Ten Ton Hammer - Taking MMO Gamers to the Next Level!

In Part One of our series we saw some of the reported examples of the exploits that are taking place in EverQuest, primarily on the Time Locked Progression Servers. In Part Two we spoke with two individuals who had experience in limiting the ability to hack on their emulated servers. In our final part today we approach Sony Online Entertainment to find out what can be done from their end to put a stop to the hacking.

We had determined that the early fixes that Rogean and Haynar had implemented on their emulated servers may not be ideal on a large commercial scale for SOE. However, since the time of the interview, Rogean did contact me with some updates.

"Using packets with unpredictable variables to crash a client running MacroQuest was just the beginning for us," Rogean began. "Even selectively using that method, many of the hack programmers found new ways to 'toughen' their distributions to make them impervious to the sort of vulnerabilities that we exploited to detect them... We came up with a brand new system of detection that we were able to embed into the client directly without actually modifying the client itself.

Through this system we can then keep a watchful eye on the memory space of the client. We can check to make sure that there are no external modules loaded into the client that are reading or changing the client's memory. If this system detects this, it sends the name of that module with a specific flag to the server, which logs it for later review. All of these flags came back as MQ2Main.DLL on Project 1999. This system introduces a whole new level of detection available to us that can also be adapted to the hackers' attempts to avoid it. They may try to avoid it, but they are taking the chance that we alter our detection to pick up on them and they lose their main character. In most cases, this is not worth the risk."

The bigger issue that SOE may face is that once the cheaters are comfortable using the hacks and do not see punitive actions taking place against the hackers, they feel all the more confident that they can get away with using them.

"It's just like if in real life," Rogean continued. "If you don't see many police pulling over speeders or you get away with driving faster and faster over time, you get comfortable driving those speeds... until finally you get pulled over.

"That's what we did. We pulled over 365 people at once, publicly, and that will stick in everyone's minds that we take our anti-hacking rules very seriously, and we won't give up trying to detect them."

I called up Thom Terazzas, Producer of EverQuest. If anyone knew what SOE was doing or would be doing to combat the hacks, it would be him. Thom was familiar with the problem. He also knew the importance in letting players know that bans are happening.

When we spoke about customer service vocalizing the bans Thom recognized that it hasn't been happening much lately.

"I don't think they've done it recently as far as notifying the community about mass bannings," he said, "but it is a big deal to us too... I think what we need is just a little more promotion of information from CS a little more often on the message forums--just to let them know we're on to them."

Even though it is a concern to Thom and his development team, it may take some time yet before the issue can be fully addressed.

"Obviously there's a lot of juggling we need to do in order to make it a priority," he continued. "The expansion, [Veil of Alaris], is something that we're really focused on right now. That has gotten, I would say, 80 percent of the[development] focus here. So doing anything that dramatically combats the hacking is something that we would really like to do, but it is not something we've been able to do."

That's not to say, however, that no time has been spent investigating the cheats.