Showing posts with label corp security. Show all posts
Showing posts with label corp security. Show all posts

Friday, February 15, 2013

Corp Security - Part 4 - Post-spai recovery

Eve Online Corporation Security

Part 4

Post-spai post theft recovery

So you've been hit. Despite of or maybe because of your preparations or lack of, your corp has been struck by a corp thief, or has a spai(or more than one), and damage has been done. This post isn't going to be very much ABOUT security, more about how the reaction to the threat or actions of the thief matters.

How much damage, or rather how much the damage is allowed to spread is largely defined by the leadership or leading members of the corp.

One might ask - "Well, how is that possible, they just got away with "X" stuff, or isk, or intel, or ships!"

This is Eve, if every corp gave up after their first theft, there would never be any corp that lasted beyond the 35 person stage of development. FYI "studies" show that most corps will be hit with their first thief between 30-50 users. When the corp is small enough that leadership positions are still easily available, but big enough that strange activities usually get overlooked, and big enough to provide the isk and assets looked for in most thefts.

So in short, almost every corp, despite the precautions taken, WILL BE ROBBED. Sorry, now you can't say, "But LOGAN! I did everything you suggested in your articles and we still got robbed/ganked/spys!!!" It's my obligatory get out of jail free card.

With that said, the reaction of a corp as a whole and most specifically the corp leaders will determine the future course for that corp. Be that straight into the ground OR full recovery. First, a few things must be acknowledged after a theft.
  • You were robbed, it happened and they got away with : Whatever. (this is a prompt to go figure out what exactly they got away with)
  • Admit if mistakes were made. IE ships traded to one player and lots of trust placed in just one person, everyone has a price. Apologize, but don't overly apologize every time it comes up.
  • Do the corp's level best - even if it means having no isk or assets left for the corp - to replace member losses. Happy members stay with the corp and will rebuild it. Keeping the corp assets up won't.
  • Identify the cuprit if possible. If not possible, scale back all member access to the base essentials.
Understand the joining a corp and leaving a corp mechanics. Now I can't say that these will forever be true... but here is some of the stuff I know.

If a corp member has any roles, even if you want to kick them for being a dirty rotten thief, it will still take 24 hours before you can force them to leave the corp, and only IF they dock up and let you kick them out. I'm not sure on the in-space mechanic for kicking people out of a corp anymore, but this used to hold true, the member could stay in space and you could not kick him from corp. Sometimes a petition could be used by nice GM's to remove the offending member even in space.

While the thief remains in corp, Corp chat is pretty much useless, so setting up a new channel and explicitly allowing your corp to join that channel while explicitly blocking that individual (blocks take priority over allows) is the way to go. Alternatively you can setup a new channel and directly invite people in the mean time. Send out a corp mail identifying the thief, labeling them as potentially dangerous.

One common tactic is to corp theft and then jump in a combat ship and locate other corp members on the map, travelling to and killing them if at all possible. Re-iterate this risk to your corp members. If you see him join local, dock or fight.

The 24 hour period can be a good time to get them "back" if at all possible, but it usually isn't. That's not to say you don't want to try, but often times a thief will take your stuff, end up in space and then at their lesure dock up and leave the corp or be kicked.

Once the thief has left the corp;

  • get full API keys, once again, 'account,' not character, from everyone in the corp. This is a matter of course, members who are suddenly unwilling to share their keys or are slow in doing so I would consider suspect.
  • Look at the API's and try to find links between the thief and any current members. Thief's often become more sloppy once they enter the corp, leaving ties between their other alts and themselves in the corp. Scrutinize members who engaged in direct trades with the thief, contracts with them. I said scrutinize, not kick. Explain to them that leadership is worried about more losses of assets.
  • If the thief is blatantly identified, ie they start shooting stuff, make sure his name is advertised and his roles stripped. Send out a corp mail, warn the alliance  do all the smart things you should be doing, don't expect someone else to do them or have already done them.
Be aware that you'll never quite feel safe again. Well, let's be honest, if you ever thought the corp was "safe" in the first place you have problems. The corp should never be considered "safe" because even if you had one thief attack, that doesn't mean that there isn't another one already in your corp waiting for his chance to make a break for it.

Importantly, as a leadership team;
  • Don't give up and walk away
  • Don't 'witch hunt' but as a leader you have to accept that it happened and move on.
  • Take your lump and learn from it. Figure out if the action was avoidable, or unavoidable. Place safeguards on the corp.
  • Follow up with members who lost assets, pay them back, reward loyalty in the corp.
  • maintain vigilance, corp theifs strike, they only really win when their theft causes a storm that brings down the corp behind them.
at 10:39 AM 1 comments
Labels: , , ,

Thursday, February 7, 2013

Corp Security - Part 3 - The early days (months)

Eve Online Corporation Security

Part 3

The early days of employment

Well your applicants have made it through your rigorous (or not so rigorous) screening and now they are in your corp. Time to give them some access and set them on their way right?

Your corp, while a lot safer if after the steps outlined in part 2, is still never going to be totally safe. Smart and experienced corp thiefs and spy's can get around all current security with minimal work, and avoid or mislead your best recruiters with some effort. Every time you let someone join the corp, you still accept the risks from Part 1, but at least at this point you have weeded out all but the most determined. This usually leaves you free of most AWOXers, low level theif, part time spys, and your petty thief.

Problematically you are left with the worst of all, if you are left with a spy at all. These people either have it out directly for your corp, alliance, or maybe both. Let's see how we can mitigate, or at least continue to make it difficult for them. Remember, the first rule of security is being a harder target than the next guy can save your corp or if you aren't it can doom it. However the reverse is true. Be too strict with your security policy and people will go find somewhere else to play. It's about finding the balance that you are okay with. Where the risk and loss doesn't outweigh the fun of the game.

Let's talk about the "trial" membership tag. Trial/newbie memberships really will determine how a new recruit fits in. If you don't have a Title called "trial" or "initiate" or "noobie" go make one. This title should have zero permissions to anything. It serves as a visible badge for several reasons. First it clearly marks them to the other members of your corp as a new guy. Meaning they can expect to need a little extra help, have no access, etc. Next, It also points them out as kind of a gentle reminder to the rest of the corp. "Hey, this guy is new and doesn't have access to stuff for a reason." Last, it points them out to outside players that just because this trial guy is doing X that doesn't mean the whole corp does. For any value of X, ie smacktalking in local, scamming, etc.

Ideally in the interview process you find out when this player is most often active, and in doing so you can identify a current trusted player to play mentor or at least a supporting role to the new guy. Help them move their crap to the new location, let them know information about voice comms. Get them in on the loop with ops. Explain channels. Explain the Rules of Engagement(RoE). Set them up with good fits, etc.

I'll do ya one better. Create a form letter, in this letter you include corp Forums url, methods of acces, ie how-to create a username and password, Alliance forums (if you have one), it's use and access. Information about the channels used by the corp and what ones the member should join/stay in. Voice comms information, even if they already know it, send it again. Add contacts, like directors, experienced members, places to go for help, ie Eve Mon links, battleclinic, helpful blogs etc. And a short blurb about where the corp is currently, and where it is headed. Include information about the Corp's HQ, ships that the avg member should have, and a reoccurring OPS schedule if you have one.

That seems like a lot of information to hand out in the first email, but it's all information you are most likely going to hand out anyways and if you don't some helpful member of your corp will. But this email really has another motive, it answers all those first timer questions and gives you and the member something to reference.

Okay, that's mostly just procedural, let's get back to security. Don't bandy about information about infrastructure pieces and get your membership out of the habit of doing the same. Just by lurking in channel, a spy can find out hordes of useful information with little to no effort. Things like "our research POS" location, you shouldn't have people broadcasting that information in the clear. People who should know, will, and everyone else can be ignorant. 90% of membership level security resolves down to "loose lips sink ships." In Eve's case, they can sink corps.

The best way to "turn" the risk of a spy is to include them as much as possible in everything that is being done within reason. What I mean is - Mining op going on? ask them specifically to come. Hanging out in chat? ask them to come join you. Be inclusive and friendly. Sure a spy is looking for information, but if you make him enjoy his stay he is less likely (though not by much) to betray you. After all, if they come to spy on you for one corp and then you make being in your corp much more fun, the chances of betrayal becomes much less likely.

The Trial Period

There's a lot of differing opinions here. Some people say 30 days, some 60, others until the member proves themselves "useful" which can be anywhere from a few hours to a few months depending on their definition of useful. Honestly, the time frame doesn't matter. For instance, if I say 30 days, then people will come up with reasons why their standard is better. So let's break it down into sections.

"Until useful" - this is usually the most often used phrase for smaller corps. IE until the person puts skin in the game or proves themselves of-use, or has something useful. This can be as simple as a battle cruiser to help with l4 missions or an Orca or even just a mining barge for corp mining ops. Not only does this not give corp mates a specific time frame to look for, but it also tends to favor the infiltrator who likely has something of use he can put into the game immediately. On the up side, it does allow for faster expansion on a day by day basis as players new to the corp can come in and make a difference quickly. In my opinion it is far to easy a standard to game for an infiltrator. There is rarely a baseline of activity taken and worse, this lends to the practice of giving too much access too quickly to new members.

30 days - This is a fairly common standard. However, how it's actually IMPLEMENTED makes the most difference. There are a lot of corps out there who say they have this policy, and then at the end of 30 days do nothing. IE never review the person, never let them know where they stand. Never review their activity or overall usefulness. This is very risky! Without any review of the player, how can you or the corp address if that player is working in the place they were brought in for, or if they are even still active? How can you tell if they even have met the requirements for passing the trial? Honestly you can't. Did I say passing the trial? yes, there should be standards, possibly not solid standards, but standards with regards to logging in, being active, participating in fleets and with other corp members that a new addition to the corp has to live up to. At the 25-28 day mark members need to be reviewed, activity gauged, see how they are fitting in, see where they are headed. Then another decision has to be made. Are they still a fit for the corp? If yes, then move them up to your next best rank, give them access to t1 mods, or a low level corp hangar. Obviously you want to wait before going buck wild with access even beyond 30 days, but give them some access at this point.

60 days or more - The long end of the stick. Once again the implementation of this can change the entire way it's looked at. I mean honestly, members should always be reviewed and kept an eye on throughout their career. If a member goes inactive for a year, it might just be time to drop them out after all. But I digress. sixty days needs to be handled just right, or the corp has to be so desirable that run of the mill people will be okay with waiting that long to become anything but a trial member. There are ways to limit this kind of burn-out / discouragement before a new members trial finishes, but most of those methods involve using the 30 day trial period methodology and then just following up again at the 60/90/whatever day mark, something that should be done anyways. Once again a review of the new recruit is essential. It's good so that recruiters can take a look and see who's successful and then give them the ability to judge why that person fit is/was successful or why they were not. It also lets the person know that at least for the first part of their stay in a corp they aren't alone, and that they need to work to gain access and not just sit afk until the end of the trial period and hope for full access. Instead people who can't even be active during their trial are removed from the corp at the end of their trial or near to it.

At least monthly the CEO or the recruitment officers should give a kind of state of the corp to the members of the corp. Include people who are passing and failing trials, point out places where the corp is doing well, and what it can do to do better. Messages like these keep everyone in the loop. Later I will go on into explaining what to do when things go south.


Corp Security - Part 4 - Post-spai recovery
Corp Security - Addendum - Errata   (coming soon)
at 10:20 AM 3 comments
Labels: , ,

Tuesday, January 29, 2013

Corp Security - Part 2 - Interviewing and API

Eve Online Corporation Security

Part 2

The Interview process and API keys (CAK)

Despite the risks, adding new members to a corp is a huge part of Eve. Just like any other MMO it has to be done, well if you want to grow, become successful and fly with other people. aka that mystical thing called "having fun"

I think there is a right way, and a wrong way to go about recruiting.

No spamming in the recruitment channel, look for people who say "I want a new corp" and contact them directly. Explain your options to them directly. Don't sell your corp, mention it, be straight about what you do, judge their interest.

Be suspicious of unsolicited (all) requests to join your corp. Now I didn't say dismissive I said suspicious. Pay attention to those players who wish to get in.

Recruit during peace, expel during peace and war.

Recruit in chunks. Set a recruiting goal. Let's say 10 people like the Tuskers most recent drive. Why 10 people? because it's achievable. 10 people is not too many but also it is enough that you can get a good base of players. Chunks allow new players to blend with older players and older players to get used to the new guys. As soon as you get 40 new players and 20 older players you get a fragmentation of the corp. New players will Clique up and so will the older players (for the most part). Even if they don't then you still get the "feeling" for the newer guys that it is.

Limiting recruitment drives also helps to limit recruitment officer burn out. Good recruiters will do all the steps below and understand why they are doing them. You should not ask them to do that all the time, they will burn out, and quickly. Recruit, wait a quarter, recruit more.

Require a full access "account" NOT "character" key, Full API key. Let the applicant know you will be checking their key carefully and then check it carefully, ie make sure it's a account and not a character key... use it to check their contacts, use it to check their email...

Steps to check the key

  1. load the key into eve-mon, look at their skills and their wallet, in fact you can just use EveHQ for everything but Eve-Mon is an alternative so I am including it.
  2. Load the key into EveHQ and look at their contacts and mail, orders, history, kills, etc.
  3. Use the following URL to determine the type of key the applicant gave you = https://api.eveonline.com/account/APIKeyInfo.xml.aspx?keyID=THEKEYIDHERE&vCode=THEVERIFICATIONCODEHERE
  4. Check their contacts, Check their recent sales, player trading in station, check their eve mails!
  5. Check their killboard history, losses especially. Look and see if they tend to work with a group of the same people and if they are suddenly breaking away.
  6. Examine that killboard again, look at their kills, are they getting in fights solo, are they whoring on mails, are they suicide ganking? Are they avoiding combat? Look at their fits, note bad fits, note good fits (for pvp corps) ask about them in the interview.

Steps for the interview:
After you check their key, interview them, can be right after or a day later. Take your time, if they are more interested in joining another corp in that time they will not be a good asset to that other corp, and wouldn't have been good for your corp either. Have rank and file members in recruitment at all times, not to be active all the times but to provide conversations with the news guys that your recruiters can look at or get information from.

  1. best to have a video for them to watch that outlines the intent of the corp, have the video ask the player a few specific questions, IE tell the recruiter what your favorite sandwich is and tell them the code ALFA ROMEO. See if the applicant actually watches the video by waiting for those questions.
  2. Ask real interview questions. If they are applying to be a miner, ask them how much M3 each of their strip lasers pull on their Mackinaw, or how much Veldspar roughly they pull per cycle. Ask questions about fitting, find out what they know, accept "I don't know" as an answer only if you have to, but give them time to do homework during the interview process. IE if they don't know tell them to go find out, see what resources they use. Battleclinic or eve kill or the forums, or FHC or what.
  3. Ask about everything, play time, interests outside of eve. Sense of humor, thin/thick skin. Interests, what is a "good day in eve" for them.
  4. ask about their path in Eve, where they are headed, where they came from. What is interesting to them?
  5. talk to previous corps. At worst the corp they are coming from will try to troll you, but ask the applicant first if it's okay that you talk to previous employers. See if their reasons for leaving that corp matches up to why the CEO saw them leave.
  6. lay out your expectations of the person, and find out what they expect from the corp. See what they want and see if it is a fit.
  7. give them time to ask you questions. Find out what questions they want to ask, examine the nature of their questions. Are they asking to be promoted, are they asking what the Corp is going to provide them in terms of access or free stuff. Sure people will be interested about that but you should downplay the answers to those questions.
  8. If possible, interview via voice chat. Listening to answers is always better than reading words. It also saves you, usually, from having to ask the sex question!

Post Interview

  1. Judgey judgey is what I always say. The vast majority of applicants will be clean. Some will be obvious and others you just won't be sure.
  2. Take some chances, but hedge your bets. This is some advice my Father always gave me about life. It's fine to take a chance if you hedge your bets. This means allow people in you are unsure about, but then keep an eye on them.
  3. Introduce their interview into corp forums or emails for quick review. Try not to wait more than 24 hours to decide if you want them in your corp. If you don't be honest and direct but don't point out why. IE you find a spy trying to get in, his contacts are all your enemies, his wallet has trades with people who hate you, or are aligned against you. Don't gloat, just politely refuse the application. Let them agonize over why you said no. Blocking them is enough, expose them if you want, but don't try to shame them. That will just lead to much harder attempts to sneak in.
  4. Ask follow up questions by eve mail, displaying interest in their answers makes newcomers feel welcome.
Make a decision Checklist
  1. Have you checked their wallet history looking for zero isk trades with random people?
  2. Have you listed and checked all their current contacts?
  3. Did you ask them why they are leaving their current player corp OR if they are in an NPC corp ask why they never left the NPC corp (unless brand new) OR why they left their last corp?
  4. Did you search for money transfers to the character, like start up funds, or something odd coming in
  5. Has a third party reviewed the interview/asked follow on questions
  6. Is the applicant interested in joining, do their goals match your corps? Can you see them sticking around or will they move on soon after?
  7. Make a decision. Some corps make a decision by committee, some by singular preference. Both work for different reasons, both don't work for different reasons. Recruitment officers should always have the final say. 
at 5:00 AM 13 comments
Labels: , ,

Thursday, January 17, 2013

Corp Security - Part 1 - Risks without Security

Eve Online Corporation Security

Part 1

Risks without Security

In my various travels and incarnations throughout Eve I've seen various takes on how risky it is to not properly screen entrants into any corp. Opinions range between EXTREMELY OMG DANGEROUS to "It doesn't matter, if they steal from us we will just kick them and move on." Strangely the thoughts don't seem to be linked to corp size, wealth, assets, or risk. Instead are linked to "that's just the way we do things around here.

I've also never seen a clear and concise list of all the risks taken just by simply inviting a new player to join your corp. While there are several good security guides out there, most of them are out of date or rely too much on knowledge of the CAK system as to be vague for players and corp recruiters who aren't actually versed in the functions of API key/CAK in relation to recruiting and Eve. I digress, that's for the next part of this series...

ZOMG WTF RISKS!

Risk 1 - Welcome to your new Corp, aka "awoxing"
Just by accepting a new applicant to the corp you are willingly signing a contract with that player that puts not only your assets at risk but also the assets of other corp members. This is a pretty huge deal. The risk of this is not widely spoken about other than "awoxing." So what is the baseline, no-privilege level recruit have access to?

Because they are part of the corp, they can now shoot at, warp scramble, pod and look at the member list. Now of course with the advent of evewho.com the member list isn't nearly as important, since it's fairly easy for anyone to get a pretty comprehensive list of corp members, it's still a risk.

How about that shoot at, warp scramble part? Well just by being "in corp" new members can aggress and attack other players in the corp without CONCORD interference. Let me say that again; new members, from the first second they join the corp, can aggress, attack and kill ANY other in corp player. Let me throw out a few examples:

My missioning alts have joined new corps and within a few minutes to a few hours, to even a few days, have been surrounded by other missioners in several faction bling ships. With disgusting ease I could have refit my ship for PvP and tackled and killed one or more of these ships, within the first few days of joining a new corp. I'll cover what can be done about this risk to help mitigate in another part of this article, but I do want to point out that while this risk is taken on by people flying those bling ships in the first place, it's the recruiters, directors and CEO who can put them in a very vulnerable position.

Another example is a corp accepts a new player and a corp freighter pilot 'finds' that new member sitting on a gate in highsec, locking, webbing, scrambling and killing them. That's at least a few billion isk risk there. Maybe more.

A commenter brought up the overlooked risk that the new corp member will be able to see all members in space, via the map function in Eve, so even if you don't mention where your multi-billion isk BS is operating out of, they know... they know. Also the corp management interface shows the users in the corp, when they were last online and can be sorted by title, which can mean various things, like being able to keep tabs on if directors or CEO's are online, or if FC's or higher ranking members are online. Thank you MinorFreak!

Risk 2 - The POS, aka WH's delight
In addition to automatically allowing agression, with current POS mechanics, being in corp is enough to grant you an all-access pass in most cases to the inside of the POS. Even if you can't access the SMA's or anything else in the POS, you still get to go inside the shields. 

The seriousness of this risk can vary from putting Titans in dangerous positions, via being bumped out  down to having un-piloted ships in the POS force field, all the way down to no risk at all because everything is neatly buttoned up. I call this the WH's delight because this is the exact risk that living out of a POS in WH space places on every WH corp in the game. Now I think that POS access can be better managed now than it used to be, but I am not 100 percent sure if it is possible to block access to the POS shields for corp mates.

The Risks you bring on 'yourself'

Risk 1 - Let's give that new guy some access shall we? aka Corp fire-sale FREE!
A new corp member gets accepted and joins the corp and the first thing given to them? That's right, some level of corp hangar access. Sure it's pretty much standard that they get to grab one or two low cost ships, or maybe to a hangar full of "goodies." I think everyone reading to this point knows the risk here, you find that hangar empty and a corp theif on your hands. Sure it may only be a few hundred million isk or even a few kisk, but it's the uncertainty it spreads that is toxic and the biggest risk.

Risk 2 - They're an older player, let's give them more access! aka the early promotion
This risk is a little further down the road. Things seem to be going well, and this player is fitting in so well, I mean he's using his freighter or jump freighter to move small corp assets and help out as best he can. He's on a lot, is super helpful, has a bunch of useful skills. Maybe the corp is about to move, maybe the corp is about to setup an expensive venture. This guy has been trust-worthy so far... Handed to him are a majority of the corp's assets so he can "help" move. Only he helps himself.

Risk 3 - Director level theft
This goes hand in hand with the above risk. The player you just hired is doing so well, it's time for a promotion. Maybe they have some extra skill-points or single handedly fly a fleet of hulks and Orca's, or a mass of mission ships... You have an opening (especially in newer corps) and let that person become something fancy in the first few months like "Director of PvP" or Mining director, or L4 mission division lead. The player is given director level access aka CEO level access to corp funds, permissions, hangars.... Boom massive level theft. They clean out the wallet, clean out the corp hangars and or disband the corp just for fun! Sounds fun right? well not for you and not for your corp mates. Most corp do not recover after a major theft. Those that do, tend to be based around friends who weren't going anywhere anyways. You would think major thefts would make it more difficult for follow on thefts, but no, corps that are easy to steal from remain easy to steal from.

Corp Security - Part 4 - Post-spai recovery
Corp Security - Addendum - Errata   (coming soon)
at 10:45 AM 8 comments
Labels: , ,
Subscribe to: Posts (Atom)