Cat and mouse: How Bohemia bags cheaters in DayZ
Bohemia Interactive’s DayZ has been remarkably successful and helped jumpstart the game industry’s current fascination with survival games, but its also been plagued by cheaters. Today at GDC Europe, associate producer Eugen Harton described Bohemia’s efforts to crack down on cheating in the wake of an exploit plague.
"It’s a huge game of cat and mouse,” says Harton. “You’re basically trying to get ahead, and try to get those guys dead.”
After studying them intently for some time, Harton believes he has some lessons worth sharing with other developers trying to combat cheating. For example, Harton says cheaters typically cheat not to win, but to build their rep. It’s all about peer promotion (building “reps”), taking down enemies (destroying “reps”) and personal brand-building on channels like Twitter, YouTube and the like.
“I’ve seen some people streaming our game who are coordinating with cheaters to increase their view time,” says Harton. “They work with the cheaters behind the scenes.”
For many, cheating is a bona fide business
Most cheats are typically sold either via subscription or one-off purchases, says Harton, and they’re most often distributed through IM clients (Skype, ICQ, etc.), forums, and web portals.
“It’s amazing how much money you can make selling cheats,” exclaims Harton. Many cheat-sellers in Russia and other regions make their living selling game exploits. “Big guys sell cheats for major games on web portals, and they make big bucks,” says Harton. Cheats can cost anywhere from $1 to $500, says Harton, based on how reliable an exploit is, how powerful, and how rare.
You should know that many sellers take precautions since they make a full-time living selling cheats, and cheat sellers in regions like Russia require citizen ID, Skype calls, and social media account verification before they’ll sell someone a cheat.
Harton estimates that Bohemia has catalogued a library of 400 cheats in DayZ so far, with a total of 44,007 banned accounts to date. That means roughly 1.39 percent of all DayZ licenses have been banned, a small but significant number for the game in light of how critical a fair and equitable experience is to the success of a multiplayer open-world survival game.
“With the rise of survival games, where the game and the gameplay mechanic is based around permanent death…the gameplay experience really suffers when someone’s cheating,” says Harton. “Players die, they get frustrated, and they don’t want to play anymore.”
Conversely, cheaters who survive a ban still want to cheat; Bohemia has a real problem with repeat offenders, says Harton, as 76.11 percent of DayZ players who are banned for cheating come back after their ban and get caught cheating again.
“Cheaters would rather play than stop cheating,” says Harton. “For a game like ours, that means a lot…when you kill someone in-game it's a problem, because they lose all their progress.”
Best practices for tagging and bagging cheaters
To fight cheaters, Harton first recommends you focus on your terms of service — designing and revising them to ensure they protect your ideal game experience and then enforcing them with an iron fist.
While every studio has their own tricks for practically combating cheaters, Harton recommends a trick he thinks many developers overlook: disable running your game in Windows test mode.
“This is really interesting,” says Harton. “Disabling the test mode was one of the better choices we did during DayZ development, because unsigned drivers are really easy to use and get running.”
And to detect cheaters, Harton recommends building sensors for specific patterns because many cheat designers tend to fall into them.
“They’ll use the same certificates, they’ll use the same name strings in menus, they’ll use driver memory patterns you can detect,” says Harton.
You can also use the patterns in your own game as a baseline to detect cheaters. Consider employing what Harton calls “sanity checks” server-side: You know your game always works a certain way (bullets abide by certain rules and never flip 180 degrees in flight, for example) so you can design “sanity check” sensors to constantly monitor systems in your game and (hopefully) detect cheaters.
If you have community managers on your team, they can lend a hand by infiltrating hack provider sites and buddying up to cheat vendors.
Your community can also help by serving as “snitches” and quietly keeping you informed whenever they’re approached by cheat vendors, as well as using public reporting systems in your game (you do have a reporting system, right?) to flag cheaters.
Straight up fake-outs are also an important, viable strategy for slowing down cheaters. “Use client-side checks that are fake; make something up to create more work for the guys in the cheating community,” says Harton. “Make them really work for it.”
And sometimes you need to resort to trickery to draw out cheaters. Harton says that Bohemia often goes shopping for cheats to its own game, and that sometimes leads to some interesting situations when cheat vendors require things like citizen IDs.
“I had to hire a Russian snitch to actually provide a call for us,” says Barton. “But he got paid for it, and we ultimately got the hack.”
But amid all this talk of finding and bagging cheaters, Harton also cautions developers to be really careful about false positives — they will happen, and so he recommends you be prepared to address them with a well-trained, courteous customer support team and a variable ban system.
The most important lesson you can learn from Bohemia’s anti-cheat crusade? “Try not to make it personal,” says Harton. “I made that mistake before; I taunted the guys on Twitter and other channels, and they retaliated. They went on a revenge streak. Keep it professional.”