UW Computer Security Research and Course Blog

According to an article from Massively, Eve Online experienced an upset in their internal politics this week. “Band of Brothers (aka “BoB”), the self-styled villain alliance in the game,” has been taken down from within their own ranks. Not having played EVE, I can’t comment on the exact details of the event, but it appears the alliance was disbanded by a single, well-placed deserter.  This is one example of a lack of security leading to the loss of a great deal of in-game assets.

The specifics of the situation are not entirely clear to me, but according to massively:

Once assured a place within GoonSwarm, Agamar [the deserter] proceeded to disband the Band of Brothers alliance using his director level access. In addition to shutting down the alliance, he cleaned out his corporation’s ISK reserves and stole their dreadnaught (capital ship) fleet, which became a gift to GoonSwarm.

Other MMOs have a similar situation where player organizations have a single person in charge.  This makes management easy, since only the leader needs to be online to make any changes to the group, but at the same time this creates a single point of failure.  If this leader decides he no longer wants his position, he can simply hand off control to someone else.  If he’s malicious, however, he has the sole power to disband the group and keep any group-controlled assets.  In the case of other MMOs, these are generally not extremely valuable assets, but in Eve Online, they can be immensely valuable in terms of the time required to obtain them.  In particular, with the disband of their alliance, BoB lost sovereignty of its territories, meaning any infrastructure there is useless for the next three months.  Their territories are conquerable, their cyno-jammers that prevent capital ships from entering the territory, and jump bridges that allow smaller ships to move between systems, are all inoperable.  These assets took years to build and aqcuire, and they became inoperable for a few months due to the actions of a single individual.

Since Eve Online alliance comprise thousands of players, it would seem that there should be a more secure system to protect the assets of these groups that relying on a single individual to be in charge of everything.  In a real world setting, bureaucracy prevents any one individual from taking actions that could negatively affect the entire organization, and it would seem something like that is needed in Eve if this situation is something to be avoided in the future.  Then again, maybe it’s just what makes the game what it is.

Assets &Security Goals:

• Maintain control and access to in-game assets, including defenses and manufacturing stations.
• Privacy of communications made on private message boards.

Potential Adversaries & Threats:

• Rival Alliances: the goal of PvP in the game is to conquer territories for your alliance/cop at the expense of other alliances and corps.  In this case, the GoonSwarm’s main goal was to dismantle BoB.
• Malicious Insiders: a disgruntled member of the alliance might wish to cause harm to the alliance before he leaves for greener pastures.

Potential Weaknesses:

• A lack of any sort of bureaucratic system to make changes creates a single point of failure in the leader of the alliance.  If that player deserts, the member corps have no way of preventing him from dealing serious damage.
• Likewise anyone who happened to gain access to that player’s account through insidious means, such as a keylogger, would be able to perform the same actions without any member of the alliance’s consent.

Potential Defenses:

• Extraordinary permissions could be required to enact any sweeping changes to alliances.  In particular, removing a corp from an alliance could require a minimum number of director level players.
• There could be a holding period before a corp can be removed from an alliance, allowing a day or two for other corps in the alliance to respond.

Some sort of balance needs to be struck between the security against malicious actions and the ability of leaders to make the actions at all.  Perhaps this is already balanced in a way that makes the game what it is.  In order to make the politics and metagaming accessible to players and move in time frames of months rather than years, it makes sense that some of these actions would be a little too easy to be entirely secure.