Eve Online: Client Code Compromised; CCP Claims "Not a Security Risk"
Posted by Shawn on Tuesday, April 15th, 2008 at 4:12 pm under Computer, Game Companies, Game Platforms, Games
Crowd Control Productions has had its Eve Online client code hacked and mass distributed via torrent. The perpetrator IMed CCP to antagonize the company and demand to know why he was so easily able to hack the client. There have been rumors flying that CCP is actually seeding torrents now, in order to recover and use the IP addresses of those who download the client’s source code to ban Eve Online accounts.
CCP’s seems unconcerned about the whole situation. It denies mass bannings and offers hashes for those who may have downloaded a hacked client. Here’s the Official CCP statement on the incident:
We are aware that an individual claims to have access to the source code of the EVE client, but this access is not a security risk to CCP or our customers in any way. The Python scripting language that is used by the client can be easily decompiled to generate readable code, and we have designed our server-side systems with that understanding. Therefore, there is no reason to believe that the code was leaked by an employee and our internal investigations confirm that.
Access to the source code for the EVE client exposes no security vulnerabilities, has no privacy protection issues, and poses no threat to our customers billing information. The server-side interface used by the client is carefully protected to ensure that no abusive or unwanted information is transmitted to or from the EVE system.
Nothing the EVE client can do can affect the game state, a manipulated EVE client cannot affect the server, no advantageous or disadvantageous information can be transmitted to other EVE users by altering the EVE client. The EVE client is signed with a security certificate registered to CCP. Hashes are available on our web site for those who wish to ensure the integrity of EVE client download files they may have received from a source other than direct download from CCP’s web site.
Finally, there have been no mass bannings, as reported in some news articles, though we do remove all message board posts regarding violations of our EULA and Terms of Service as per standard policy and procedures. We consider any alterations of the client software, including decompilation, or discussions thereof, to represent such a violation.
Most likely the most damaging thing a person can do with the client code is to use it to inject a spam bot into the public chat servers. Industrious hackers could create a real annoyance with access to the code, but it’s unlikely they can use it to steal a subscriber’s personal information.
via MMORPG
If you found this story interesting, why not subscribe to our RSS feed to get your daily fix of gaming news?
April 15th, 2008 at 11:01 pm
They could, but only if someone was dumb enough to download a custom client.
April 16th, 2008 at 5:55 am
Upon second thought, actually it also means they could write plug-ins to do exactly that erathoniel. Then share it via the warez circuit and next thing you know the universe is full of keylogging/spamming users of the corrupted client.
I still think it unlikely but its possible. Its far easier just to use social engineering to get accounts and do those things than it is to customize the client to do your dirty work.
April 23rd, 2008 at 11:46 pm
Or… someone could use it to do good. Like, maybe writing a better browser, a more advanced calculator, a plugin that lets you change your skill training from remote… I could se this as a very good thing!