CCP plays down EVE leak

By Ellie Gibson Published 15 April, 2008

No risk to players, apparently.

CCP, the studio behind space-based MMO EVE Online, has set about reassuring the Internet that the leak of the game's source code won't jeopardise subscribers' security.

The source code has appeared on a number of torrent tracking websites this week but CCP says that neither players, the game nor the developer itself face any risks.

"CCP is aware that an individual claims to have access to the source code of the EVE client. This access is not a security risk to CCP in any way," the company said in a statement.

"Access to the source code for the EVE client exposes no security vulnerabilities, has no privacy protection issues, and poses no threat to our customers' billing information.

"The server-side interface used by the client is carefully protected to ensure that no abusive or unwanted information is transmitted to, or from the internal EVE server systems. Nothing the EVE client can do can affect the game state, no advantage can be gained by manipulating the EVE client, no advantageous or disadvantageous information can be transmitted to other EVE users by altering the EVE client."

Although the company has acknowledged the theft of the game source code, it would not disclose any information on how the code had been accessed.

"CCP does not confirm or deny, nor make any comment, regarding issues of internal security, and will not be doing so in this case," it said.

Picture of Ellie.

About Ellie Gibson

Since joining Eurogamer in the mid 2000s, Ellie has written about subjects as diverse as the fall of Gizmondo, the rise of Hollyoaks actresses in Red Alert games and the noise a bear makes under NSFW circumstances.

Read more articles from Ellie by visiting the Ellie Gibson archive page.

You may also like...

Comments (10) Latest comment 4 years ago

Comments threads automatically close after 30 days, but please feel free to continue chatting on the forum!

  • Tejstar #1 4 years ago

    You'd better not even mention it on their forums, they're banning left, right and centre!

  • shamblemonkee #2 4 years ago

    what about the rumours that the In-Game Browser features a way to launch files on your PC?

  • karstux #3 4 years ago

    I heard it's not the entire sourcecode - just some de-compiled Python scripts. I guess if the client knows more than it displays, an altered client with injected Python could give advantaged to malicious individuals. Might make it more susceptible to automation, too.

    I also heard CCP are monitoring the source downloads... and ban accounts with corresponding IP adresses. Proceed with caution. :)

    (Note: these are slashdot rumours. I'm not an EVE player.)

  • the14th #4 4 years ago

    This article is based off of an unconfirmed source. The slash-dot article that contains the "official response" is quoted to be from a CCP employee named Ryan S. Dancey. That is the name of a major american pencil-and-paper dev. Does anybody but me think that it sounds like a fake?

  • rowsdower #5 4 years ago

    Heh, there's already been a huge vunerability exposed: the in-game browser redirect exploit. It's actually been possible since the IGB was introduced but only looking at the code revealed it. Suffice to say, any EVE players out there should NOT under any circumstances look at any pages in the IGB until that is fixed (if it ever will be).

    Also not that according to the guy who got the code, in a publicly released conversation with a CCP employee, any macro exploits that were discovered when the code was last leaked 2 years ago, have not been addressed in any way and macro farming has essentially been 'allowed' by CCP despite the info all being in the public domain for the last 2 years. Any exploits regarding this were discussed and analysed years ago but still remain in the current source code. Sad to see CCP really doesn't care about macro-miners. I suppose it's all profit for them.

    Also note that CCP are seeding the piratebay torrent themselves (quite canny I must say) so that anyone downloading it will have their IP tagged and then be automatically banned from the game. As is usual with a leak of this sort, it is often best to not download it at all but simply revel in the drama. It is EVE after all which is powered by the ever turning wheels of the great Drama Llama in the Sky.

    Any posts from CCP in the near future will more than likely just be damage control, so I wouldn't expect any honest answers from them. Remember, the boot.ini issue? Yeah, that was identified and CCP were alerted to it on the test servers weeks before the patch was launched. They still went ahead and trashed peoples computers anyways. Any issues raised in this leak will therefore be very unlikely to be resolved anyhow no matter what the source students uncover.

    All this information has been garnered by just being an EVE player and reading the EVE forums, I don't have the code myself (I'm not a fool) just in case CCP want to extend their Iron Grip anywhere here. Sad that I have to put that disclaimer, but CCP are a ban first, ask questions never kinda company.

  • Urban_Mongral #6 4 years ago

    Please guys, can we stop the tinfoil hattery here

    Firstly Ryan Dancy is a CCP employee. In fact more than that, he is the chief marketing officer.

    Check out the CCP website

    Secondly - CCP were not "informed" about the boot.ini issue weeks before. Somebody made a post in the wrong bit of the forums a few days before the patch came out and it wasn't spotted by the Dev's.

    Now the Boot.ini issue should have been picked up by CCP's in house QA processes. I have no idea why they failed but as the old saying goes, "never attribute an incident to malice when it may just as easily be explained by incompetence". To me the suggestion that CCP deliberately trashed their customers PC's is total madness, they screwed up, no more, no less.

    Going back to this client leak, to me this looks like a storm in a tea cup. The clients for all MMO's are pretty dumb and the server side does most of the clever stuff (I think in the early days somebody did release a peer-to-peer MMO and quickly found it was made unplayable with vast numbers of cheaters).

    As for the guy who released it, even if we believe his claims about his motives, its a despicable way to behave with somebody else's property.
    Edited by 2 at 15/04/08 @ 18:26

  • the14th #7 4 years ago

    Well I apologize about my paranoia, hadn't seen that part of the site. Also, i'm a little bit confused as to what was actually leaked. Was it the source code for the client or the server?
    Edited by 1 at 15/04/08 @ 20:21

  • Urban_Mongral #8 4 years ago

    Sorry for jumping on your back.

    Apparently a small part of the client code was leaked, I haven't seen it for my self but I heard it was around 2 MB of python code. To put this in context, the EVE classic installer program is 603 MB.

    AFAIK none of the server code has been leaked. I would imagine CCP keeps it under armed guard!
    Edited by 2 at 15/04/08 @ 23:33

  • Ginger #9 4 years ago

    OMG PLANET!

    Seriously though, good luck to CCP getting through this, although I'm sure we all understand that the majority of that 600+ MB is artwork adn the real executable is never as large as you expect it to be :p

  • makememoo #10 4 years ago

    because

    a) they wrote it in python knowing full well it can easily be decompiled by even commercial tools so they would have done a risk assessment.
    b) on top of a, server > client systems (mmos, gambling games etc) rely so much on the server doing anything sensitive that the client really ends up being a husk of logic processing -> execute logic result rather than have any power to do anything specific.