| Level 0 |
| Village Elder |
 |
 |
Joined: May 13th, 2004, 6:41 pm Posts: 18,969 Location: The Tower of Mist
Status: Offline
|
Hello villagers! As you may recall, Jagex's ICU (Investigations into the Community Unit) team recently asked us for questions regarding account security, which you all provided in this topic. The ICU team has kindly taken the time to reply to your questions, and here they are below! Thanks to everyone who submitted questions, as well as Jagex and the ICU team for giving us another opportunity to gain insight on their work behind the scenes! Jagex Interview #3 - Account Security and the ICU TeamDragonCrusher1: When was the ICU team formed?
ICU Team: Wow. You’re really stretching my memory with this one!  ICU’s various functions were performed in some kind of capacity pretty much since RuneScape first appeared, but ICU in its present form was created in around 2005.
_______________________________________________________________
Glodenox: How many people are currently working in the ICU? Do you guys also have a team logo?
ICU Team: Our logo is fairly similar to a law enforcement badge – a nice golden shield – but with an eyeball in the middle. ‘Tis quite cool
There’s around 20 of us in the team, all told. These people are split between the various areas we deal with – macroing, real world trading, copyright theft etc.
_______________________________________________________________
Alex!!1!: Do you co-operate with players, or is your work fully secret?
ICU Team: A lot of what we do must (by its very nature) be kept secret. That’s one of the reasons we can’t reveal evidence to players in cases such as macroing – we know they’ve done it, they know they’ve done it, but telling them how they know would compromise our internal systems.
That said we do have a number of community reach out initiatives in place, including forum threads on the RSOF where players can let us know about botters or phishing websites etc. We also receive other communication from players – from time to time we might get a letter or email containing information that is extremely useful, but often we cannot reply to these for security reasons.
_______________________________________________________________
Glodenox: The name ICU makes me suspect you guys perform a varied range of activities in order to investigate the community fully. Can you give some examples?
ICU Team: ‘Varied’ about sums it up! To a great extent our major cases all depend on what happens to cross our desks. One day we might be looking into a major player in the phishing community – figuring out which accounts have been stolen and getting them back to their owners, identifying and banning a hijacker’s main and working on a profile of who they are to hand over to the police.
Another day we might be looking at a powerlevelled account in order to trace the RWT service used and remove their main accounts along with all those who have used their service. These kinds of investigations often require all our resources because their scope is vast – then the rest of the time we’re all working on our individual areas of expertise.
_______________________________________________________________
Glodenox: Which of your activities is the most visible for the public?
ICU Team: I would have said the most of our activities are completely invisible – and that’s as it should be. If you get banned for anything serious, you’ll know we’ve been at work 
_______________________________________________________________
Riptide: What kind of difficulties do you have with hackers and such?
ICU Team: From what we have seen, most people who steal accounts these days are particularly vindictive because their only motivation is that of griefing and kudos within the hijacking community.
More often than not a hijacker will take screenshots of their ‘epic phish’ to post all over the internet, possibly make a video to put on YouTube and then drop everything they can. If they can get into a bank, they will do, and then have a huge drop party.
The result of all of this is of course a couple of minutes of ‘fun’ and adrenaline for the hijacker, and weeks of misery for the innocent victim who may have lost literally years of work in a few minutes.
_______________________________________________________________
MiKeBoY2003: As part of the ICU, what have you done so far to keep RuneScape alive?
ICU Team: Too many things to count. Honestly. We’re the first line of defence against the worst kind of RuneScape cheating, and if we weren’t around a lot of the things we stop would destroy the game in a matter of weeks.
We may not be as vocal as some of the other Jagex teams, but we are here – and believe me, that’s a good thing.
_______________________________________________________________
Glodenox: Is the "Community" you investigate restricted to the people playing the game and looking at the RuneScape forums, or do you also sometimes investigate cases on fansites?
ICU Team: We’re not too fussy where our work comes from
In the main a lot of what we do comes directly from internal (Jagex) sources, it’s true. But we have a dedicated fan site liason now who works closely with a range of different fan sites, and issues are occasionally escalated to us through him from time to time.
Outside of that, the benefit of working at a games company is that a lot of us really do love RuneScape and play it in our spare time! This means that there are plenty of people here who are already active on fan sites for non work-related reasons, and they will often highlight issues to us that they find outside of our ‘official’ scope.
_______________________________________________________________
Glodenox: On which part of the community do you have to spent most of your time? On the free-to-play community or the members community? I would assume people who pay for their account are going to be much more cautious...
ICU Team: The sad fact of it is that from a hijacking point of view there is no one group of players who we spend more time on.
You’d think that everyone who has their account stolen is a level 3 just starting out – but I regularly see lv 130+ accounts being stolen, people with over a billion gp succumbing to a ‘free pmod’ website, massively awesome pures being lost to a ‘join my pk clan’ style scam – the list is endless. It’s a problem that affects virtually kind of RuneScape player – member or free, new or vet, young or old – irrespective of country or language. The only way we can change that is to improve this view that players have of ‘it’ll never happen to me’ and get everyone to start taking responsibility for their own account security.
Yes, I know they’re annoying but bank PINs are there for a reason
_______________________________________________________________
ZxC: Having a front row seat when it comes to watching and monitoring player behavior ingame, what do you think about the general state of the Runescape community?
ICU Team: I’d hardly say we have a front row seat – in fact, quite the opposite. We tend only to deal with serious cheating a lot of the time, so we don’t tend to see a lot of the good that goes on. I have seen a lot more from dealing with player emails, forums and of course talking to you nice people! We do have one of the more friendly and accommodating player bases in online gaming and with the odd bad eggs aside I can honestly say our community is great
_______________________________________________________________
The123king: Because of the changes made to prevent RWT, have you seen an increase of bots training up accounts to be sold, with all skills at one particular high level? If so, how big a problem is it, and is it easy to spot these from genuine players?
ICU Team: There’s certainly been a shift away from straight gold sales and into powerlevelling (training up an account with a bot), but nowhere near on the same scale as before.
We also have the advantage that our macro detection system is by far and away the most sophisticated in the business and will catch all bots at some point – so if anything, this kind of activity is a lot easier for us to catch than the old gold selling was. Said detection system also makes things as clear as night and day to us – it’s very easy to spot a macro as compared to a normal player.
_______________________________________________________________
Glodenox: Since the RWT changes I haven't seen many bots in the game. Those changes, however, don't affect the stealing of accounts, I think. How is the development on solving those cases currently going?
ICU Team: The trade limits have meant that it’s a lot harder than before for a hijacker to get any ‘loot’ off of a stolen account, so the changes did actually have quite a large impact. Those people left hijacking now are mainly just heartless folk doing it purely for the grief they can cause others, and we’re doing a heck of a lot this year to wipe them out too.
_______________________________________________________________
Snake1235: What other good suggestions were made on the subject of stopping the RWITers, and is there a chance that the current trade limits might be swapped in favour of one less constricting on people that want to just give gifts to their friends?
ICU Team: I’m not going to go over this too much because the trade limits have already been discussed to death elsewhere. We had a massive amount of different proposals to consider, and Jagex management spent the better part of a year reviewing them before coming to the decision we did. The fact is there was no better way of preventing RWT, and the suggestions we’ve seen since from players have glaring holes in them because the full behind the scenes facts aren’t generally known and cannot be revealed.
_______________________________________________________________
Glodenox: How has the amount of infractions to rules evolved over the years? I'm assuming that, the more players, the more rules that were broken?
ICU Team: You’d be surprised. On the whole, the number of offences being given has obviously increased along with the number of RuneScape players. However, some of the work we’ve done in the past to change the way people understand the rules (twinned of course with the new blackmark/pillar points system) means that as an overall proportion of the people playing we are giving our fewer offences that before – and in turn, fewer offences which ban people and more that just provide a temporary mute.
_______________________________________________________________
Glodenox: Because the internet is on a global scale, I assume you guys have to work together with many countries all over the world. Do you think that most countries are starting to see the value of virtual goods?
ICU Team: In the main, yes. Most European and American nations now recognise how things have changed and what the sale of a stolen Godsword actually means. A lot of people we have spoken to in the authorities in the past had no idea of the kind of sums changing hands in the real world, and a lot has been done by us and other MMO companies to change this. There’s still a lot of work to be done, and what is really needed is more legal precedents to be set before the boundaries of law are really tested, but we’re getting there.
_______________________________________________________________
Tanksandguns: I know other MMORPG's such as World of Warcraft offer your items back if you lose them in an account hacking or scam. Is there any plans to implement a feature like this?
ICU Team: We’ve thought a lot about this, and the bottom line is that we can really understand why it would be handy for our players but it’s just not a workable idea.
Do you replace items on a like for like basis? Do you give a gp value based on items lost? How would that gp value be calculated? GE market price? Min? Max? All of these are questions that cannot easily be answered. More importantly though, we feel that if we did implement this there would be nothing to stop friendly players from ‘hijacking’ each other in order to essentially duplicate items. Where do we draw the line? How can we differentiate between people who are genuinely in trouble from those who are trying it on?
It’s a very fine line that we’d walk under this system, and whatever approach we take it is likely to upset a lot of people. It’s been considered a lot, and ultimately we feel that our ‘no item returns at any time for any reason’ approach is the fairest for all concerned.
Equally, we feel that our energies are much better invested in removing the hijacking problem entirely, thereby wiping out item loss as a side effect.
_______________________________________________________________
The123king: Being a victim of an account scam many years ago, what sort of support is provided to players who have black marks added to their accounts by the hacker when their account was compromised?
ICU Team: First and foremost, this is the first thing we check when we look at an offence appeal – if it wasn’t you that did the crime, you certainly don’t have to do the time and we’ll remove and blackmarks against your account.
However, looking to the future one thing that is very clear is that we need to support people affecting by hijacking more. As I mentioned earlier, we’re coming out with a range of super secret behind the scenes systems to help with the hijacking problem this year. One of these will enable us to remove any black marks added to an account by a hijacker, along with any passwords, email addresses or recovery questions that they might have set and return the account to its owner in a ‘clean’ state almost before they know they’ve been hijacked. Exciting times!
_______________________________________________________________
Pyro3000: Has JAGeX ever considered using physical logging devices such as password USB drives like other MMORPG games?
ICU Team: We’ve actually looked into this idea before, but the feedback we got from the community was pretty negative 
The problem is that our low monthly subscription means it would be impossible for us to distribute a ‘free’ USB Key, the cost would be too prohibitive. So our original idea was to sell the keys at a price low enough to make them affordable but high enough that we wouldn’t lose our yearly income overnight. The result was a subsidised Key, on which we would still make a fair size loss but an acceptable one. Sadly, although a lot of people like the Key idea, they mainly only wanted it if it were free.
That said, we haven’t discounted the key entirely and we are looking into a massive range of potential extra account security features. I can’t go into specifics at the moment, but there are a raft of potential website changes being considered or scheduled for implementation as well as a number of different hardware options.
_______________________________________________________________
ZxC: What is the ratio between the total number of reports being sent and the ones that actually require action on your part?
ICU Team: Lower than we’d like, but probably higher than you’d think!
_______________________________________________________________
Glodenox: Which game changes have made your work methods different in the past few years? (I assume the ability to mute people would have had an impact)
ICU Team: I’d say the biggest change in recent memory would be the RWT changes. These were brilliant at stopping gold selling in it’s tracks – but also had the slight side effect that it made it far more difficult for ICU to monitor where and how wealth was being moved around. We’ve overcome this now with newer backend systems, but we had to spend a fair amount of time figuring out how to do it.
Outside of that, RuneScape is constantly evolving and we have to do likewise. It keeps things interesting, but also means that a lot of our time is spent trying to think ahead of the cheaters.
_______________________________________________________________
ZxC: I have seen quite a few people appealing their bans by making silly comments or writing completely unrelated things and some of them actually got unbanned. Why is that?
ICU Team: We’ve seen people making comment on these too – especially on YouTube (lol, I wrote Jaghex you FAIL in my appeal and I still got unbanned!)
I’d like to make a few comments on this issue. Firstly, contrary to popular belief we do read every single offence appeal that comes in to our PS teams. Nothing is automatically replied to. Where someone has a really good reason for why something appeared to be infringing our rules but wasn’t, or comes across as genuinely apologetic and has no past history of rule breaking we will grant the appeal.
In addition to this I know it’s hard to believe but we are only human (except for Mod Stevew, he’s more like a machine...) and mistakes do get made. So if we did ban someone for offensive language and then on appeal we notice that actually there wasn’t any offensive language present, we will grant the appeal – irrespective of what’s in the appeal content. That’s why things such as that you mention in your question can occur.
That said, it is very hard from time to time to hit that ‘accept appeal’ button when the appeal reads ‘MY CAT DID IT LOL (then lots of swearing)’
_______________________________________________________________
PenguinGuy: What is your top priority when it comes to account security?
ICU Team: This is going to sound so warm and fluffy that I suspect I may have inadvertently swallowed a wookie, but our number one priority is you, our players. We aim to try and secure stolen accounts as soon as possible to get you back in game with minimal loss and interruption – and as I say we’ll soon have new tools which will make this far quicker, easier and more effective for all concerned.
Phishing sites are our main concern, as these can fool pretty much anyone and are just downright evil (not to mention illegal) – so we take down as many as we can as quickly as we can. We’re also actively working with many different website hosts to ensure that sites are often taken down as they are created.
_______________________________________________________________
Glodenox: From all the rule infractions you have found, which one was the funniest (if there was a funny one)?
ICU Team: There’s been loads of offences and subsequent appeals which have brought a real smile to my face over the years. I can remember a player was once given an item scamming offence for claiming to be able to ‘trim lobsters’. That gave a few laughs!
Also, I remember when the q p w thing suddenly popped up everywhere one day. The way we see game chat is entirely different to how it is viewed in game and in a different font, so initially we had no idea what was happening or why people were doing it. We spent an hour or so staring at the screen in amazement as we got more and more reports about it until eventually one of us logged in and gave it a try. With a bit of trial and error, it was finally clear to the Mod testing it – and the ten people huddled around his screen – exactly what was going on. That gave a proper laugh – both for the ingenuity of our player base in going to such extremes to cause offence and for causing the utter bemusement of an entire team
|
|
Not sure if they'd want to put their time in that though.
