Showing posts with label social engineering. Show all posts
Showing posts with label social engineering. Show all posts

Paid Industry Trolls

Posted by Daeity On Wednesday, March 28, 2012

An interesting read on the "confessions" from a former EA Viral Marketer. I caught this yesterday on Reddit too, and just decided at the last minute to write about it.

This is a known job (mostly outsourced and Work At Home) by many in the gaming industry, but most people don't talk about it. There are a lot of job titles and duties that the industry really doesn't like to discuss. :)

It really doesn't matter if this person is a phony or not as what they say about the job is true. I'd really like someone to come along, though, that can provide real evidence of their job and duties and even provide several real world examples of things they've done.

All Andromeda posted, unfortunately, were public Quarterly Shareholders documents that everyone has access to. And they spent very little talking about their job, and more time attacking the company and it's games. It would have been far more convincing if they had provided real documentation from their job (since there would have been a lot of it, and none of which could have been traced back to them.)

That's why I appreciate some of the recent comments made by Brian Fargo, for example, about the real inner-problems that happen between Developers and Publishers that no one knows about. Now, we finally have a recognizable and trusted name providing proof that what many suspected really does happen.

Andromeda's job is basically conducting creative viral marketing on sites and forums (including /v/), praising their employer, and derailing threads or putting down competitors to deflect and control perception about a game.

You never really know who these people are. They spend years creating online identities, and they have multiple identities on several major and minors forums or blogs. A forum poster on MMO-Champion, for example, might have a dozen identities each with hundreds of posts (or one primary account with thousands and a "good reputation"). They're paid to do this 8+ hours per day, so you can only imagine how much time they spend on sites, forums and blogs building up trust and familiarity over several months or years.

It's a pretty easy job too. And there are different kinds of "marketing" responsibilities.

Some of these professional sockpuppets or shills will primarily engage in praising or controlling the perception of a company or it's game. Others, though, might have the task of attacking competitors, talk trash about their games or generate bad press, try to organize mass "uprisings" against certain companies, constantly attack the reputation of someone who is critical of their employer (any attempt to discredit them, including lies), create bad reviews of competing games (mostly targeting crowds to do it for them), or they engage in unethical practices to deplete the marketing and customer support budgets of competitors.

The key though is manipulating crowd psychology. They want as many people on their side as possible to do the most damage, so they're usually highly social (online) individuals within forums and they use sites like Twitter. They also have multiple accounts, so they're hard to distinguish since each account might have different followers. And, the more followers the better. What's also nice is that they can buy the obedience of many followers by handing out free stuff given to them by their employer. :)

It's really hard to spot these shills though. They engage is casual chatter, talk about their day or their family, movies they watch, etc. And, they're hard to distinguish from simple fanboys. Maybe they even act as fanboys as part of their cover. There probably is a detectable pattern, and a way to find these people, but one would need some real and proven examples of posts from their various identities. I'm sure that some of the more talented viral marketing trolls could probably spot each other though.

"Telltale" Signs

Posted by Daeity On Monday, November 21, 2011

Last week, Gamespot made a post about Telltale Game employees feeding perfect 10 scores into Metacritic.

Quite a bold statement. So, what exactly was their investigative technique to confirm this with 100% reliability?

The reviews had above-average grammar, and their aliases (e.g. "TANTRAD") happened to match the aliases of Telltale employees. Yep, that was it.

Between the reviewers' constant lionizing of Telltale Games, complete sentences, proper punctuation, and paucity of spelling errors, we began to suspect that the user reviews were not the product of actual players, but of Telltale representatives. Sure enough, a cursory Google search on the reviewers' user names backed up our suspicions. One of the reviewers was a user interface artist at Telltale; another was a cinematic artist. According to their LinkedIn profiles, both were relatively new to the studio, but they should have more than enough experience in the industry to understand this was a bad idea.
(Funny.. I didn't see a ton of other gaming blogs attacking and scrutinizing them for their investigation process.)

I really liked this part of their article:
But if the goal was to drag those individuals over the coals, you'd see their names and LinkedIn profiles here.
They said this after they gave all of their readers the means to find it out themselves:

1. A link to the Metacritic page
2. Told everyone it was a perfect 10 score
3. Told everyone it's the oldest score on the page (Nov 15, 2011)
4. You can use Metacritic to sort of by date on the positive reviews
5. Grammar is above average
6. A cursory Google search of their alias and "Telltale"
7. On his LinkedIn profile he's new and a User Interface Artist

This actually reminds me of that Facebook investigation. I'm showing you how they probably came to that conclusion, or how they most likely investigated, and I'm probably right. Maybe I'll be scrutinized for this post.. "you're jumping to conclusions", "LinkedIn Profiles are unreliable, I can't believe you use them to confirm if they work for companies", "FAKE NEWS!!"

The Point

What's most scary about this whole thing is that Gamespot is probably 100% correct and that they came to the conclusion through a very simple investigation.

This is a point I've been trying to make for a long time.. there is a ton of information on the internet that most people think are unreliable or useless, but they're not. For the most part, people are very open, honest, and not very careful about what they type on the internet.

In cases like this, though, look at what happened. Gamespot went by on online alias (unable to confirm who actually owned the alias), posted it as undisputed evidence, caused rage, which resulted in a substantial number of negative reviews from users who never actually played the game but were just angry about the situation.

Can you see how both users and media organizations (or internet "journalists") could have been easily manipulated in this situation?

This is why I show as many sources as I do, and proof to backup every claim. I see what happens on these other sites (like Gamespot, who just made the claim and did not provide their sources and proof that the Metacritic alias was indeed used by the employee), and I want to show how I came to a conclusion so that people can come to their own.. I may be right or wrong, and sometimes there is no way to be 100% positive. I can only guess that this case is probably correct given the evidence, probability, and past trends.

Let's go back to how just Gamespot investigated the incident:

If I was a competitor, and I really wanted to ruin the reputation of a game, why not just create multiple aliases of employees and give it a glowing review? And then, give negative reviews for my own games?

It wouldn't take long for blog/gaming sites to pick up on these, investigate (reverse alias search on Google), put 2 and 2 together, and report incorrect information resulting in sympathy for my own company and negative reviews for my competitor. I wouldn't be surprised if something like this has already happened.

A disgruntled employee could even do it to their own company, or targeting another employee they don't like. A disgruntled fan could do it.. anyone can do this and it would be perfectly legal to use your own alias (even if it happens to be used by another person) and make a review, but it would be the news sites or blogs that create the rumor or make the libel post in the end.

The Games Blizzard Plays

Posted by Daeity On Thursday, November 11, 2010

This is sort of a continuation of my last post, I wanted to further examine Blizzard's "repeated history of abuse".

It was originally a very long post, so I'm trying to break it down into components for easier reading and because I go off on tangents. =]

So..

Other than unintended changes (bugs) that have had negative effects on customers, how about intentional changes?

A profitable business operates like a professional con artist: they'll take your money and you'll thank them for it. Or, they'll cheat you out of money but you'll never know that it even happened. The only difference between the two is that "marks" are called "customers" and the scams are actually "business strategies".

Blizzard has done a lot of cool things from a customer perspective (like charitable donations), but how about examining those critically and from a business perspective? (After all, I'm pretty critical.)

Race Changes

Let's ignore the fact that Blizzard charges $25 for a simple database record change. (It's like charging $800 for pouring windshield wiper fluid while claiming that the service is in fact a highly complex procedure that requires dismantling of your vehicle.)

When Race Changes were first introduced, Will of the Forsaken was the most powerful PVP ability in the game. Many players switched races to Undead purely for the WOTF ability. However, Blizzard secretly nerfed the ability on that same day. =] Players who switched to Undead had to pay another $25 to switch to another race with the next overpowered racial trait.

What excellent timing. They had months and months to make the change (it was planned after all), but chose to make the change when it would be most financially beneficial to the company. =]

More Paid Faction/Race Changes

Blizzard recently announced that they will be allowed Paid Faction/Race changes on the first day of Cataclysm. This was unexpected, but welcomed, by many players.

What this tells me though, is that they're desperate to ensure highly profitable numbers during that quarter. They could have just relied on Cataclysm sales numbers alone, but with all of the hype and promises made to investors they're desperate to ensure that strong revenue figures are reflected. There are also other services/features being introduced in the same quarter (coincidentally) as the Cataclysm release, and you'll probably see a lot of other new services, class buffs, and other stuff in the following quarter to keep revenue figures high.

All of these changes within the same quarter tell me that they're worried though.

Digital Sales

This also relates to the item above. Digital Sales will be available for the first time when Cataclysm is released. This is very convenient for customers, but how about from Blizzard's perspective?

- Blizzard is cutting out the middle-man, so that they receive pure profit now.
- Digital Sales do not include physical boxes, so Blizzard has eliminated the huge costs associated with shipping, packaging, and the physical boxes/contents themselves (ie, no need to manufacture manuals, DVDs, boxes, etc.)
- However, they're still charging the same cost as the physical box! (The best part!)

This new service will dramatically increase revenue figures for the quarter and it was very well timed (it could have been implemented at any time within the past couple years.) =]

Also with the introduction of Digital Sales, several research groups will no longer have access to accurate sales numbers to determine subscriber counts or revenue figures. For obvious reasons, Blizzard doesn't want to announce player subscription counts (like when they lost 5-6 million players in China) and cause investor panic. But with this "new service for the customers", they can now keep all sales information secretly hidden within the company. Very clever indeed, and another example of their dedication to reputation management. =]

You're A Good Person If You Donate To Charity

Blizzard also recently announced that the pet store will have "Lil' Ragnaros" and the "Moonkin Hatchling" pets available during the same quarter as the Cataclysm release (yay, more revenue for the quarter.)

Not only that, but 50% of the proceeds goto charity.

There are a few things to keep in mind here:

- The graphics model for these virtual pets probably cost like $50 to make (that's including the $0.05 worth of electricity used by the development station) but Blizzard will be re-selling this virtual item in the hundreds of thousands. It won't cost Blizzard anything to donate 100% of the profits (donating 99.99% of the proceeds would still cover all of their associated expenses) but they need that massive profit for their quarterly results. Was this truly altruism or was it business? Based on history, I'm thinking the latter.
- It's like selling bottles of air (except they don't have to pay for the bottles).
- Charitable Donations = Tax Cuts + Public Relations + Reputation Management + Good Feelings For All
- As human beings, we're all very selfish. Everything we do is for actually for a selfish purpose when you think about it (donating to charity makes you feel good about yourself for example). However, we're very good at pigeonholing our selfish acts into different levels. Buying a pet for vanity purposes is "bad" and some will do it.. BUT if the proceeds are going to charity, then that will JUSTIFY the purchase and you can feel good about yourself. This is a common business strategy actually.. manipulation of our feelings is just proper marketing strategy, so don't take it personally. If you ever wanted to sell something that makes a person look vain, just tell them you'll donate some of the proceeds to charity - it works wonders.

Anyhow.. yeah yeah, I'm a jerk for mentioning all of this. "Blizzard could have just kept all of the profits themselves you know!!" is what the Blizzard fanboys will probably say. =]

Buffing During Sales Periods and De-Buffing After

The Death Knight was originally extremely overpowered. Everyone was lead to believe that because they were a "Hero Class" that they would remain overpowered with reason. It was kept overpowered during the highest sales period of the year, and then they "suddenly" nerfed the class to hell approx 3-4 months after (when the big sales period ended.) Coincidental? The DK class sure did bring in a lot of new players via word-of-mouth and friends inviting friends due to their "special abilities". =]

The DK class was tested for years internally, beta testing, and PTR testing - but Blizzard kept them OP until after sales dwindled. I'm predicting the same thing with Cataclysm - ridiculously easy dungeons and item/gear collection, overpowered abilities and classes, and then there will be a massive nerf followed by the reset of items or "introduction of new gear" the replaces all existing gear. It will probably happen in March/April. You know.. because all of the awesome changes (that have been tested for years mind you) were in fact "accidental" or "unintentional".

Promises Promises

When World of Warcraft was first released, I was very hesitant about paying $15 per month for their service. However, Blizzard reassured me that they had major content upgrades planned to be released every month. That was the big selling point for me.. the promise of major content updates on a month by month basis.

It never happened.. they later changed the idea into "Expansion Packs" so that they could reap additional profit on top of the existing monthly subscription payments. What a huge disappointment. They also removed all forum posts that had mentioned monthly "major content" patches, if I had known I would have taken screenshots.

In 2008, Mike Morhaime revised that statement and changed it to yearly expansion packs. That was the plan anyways.

Over the years though, Blizzard has made a lot of changes to their public announcement process and they are much more careful about what they say now. But even then, they still make announcements or hints of upcoming features and services that never materialize. They lead us to believe something big is coming, so that we keep playing, but word their announcements so that they can be interpreted many different ways. (I've talked about this sort of thing in the past.. it's all about wording.)

You can also expect Blizzard to make regular changes to their forum system (ie, "clean up operations"), which is also extremely beneficial to their Reputation Management process. Whenever a new expansion pack comes out or there are forum changes, you can expect forum posts to be deleted. Typically, negative forum posts (ie, ones that cast Blizzard in a bad light) are removed right away - but not all moderators can catch them. So "starting fresh" on the forum system is more like deleting evidence (ie, the posts that weren't caught or promises and comments made no longer exist and cannot be linked to anymore) even though forum posts can easily be migrated over to new systems.

Class "Balancing" Acts

Ever notice that every class is given the opportunity to be overpowered for a month or two, and then it switches to another class? That might not be a coincidence or unintended. It's almost as if every class goes through a rotation, buffed intentionally, and then nerfed later on purpose (as though it was all planned all along.)

After 6 years, the classes still haven't been balanced properly even though they have been tested by millions of players world wide. The balance issues are just a very small finite number of permutations and variations in class gameplay compared to the variations in gear (and raid/NPC mechanics) which is balanced. I think this is just another game Blizzard plays, and I'm sure others believe it as well.

Sure, sometimes there are some unintentional bugs.. it happens. But the constant balancing act encourages players to switch classes, level them up, and then switch to another class. More time is spent playing the game, and therefore more revenue for Blizzard. Taking subscriptions numbers into account and game size, I've never encountered any other game or MMORPG that has gone through as many balancing acts as WoW. If I ever get a chance, I might look into this in more detail.. but right now, there are just too many coincidences in opposition of the claim that class balance is a result of unintended effects.

Realm Character Limitations

Everyone has always been restricted to 10 characters per realm. It's very easy to increase this limitation, as it's only a database entry and it applies no extra load on the servers. There's nothing keeping Blizzard from increasing this number.. who knows, maybe additional character slots will become a "Paid Service". But because of this restriction, once players are full they are forced to delete characters and start from scratch or create new characters on other realms and start from nothing.

I'm okay with a limitation of 50 total characters across all realms, but I sure would like to create a Worgen or Goblin on my two realms that are full. It's a very heavy investment of time to create a new character, level them up, and start collecting gold again from zero, but it's a way Blizzard can keep players addicted and busy wasting time. It's also a way for force players to purchase Race changes if they want to play the new races. Time-wasting activities (such as pets, achievements, and archaeology) are actually an indirect method of increasing revenue when you consider the domino effect.

Minor "Features"

These are the small tweaks here and there and increase the amount of time playing the game at the excuse of fixing "Lore" or improving the game-play experience.

For example,

- In Cataclysm, Blizzard will be removing portals so that travel time is increased (no changes to mount speeds however - how about a 400% mount that anyone can get?).
- Players will need to visit dungeons first before they can queue for them.
- Auction posts and cancellations now require confirmation (it does not prevent automated auctions at all.. that's why they're called "automated"), increasing the amount of time on AH dramatically.
- Blizzard always lowers the XP requirements before each expansion pack, and you can expect the same with Cataclysm. This is so that players can level more quickly to 70 or 80, are encouraged to level more characters, but they get "stuck" at 80 when they get hit with all of the time intensive activities that shouldn't be there.
- Big changes to racial traits (for other races) will occur after everyone gets used to Goblin/Worgens, encouraging them to swap characters again and spend more time playing.
- And don't get me started on the queue times for Battleground and Dungeons (that were originally promoted as time saving, but had the opposite effect.)

From The Dirty Tricks Dept.™ - How To Get a WoW Player Banned

Posted by Daeity On Monday, October 4, 2010

So.. this post is a little bit more in contrast (ie, evil) to the others that I've written.

But, I'd like people to be aware about just how easy it is to get a player banned, point out flaws in Blizzard's investigation process, and just how important it is to play nice and not piss off other players. In fact, these 2 methods alone have been tested and have worked for many years.. and there are even more advanced methods available.

If you're going to do this: please only reserve for your worst enemy. And they have to be completely terrible human beings too. So if someone is better at PVP than you or they consistently undercut your auctions, please just leave them be.. it might be me after all. =]

If it's a foul-mouthed brat though, go ahead and "give him the business" since it's probably not me (I'm actually very polite and helpful to players in-game.)

Blizzard Banning Policies

First thing I want to do is bring you up to speed on Blizzard's policies regarding suspensions and perma-bans.

Here are the links to their Terms of Use (TOU) and End User License Agreement (EULA).

Basically, they state:

- The game belongs to Blizzard. You're not the owner, just the guy renting the service from Blizzard.
- They can monitor you and your PC, you have no rights and no expectations of privacy.
- They can make any changes to the agreement whenever they want.
- Blizzard can do anything to your account, at any time for any reason or without any reason at all.
- If you look at a Blizzard employee sideways - you can get banned.
- If you question Blizzard on their forums (like this poor guy) - you can get banned.
- If you drink skim milk on a Sunday - you can get banned.
- Blizzard doesn't have to provide notice of any kind, you're on your own.

There are notices in big bold letters just so that you don't forget: "BLIZZARD MAY SUSPEND, TERMINATE, MODIFY, OR DELETE ACCOUNTS AT ANY TIME FOR ANY REASON OR FOR NO REASON, WITH OR WITHOUT NOTICE TO YOU."

Who Does Blizzard Typically Ban?

Blizzard will ban you even if they suspect cheating or exploitation. Investigations by Blizzard are very fast and limited in scope, so action is decisive even when there is no supporting evidence.

Blizzard typically bans players for hacking/botting, harassment/spam, buying/selling gold, and buying/selling characters.

Since you can't force a player to hack/bot and it's difficult to get them to harass other players (but not impossible for a talented troll who can get them to say something offensive), that leaves us with the "shady underground activities" such as gold buying and character selling.

The thing is, most players are guilty of something already.. so if they're investigated, Blizzard always finds something. These are all dangers that completely innocent players can face.

Preparation Steps

- An anonymous Gmail account. Gmail doesn't attach originator IP addresses to email headers, which is an extra level of security for you when you're emailing the "hacks@blizzard.com" address.
- Firefox with FoxyProxy installed. (Proxy redirect software to mask your IP address.)
- You'll need time (You need to research the mark.)
- You'll need gold (About 10k or 15k gold. The more the better and you can use my gold making strategies.. it'll take a couple weeks to hit 10k gold.)
- You'll need a wireless laptop and real money (One method involves purchasing a new WoW account.)

Consider the costs first before making your decision.. is it really worth it?

Note: The use of FoxyProxy is optional, it might be a little overkill but it's always a good idea to mask your IP address when researching information or accessing wowarmory.com. The "hacks" department, GMs and Support Personnel don't have access to that level of detail (ie, wowarmory IP access and logs), but you never know when you might come across an overzealous IT security manager.

If one were so inclined..

Technique #1: I'm New At Selling My Account

This one has about a 60-70% success rate, and just requires an investment of time.

First, investigate the mark - the most important information you should find out is if they have any alts on the same account. Check their guild (he might be in his own guild, and all members are alts), add them as a friend to track movement, check AH auctions to see if they have any alts selling similar items, check arena partners (might have alts as backups), make friends with them on your own alt, or even join their guild if you can (learn more about them from fellow guild members).

Wowarmory.com is also an extremely useful source of information. You can actually get away with this method just using information from Wowarmory.

You see, Blizzard has a team of employees who monitor common hacking/trading webpages like MMOWNED.COM and ELITEPVPERS.DE. They're looking for new exploits or hacks, and occasionally come across players selling or buying accounts.

You will need to sign up with a new account (on the account selling forum) and pretend to be a "noob" selling his WoW account. You'll want to sound innocent, and sound like you're trying to protect your account and privacy as much as possible. Throw in some spelling mistakes too.

For example,

"hi everyone. i'm new to this, but i'm getting really bored with wow and wanted to sell my accounts. i hear its hard to sell an entire account so ill prob just sell my characters one at a time. what's a good price for this character?

*Link to their WOWARMORY.COM account*

i've been running him through ICC a lot recently, and do a little pvp. I got a ton of gold selling flasks and elixirs though and my character has 450/450 herbing.

how does $100 sound? please email me at xxxx@xxxx.com for more information

i want to make this transaction as safe as possible since this is my first time. i have a list of rules that the buyer must follow and i intend to use paypal"


Don't overdo it too much though, but try to make the person sound as "new" as possible. You can even research posts made by other users (from character selling forums) to get an idea of what exactly to write. You want to make sure their wowarmory.com account is linked, and add their alts if you're CERTAIN they're linked to the same account (adding their alts as "friends" will confirm this for you.)

Be polite, stress the importance of SECURITY in selling your account (ie, you're new so you're very afraid of selling your account for the first time.)

You also want to "poke a stick" at Blizzard employees since they'll be reading it. The idea is to upset them. For example, "Blizzard employees are so fat and lazy and they're no help at all.. I just want to get out of this game." You can say something even worse if you want. Just keep in mind that personal ego plays a large decision-making part of banning a player.

This method actually works surprisingly well, it just depends if someone from Blizzard reads it or not. I know a group of users that have been doing this for YEARS successfully. I'm not sure how well it will work now, though, since Blizzard reads this blog. =]

Try selling the target's account on Elitepvpers.de, wait a couple weeks, if the account isn't banned yet, bump it to the top and post it on MMOWNED.COM. If there's still no account activity after 2 weeks, contact Blizzard's (hacks) email address and notify them that you know someone who is selling their account. Don't link to the elitepvpers.de or mmowned.com websites though, just give them the toon's name. If they search Google for the wowarmory link, it will likely redirect them to the forum webpages where they were trying to sell their account.

The idea is not to tell them too much, but rather have them come to their own conclusions through their own investigations.

Technique #2: Pleasure Doing Business With You, Mr. Gold Buyer

This one has a 90% success rate and requires an investment of time, money and a lot of gold.

Build up enough gold, until you have about 15k. The more the better.

Access an open/public wireless access point from your laptop (desktop with wireless card would work fine too) and create a new WoW account with fake information.

Launder gold through the Auction House so that you can get the 15k gold to your new account. (e.g. buy out items 50-100g at a time, or transfer items that they can resell for much higher values. My cross-faction guide for example can quickly net the new account several thousands per day by just selling rare and limited supply items & pets, without actually involving your original account. You want to separate yourself from your original account as much as possible.)

Take your time doing this, build up a ton of gold on the fake account.

Then, all you have to do is walk up to the mark with your fake account, open up a trade window, and just GIVE THEM 10,000G. You can log out immediately after handing over the gold, or if they whisper you just say "plz follow instructions of what we told u 2 do" and logout.

Then after they go offline, transfer another batch of gold (e.g. 5,000G) to their mailbox from another toon on the same account. Delete both characters (Level 1's) after you transfer the gold, and stop using the account for a while.

Plan ahead for when you know they'll be raiding or running dungeons (humans are creatures of habit), so that on the next day you email Blizzard and tell them that a "player named x on y realm was bragging on vent about how they just bought out a bunch of gold from some gold selling webpage". You can use their armory information to find out which dungeon/raid they were in (and during which days/times) to give further confidence to your story. For example, "this past saturday at around 2PM he said.."

Typically, they'll keep the gold and not report it.

The gold transfer alone will raise some red flags (they monitor that sort of thing), it's highly unusual, and if a third-party reports the "inappropriate behavior" to Blizzard it will give them the excuse they need to ban the account.

In Closing..

There are a lot of variations to these social engineering methods too (for example, ensuring that the mark will keep the gold and not report it by convincing them it's a prize or reward from the guild. Communications of the "prize" cannot be made in game though. Most players are very greedy though and they never report it.)

There's a bunch of other methods, but these are the easy ones that anyone can do. It's scary to think of how many players have been banned for not breaking the rules but rather for being obnoxious assholes. This is just karma support.