First things first; the Scottish snow really sucked this past week (link). Being stuck in transit between London and Scotland made me really appreciate some of the lovely California weather we have come to expect. But once I made it up there, I do have to say it was worth the very painful trip getting there.
The talent we have been able to find in the UK and have been contracting with has been really great, so our next step is now to set up a new game studio in the UK in February 2011. Right now we are just debating WHERE to put such a studio as an extension to our US operation. The clear front-runners at the moment appear to be Edinburgh (near Weaverly Station which would put us right next to Rockstar North of all companies) or Cambridge (near JagEx and others). Other options include Dundee, Liverpool, Newcastle, Birmingham, Manchester or London/Guildford. Each of these offer various advantages (and in some cases various incentives), and we are spending the next four weeks determining the right location both for us and our staff. I will keep this blog updated with our progress as we evaluate all our options (and I might even invite people to make suggestions) before we pull the trigger.
Hackers and Cheaters
Now on to the main issue this week. Hackers and Cheaters. This is a tricky topic to talk about in anything except "hushed tones" and using code-words and only partial information. But I will give it a shot, so that during the rest of the relaunch process we have a basic framework for the discussion when the topic comes back up again.
First off, let me define two separate terms; we usually refer to people that do bad things in-game as cheaters, spammers or griefers. We really try hard not calling them "hackers" - only because hackers tend to connote much more sinister stuff like DDoS and Malware attacks. But sometimes we slip, and we call the cheaters "hackers." But I digress.
So what can we do about Cheaters in APB? Well there are a ton of "cheat-busting"solutions out there such as NProtect, HackShield, PunkBuster, XTrap etc. All those have various advantages and disadvantages, though the most annoying disadvantage is of course that none of them are perfect in catching all cheats, some of them are easily circumvented, and some tend to interfere with normal gameplay to lesser or greater degrees. But everyone pretty much agrees that using some form of execution protection is a must, and the newest types of protection are now much more custom and game-specific, rather than generic. That's generally the type of protection we are now moving toward.
First the good news; as a mostly server-driven game APB is naturally much more resilient to cheaters than most other F2P MMO's. There is a good reason F2P games usually don't use server driven architectures; they cost a lot more per CCU to operate than P2P communication solutions, so in APB we are going to run a giant experiment to basically determine if hardware costs/specs have progressed far enough to make F2P server-driven games financially viable. Our current calculations seem to support that it will in fact work. By avoiding using P2P to transmit action data, the ability to attack or hack the core APB functions drop significantly. This is true for all types of hack attacks except one key category of cheats; aim-bots. Because aiming relies on visual data that by necessity HAS to exist on the client (after all - if you didn't have this data, you wouldn't be able to shoot anyone, since you wouldn't be able to see them) it makes them the trickiest category to protect against.
But even here there are some good news; before APB was shut down most aim-bots were actually actively being detected. Unfortunately (or fortunately) the data was not being acted on for various reasons (analysis was on of the reasons).
There is another issue - most people who lose any match in any shooter game tend to presume that they lost to a cheater, even when they lost fair and square. Part of human nature I suppose, which means cheating is actually over-reported. When we have run live in-person tournaments we basically end up concluding that there ARE many people out there who are basically MACHINES, and play at a level many many steps above where everyone else is.
On to hackers. Well we have been particularly aggressive trying to deal with hackers, since in some cases they have made our lives a living hell. The most interesting case being the one in 2007 when an employee of an unnamed telco-company decided to DDoS us, and basically the DDoS lasted during the hours he was on the job every day. Eventually the particular perpetrator was tracked down.
More recently we were hit by a string of DDoS attacks starting on December 25, 2009 (thanks for that Christmas present). That was actually the start of more than 50 attacks over the last 12 months alone.
To combat DDoS, which we now seem to be pretty good at doing, let's just say that "we do things," and in some cases "we use some outside providers" and internally "we have some good stuff," and we finally collaborate with some pretty mean people to help us out bringing people to justice. Just two days ago the newspapers in Turkey released this story: http://www.sabah.com.tr/Gundem/2010/12/10/ikileaks (here is the somewhat cryptic Turkish to English Google Translation). These guys were part of the group that were specifically targeting Knight Online.
DDoS attacks are clearly annoying (and very destructive to the business), but they are not as dangerous as the targeted malware attempts by Chinese goldfarmers that have become prevalent toward game companies (think of Stuxnet, but aiming for game companies instead). Sometimes it boggles the mind that there are people out there with an actual business model that requires some form of hacking to improve the margins of their operation.
That's a quick overview of the situation. Apologies for not being more detailed given that we have to keep things quiet in order to be effective. But once the game gets back up and running I am happy to share more specific details about specific items as they arise when we are live.
Cheers, Bjorn / TechMech