EN24 discord
sov map

How a single click can destroy trillions – What made it happen?

September 18, 2017

In my previous article, How a single click can destroy trillions, I talked about the recent coup/heist that Circle-Of-Two <CO2> was subjected to, and the damage it inflicted. If you haven’t read that article, you should consider doing so.

In this follow-up article, I would like to talk about some of the factors that make such a coup possible, and potential ways it could have been prevented. I would like to focus a little on the ways EVE Online limits options to rule alliances, and the vulnerabilities this system innately possesses. (note: I’m nowhere near a specialist on alliance management. Feel free to correct me if I’m wrong about something).

Let us take a look at the way the CO2 alliance had set up its space empire, and the influence it had. At the moment of the coup, the CO2 alliance consisted of around 4000 pilots spread across 75 corporations. These corporations were all lead by their individual leaders, the CEOs. The direction of the alliance was determined by gigX (the head of the alliance), with the support of a small group of subleaders from different corporations. This is a fairly normal setup in most large corporations and alliances. The CEO is considered the most important player who can control all functions related to alliance management. The subleaders serve as backup leadership, to take away some of the CEO’s workload, or take over when he isn’t available. In large alliances, these subleaders are almost a necessity, as the amount of work it takes to run a large alliance is quite sizable. This is especially so if the CEO wants the occasional night’s rest. Normally, these subleaders can be appointed to perform specific tasks. The accountant (who has access to all corporation wallets, assets and can pay bills), Communications Officer (can modify messages of the day, and com channels), Diplomat (who manages the contact lists and the standings towards other alliances) and plenty of others. This allows subleaders to influence specific fields of work that they have been allocated. If a subleader is a ‘jack of all trades’ and seems trustworthy enough, the CEO can assign them the Director role, which means the player receives pretty much all other roles. In practice, this means he becomes equal in power to the CEO, having access to all functions and assets. The only exception to this is the inability to allocate or remove the role of director.

In the case of CO2, there was a small group of these directors, including The Judge (the man behind the coup). When the coup was executed, he used his leadership roles to steal valuables and change ownership of citadels. This may make you wonder: why did nobody stop him? Well that has everything to do with the efficiency of management in EVE. In our real world every large project takes time. A house changing ownership takes weeks, money transfers a few minutes, and unloading cargo takes hours. Looking at a real coup it usually takes several days to occupy essential buildings, assets and media channels. While in EVE, robbing an alliance blind is a matter of a few quick financial transactions and then clicking and dragging stacks of assets to your personal hangar. They are hardly time-consuming actions. If any of the ‘subleaders’ would have been aware the heist was in progress, they would only have a few seconds/minutes for damage-control (safe assets that weren’t stolen yet). The only one who could have truly stop the process was gigX, with the power to remove The Judge’s director-role. But at the moment of the coup, he was asleep. This gave the thief the few moments of free reign he needed.

Another thing in favor of The Judge was the allocation of structures in CO2 space. In some alliances, individual corporations are allowed to deploy and manage their own citadels and stations. This allows them to freely run their business, independent of alliance leadership, resulting in an area of space where the structures are owned by dozens of different entities, all under the umbrella of the alliance. The problem of such a system is, that if one of these corporations ‘goes rogue’, the alliance could lose stations and citadels. Each individual corporation leader could compromise the safety of the entire region. To counteract this risk, the CO2 alliance gave the ownership of all structures to one corporation: the executor corp, SRBI Holding, which was owned by gigX himself. By doing this, the security of the space-stations didn’t rely on the whims of dozens of corporation CEOs, but on a small group of directors that where selected for the job. This system is effective, for the most part. However, the major problem lies on who/how the alliance leader places trust. The Judge had earned gigX’s trust after more than 5 years of co-operation and friendship. In hindsight, however, this trust was poorly placed. It was essential to the fact that he was able to abuse his power, without being reigned in. In the end, a misplaced sense of trustworthiness gave an ill-willed person access to everything he could dream of, allowing him to pull of one of the greatest heists in EVE’s history.

Of course, many other factors made this coup so effective, but we will not be looking at them in this article. Here are some items that crossed my mind.

There are not many ways to set up an alliance’s leadership in EVE. You could basically look at leaderships of alliances as a dictatorial system. There is a single almighty person, who controls all the power, and can make decisions as he pleases. The addition of alliance directors only serve as ‘additional almighties’ that are supposed to cooperate. But as current events show, there is nothing stopping them if they don’t wish to toe the line. In the real world, most countries have recognized that such a method of government isn’t desirable. Dividing the power is essential to keep the ruling class in check. Many of those governments added filters to keep the nation out of trouble. A congress, senate or similar institution has the simple function to make-up/aprove good plans and block the bad ones.  These systems make sure that a single nutjob’s bad ideas can’t do too much harm. Unfortunately, in EVE online there is no option to add such filters, never mind install a fully functional democracy. Of course a good chat among leaders can sort out some stuff, or a ‘straw poll’ among members can work as a referendum. I could add several pages about the hundreds of different ways real-life corporations and countries are run which would be better/safer than the current system in EVE. Given that CCP doesn’t give us any options to apply them, I feel talking about them would be a waste of time. In EVE we always end up with a single person being able to push the buttons, thus overriding any democratic decision-making.

With that in mind, I’ll speculate a little about some other methods to limit a single person’s power within an alliance in EVE. If a person chooses to ‘go bad’ it would be safer to control the amount of influence he/she has. The main risk-factor is in the director role. If an alliance CEO would only give each leader 1-2 functions, there would only be 1-2 leadership aspects at risk with any one leader. For example: if the Judge would only have had the accountant role, he would have been able to steal a trillion in ISK and assets, but wouldn’t have been able to transfer the citadels. That would still be a harsh loss, but not nearly as bad. The problem with this is obvious; if a leader has only 1-2 functions, there need to be more leaders appointed, who may not be available. additionally, more security treats are introduced as the pool of leaders with access increases.

In the CO2 heist, all valuables where located in a single citadel (the Keepstar in 68FT). The Judge could take control of this citadel, and by transferring the ownership this station he cut all pilots off from their assets. A high-impact move. With a little more investment of ISK and time, it would be possible to setup a group of citadels, which would allow splitting of ship-caches and inhabitants, thereby spreading risk. In order to keep these citadels safe, they would need to be controlled by multiple different people. If one of the responsible leaders rebelled, there would still be a few other citadels with a good supply of ships and pilots. As mentioned before, with this solution the amount of players that need to be trusted grows, which is itself a security risk.

Over a trillion in assets and ISK in a single place, accessible to multiple persons. Now that’s like throwing a steak in a dog-pen and telling them in a stern, command voice to “stay”. They may be the most loyal dogs in the world, but eventually one them will take a bite, and who can blame them when they do? On how many occasions would a director actually need access to such an amount of wealth. To me the obvious solution would be to lock some of that money away, for example in the CEO-wallet. If somebody is ill-willed, they would only be able to access the limited amount in the alliance’s wallet. With hard assets this is more difficult to achieve but is not impossible. This would have limited the theft to a certain extent.

As you’ve probably understood from my ranting above I cannot give you a real solution to protect an alliance from an ‘inside job’, I can only provide some ideas. The work of managing a large alliance is just too large for a single person. Work needs to be divided in order to manage, and the only basis for doing so is trust. As recent events show, trusting somebody doesn’t make them worthy of that trust. This makes it hard to choose who should receive power within an alliance. If many people are given a limited amount of power, there are a lot of smaller security risks. If a few people are given large amounts of power, the alliance is at risk of a major sabotage. Neither of which is preferable. More stable ways to divide power are simply not supported by the game – CCP, please consider this. With my limited insights, without CCP’s involvement I don’t see a reasonable solution to this conundrum.

Do you have any ideas about alliance security? How is your alliance setup? Leave a comment if you have a good idea. Maybe together we can find a better solution that could benefit us all.