All times are UTC - 6 hours




Post new topic Reply to topic   Page 1 of 1
 [ 11 posts ] 
Author Message

 Post subject: Jagex Interview #3: Account Security and the ICU Team
PostPosted: January 27th, 2010, 10:28 pm 
Level 0
Village Elder
Village Elder
User avatar

Joined: May 13th, 2004, 6:41 pm
Posts: 18,863
Location: The Tower of Mist
Status: Offline

Donor: Wizard (2013)
Friend of Hiker
Hello villagers!

As you may recall, Jagex's ICU (Investigations into the Community Unit) team recently asked us for questions regarding account security, which you all provided in this topic. The ICU team has kindly taken the time to reply to your questions, and here they are below! Thanks to everyone who submitted questions, as well as Jagex and the ICU team for giving us another opportunity to gain insight on their work behind the scenes!

Jagex Interview #3 - Account Security and the ICU Team

DragonCrusher1: When was the ICU team formed?

ICU Team: Wow. You’re really stretching my memory with this one! :) ICU’s various functions were performed in some kind of capacity pretty much since RuneScape first appeared, but ICU in its present form was created in around 2005.

_______________________________________________________________

Glodenox: How many people are currently working in the ICU? Do you guys also have a team logo?

ICU Team: Our logo is fairly similar to a law enforcement badge – a nice golden shield – but with an eyeball in the middle. ‘Tis quite cool :)

There’s around 20 of us in the team, all told. These people are split between the various areas we deal with – macroing, real world trading, copyright theft etc.

_______________________________________________________________

Alex!!1!: Do you co-operate with players, or is your work fully secret?

ICU Team: A lot of what we do must (by its very nature) be kept secret. That’s one of the reasons we can’t reveal evidence to players in cases such as macroing – we know they’ve done it, they know they’ve done it, but telling them how they know would compromise our internal systems.

That said we do have a number of community reach out initiatives in place, including forum threads on the RSOF where players can let us know about botters or phishing websites etc. We also receive other communication from players – from time to time we might get a letter or email containing information that is extremely useful, but often we cannot reply to these for security reasons.

_______________________________________________________________

Glodenox: The name ICU makes me suspect you guys perform a varied range of activities in order to investigate the community fully. Can you give some examples?

ICU Team: ‘Varied’ about sums it up! To a great extent our major cases all depend on what happens to cross our desks. One day we might be looking into a major player in the phishing community – figuring out which accounts have been stolen and getting them back to their owners, identifying and banning a hijacker’s main and working on a profile of who they are to hand over to the police.

Another day we might be looking at a powerlevelled account in order to trace the RWT service used and remove their main accounts along with all those who have used their service. These kinds of investigations often require all our resources because their scope is vast – then the rest of the time we’re all working on our individual areas of expertise.

_______________________________________________________________

Glodenox: Which of your activities is the most visible for the public?

ICU Team: I would have said the most of our activities are completely invisible – and that’s as it should be. If you get banned for anything serious, you’ll know we’ve been at work ;)

_______________________________________________________________

Riptide: What kind of difficulties do you have with hackers and such?

ICU Team: From what we have seen, most people who steal accounts these days are particularly vindictive because their only motivation is that of griefing and kudos within the hijacking community.

More often than not a hijacker will take screenshots of their ‘epic phish’ to post all over the internet, possibly make a video to put on YouTube and then drop everything they can. If they can get into a bank, they will do, and then have a huge drop party.

The result of all of this is of course a couple of minutes of ‘fun’ and adrenaline for the hijacker, and weeks of misery for the innocent victim who may have lost literally years of work in a few minutes.

_______________________________________________________________

MiKeBoY2003: As part of the ICU, what have you done so far to keep RuneScape alive?

ICU Team: Too many things to count. Honestly. We’re the first line of defence against the worst kind of RuneScape cheating, and if we weren’t around a lot of the things we stop would destroy the game in a matter of weeks.

We may not be as vocal as some of the other Jagex teams, but we are here – and believe me, that’s a good thing.

_______________________________________________________________

Glodenox: Is the "Community" you investigate restricted to the people playing the game and looking at the RuneScape forums, or do you also sometimes investigate cases on fansites?

ICU Team: We’re not too fussy where our work comes from :)

In the main a lot of what we do comes directly from internal (Jagex) sources, it’s true. But we have a dedicated fan site liason now who works closely with a range of different fan sites, and issues are occasionally escalated to us through him from time to time.

Outside of that, the benefit of working at a games company is that a lot of us really do love RuneScape and play it in our spare time! This means that there are plenty of people here who are already active on fan sites for non work-related reasons, and they will often highlight issues to us that they find outside of our ‘official’ scope.

_______________________________________________________________

Glodenox: On which part of the community do you have to spent most of your time? On the free-to-play community or the members community? I would assume people who pay for their account are going to be much more cautious...

ICU Team: The sad fact of it is that from a hijacking point of view there is no one group of players who we spend more time on.

You’d think that everyone who has their account stolen is a level 3 just starting out – but I regularly see lv 130+ accounts being stolen, people with over a billion gp succumbing to a ‘free pmod’ website, massively awesome pures being lost to a ‘join my pk clan’ style scam – the list is endless. It’s a problem that affects virtually kind of RuneScape player – member or free, new or vet, young or old – irrespective of country or language. The only way we can change that is to improve this view that players have of ‘it’ll never happen to me’ and get everyone to start taking responsibility for their own account security.

Yes, I know they’re annoying but bank PINs are there for a reason :)

_______________________________________________________________

ZxC: Having a front row seat when it comes to watching and monitoring player behavior ingame, what do you think about the general state of the Runescape community?

ICU Team: I’d hardly say we have a front row seat – in fact, quite the opposite. We tend only to deal with serious cheating a lot of the time, so we don’t tend to see a lot of the good that goes on. I have seen a lot more from dealing with player emails, forums and of course talking to you nice people! We do have one of the more friendly and accommodating player bases in online gaming and with the odd bad eggs aside I can honestly say our community is great :)

_______________________________________________________________

The123king: Because of the changes made to prevent RWT, have you seen an increase of bots training up accounts to be sold, with all skills at one particular high level? If so, how big a problem is it, and is it easy to spot these from genuine players?

ICU Team: There’s certainly been a shift away from straight gold sales and into powerlevelling (training up an account with a bot), but nowhere near on the same scale as before.

We also have the advantage that our macro detection system is by far and away the most sophisticated in the business and will catch all bots at some point – so if anything, this kind of activity is a lot easier for us to catch than the old gold selling was. Said detection system also makes things as clear as night and day to us – it’s very easy to spot a macro as compared to a normal player.

_______________________________________________________________

Glodenox: Since the RWT changes I haven't seen many bots in the game. Those changes, however, don't affect the stealing of accounts, I think. How is the development on solving those cases currently going?

ICU Team: The trade limits have meant that it’s a lot harder than before for a hijacker to get any ‘loot’ off of a stolen account, so the changes did actually have quite a large impact. Those people left hijacking now are mainly just heartless folk doing it purely for the grief they can cause others, and we’re doing a heck of a lot this year to wipe them out too.

_______________________________________________________________

Snake1235: What other good suggestions were made on the subject of stopping the RWITers, and is there a chance that the current trade limits might be swapped in favour of one less constricting on people that want to just give gifts to their friends?

ICU Team: I’m not going to go over this too much because the trade limits have already been discussed to death elsewhere. We had a massive amount of different proposals to consider, and Jagex management spent the better part of a year reviewing them before coming to the decision we did. The fact is there was no better way of preventing RWT, and the suggestions we’ve seen since from players have glaring holes in them because the full behind the scenes facts aren’t generally known and cannot be revealed.

_______________________________________________________________

Glodenox: How has the amount of infractions to rules evolved over the years? I'm assuming that, the more players, the more rules that were broken?

ICU Team: You’d be surprised. On the whole, the number of offences being given has obviously increased along with the number of RuneScape players. However, some of the work we’ve done in the past to change the way people understand the rules (twinned of course with the new blackmark/pillar points system) means that as an overall proportion of the people playing we are giving our fewer offences that before – and in turn, fewer offences which ban people and more that just provide a temporary mute.

_______________________________________________________________

Glodenox: Because the internet is on a global scale, I assume you guys have to work together with many countries all over the world. Do you think that most countries are starting to see the value of virtual goods?

ICU Team: In the main, yes. Most European and American nations now recognise how things have changed and what the sale of a stolen Godsword actually means. A lot of people we have spoken to in the authorities in the past had no idea of the kind of sums changing hands in the real world, and a lot has been done by us and other MMO companies to change this. There’s still a lot of work to be done, and what is really needed is more legal precedents to be set before the boundaries of law are really tested, but we’re getting there.

_______________________________________________________________

Tanksandguns: I know other MMORPG's such as World of Warcraft offer your items back if you lose them in an account hacking or scam. Is there any plans to implement a feature like this?

ICU Team: We’ve thought a lot about this, and the bottom line is that we can really understand why it would be handy for our players but it’s just not a workable idea.

Do you replace items on a like for like basis? Do you give a gp value based on items lost? How would that gp value be calculated? GE market price? Min? Max? All of these are questions that cannot easily be answered. More importantly though, we feel that if we did implement this there would be nothing to stop friendly players from ‘hijacking’ each other in order to essentially duplicate items. Where do we draw the line? How can we differentiate between people who are genuinely in trouble from those who are trying it on?

It’s a very fine line that we’d walk under this system, and whatever approach we take it is likely to upset a lot of people. It’s been considered a lot, and ultimately we feel that our ‘no item returns at any time for any reason’ approach is the fairest for all concerned.

Equally, we feel that our energies are much better invested in removing the hijacking problem entirely, thereby wiping out item loss as a side effect.

_______________________________________________________________

The123king: Being a victim of an account scam many years ago, what sort of support is provided to players who have black marks added to their accounts by the hacker when their account was compromised?

ICU Team: First and foremost, this is the first thing we check when we look at an offence appeal – if it wasn’t you that did the crime, you certainly don’t have to do the time and we’ll remove and blackmarks against your account.

However, looking to the future one thing that is very clear is that we need to support people affecting by hijacking more. As I mentioned earlier, we’re coming out with a range of super secret behind the scenes systems to help with the hijacking problem this year. One of these will enable us to remove any black marks added to an account by a hijacker, along with any passwords, email addresses or recovery questions that they might have set and return the account to its owner in a ‘clean’ state almost before they know they’ve been hijacked. Exciting times! :)

_______________________________________________________________

Pyro3000: Has JAGeX ever considered using physical logging devices such as password USB drives like other MMORPG games?

ICU Team: We’ve actually looked into this idea before, but the feedback we got from the community was pretty negative :(

The problem is that our low monthly subscription means it would be impossible for us to distribute a ‘free’ USB Key, the cost would be too prohibitive. So our original idea was to sell the keys at a price low enough to make them affordable but high enough that we wouldn’t lose our yearly income overnight. The result was a subsidised Key, on which we would still make a fair size loss but an acceptable one. Sadly, although a lot of people like the Key idea, they mainly only wanted it if it were free.

That said, we haven’t discounted the key entirely and we are looking into a massive range of potential extra account security features. I can’t go into specifics at the moment, but there are a raft of potential website changes being considered or scheduled for implementation as well as a number of different hardware options.

_______________________________________________________________

ZxC: What is the ratio between the total number of reports being sent and the ones that actually require action on your part?

ICU Team: Lower than we’d like, but probably higher than you’d think!

_______________________________________________________________

Glodenox: Which game changes have made your work methods different in the past few years? (I assume the ability to mute people would have had an impact)

ICU Team: I’d say the biggest change in recent memory would be the RWT changes. These were brilliant at stopping gold selling in it’s tracks – but also had the slight side effect that it made it far more difficult for ICU to monitor where and how wealth was being moved around. We’ve overcome this now with newer backend systems, but we had to spend a fair amount of time figuring out how to do it.

Outside of that, RuneScape is constantly evolving and we have to do likewise. It keeps things interesting, but also means that a lot of our time is spent trying to think ahead of the cheaters.

_______________________________________________________________

ZxC: I have seen quite a few people appealing their bans by making silly comments or writing completely unrelated things and some of them actually got unbanned. Why is that?

ICU Team: We’ve seen people making comment on these too – especially on YouTube (lol, I wrote Jaghex you FAIL in my appeal and I still got unbanned!)

I’d like to make a few comments on this issue. Firstly, contrary to popular belief we do read every single offence appeal that comes in to our PS teams. Nothing is automatically replied to. Where someone has a really good reason for why something appeared to be infringing our rules but wasn’t, or comes across as genuinely apologetic and has no past history of rule breaking we will grant the appeal.

In addition to this I know it’s hard to believe but we are only human (except for Mod Stevew, he’s more like a machine...) and mistakes do get made. So if we did ban someone for offensive language and then on appeal we notice that actually there wasn’t any offensive language present, we will grant the appeal – irrespective of what’s in the appeal content. That’s why things such as that you mention in your question can occur.

That said, it is very hard from time to time to hit that ‘accept appeal’ button when the appeal reads ‘MY CAT DID IT LOL (then lots of swearing)’ :)

_______________________________________________________________

PenguinGuy: What is your top priority when it comes to account security?

ICU Team: This is going to sound so warm and fluffy that I suspect I may have inadvertently swallowed a wookie, but our number one priority is you, our players. We aim to try and secure stolen accounts as soon as possible to get you back in game with minimal loss and interruption – and as I say we’ll soon have new tools which will make this far quicker, easier and more effective for all concerned.

Phishing sites are our main concern, as these can fool pretty much anyone and are just downright evil (not to mention illegal) – so we take down as many as we can as quickly as we can. We’re also actively working with many different website hosts to ensure that sites are often taken down as they are created.

_______________________________________________________________

Glodenox: From all the rule infractions you have found, which one was the funniest (if there was a funny one)?

ICU Team: There’s been loads of offences and subsequent appeals which have brought a real smile to my face over the years. I can remember a player was once given an item scamming offence for claiming to be able to ‘trim lobsters’. That gave a few laughs! :)

Also, I remember when the q p w thing suddenly popped up everywhere one day. The way we see game chat is entirely different to how it is viewed in game and in a different font, so initially we had no idea what was happening or why people were doing it. We spent an hour or so staring at the screen in amazement as we got more and more reports about it until eventually one of us logged in and gave it a try. With a bit of trial and error, it was finally clear to the Mod testing it – and the ten people huddled around his screen – exactly what was going on. That gave a proper laugh – both for the ingenuity of our player base in going to such extremes to cause offence and for causing the utter bemusement of an entire team :)

__________________
Image

.
Image

.
Legendary themed months are back! Maybe.
Image
!!!!!!!!!!!!!!!!!!!!!!!!


Top
 Profile WWW 
 

 Post subject: Re: Jagex Interview #3: Account Security and the ICU Team
PostPosted: January 27th, 2010, 11:19 pm 
Thanks for all the fish!
Chat Moderator
Chat Moderator
User avatar

Joined: April 13th, 2004, 2:48 am
Posts: 6,922
Location: On the court
Gender: Male
Status: Offline

Donor: Knight (2013)
Mmm... Trimmed lobsters. :weird:

__________________
:awesome:
Image


Top
 Profile
 

 Post subject: Re: Jagex Interview #3: Account Security and the ICU Team
PostPosted: January 28th, 2010, 12:00 am 
Too Legit to Quit
Village Elder
Village Elder
User avatar

Joined: March 27th, 2006, 12:31 am
Posts: 2,374
Location: Oregon, United States
Gender: Male
Status: Offline

Donor: Guardian (2008)
Trimmed lobsters indeed.

Good to know about the strange appeals though, that's something that's always confused me.

__________________
Image:awesome: Image :awesome:


Top
 Profile
 

 Post subject: Re: Jagex Interview #3: Account Security and the ICU Team
PostPosted: January 28th, 2010, 1:11 am 
RV's Thespian
Village Elder
Village Elder
User avatar

Joined: July 5th, 2003, 12:24 pm
Posts: 9,749
Location: South Dakota
Gender: Male
Status: Offline

Donor: Guardian (2012)
Jagex should release a monthly or annual newsletter featuring the funniest appeals. That'd be awesome.

__________________
Image
Awesome sig made by Goten!


Top
 Profile
 

 Post subject: Re: Jagex Interview #3: Account Security and the ICU Team
PostPosted: January 28th, 2010, 7:08 am 
Tweaking all the time
Staff Elder
Staff Elder
User avatar

Joined: July 5th, 2003, 7:13 am
Posts: 8,697
Location: Flanders (northern Belgium)
Gender: Male
Status: Offline

Donor: Knight (2012)
Friend of Hiker
Oh wow, these are great answers! I can sort of imagine their faces when they found out about the q p w thingy. That must have been one hell of a collective "oooooooh right..." moment :P

It's great to get an explanation for the weird appeals as well, because that was bothering me a bit. I can understand that if they action for which they are appealing turns out not to be as bad as initially thought, they'd remove the black mark or ban without looking at the appeal itself.

I'd be all for a newsletter or a developer blog featuring the funniest appeals :D Not sure if they'd want to put their time in that though.

By the way, anybody up for a trimmed rocktail fish? They're still über-rare now, bring in those rocktails now that I still want to trim them! :shifty:
Scams need updates too...

Greetings,
Glodenox

__________________
XML, SOAP, XSLT, JavaScript, SQL, Java, CSS, PHP, Scheme, JSP, C#, ASP.NET, VB.NET, PL/SQL, Visual Basic 6.0, C/AL and C (sorted well to less known).


Top
 Profile WWW 
 

 Post subject: Re: Jagex Interview #3: Account Security and the ICU Team
PostPosted: January 28th, 2010, 9:59 am 
/jəˈʁun/
Village Legend
Village Legend
User avatar

Joined: September 18th, 2004, 12:20 pm
Posts: 6,358
Location: Holland
Gender: Male
Status: Offline

Donor: Knight (2013)
As I haven't played RS in ages, what is the q p w thing?

__________________
Image


Top
 Profile
 

 Post subject: Re: Jagex Interview #3: Account Security and the ICU Team
PostPosted: January 28th, 2010, 10:05 am 
Tweaking all the time
Staff Elder
Staff Elder
User avatar

Joined: July 5th, 2003, 7:13 am
Posts: 8,697
Location: Flanders (northern Belgium)
Gender: Male
Status: Offline

Donor: Knight (2012)
Friend of Hiker
The characters were positioned in a way pretty much like this on two lines:
q p
W

But with the w a bit more to the right. That could - with a bit of imagination - be looked at as something inappropriate. With the old RuneScape font, it worked out quite well. Luckily they've changed the shape of the W so that this couldn't be used any more.

Greetings,
Glodenox

__________________
XML, SOAP, XSLT, JavaScript, SQL, Java, CSS, PHP, Scheme, JSP, C#, ASP.NET, VB.NET, PL/SQL, Visual Basic 6.0, C/AL and C (sorted well to less known).


Top
 Profile WWW 
 

 Post subject: Re: Jagex Interview #3: Account Security and the ICU Team
PostPosted: January 28th, 2010, 10:28 am 
/jəˈʁun/
Village Legend
Village Legend
User avatar

Joined: September 18th, 2004, 12:20 pm
Posts: 6,358
Location: Holland
Gender: Male
Status: Offline

Donor: Knight (2013)
Maybe I'm stupid, but I can't see anything in that :P

__________________
Image


Top
 Profile
 

 Post subject: Re: Jagex Interview #3: Account Security and the ICU Team
PostPosted: January 28th, 2010, 11:46 am 
Sorceror of Saradomin
Sorceror of Saradomin
User avatar

Joined: August 28th, 2003, 3:25 am
Posts: 3,825
Location: Wales, UK
Gender: Male
Status: Offline
Jaron wrote:
Also, I remember when the q p w thing suddenly popped up everywhere one day. The way we see game chat is entirely different to how it is viewed in game and in a different font, so initially we had no idea what was happening or why people were doing it. We spent an hour or so staring at the screen in amazement as we got more and more reports about it until eventually one of us logged in and gave it a try. With a bit of trial and error, it was finally clear to the Mod testing it – and the ten people huddled around his screen – exactly what was going on. That gave a proper laugh – both for the ingenuity of our player base in going to such extremes to cause offence and for causing the utter bemusement of an entire team :)



Could anyone explain ? haha

__________________
Image
Image


Top
 Profile WWW 
 

 Post subject: Re: Jagex Interview #3: Account Security and the ICU Team
PostPosted: January 28th, 2010, 12:48 pm 
weɪfərskɪt
Chat Moderator
Chat Moderator
User avatar

Joined: November 15th, 2003, 11:22 am
Posts: 20,507
Location: Pinwheel Galaxy
Gender: Male
Status: Offline
reggie wrote:
Jaron wrote:
Also, I remember when the q p w thing suddenly popped up everywhere one day. The way we see game chat is entirely different to how it is viewed in game and in a different font, so initially we had no idea what was happening or why people were doing it. We spent an hour or so staring at the screen in amazement as we got more and more reports about it until eventually one of us logged in and gave it a try. With a bit of trial and error, it was finally clear to the Mod testing it – and the ten people huddled around his screen – exactly what was going on. That gave a proper laugh – both for the ingenuity of our player base in going to such extremes to cause offence and for causing the utter bemusement of an entire team :)



Could anyone explain ? haha

This was before font changes to letters like q and w. I think the q now has the end of it's tail pointing up and the w is shorter and the first and last line are more angled... but before, those two letters used to look something like this:

Image

Image

And the P looks like this (or maybe they changed it too, I dunno):

Image


When putting those three letters together (with the q and p on the first line, and the w on the next), it looked like male genitals. You needed to have a letter before the q p though, otherwise the q would be capital and it wouldn't work.

---

Very interesting interview, nice questions Glodenox. :awesome:

__________________
Image


Top
 Profile
 

 Post subject: Re: Jagex Interview #3: Account Security and the ICU Team
PostPosted: January 28th, 2010, 2:34 pm 
Level 0
Village Elder
Village Elder
User avatar

Joined: May 13th, 2004, 6:41 pm
Posts: 18,863
Location: The Tower of Mist
Status: Offline

Donor: Wizard (2013)
Friend of Hiker
This interview turned out even better than I thought it would--the ICU team sure gave some pretty cool and enlightening answers to things I hadn't even considered before. :D And that last one was pretty funny indeed; nice question, Glod!

__________________
Image

.
Image

.
Legendary themed months are back! Maybe.
Image
!!!!!!!!!!!!!!!!!!!!!!!!


Top
 Profile WWW 
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
 [ 11 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Jump to:  

cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
The Village and this web site are © 2002-2012

ThePub 2.0 - Designed by Goten & Jackstick. Coded by Glodenox & Henner.
With many thanks to the Website Team!