So, without further ado, lets dive into some security flaws,
as well as investigate ways you can increase security in your own recruitment
process without causing unnecessary, pointless work.
API. Just about every corporation requires these now. The
only useful information they will get is your skills. However, most smart spies
wont use a skill-less toon, so it’s besides the point. While useful at
analyising the skill sets of incoming recruits, it’s not particularly useful at
all as a spy-finder-outer.
Applications. Many corps require a rigorous application
process to weed out people who are not serious about joining. Again, a good spy
will be pretty serious about joining and will probably have excellent answers
for all your questions.
Voice Interview. Many corporations go a step further and
require that you have a vocal interview prior to joining. This will confirm
that you are human, and may give all sorts of information to the interviewee as
to personality, etc., but will not give any information on your spyness. The
good spies are actually quite charming.
Background Check. This usually constitutes someone doing
searches on Eve forums, on the web, and elsewhere of your character’s name.
They’ll glance through any posts you’ve made on forums as well as any
killboards that pop up. A smart spy can create information for background
checks to find, so this is also pretty useless.
Most corporations stop there, and you have to admit that if
you’re recruiting at a decent level, just that can be somewhat rigorous and
grueling. However, nothing in the above process actually helps you limit spies.
If you are serious about security, consider the following.
Recruitment by Invite Only. This has been adopted by several
corporations, but is not very accommodating when you want to recruit large
numbers. However, the chances of a recruit being a spy after being vouched for
by other corporate members is very slim. Though for more serious security
endeavors I would highly recommend this route, be aware there is still a slim
chance for the more dedicated spies for slipping through.
Closing recruitment during campaigns, wars, etc. This is
somewhat common sense, though if a spy has information regarding a future
invasion, he may implant himself into your corporation well in advance.
In the end, you’ll never be able to completely eliminate
spying. It’s a part of the game that many people enjoy, sometimes just because
they can. The best thing you can do is use common sense, and keep your head
when something does go wrong, to prevent any more fallout.
Another very useful aspect of the recruitment process is this: ask for screenshots of their wallet (filtered by Player Donations) and Completed Contracts. This helped my corporation weed out a spy who had been given 20b ISK with which to buy a toon. By looking at his wallet, we were able to find the name of the 20b donor, finding that he had PL in his corp history. Needless to say, that guy was a no-go.
ReplyDeleteWhich leads to a second point: always check the Character Bazaar for any of the characters' names. Buying a character is a great way to wipe your corp history.
Thank you for that article! As a recruiter myself (for Black Thorne Corporation) I have to add though that most of the common application "hassles" described don't have corp security in mind as the main reason. Things like interviews, forum forums to fill out and background checks are mostly there to find out if an application would be "right" for the corp (as in fitting its demeanor/mood/outlook/goals). Security is "just" an added bonus. And security-wise you correctly mention that it is always possible to get around/through those checks. But they aren't there for making it impossible for spies to enter the corp the checks are there to see if the applicant would fit well into the corp and secondly to make getting a spy more difficult. This doesn't mean that a dedicated spy won't get in but it does make it more difficult and more work for spies to get in (and this is the point).
ReplyDeleteRecruiting by invite only is of course the most secure way, but it is also not feasible for corporations who for example happen to cater to new EVE players as well. But I guess those corps are not a very high priority target for spying anyway .. ;-)