So, without further ado, lets dive into some security flaws, as well as investigate ways you can increase security in your own recruitment process without causing unnecessary, pointless work.
API. Just about every corporation requires these now. The only useful information they will get is your skills. However, most smart spies wont use a skill-less toon, so it’s besides the point. While useful at analyising the skill sets of incoming recruits, it’s not particularly useful at all as a spy-finder-outer.
Applications. Many corps require a rigorous application process to weed out people who are not serious about joining. Again, a good spy will be pretty serious about joining and will probably have excellent answers for all your questions.
Voice Interview. Many corporations go a step further and require that you have a vocal interview prior to joining. This will confirm that you are human, and may give all sorts of information to the interviewee as to personality, etc., but will not give any information on your spyness. The good spies are actually quite charming.
Background Check. This usually constitutes someone doing searches on Eve forums, on the web, and elsewhere of your character’s name. They’ll glance through any posts you’ve made on forums as well as any killboards that pop up. A smart spy can create information for background checks to find, so this is also pretty useless.
Most corporations stop there, and you have to admit that if you’re recruiting at a decent level, just that can be somewhat rigorous and grueling. However, nothing in the above process actually helps you limit spies.
If you are serious about security, consider the following.
Recruitment by Invite Only. This has been adopted by several corporations, but is not very accommodating when you want to recruit large numbers. However, the chances of a recruit being a spy after being vouched for by other corporate members is very slim. Though for more serious security endeavors I would highly recommend this route, be aware there is still a slim chance for the more dedicated spies for slipping through.
Closing recruitment during campaigns, wars, etc. This is somewhat common sense, though if a spy has information regarding a future invasion, he may implant himself into your corporation well in advance.
In the end, you’ll never be able to completely eliminate spying. It’s a part of the game that many people enjoy, sometimes just because they can. The best thing you can do is use common sense, and keep your head when something does go wrong, to prevent any more fallout.
Another very useful aspect of the recruitment process is this: ask for screenshots of their wallet (filtered by Player Donations) and Completed Contracts. This helped my corporation weed out a spy who had been given 20b ISK with which to buy a toon. By looking at his wallet, we were able to find the name of the 20b donor, finding that he had PL in his corp history. Needless to say, that guy was a no-go.ReplyDelete
Which leads to a second point: always check the Character Bazaar for any of the characters' names. Buying a character is a great way to wipe your corp history.
Thank you for that article! As a recruiter myself (for Black Thorne Corporation) I have to add though that most of the common application "hassles" described don't have corp security in mind as the main reason. Things like interviews, forum forums to fill out and background checks are mostly there to find out if an application would be "right" for the corp (as in fitting its demeanor/mood/outlook/goals). Security is "just" an added bonus. And security-wise you correctly mention that it is always possible to get around/through those checks. But they aren't there for making it impossible for spies to enter the corp the checks are there to see if the applicant would fit well into the corp and secondly to make getting a spy more difficult. This doesn't mean that a dedicated spy won't get in but it does make it more difficult and more work for spies to get in (and this is the point).ReplyDelete
Recruiting by invite only is of course the most secure way, but it is also not feasible for corporations who for example happen to cater to new EVE players as well. But I guess those corps are not a very high priority target for spying anyway .. ;-)