W-Space Adventures: The Insidious Takedown

An interesting and well-written report, good job guys ! I also hope that this will help CCP speed up things about POS rewamp and Corp security.
Not surprised at all, Rover is a bonehead.
Nicely written. I've lived in 3 different WHs through 2 different corps. The majority of my EVE time has been in WHs. We've suffered corp theft in all three occasions. Sucks that a failure of "mechanic" has such a negative aspect on one of the brightest points of EVE.Hopefully CCP will fix this sooner rather than later.
As the guy that spearheaded the eviction of Insidious Design after their departure from Elysian Empire, I want to congratulate Hard Knocks on doing fine work. You have done fantastic work with style, and I am glad to see that Rover has yet to learn from any of his mistakes.On a side note, how much for his corpse? I wish to make a collection of them, and to date I've only got one.
You're the kind of guy who reads the entire text of the epic arc missions aren't you ?
but i hope you were told how to whipe your ass by yourself?
Do you not have to read any scientific publications while studying communication? Maybe the reason you guys never get any significant shit done is because you haven´t learned to evaluate the use of information by reading an abstract and instead waste your time on lurking through thousands of pages.
Sure we did. Generally I don't apply scientific publications to internet spaceship news sites though, nor to the media in general which I noted in my comment and what I classify a site like this to be like.Maybe the reason you guys never get any significant attention is because you never actually pay attention to what is said and skim everything you find.
First off you need to get your facts right. We don't even have forums, 4 people besides our director had that roll. And it must be all of Insidious fault that 4 corps disbanded Elysian at the same time. Just a bit biased I would say.
I don't suggest picking up things at random, although I've been known to do it. I chose to read this article because a) it is on a site I find entertaining, b) it is about Eve Online c) it is about wormhole space and d) I'm putting off cleaning up after the kids.Having made that decision, I choose to read it. If, when reading it, I find it to be something I have no interest in, such as mining in WH space, I will stop. However, the second paragraph states also clearly states what the article is about, a 40 billion isk theft and discussion on corp roles/POS'.It may not say what was taken, who took it or how it was done immediately, but is that is information you would like, I think, as do many other communication professionals, that you should invest the time to read all the information in the article or prevent from being mislead than you already are by a one sides and biased account.Also, if people's time is valuable they should consider alternative sources of information. There is more than enough ways to get information in a quick fashion, those that write something worth reading should be encouraged, particularly in an age of status updates and twitter feeds.
the following people have config starbase at the time of theft: Arkady Desean, Avery Winterfell, Ching DingDong (director), Chiquitica Kilmore, Dax Kaelon, Julia Sandbridge, Kusai Chan, Night Beagle, Old Won, Pederass Tocles, PTCLynx (director), SojournerRover (director), and The slash. That's not counting alts either. As for the forums, that was miss communication with the author and the spy.
You went on a rant about communication studies and the liability of media on a comment about an article dealing with pixelspaceships. I think you would apply anything to anything just to force your educated opinion down peoples´ throats.
forgot osldgoth too.
Ah, posts like this make me laugh and weep a the same time. Laugh because this is EVE at its best. Strategy, cunning, teamwork, balls, knowledge of the game mechanic. Congratulations for a great operation. Weep because I have lived in WH space for nearly 2 years and been director in 2 corps and as recruitment officer lived the paranoia of having accepted a thief who steals from my friends.
I hope Night Beagle get's elected to CSM8. With security as lax as this maybe I can sneak into CCP's offices and swipe some memorabilia.
Great write-up! My corp was fighting them earlier that day, and we had eyes watching their tower as the whole thing happened. Good times in w-space!Also, I don't want that corpse back, I don't know what they've done to/with it.
True enough. The amount of effort for the returned isk earned via theft with larger corps is typically much lower when you start getting into the disastrous levels. Most large corps have a dedicated logistics team, and rarely need to recruit members into that logistics group who haven't been around for a very long time.Combine this with the threshold you get to where there's just too many people on all the time to effectively steal from the corp, limits you to opportunists who steal and leave quickly, limiting loss, or devastating director-level attacks, which are often able to be spotted a mile away (period of inactivity or outright apathy, followed by a sudden renewed interest, but surprisingly late gameplay timeframes, etc)
Your story misses some bits:1. Your spy told ID that that C2 hole is in fact a trap made by HK for other corps. and posted a wormhole.es link to prove it.2. Your spy was in ID before they moved into that C2 so you could not have observed XL arrays, you knew from the beginning.Therefore I call your story half bullshit. You run a good theft, but the part about your spy op is from another movie.Also I agree with previous posters, you could use more structure in your text.
^ full of shit - with enough effort, you can compare ID loses in that C2 long be4 the acceptance of the "spy" that was burned. so nice try, move along.
While I love the narrative, that's a whole lot of words to say "I stole 32bil".
Wow, you made your own spread sheet. You rule!So no matter what you write it becomes fact?Where did you earn the respect to be able to have people believe a word you say?You are what you are (Love you lots) the character that is a corporation thief! No more, No less and there is no glory in being a thief.
lol - no, ID's own members filled out the 2nd sheet, so i would call that fact. unless they are mistaken on their own identities. But yes I'm a thief, i'm a dick, i'm whatever you wanna call me. the fact that you're here telling me what i am, so me the glory of being a thief =)

What This is About

EVE is a game full of surprises. Sometimes you scan into a C2, see the residents' x-large ship assembly arrays, and decide it could be fun to lure their capitals out for a gank and maybe a decent fight. Sometimes that corporation accepts your spies, and you gain access to their voice comms, forums, and chat channels. And sometimes, just sometimes, leadership gives one of those month-old spies a powerful role, and you decide it would be even more fun to steal everything they own in system, including those capitals, in one fell swoop. EVE is surprising like that.

This is a story about pilots who acted like they didn't need anyone else. It is a story about making many enemies and still failing to make recruitment and asset security a priority. It is a story about a heist of more than 40 billion ISK in assets, but more importantly, it’s a story about how the corporate role and POS systems in this game are broken and in need of desperate attention. Security in w-space is a joke. Even with the tightest security, a thief will almost always be able to gain access to enough ISK worth stealing. If security is lax, well, it leads to catastrophes like the one you'll read about below.

It's not like this in k-space, where personal hangars in stations keep most assets safe. The corporate role and POS systems hold w-space back, and serve to thoroughly erode the trust between pilots within the small communities scattered among the wormholes. My hope is that this cautionary tale will help push CCP toward fixing this sorry state of affairs in the coming development cycles.

A Little Background

Our target, Insidious Design, was a small corp, but they have a storied history with many of the other groups in the gateless unknown. That’s putting it charitably. There are competing accounts of what transpired, but as best I can piece together, the gist of the situation is that Insidious managed to piss off almost every corp with which they have shared an alliance during their time in wormholes. I apologize in advance if some of the finer details are inaccurate, since scattered forum posts are not easy to parse.

After leaving Talocan United and then reportedly being harassed by their former alliance, Insidious chose to call in Exhale. to help them evict a Talocan system. When the eviction attempt failed, they joined Elysian Empire, with existing members being Bite Me Inc. and Posthuman Society. Not content to anger just their former alliance mates in Talocan, they succeeded in alienating both Bite Me Inc. and Posthuman Society during their time together, and the three parted ways after only two months with the taste of bad blood fresh on their tongues.

When Insidious decided to claim a C5 system for themselves following this second falling out, Talocan exacted their revenge. Talocan, having watched and waited while Insidious was burning bridges in Elysian, realized that it would only be a matter of time until Insidious would be on their own again. Sure enough, once Insidious left Bite Me and Posthuman, Talocan made their move and burned Insidious' new home to the ground with the help of Transmission Lost. After the obligatory bitching and moaning about Talocan and TL being “bullies,” Insidious began the rebuilding process, setting up shop in a C2 system, where they resided until the weekend of February 23-24, 2013.

The Setup

The antagonist in this incident is Hard Knocks Inc., the corporation for which I fly. Weeks earlier, one of our scouts located the home system of Insidious Design. Knowing vaguely who they were, the history surrounding their corporation, and (most importantly) their track record of dispensing delicious tears, we decided to look for opportunities for shenanigans.

Based on the fact that they had a couple of x-large ship ship assembly arrays online, we realized that they were building capitals, and our intelligence specialist decided to dig a little deeper. He successfully planted a spy in their corp to fish for details on how many capitals they had, whether there were more on the way, and where they were stored. Another spy was seeded a short while later. The initial plan was to bait and otherwise encourage Insidious to bring these capitals out for defense and then gank them along with whatever subcaps came to help. A recording of their comms during the engagement would be the icing on the cake.

Displaying a troubling degree of sociopathic behavior, our intelligence specialist practically joined Insidious Design for real. He had a full complement of (cheap) ships in their system, went on PvE and PvP ops, talked on their comms, participated on their forums, and generally behaved like a solid recruit. For the weeks leading up to the heist, we didn't see much of him on our own comms, and the only real updates we received on his progress were through sporadic posts in a restricted area of our forums and in a super sekrit chat channel he runs.

In early February, an Indidious member, NightBeagle, announced his CSM8 campaign, which quickly devolved into a  of trolling, poking massive holes in his platform, and numerous rebuttals from SojournerRover and NightBeagle himself. Like I said, EVE is full of surprises.

Possibly the best part of the story is that our intelligence specialist wasn’t even trying to get roles. All he wanted was to set up his own tower, ostensibly to run reactions, but what he got was more than he dared hope for. SojournerRover could have simply flown over and set him up with a tower (as he should have done), but instead Rover handed out the starbase equipment configuration role, thus allowing our spy to do it himself. Apparently starbase equipment config is included in their “second-tier” roles package, and most longer-term members had that role.

For those who don't know, this particular role is extremely powerful when you live out of a POS. The role is unique in that it allows the member access to any and all towers, ship maintenance arrays, and corporate hangar arrays under the corporation's banner, without restrictions. The role gives the member full control over all towers, right down to the ability to unanchor the whole structure and scoop it up in a hauler. When your entire corporation lives out of only three towers, as Insidious did, giving this role out is the equivalent of entrusting the recipient with all corporate and private assets located in system.

You can imagine how astonished our spy felt as he realized the license for mischief he had just been granted along with that role, but he played it cool and set up his tower. Meanwhile, in Hard Knocks chat, he was sharing the news and doing a happy dance. With the click of a mouse, the operation had been unwittingly transformed from a small-time tear extraction mission into a devastating snatch and grab. Extraction plans were quickly drawn up, and we set the date on February 23 in the wee hours of the morning.

The Beginning of the End

On Saturday, February 23, around 08:00 EVE time, Hard Knocks pilots were waking up from their naps and getting in position two jumps out from the target's current exit system. We're a US- and Euro-heavy group, but so is Insidious, and we knew they would be least somewhat active at this time. If we were going to get everything, we would have to make this an alarm clock op.

Even at the extremely early hour, we had about 30 pilots with multiple accounts ready to go, and our spies had been actively monitoring Insidious' activity for hours. A handful of pilots from the US west coast and Australian time zones were still up and active, most of whom were gassing in their C4 static system. Others were just idling in their towers, and we didn't know if they were paying attention or not. I mentioned before that one of our spies had set up his own tower in system, but it was an Insidious tower. The plan was to unanchor it and then reanchor in Hard Knocks' name. Unfortunately, one of the more active Insidious members - The slash - was as paranoid as Insidious' leadership should have been. The slash saw that our spy was taking the existing tower down via his d-scanner, and this observation almost spelled the end of our scheme. A quick excuse was drummed up: our spy was merely upgrading his tower from a medium to a large. This explanation seemed to satisfy The slash, but we would have to wait until he logged off to reanchor the tower.

As the hours slogged by, and Insidious' pilot count dwindled, our pilots kept themselves occupied with the ship spinning counter and cracking jokes about each others' mothers (it's what we do best). By 13:00 EVE, the Insidious pilots were few, but they just wouldn't log off completely. We began to debate whether this would have to wait for the following day. A Transmission Lost fleet had put a premature end to Insidious' scheduled PvP the night before (thanks, spacebros!), but Insidious seemed to feel comfortable that the danger had passed and their pilots could engage in a bit of ISK making.

They say that necessity is the mother of invention and so it was that morning. Our spies recognized that by changing the towers and mods setting to 'corporate' security, they would maintain access unless a director managed to log in and change the setting back without getting podded out of system. As best we could tell, all directors were fast asleep, and based on previous observations, wouldn't be on for several hours. The decision was made to move in with full force after the servers came up after downtime. Just prior to downtime, we surreptitiously got a transport with a tower inside through the hisec exit while the main fleet waited one jump out on the gate.

The servers went down and then came back up less than thirty minutes later. We saw no Insidious logins and pretty much everyone on their side had left voice comms. It was on.

The Heist

Our fleet consisted of some cloaky T3s, tackle, eviction Orcas, and a lot of pods for grabbing the various and sundry ships to be found in their SMAs. As soon as our transport could get to the appropriate moon, we launched our first tower and began the slow process of anchoring and onlining it. Meanwhile, our spies set new passwords on Insidious towers, changed all permissions to be corporate access, and provided warpins at SMAs for our members to begin grabbing ships. Some initial logistics mistakes were made, and we lost an Arazu and a stealth bomber to POS guns during the setup period, but we soon got our shit together and began shuttling loot out through the hisec exit. 

Their capitals and Orcas were the first to be claimed. Once they had been fully secured and logged off, we moved on to T3 cruisers. We had gotten most of those by the time our tower came up, and at that point we began to bring the pilfered vessels to our own tower instead of out the hisec wormhole. This change increased our speed, and Orcas could now begin grabbing items from the CHAs to move to our own CHAs. Meanwhile, our spies in Insidious were dismantling the towers and getting them ready for removal. We were taking everything that wasn't nailed down, and then pulling the nails out of the things that were.

With the number of pilots running back and forth between towers, it only took us forty-five minutes to an hour before everything in the Insidious CHAs and SMAs was cleaned out. We moved to start collecting unanchored POS mods. Around 12:30 EVE we saw our first login – a Badger Mark II belonging to Julia Sandbridge. We weren't quite prepared for logins yet, and when she landed in the tower's forcefield we turned corp access off. As a result, she was thrown over a hundred kilometers out of the field, and we couldn't make the tackle. Thankfully, she warped directly to one of Insidious' corporate safe spots and one of our spies locked her down a short amount of time after she landed. We bubbled up with a Sabre and got the pod, preventing her from returning to system. Unfortunately, the fact that our spies were on the killmail also meant that our spies were indelibly marked as such.

Pro tip for other w-space groups: don't maintain corporate safe spots. They're a bad idea. Spies can make full use of them, as we did, and even regular scouts can figure out where they are given enough time in system. Just make your own personal safes, okay?

Since almost everything but the towers had already been unanchored, we decided to turn off the forcefields on the 'hostile' towers and began to keep an interdictor ready at each one. This setup would prevent them from bouncing off the field as they logged in and allow us to quickly bubble up for the ships and pods. A few of their POS mods were glitched and we couldn't get the ammo out. Plus, even with starbase fuel configuration our spies could not access all tabs, so we began to destroy what was still anchored with Insidious' own ships and capitals. We had a few more logins now and again, and each pilot was quickly dispatched by our security team in turn. We even managed to hold their CEO, SojournerRover, until we could use their own Moros to blap his Proteus...and his pod.

The jig was fully up at this point and our spies were exposed, but it was far too late. We continued to finish off the remaining POS mods and began to anchor 'bugzapper' towers under different corporations. For those unfamiliar with the concept, bugzapper towers can be created by onlining a tower but never entering a password. This tactic keeps the tower from creating a forcefield, yet still allows you to anchor and online mods. Pilots logging in will not bounce off the non-existent forcefield, but will instead be gunned down by the POS. Bubbles were, of course, anchored around the towers and hundreds of shuttles were spread out as well, to keep them from cloaking or running before the tower mods could lock them. Once these bugzappers were set up, any Insidious pilot who had logged off at a tower would be instantly set-upon, and we could focus on moving our ill-gotten goods to k-space. One of the towers is still active and preventing logins as of this writing.

The Aftermath

All told, we made off with just over 40B in loot, not including the three capital ships that can never leave that C2. Many of Insidious' members had everything they owned in those towers, and from what I understand their comms was a mix of incomprehension, sadness, anger, and vows of revenge. It almost made me feel a bit guilty, but then I remembered how much shit their leaders talked, and how superior they acted when they felt like they were secure in their wormhole fortress. They were proud of self-destructing ships when Talocan United and Transmission Lost were evicting them, when they still had ships to self-destruct. One of our spies was even threatened with bounty hunters and whatever else via private convo by a non-leadership member after the fact.

To be clear, we didn't target Insidious Design because some of their members - particularly their leadership - were loudmouthed and incompetent. That fact just made screwing them over that much easier. We were after some fun at first, and then the money later on, that's all. It was a surprising chain of events that culminated in the granting of powerful roles which created a perfect storm of opportunity. We took that opportunity for just about as much as it was worth.

Incidentally, there was a Transmission Lost-affiliate in system, keeping an eye on Insidious Design, and he eventually contacted us to get more of the story behind the heist he was observing. Be sure to check out his blog post to get an outsider's perspective. It's quite good.

It Doesn’t Have to Be Like This

Did Hard Knocks benefit from the broken corporate role and POS system? Of course. We realize, however, that there but for the grace of Bob go we. Many months ago we suffered a 30B loss of our own when an AFK director decided to drain the corp wallets, self-destruct a few capitals, and make off with dozens of T3 cruisers before being caught. We’ve suffered a corp theft on average once every three months, and sometimes a few in rapid succession. We don’t give out the starbase equipment configuration role readily, we do a much better job of segregating our members’ things, and we still get corp thefts all the same. They are usually on a much smaller scale, but it's a problem nonetheless.

It’s true that about half of Insidious Design’s members had the starbase equipment configuration role. This mistake was both big and fatal; that much is certain. The fact of the matter, however, is that if EVE had a more granular role system, or a way to have truly private asset storage in towers, Insidious would never have had this potential for catastrophe in the first place. The role for full control over all corporate towers should not be the only role that allows an individual to anchor one tower and perform basic configuration. This problem by itself should be solvable within a development cycle, and yet we’ve seen only passing interest by CCP toward addressing this major flaw in a reasonable amount of time. If we're to wait as much as a year or two for the full POS revamp, can we at least get some attention to POS security in the mean time?

I may be looking at this problem from the perspective of w-space, but it clearly affects groups in k-space as well. There is no good way for leadership to set up towers so that they can segregate blueprints, production materials, or whatever else they need. There’s no way at all to give someone the roles to perform manufacturing and research without also giving them the power to cancel all current jobs – and destroy all production materials in the process. There’s a helpful lockdown feature for expensive BPOs, but it’s useless for research or production in systems without a station. These are just a few of the issues stemming from the current systems.

I’m sure CCP and most readers here are familiar with these issues, and I cite the examples above to enlighten those who might not have had the "opportunity" to work with a tower. Shit is fucked up and it needs fixing, not only for w-space, but for anyone who owns or would like to own a POS in conjunction with their corpmates. We shouldn’t have to limit certain towers, modules, and work to a very select group of people we’ve known for years because we're afraid of what a new member could do with the outsized powers needed to delegate some of that work. Insidious Design is a perfect example of a group that got burned because they placed too much trust in their members in order to let them perform basic functions. CCP, help us stop destroying our communities with suspicion and a necessity-based, top-heavy 'circle of trust' structure within corporations.

Some Goodies

These are partial pics, with some items filtered out, some already sold, and others still to be gathered.








Finally: Cipreh, we've liberated your corpse from the hands of your enemies. It looks a bit battered, but you can contact us to arrange transfer.  :D


Straight outta J115405, I'm a wormhole resident and director in Hard Knocks Inc. When not writing about wormhole PvP and events in the greater w-space community, I enjoy jokes about Kazakhstan and the occasional glass of delicious tears.