Thursday, January 17, 2013

Corp Security - Part 1 - Risks without Security

Eve Online Corporation Security

Part 1

Risks without Security

In my various travels and incarnations throughout Eve I've seen various takes on how risky it is to not properly screen entrants into any corp. Opinions range between EXTREMELY OMG DANGEROUS to "It doesn't matter, if they steal from us we will just kick them and move on." Strangely the thoughts don't seem to be linked to corp size, wealth, assets, or risk. Instead are linked to "that's just the way we do things around here.

I've also never seen a clear and concise list of all the risks taken just by simply inviting a new player to join your corp. While there are several good security guides out there, most of them are out of date or rely too much on knowledge of the CAK system as to be vague for players and corp recruiters who aren't actually versed in the functions of API key/CAK in relation to recruiting and Eve. I digress, that's for the next part of this series...


Risk 1 - Welcome to your new Corp, aka "awoxing"
Just by accepting a new applicant to the corp you are willingly signing a contract with that player that puts not only your assets at risk but also the assets of other corp members. This is a pretty huge deal. The risk of this is not widely spoken about other than "awoxing." So what is the baseline, no-privilege level recruit have access to?

Because they are part of the corp, they can now shoot at, warp scramble, pod and look at the member list. Now of course with the advent of the member list isn't nearly as important, since it's fairly easy for anyone to get a pretty comprehensive list of corp members, it's still a risk.

How about that shoot at, warp scramble part? Well just by being "in corp" new members can aggress and attack other players in the corp without CONCORD interference. Let me say that again; new members, from the first second they join the corp, can aggress, attack and kill ANY other in corp player. Let me throw out a few examples:

My missioning alts have joined new corps and within a few minutes to a few hours, to even a few days, have been surrounded by other missioners in several faction bling ships. With disgusting ease I could have refit my ship for PvP and tackled and killed one or more of these ships, within the first few days of joining a new corp. I'll cover what can be done about this risk to help mitigate in another part of this article, but I do want to point out that while this risk is taken on by people flying those bling ships in the first place, it's the recruiters, directors and CEO who can put them in a very vulnerable position.

Another example is a corp accepts a new player and a corp freighter pilot 'finds' that new member sitting on a gate in highsec, locking, webbing, scrambling and killing them. That's at least a few billion isk risk there. Maybe more.

A commenter brought up the overlooked risk that the new corp member will be able to see all members in space, via the map function in Eve, so even if you don't mention where your multi-billion isk BS is operating out of, they know... they know. Also the corp management interface shows the users in the corp, when they were last online and can be sorted by title, which can mean various things, like being able to keep tabs on if directors or CEO's are online, or if FC's or higher ranking members are online. Thank you MinorFreak!

Risk 2 - The POS, aka WH's delight
In addition to automatically allowing agression, with current POS mechanics, being in corp is enough to grant you an all-access pass in most cases to the inside of the POS. Even if you can't access the SMA's or anything else in the POS, you still get to go inside the shields. 

The seriousness of this risk can vary from putting Titans in dangerous positions, via being bumped out  down to having un-piloted ships in the POS force field, all the way down to no risk at all because everything is neatly buttoned up. I call this the WH's delight because this is the exact risk that living out of a POS in WH space places on every WH corp in the game. Now I think that POS access can be better managed now than it used to be, but I am not 100 percent sure if it is possible to block access to the POS shields for corp mates.

The Risks you bring on 'yourself'

Risk 1 - Let's give that new guy some access shall we? aka Corp fire-sale FREE!
A new corp member gets accepted and joins the corp and the first thing given to them? That's right, some level of corp hangar access. Sure it's pretty much standard that they get to grab one or two low cost ships, or maybe to a hangar full of "goodies." I think everyone reading to this point knows the risk here, you find that hangar empty and a corp theif on your hands. Sure it may only be a few hundred million isk or even a few kisk, but it's the uncertainty it spreads that is toxic and the biggest risk.

Risk 2 - They're an older player, let's give them more access! aka the early promotion
This risk is a little further down the road. Things seem to be going well, and this player is fitting in so well, I mean he's using his freighter or jump freighter to move small corp assets and help out as best he can. He's on a lot, is super helpful, has a bunch of useful skills. Maybe the corp is about to move, maybe the corp is about to setup an expensive venture. This guy has been trust-worthy so far... Handed to him are a majority of the corp's assets so he can "help" move. Only he helps himself.

Risk 3 - Director level theft
This goes hand in hand with the above risk. The player you just hired is doing so well, it's time for a promotion. Maybe they have some extra skill-points or single handedly fly a fleet of hulks and Orca's, or a mass of mission ships... You have an opening (especially in newer corps) and let that person become something fancy in the first few months like "Director of PvP" or Mining director, or L4 mission division lead. The player is given director level access aka CEO level access to corp funds, permissions, hangars.... Boom massive level theft. They clean out the wallet, clean out the corp hangars and or disband the corp just for fun! Sounds fun right? well not for you and not for your corp mates. Most corp do not recover after a major theft. Those that do, tend to be based around friends who weren't going anywhere anyways. You would think major thefts would make it more difficult for follow on thefts, but no, corps that are easy to steal from remain easy to steal from.

Corp Security - Part 4 - Post-spai recovery
Corp Security - Addendum - Errata   (coming soon)


  1. Yes, can POS access to password only, even for corp members.

    1. You can set POS access to password only; even corp members will need the password to enter.

    2. The caveat being that anyone with the role of starbase management can reset the PW from outside the shields. Once that level of access is granted, all POSes are open for business through the management interface.

  2. Great post. I'm the CEO of a small corp and I will be looking forward to your follow on posts... Thanks.

  3. pretty sure everyone in the corp can see "corp members in space" on the map. fairly sure that holds true.

    also, everyone can post alliance mails (so there's the risk of some yahoo troll spamming and undermining comm discipline.

    hope you include some innovative way to deal with assigning such corp roles as factory manager (aka the one damn thing people need to install jobs)...damn you CCP

    1. Good point, those are fair risks and I will add them to the list!

      Sadly because of the way the corp and POS management systems are setup, there are risks that cannot be avoided. Sad bit is that there are no real plans to hide those risks. wishing for a bit more granular control on roles like factory manager!

  4. Good guide, it's all the risks I have to manage as a Director.
    In my book "early promotion" is only possible to basic level hangar access.
    They want to help haul stuff? Collateralized contract...

    Maybe you could write something about hangar divisions and how permission levels interact with industry roles as well?

    1. I'll try to write something up about those risks or at least what each role does, it will be in addendum to the main parts of this series though.