Now talking about ban 3 strikes policy (1st offense Bot, 14 day ban, 2nd offense, 30 days, 3rd offense, permanent). 527 suspected accounts unsubscribed, 987 are currently active (Subscribed and not banned again).
146 are currently serving out another ban. This puts the botting re-offense rate at 8.5%. Wow. That means a drastic drop.
This will be improved on in the future. The ESTF has become its own team within CCP, working on these issues full-time.
Talking about the Lulzsec DOS – CCP got hit twice; the first was very effective, the second wasn’t as effective because some re-architecting was done in order to prevent it. No data was compromised, it just overloaded the servers.
Talking about the original rollout of the new forums. The new forums were tested by a third party; they proved not to be adequate, and CCP learned its lesson. A lot of new procedures and security lessons were learned.
Q&A
Player: How do you keep track of player bans and who has had first and second offenses?
Sreegs: I can’t tell you that, but I can tell you that we do keep track. We do have a system that helps us determine an identity.
Player: Do offenses transfer over after character sales via the Character Bazaar?
Sreegs: You are not in trouble if a character did something else bad before you bought it.
Player: On the forum debacle, that was pushed out on a Friday afternoon. Did you learn not to do that?
Sreegs: Yeah, we don’t deploy on fridays. That was a deviation from how we normally operate. We’re not going to do it again.
Player: Can you address the speculation by the player base on market bots?
Sreegs: It is not as big a deal as people think it is. Based on my ability to collect information from datapoints. I don’t want to say players are wrong, I’m just saying that the data doesn’t mesh with what I can see. We’re getting very good at detection, and that detection will pick up market botters just as quickly as macro miners/ratters.
Player: During the DDOS attack it was the first time I’d seen you use Twitter to talk to us out of band. That was really helpful; please continue to use it sparingly and be sure and point people at it in these situations. It was a really good move, thank you.
Player: I have to ask your perspective on coming up in front of us and not having an activated copy of Windows.
Sreegs: It’s not my laptop! Dodged that bullet.
Player: Do you have any updates on 2-factor authentication?
Sreegs: No, I don’t. There’s a number of pieces going into that, we’re working on finding people to do coding and distribution. It’s going to take a month or two at least. I’ll come to you on the forums and let you know. I wish that date was three months ago, but it’s not.
Zapawork: The Internet has many questions. The first question is (unintelligble). What OS do you use at work?
Sreegs: I have a main Windows machine and a second Linux machine.
Zapawork: Have you forgotten RoyOfCA?
Sreegs: No. He’s a good boy.
Zapa: How much have you had to drink this morning?
Sreegs: Half a bloody mary.
Zapa: Seleene says: What are you doing to combat isk buyers?
Sreegs: We don’t go after the buyers as much – they end up with negative wallet balances. We go after the sellers.
Zapa: Do you ever get false positives?
Sreegs: Everything that is a detection mechanism has the capacity for false positives; we’re willing to look at that. However it doesn’t happen all that often and telling me that you play EVE 24 hours a day because you live in a cold country and you need your laptop to keep you warm isn’t gonna work.
Zapa: Were the 2-factor fobs compromised by the RSA hack?
Sreegs: No, we don’t use RSA as our vendor.
