Trion: Rift now "a water-tight ship"
"As of today," says EP Hartman.
After an authentication security-hole scare, Trion Worlds now considers MMO Rift to be "a water-tight ship".
Speaking to Eurogamer, executive producer and MMO veteran Scott Hartsman was confident his team would have found the hole without being tipped off by a helpful hacker.
"I'm sure we would have. MMOs have had hacking going on for years," said Hartsman.
"We did absolutely find one hole with the help of a hacker. That was one of many sources of account hacks.
"Yeah, I like to think that we would have - given the sheer amount of people that we had focusing on security in general since launch. But, as always, the assist is very, very definitely appreciated."
Has Trion Worlds offered helpful hacker ManWitDaPlan a job? "Ha!" blurted Hartsman. "I don't know if we talked to him about a job - he definitely got a free account out of it though, that's for sure."
The security hole allowed bots or hackers to gain entry to gamers' Rift accounts. Once there, the usual tactic is to offload the characters' equipment, items and gold to a 'mule' character. From there, the swag can be sold on or used to make money - in-game money that's sold online for real-world money.
Sometimes, commandeered accounts are sold on in their entirety.
In total, Hartsman said under 1 per cent of all Rift gamers have been affected by all hacks.
"But when you're talking about well over a million accounts... Let's pretend it's half a per cent: under half a per cent of a million accounts is still a large number," he said. "And that's part of what our customer service team has been ramping up to help with.
"Their hiring plan had been based around us not being as successful as we are. It just takes time to bring people on and get them up to speed. As of this past week, they've got an entire new 'graduating class' of people answering account petitions.
"We estimate that the full backlog will have been worked through as of yesterday."
"As of today we believe we are a water-tight ship," declared Hartsman.
There are two engineering teams - network and software - focusing on Rift stability and security. There are also people on the outside doing "penetration testing" and "all other kinds of security audits" on Rift. "Honestly, I can tell you that we're secure," said Hartsman, "but I would like other smart people outside our company to tell us that we are."
"If there's one good thing that's come out of the sheer volume of attacks that we've been suffering - as I mentioned we are under attack from multiple distributed botnets 24/7 - it's definitely pulled the company together," he added.
"We now have instant, rapid communication between everybody from network engineers to ops engineers to game-team engineers to execs; we're all on the same plays and able to make decisions really quickly. That's been a great bonus."
To stop account hackers getting their dastardly way, Rift has deployed a Coin Lock feature. This flags an account as Coin Locked when logged into by an IP that's geographically a long way away from its usual IP log-in location. When Coin Locked, characters can still run around the world of Rift but can't do a lot else - certainly not offload items or gold. Authentic owners have the option of contacting Trion to un-Coin Lock the account.
After adding Coin Lock, Hartsman said the hackers "just logged out and didn't take any of their stuff".
As well as shoring up Rift's walls, Trion will also weed its garden and spray the 99 game servers with digital pesticide to remove the gold farmers.
"The farming itself has been somewhat of a problem," admitted Hartsman. "Once we get beyond the current round of security enhancements, which I believe are going out in Wednesday's update, we've got even more anti-botter stuff going in."
"Right now you've got movement hackers that teleport around and mine all of the [resource] nodes before legit players can get to them. It's more protection for things like that, to make sure that the edge goes to the legitimate players, not the botters."
Hartsman wouldn't tell us what the anti-botter "stuff" would be, "but suffice to say that it's all about teaching the servers how to protect themselves without a human having to be involved". And to prevent collateral, there will be a "layer" of trained staff on top of that who will "watch the money flow and see where the coin is going".
They'll be looking for characters doing more in a day than any human possibly could.
"As a general rule, what we've been doing is just taking that Platinum out of the economy," said Hartsman of what happens when dirty money is found. "If a person does buy Plat and that Plat was either gotten through an exploit or taken from another player, it's not entirely unlikely to log in and the coin isn't there any more."
Lenient, perhaps - but if "something got egregious" then "absolutely" a ban would be on the cards, said Hartsman.
European and US Rift servers will welcome a meaty new patch tomorrow, which brings new world events and a new raid to the game.
"No, it's not simultaneous," said Hartsman. "We do have a European data centre patch window. The US patch is at, I believe, 8am Pacific; the European patch is 6pm Pacific.
"That's assuming that everything tests out - as with everything with MMOs, everything is subject to quality. We have and will hold a patch if we need to - if there were a problem."
Rift has been been a leftfield success thanks to a solid, feature-complete launch. Eurogamer lavished the game with praise, awarding Rift a hearty 8/10.