Play Now Login Create Account
illyriad
  New Posts New Posts RSS Feed - 14NOV14 - Further exploit permabans
  FAQ FAQ  Forum Search   Register Register  Login Login

Topic Closed14NOV14 - Further exploit permabans

 Post Reply Post Reply Page  123 7>
Author
 Rating: Topic Rating: 1 Votes, Average 5.00  Topic Search Topic Search  Topic Options Topic Options
GM Stormcrow View Drop Down
Admin Group
Admin Group
Avatar
GM

Joined: 23 Feb 2010
Location: Illyria
Status: Offline
Points: 3234
Direct Link To This Post Topic: 14NOV14 - Further exploit permabans
    Posted: 14 Nov 2014 at 19:12
Hi all,

A follow up on the last post.  Apologies in advance for the length.

Acronyms
Quick guide to related Illy acronyms that I use in this Wall of Text.
  • igm = In Game Mail
  • GC = Global Chat
  • AC = Alliance Chat
  • ToS = Terms of Service
  • CoC = Code of Conduct
  • CDD (a one-off acronym) = cnenc / delif / deghoul (three accounts run by the exploiter)
Preamble
I'm going to post Player Names, Alliance Names, and parts of chats and igms below.

We very rarely share this level of detail.

Also - contrary to some people's beliefs - we don't generally read AC or igms.  On a purely practical level, Alliance Chat is 5x larger than Global Chat, and there are more than 100 million igms.  

We honestly don't care what you say in your alliance chat & igm channels until: 
  1. Someone who was in your alliance chat or read your igm makes us aware of a serious ToS/CoC infringement by copying and pasting the text into a petition.  RL death threats. Nazi propaganda. Racism - that kind of thing.  Then we look through that bit of text to see if the report and the realtity are fair and accurate reflections of each other and if we should take further action.

  2. We have proven & game-breaking exploits, and we need to find out who's behind it, who knew about it, who benefited from it etc.
I know that I'm breaking many of GM Rikoo's very sensible rules here, but there's a number of compelling reasons why I'm doing so.  Please don't take this as an invitation to break them yourself... I get a wholly dictatorial right of veto on this one!

Why I'm sharing this information
  1. This exploit affected everyone ingame, and will continue to have shockwaves for a while (about 12% of the liquid cash economy was removed during the banning process)

  2. There are a large number of people who have written to us saying "No, surely not! Not Player [insert name here]! you must have made a mistake!"

  3. The exploit goes to the very top of well established and respected alliances

  4. The exploit *may* have happened prior to this, and we're currently investigating further in the past

  5. This is a reason that you may perceive as "self-serving", but we believe is "self-preserving"... one of the banned players involved in this exploit (Silverleaf) has been threatening us via email to "go public" with a negative social media and PR campaign against Illyriad, unless we allow them back into the game.  I don't take kindly to threats, and so I'm willing to break our own rules to put this out there first - although I already see some social media from Silverleaf about how "iniquitous" we've been in this case.
Who has been banned?
25 accounts have been banned, in addition to some of the original banned or abandoned exploiting accounts (such as cnenc).  

The permabanned accounts are:
  • Tullernas
  • Nesse
  • Odd
  • iwasgoldgenerator
  • ubaar
  • Morto
  • Shleprock
  • Ta-Ryn
  • Devlin
  • Hawkson
  • Coel
  • Coelgrim
  • the derelict
  • Tryllean
  • just for sec
  • Snow dog
  • BytorMac
  • Silverleaf
  • gravywavy
  • LadyGrey
  • Brock Fairly
  • snookrim
  • delif
  • lucre
  • deghoul
The most recent account removals have removed an additional 12.5 Billion Gold from the game economy, including 2 Billion gold that Odd deposited in the [Roads] alliance coffers recently (which has also been reclaimed by us).

Where we are right now
As most of you know, the alliance in question regarding this exploit is (so far) predominantly, but not exclusively, Fairy Road Authority [Roads].

Most of you already know that we've permabanned a number of players and most of them (not all) were from [Roads].  However, we've just permabanned Odd, the leader of [Roads] and his alt Nesse, the leader of [Druid] for a variety of reasons that we'll explain further below.  We've passed alliance superuser privileges down the alliance role heirarchy so that the alliances can both still be managed by the remaining players.

I want to be absolutely clear here - we believe the remaining players in [Roads] are innocent of involvement in this exploit, and despite this sorry story, a number of [Roads] players come out of this very well indeed.  Many [Roads] players have assisted us with our investigations by answering questions or volunteering information.  The only players I'm going to name in this post are those who have been banned.

If you don't know what the exploit was, you need to read this thread, where we outline the mechanics of the exploit.

Expanded detail and timeline
The person who ran this exploit had 3 accounts.  In creation date order, the player names were: cnenc, delif and deghoul - all created this year, and we have not yet found evidence that the exploit was known about until the 5th of August 2014 (although we are going back to check).

This is an abbreviated timeline, edited to present some of the most relevant and glaring facts:
  • 16 Mar 2014 - cnenc account created

  • 05 Aug 2014 - This appears to be the date cnenc discovered the exploit, as his available gold to send out suddenly skyrockets from single digit millions a week into the billions, daily.  In a 12 day period between 05 Aug 2014 and 17 Aug 2014, cnenc generates 40,580,270,365 (40.5 Billion gold). The majority goes to his trader at Centrum, but the other main beneficiaries are [Roads] members gravywavy, Brock Fairly & Odd - who recieve amounts ranging between 1.5 Billion and 4 Billion Gold each during this 12-day period. 

  • 17 Aug 2014 - cnenc's ingame account is banned by GM Rikoo for rule infractions

  • 25 Aug 2014 - delif account created

  • 25 Aug 2014 - Odd, the leader of [Roads], invites delif to join [Roads] alliance - without any ingame comms from delif to anyone, let alone Odd
  • 25 Aug 2014 - delif accepts Odd's invitation to join [Roads]

  • 26 Aug 2014 at 06:56, Odd introduces delif to [Roads] Alliance Chat (delif has not yet communicated with anyone via Illyriad comms channels, so you may well wonder how Odd knows delif)
  • 26 Aug 2014 - delif (32 population & on Day 2 of existence) sends 2.1 Billion gold to gravywavy [Roads] and 2.0 Billion gold to Silverleaf who is in [Shade] at this point, having left Roads temporarily.

  • 27 Aug 2014 - delif sends 6.3 Billion gold to Brock Fairly [Roads] and 2.1 Billion to Silverleaf [Shade]

  • 31 Aug 2014 - delif sends 4.2 Billion gold to BytorMac [MOON] 

  • 01 Sep 2014 - delif comes out of New Player Protection (!)

  • 07 Sep 2014 - Silverleaf rejoins [Roads]

  • 08 Sep 2014 onwards - delif sends out a few hundred million regularly to various people in [Roads] and other alliances, until... 

  • 23 Sep 2014 - A Concerned member of [Roads] raises suspicions with Odd about delif's distribution of Gold

  • 23 Sep 2014 - delif ceases sending Gold to [Roads] members

  • 07 Oct 2014 - deghoul account created (this is the alt account for delif, trading just above Centrum)

  • 09 Oct 2014 - delif sends 2.45 Billion gold to Silverleaf

  • 20 Oct 2014 - deghoul leaves [Roads] and joins [mCrow]

  • 21 Oct 2014 to 04 Nov 2014 - delif transfers 69.5 Billion to his alt deghoul

  • 04 Nov 2014 - deghoul leaves [mCrow] & remains unallied
From this point onwards, I'm going to refer to cnenc, delif & deghoul by the acronym "CDD", to refer to "the primary exploiter" as a single "grouped" player.

So why did you permaban Odd?
We firmly believe that Odd was a primary player in this exploit conspiracy, and that he dissembled and lied - even to his own alliance.

For a start, Odd received Billions of Gold from CDD.

Then there's the peculiarity of Odd inviting delif to join the alliance.  How exactly do you get to invite a new player - with no ingame communication in GC or igm - on Day 1 of the new player's existence? On that same day, delif generates and distributes 4.2 Billion Gold to [Roads] players.

For Odd himself to invite players to join the alliance that he runs is extremely rare.  In 2014, Odd has brought a total of 4 players to [Roads] - including delif - compared to more than 144 invitations issued by the other members of Roads with recruitment privileges in the same period.  

It's pretty clear that Odd and delif had prearranged delif's immediate alliance membership via out-of-game channels.

Here's an igm communication between Odd and a "concerned member" (whose name has been changed to ConcernedMember) of the [Roads] alliance.

Here's the exchange - I've edited out some less relevant parts:

From: ConcernedMember [Roads]
To: Odd [Roads]
Subject: delif
Received: 23 Sep 2014 19:23

just who is this delif guy?

From: Odd [Roads]
To: ConcernedMember [Roads]
Subject: RE: delif
Received: 23 Sep 2014 20:30

Dunno. Been in Roads for a month, apparently. Is he misbehaving?

From: ConcernedMember [Roads]
To: Odd [Roads]
Subject: RE: RE: delif
Received: 23 Sep 2014 22:05

Well i just find his behavior....suspicous... He sent me 500 million gold..... I dont really know what to make of it

From: Odd [Roads]
To: ConcernedMember [Roads]
Subject: RE: RE: delif
Received: 24 Sep 2014 06:28

Thanks for raising the subject. I'll keep it in mind. Anomalies need considerationa and this is one.

In summary, a concerned member of [Roads] believed something a bit fishy was going on with delif's distribution of Gold and igm'd Odd about it. Odd pretends not to know delif, and closes the topic with a vague handwave.  Other players in [Roads] raised questions about delif which were similarly brushed off or ignored, and kudos to these players for noticing it and raising it with their alliance leader. 

Odd, however, never followed up on it with delif in igm or alliance chat.  In fact, Odd has never, ever igm'd delif/deghoul (or vice versa) beyond the original system-generated alliance invite "You have been invited to join Fairy Road Authority by Odd." and the system-generated acceptance "delif has accepted your alliance invitation".

And given that delif was one of only four people invited directly by Odd to join [Roads] in the entire year,  invited on the same day his account was created,  and was personally introduced by Odd into the [Roads] Alliance chat... it is simply not credible that Odd does not know who delif/cnenc is.  

Add to that - if you look back up at the timeline - this conversation with the concerned member is the same day delif suddenly stops sending out his exploited Gold.  That's circumstantial, for sure - but we find it extremely likely that delif has just been told by someone out-of-game that people are getting suspicious, and he needs to dial the exploit back a bit.  delif doesn't send substantial Gold again (until one last multi-Billion send to Silverleaf in October) before leaving [Roads] and joining [mCrow].

One of the [Roads] players who got in touch with details apparently got an earful about sharing information with the GMs and "naming names", especially cnenc.  I don't need convincing that's because the only big multi-Billion Gold direct payment from CDD to Odd was the one from cnenc.  Odd didn't want us making the connection between delif/deghoul and cnenc - and therefore looping back to Odd.

OK... but what about Silverleaf?
Well, even if we ignore the 6.55 Billion Gold that was sent from CDD to Silverleaf whilst he was not just in [Roads] but whilst he was also temporarily in [Shade]... 

... and let's ignore the fact that Silverleaf received his first payment of 2 Billion Gold from a player who's less than two days old ingame, on the same day that this player joined the alliance - let's put those to one side for a moment. 

Silverleaf has been in touch with us via email multiple times since his permaban from the game.  

We've had attempts to be nice to us.  We've had demands of reinstatement.  We've had threats of 'trashing our reputation' via social media.  We've had 'I never kept the money, I gave it all away' justifications.  We've had pretty much everything from Silverleaf.

What we've also had is big dollop of palpable untruths.

As a single example, explaining his suspicions about the Gold he received from delif:

"i am a gracious recipient of gifts - no matter need or the trepidation that i felt at the time-  One time,  when it was heading in I i mentioned it in AC and in fact I had decided to sent the gold back to them but the accts the majority of it come from were gone ( abandoned -) by the time it arrived"

He received his Gold payments during the month of August, and again in September and again in October.  The CDD accounts and towns that sent this Gold to him were fully in existence until we banned them a couple of days ago. No abandons, nothing to prevent him returning the gold if he truly believed it was tainted.  

So his statement above is simply wholly untrue.  Even setting aside the many Billions of gold he received, we simply do not find Silverleaf to be credible.

What about Brock Fairly?
We've received emails from many people saying "Brock's a nice guy, surely you've made a mistake, banning him".

Notwithstanding the 7.4 Billion Gold that was sent to Brock Fairly from CDD, the following igm leaves us in no doubt that Brock knowingly colluded in profiting from this exploit:

From: deghoul [mCrow]
To: Brock Fairly [Roads]
Subject: RE: pres caravans
Received: 02 Nov 2014 09:29

i sent you my pres of 33,450 please keep them in safe and do not sell :)

you have the Right to use 10% to 20% for your own :D

i just calculated the price of these things if being real buyer

they are equal to( 515 GBP) OR( 823 USD) hahahahahahaha

And then, nine hours later, having read the igm...
  • 02 Nov 2014 20:42 - Brock converts 15 Prestige Scraps into 1,125 Prestige for his account.
We don't think that collusion gets more obvious that that.

What about the other players who have been banned?
Some were exploiters. Some were accessories to the exploit.  Some were alts of the banned players.  There are many reasons.  I'm not actually going to go into specific detail about each and every other banned player and why they were banned because it's not going to add much overall, it's going to take up time better spent on other things, and we're crystal clear that the actions we've taken against the players we've permabanned was the right thing to do.  We hope the examples we've detailed above (largely because they're the most prominent/contentious/obvious) removes any doubt as to the reasons for the actions that we've taken.

What does this mean for [Roads]?
There are many very good people at [Roads] who we're sure were entirely out-of-the-loop regarding these goings-on... and there are many who entirely laudably believed and verbally supported their companions and who might now be feeling betrayed by people they trusted.  We do understand this, and we sympathise.

It would be entirely unfair to tar every member of [Roads] with the tainted brush of the corrupt few, and I very much hope that the community will actually regard the remaining members of [Roads] with both trust and a presumption of innocence.  We certainly do.

So, what's next in this saga?
I've had a couple of people mail me to say that this is a "dev witchhunt".  It isn't. This is a serious issue that needs resolution and transparency; which is why we're sharing all these specific details.  It affects everyone by distorting the market and providing artificial pressures on the Illyriad economy.

Not only that, but investigating issues like this takes substantial amounts of development time out of our schedule.  This has eaten more than one man-week so far; so everyone suffers from the lack of progress on other areas of the game.

I'd be surprised to find that other people knew of or used this exploit previously - but I'm willing to be surprised, and I'm willing (and going) to look.

We're going to take a good number of random sample database restores from the last few years to see if anyone previously had town taxrates set out-of-bounds.  Some senior players have indicated that they have been (historically) surprised by some alliances' access to instant huge money, and we'll be happy to look into any particular date range if it's put to us in a petition with all relevant details.

Final thoughts
Illyriad wants as many players as we can get.  Any game does.  

But we equally have to protect the integrity of the entire game system as best we can so that it's equitable for everyone.  A sandbox game that has the freedom and vast scope of Illyriad has so many moving parts that it's sometimes extremely hard for us - or anyone - to spot these kind of subtle exploits.

Some players have suggested that we've acted on this so quickly because Illy corp is worried about losing money via prestige sales.  That's both unfair and illogical.  

Magical Gold arriving out of the air and being spent on prestige scrolls created an artificially high demand for prestige scrolls.  This means that more prestige scrolls were being created and therefore more prestige was bought by players.  So this exploit actually benefits Illy corp (in the short term, before it would have completely trashed the ingame market economy - "Quantitative Easing" can only go so far).

So, closing this exploit has actually shut off an (artificially-created) source of additional revenue for Illy corp.  If we wanted additional cash we'd have let this exploit run, not shut it down!

I would, of course, urge anyone who knows about an exploit to get in touch with us.  One of the things I hope that this has proven is that we record, and have access to, everything that has ever happened ingame.  If you cheat, you will be uncovered.

Regards,

SC


EDIT: Added Hyperlink to earlier thread detailing the exploit
EDIT2: Corrected impact on the economy figure from 20% to 12% M0/MB Gold removed
EDIT3: Fixed a couple of typos


Edited by GM Rikoo - 26 Nov 2014 at 18:48
GM Stormcrow | Twitter | Facebook | G+
Back to Top
jcx View Drop Down
Forum Warrior
Forum Warrior


Joined: 09 Oct 2013
Location: Tallimar
Status: Offline
Points: 268
Direct Link To This Post Posted: 14 Nov 2014 at 19:41
finally. nice read! Great work Devs!
Disclaimer: The above is jcx|orcboy's personal opinion and is not the opinion or policy of Harmless? [H?] or of the little green men that have been following him all day.

jcx in H? | orcboy in H?
Back to Top
Jejune View Drop Down
Postmaster
Postmaster
Avatar

Joined: 10 Feb 2013
Status: Offline
Points: 597
Direct Link To This Post Posted: 14 Nov 2014 at 19:46
Again, amazing work by the devs, and just an incredible thing to read. I still believe that the outside gaming community should know about this story and how the game developers caught the conspirators.

On a personal note, I found Brock's IGM about frauding the game really disgustipating: "they are equal to( 515 GBP) OR( 823 USD) hahahahahahaha" ... Brock converts 15 Prestige Scraps into 1,125 Prestige for his account. 

Yeah, hahahahahaha -- you're a thief. A real-life thief.

Back to Top
Diva View Drop Down
Forum Warrior
Forum Warrior
Avatar

Joined: 20 Dec 2011
Location: United States
Status: Offline
Points: 398
Direct Link To This Post Posted: 14 Nov 2014 at 19:52
Now I feel exploited because of going for the mystery of Audrey to help ODD and Nesse.. 

But I am thankful that the Devs have the betterment of the game at heart without people exploiting the prestige and the marketing systems.

Thanks Devs.. 
D
"Um diva.... you are sort of acting like a .... diva...." - PhoenixFire
Back to Top
mcdwarf View Drop Down
New Poster
New Poster


Joined: 19 Sep 2013
Status: Offline
Points: 2
Direct Link To This Post Posted: 14 Nov 2014 at 20:04
Thanks for the transparency and shutting down those guys.
Back to Top
Maccam View Drop Down
New Poster
New Poster
Avatar

Joined: 12 Aug 2013
Location: England
Status: Offline
Points: 23
Direct Link To This Post Posted: 14 Nov 2014 at 20:07
Originally posted by Jejune Jejune wrote:


On a personal note, I found Brock's IGM about frauding the game really disgustipating: "they are equal to( 515 GBP) OR( 823 USD) hahahahahahaha" ... Brock converts 15 Prestige Scraps into 1,125 Prestige for his account. 

Yeah, hahahahahaha -- you're a thief. A real-life thief.

Well said.  That gloating was a massive slap in the face for people who have bought prestige, and therefore who fund the game for all to play.
Back to Top
Tyrande Whisperwinds View Drop Down
Wordsmith
Wordsmith
Avatar

Joined: 02 Mar 2013
Location: Portugal
Status: Offline
Points: 177
Direct Link To This Post Posted: 14 Nov 2014 at 20:07
While it's good to see that this exploit was caught and ppl were banned, still can't help myself from thinking that this exploit in particular was treated differently from other exploits in-game (such as permasats accounts per example), because it involved gold (and real money in the end, with the new prestige scrolls).


Back to Top
Brandmeister View Drop Down
Postmaster General
Postmaster General
Avatar

Joined: 12 Oct 2012
Location: Laoshin
Status: Offline
Points: 2382
Direct Link To This Post Posted: 14 Nov 2014 at 20:10
An interesting read.

What happens in a permaban? People have sent a great many troops to help Nesse and Odd on the ultimate item quest. If defending their cities is now pointless, perhaps we still have time to recall the armies, and go help another player? The quest itself is still worthy.
Back to Top
GM Rikoo View Drop Down
Admin Group
Admin Group
Avatar
Community & PR Manager

Joined: 28 Mar 2014
Location: Mars
Status: Offline
Points: 1230
Direct Link To This Post Posted: 14 Nov 2014 at 20:11
Originally posted by Tyrande Whisperwinds Tyrande Whisperwinds wrote:

While it's good to see that this exploit was caught and ppl were banned, still can't help myself from thinking that this exploit in particular was treated differently from other exploits in-game (such as permasats accounts per example), because it involved gold (and real money in the end, with the new prestige scrolls).

Well, if you're wondering if we were more inclined to act on something that was literally an exploit/hack and so so so against the rules than acting on something that is allowed through the rules and game mechanics, then yes.

But, if you're implying that we acted because somehow shutting this down gave us some sort of financial benefit, Stormcrow covered that in his post: 

"Some players have suggested that we've acted on this so quickly because Illy corp is worried about losing money via prestige sales.  That's both unfair and illogical.  

Magical Gold arriving out of the air and being spent on prestige scrolls created an artificially high demand for prestige scrolls.  This means that more prestige scrolls were being created and therefore more prestige was bought by players.  So this exploit actually benefits Illy corp (in the short term, before it would have completely trashed the ingame market economy - "Quantitative Easing" can only go so far).

So, closing this exploit has actually shut off an (artificially-created) source of additional revenue for Illy corp.  If we wanted additional cash we'd have let this exploit run, not shut it down!"

Thanks, though.

GM Rikoo


Illyriad Community Manager / Public Relations / community@illyriad.co.uk
Back to Top
Brandmeister View Drop Down
Postmaster General
Postmaster General
Avatar

Joined: 12 Oct 2012
Location: Laoshin
Status: Offline
Points: 2382
Direct Link To This Post Posted: 14 Nov 2014 at 20:14
@Tyrande: I don't think there is a valid comparison to permasat accounts. Permasats also create a large amount of additional gold and advanced items that float around the game. If passwords are shared, it's technically a violation of the ToS. But it does not strike me anywhere near as noxious as tricking the game server by sending intentionally erroneous data to an unchecked function call, and then generating 12% of the circulating gold in the entire game.
Back to Top
 Post Reply Post Reply Page  123 7>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.07
Copyright ©2001-2016 Web Wiz Ltd.