First off, what type of hacking am I talking about here? In this case I’m talking about third party programs that allow players to do things in the game world with their characters that wouldn’t normally be allowed, or even possible.
The first thing we do is get involved covertly. Believe it or not, any of you hackers out there, we’re members of your online communities, sometimes silently listening, sometimes actively participating. The best place to figure out what hackers are trying and what they’ve figured out about us is to hide among them. In some cases we go so far as to get the hacks and use them internally in a controlled space in order to develop responses to them. Second, our CS department observes players and reports on odd activities so we can investigate further. Third, we get word-of-mouth reports about suspicious behavior from other players and business partners.
Once we’ve identified a hack, our responses vary; sometimes there is a simple change we can make to short-circuit an entire hack for good. However, in most cases we try to balance equal parts prevention and detection. One hundred percent prevention is a goal of ours, for sure, but there’s always an angle to cheat as long as there’s a server-client relationship. That’s where detection comes in; if the angle is found via detection, we have a paper trail behind it that sets off red flags, then we send in ‘Ard ta Feed, and after that it gets messy (for the hacker)!
Sometimes cases of hacking become public in the community before we’ve been able to act on our detections. Questions are raised like “Why don’t you block them out!”, “Mythic doesn’t detect anything!”, “Everyone cheats!” Prevention does have its downsides; some of the best methods of prevention would cripple server and/or client performance and accessibility. It’d be like acting as if everyone is a criminal, so let’s keep everyone in jail to begin with. Our methods of detection involve lots of logs and data; it does take some time to process that and build a body of evidence, and it does require a human touch from our CS department. This is done for your benefit. Sometimes we do get false-positives in a single bit of detection, but rarely (if ever) has a whole body of evidence once presented been entirely false-positives. In other words, we rarely falsely accuse or punish players for cheating.
At our own expense, here’s one story to illustrate this. Awhile back while we were developing a detection routine, we came into work and popped open the cheater detection rat trap and found all of our Windows Vista users had been flagged for cheating mistakenly. No, this isn’t a “Get a Mac” commercial, honest! But the moral of the story is, if we had implemented this detection as a means of prevention instead, all Vista users would have been unable to log into the game! On top of that, we would have labeled them all as cheaters—which I don’t think they would have appreciated very much. Implemented as a detection, we could put it up beside other evidence and very quickly realize what we had on-hand was a bunch of innocent players. The detection routine was fixed and life moved on.
To sum up, I hope this gives some insight into how we think about and approach hacking in Warhammer Online, and answers the burning question why ‘Ard ta Feed is so huge. I apologize that we can’t be more candid when situations arise, or in this developer diary, but rest assured that we are on the case, monitoring, and reacting to what’s going on out there when it comes to hacking.
John Cox
WAR Development Manager
