We know customer support reps have a lot on their plates -- especially those responsible for answer the queries of 13-year-old Halo mavens protesting supposed hackers stealing all their kills -- but it looks like the
Xbox Live support staff is dropping the ball on this particular issue. Pro gamer Skyllus vBi, a member of pro gaming group Team vBi, was awarded some super-rare "Recon Armor" by Bungie staff a few months ago for his entertaining method of suicide depicted in a popular online video. Naturally, his account became an immediate target for hackers, and they didn't have much trouble swiping his info. Turns out there's a bit of a flaw in the phone support system that allows a hacker to use social engineering to sweet talk account details out of a customer support rep without much hassle. Skyllus has had this particular attack performed on his account three times so far, and is having a bear of a time working it out with Xbox Live support staff. Not only is his precious armor in jeopardy from attacks like this, but all the credit card info and other personal details stored on a Xbox Live / Windows Live account. Stir in some of the
login and account retrieval woes that many users have been experience of late and you've got a recipe for some much-needed intervention over in Redmond.
[Via
Joystiq; thanks to everyone who sent this in]
posted Dec 31st 2007 9:48AM
Wow. I'm worried. I hope this turns out okay. PLEASE keep us INFORMED!!!
this has been happening for the last year.
the "hacking" oh please, i figured engadget to be more savvy on issues like this, i even know how its done.
all you do is call up Xboxlive and say, hey my brother did this or that or some BS story. tell them you forgot all this other info to deal with the account you "lost". naturally, you will get people who wont give you any of the info to recover and account onto your xbox. but their is some who will hand over small bits of that info. so 2-5 dozen calls later you just might have a new Xbox account
yeah, engadget "hacking"? i thought you would understand fraud and lying better then these 12 year old kids.
@Jessy
Yes, the proper term would technically be "Pre-Texting" or "Social Engineering". However, technically, they is accessing a network (Xbox Live Customer Support) and performing a security bypass (exploiting the staff), to gain access to account information which can be used to steal identities, fraud, etc. etc. Which could easily be described as hacking.
When we posted the news on our forums he had "hacking" mentioned a few times, and as such, it has been labeled as that despite us later learning that he simply called Xbox Live and was given the account information.
What is sad and scary is that anyone can pull of this technique with Live Support, whereas at least technical hacking would require some knowledge/ability.
Would the old term "phreaking" be better??
is this something you just recently learned about? hey its fine, ive known about it for maybe 6months.
1 thing that is good about this, the publicity. maybe bungie/microsoft will change things so this will happen less.
anyway, i dont know the details but you can change your accounts name. seems like a shitty alternative, but hey look at the times we live in identity theft and credit card fraud are apparently rampant
phreaking? please, cap'n crunch would be ashamed if this is the level it has become where you make a phone toll-free call for something.
if you think im referring to the cereal guy, maybe google the name and term
@Izzy
More like phishing I think, or even confidence tricking...
As a long time Halo 2 player and having been involved with a variety of crowds at different times, the impression I got was that stealing accounts using social engineering wasn't the most common way. Phishing, thanks in part to the Windows Live ID account recovery system requiring only a GamerTag, password, and email, is a big issue. You can generally get people's email addresses simply by Googling their GamerTag. Many people use the same password everywhere, so if they get phished for anything, it often matches. I know a lot of people that used this method to steal accounts. Similarly, keylogging is also possible.
That's not to say "social engineering" isn't used at all. However, it's often used with already having a lot of info about the person. Between MySpace, Facebook, and various forums, it's easy for people to get enough info to the point where all they need is the answer to your password change "secret question." Even that can often be found, as many people and pros keep a blog with some tidbits of personal info that may be useful.
As a result, my suggestion is that if you're either: high ranked, well known, pro or semi-pro, or participating in Halo-based forums where you have the potential to piss people off, be extremely careful with your account info. Use an email address that you don't use for anything else and no one knows exists. Use a different password than what you've used elsewhere. Consider registering the account using information that is not your own, such as a family member or relative given that you have their permission.
I don't approve of account stealing or go out of my way to associate with the people who do it. But like a lot of people who played Halo 2 for a while, especially those who played competitively, you stumble across a lot of different people involved in a lot of different things. In fact, pretty much everything I just said could be picked up by listening to conversations and comments made in various MLG FFA games given you played a lot of FFA and played with tons of different people so long as you could get a game.
Anyways, it's good to know what's going on and I highly suggest taking my advice about protecting your account if you're in position where you're at risk.
@jessy
That's ironic because everyone I know in the phreaking and hacking community is ashamed of crunch.
I sat next to him for a bit at the last hope. Couldn't figure out how to use his cell phone. His friend/boy toy ("maybe google it..") had to show him how to use it.
I would agree there are times when it's worth arguing the put forth definition of hacked or hacking. You know, when it's blatant. When the news reports about the man who "hacked the cafe's wireless". When really all he did was connect to the open AP from his car as opposed to inside the cafe.
This, is not one of those occasions. Write the places that print stories like one above when you see them if it really bothers you.
Almost makes me want to cancel my XBox Live account.
I don't like the part about them being able to get my credit card and personal info.
When I read this before and it said his account was 'hacked' I didnt think that meant a customer service rep gave out his details....three times. That's unacceptable
Let's see, the score so far for XBox Live vs. the rest of the gaming community is.....
0 to 4? or maybe 5?
But seriously, these guys that are trying to steal his account info are complete jerks. Is it not possible to change his password to be a super long and completely random series of numbers, letters, sign language, and squirrel noises (Dilbert reference)?
Also, isn't it possible to change his account info so that the people at Bungie don't give any information to ANYONE? All it would take is a simple attached note saying, "Don't give anyone information on this account." It would suck if he ever lost his password, but it's gotta be a little more secure.
I like how its...
He may lose his super rare armor.
Oh, and credit card info and persona details...
But think of the armor!
You know you're getting old when you think credit card info is more important than Super Rare Armor
The hackers can take my credit card info and all my personal information for all I care;
But if one of them takes my Horse Armor, then there will be hell to pay...
Wheres The Feet?
Via Joystiq...your sister site that is for gaming...
Does Joystiq post Asus Eee PC news for its readers?
Crossover happens all the time at Weblogs (frankly, it's quite annoying if you read more than one blog here) but I just don't understand this one.
Whoopie.
Seriously you're playing fugging halo deathmatch or whatever, you're gonna go up to your opponent and look at him and hope he doesn't shoot you in the face?
This whole armor thing is gay.
Get over it. If this guy is so "famous" then Bungie can remove the armor on his hacked account and give him the armor on his new account.
It's called replay.
Deserves a link to the video of his suicide that earned him the armor:
http://www.metacafe.com/watch/1006850/worst_halo_suicide_ever_i_got_recon_armor_for_this/
Awesome. I wake up this morning to notice a new batch of readers and find it was posted on Engadget from Joystiq. Thanks so much guys for keeping this topic front and center. It really is the only way to expect much of a change from Microsoft. I've been astounded by the support from the Xbox Live community on the issue, and appreciate everything that people have been doing to help me and to help get MS to fix their customer support.
The life of a "Pro Gamer" must be tough.
The life of a "Pro Hater" must be tougher.
You'd be surprised. It takes hours of relentlessly trolling message boards and getting absolutely nothing accomplished at work.
Wow, how happy you must be to pay for such a secure service. Live is certainly superior to the free alternatives :)
Product vs. Service.
I will now take XBOX live of my list of 'Seven Things Microsoft Ever Did Right'
~ubuntu user
@ethana
7??? Help me I've run out of versions of Xbox (-Live) when I tried to compile your list...
Sorry about the double comment, but I forgot to say something:
Seriously, I feel with you, Skylus. Losing your account information and financial details must be horrible! I lost my Visa once, and lost the entire months wage. I really hope you make it through this with no financial consequences.
I say he probably deserves it. Most of these so called power players are very arrogant and have a shitty attitude against other players who don’t play at the same level. So this Skyllus, I bet that he really pissed someone off to get a punishment like this,, hehe. So this message better go to all you cocky asswipes on xboxlive. You better watch out!!
While I do agree that most "pro" gamer's these days exhibit poor and arrogant attitudes when playing with casual gamers, the team that he plays for is very well known for their professional attitudes and mannerisms. Trust me when I say "arrogance" this was not the case with Skyllus nor any member of vBi. They don't tolerate it.
did you read the article? he was assigned the armor because of his suicide not because he may/may not be an amazing player.
id expect that kind of blind judgment from an apple/ipod person not an xboxlive person... oh wait, i forgot it typically the same kind of people
im pretty sure you're the cocky one here who needs a lesson about sterotyping...
Sounds like someone's just bitter after getting destroyed in Halo by people that actually had teamwork and know what they're doing. I've seen so much pro bashing and people hating on people better than them in the time back when I still played Halo. It simply boils down to petty jealousy.
Wait a minute? There's a helpdesk for this crap? Losers.
yes yes there is help for when something that we pay for isnt working the way it should. so next time your computer stops working dont call the help desk because from what youve just said you dont have one for buying your computer. (and if you put it together your self) then dont call the individual components help desks cuz they dont exist either
It exists so people know how to pay for Xbox Live
It exists to people know how to pay for Xbox Live
well that was kind of the problem with halo 2 - alot of jerks cheated to get a cute colored number.. woo... half of those people were horrible at the game too... People talk trash to me just for having the security helmet and katana sword... and that's something everyone can get...
haha n3rd, you don’t the first thing about it. As hmangus said, players in vBi are ok and I believe him. I still stand by what i said about arrogant pro gamers.
DWells55, I’m not mad or jealous. I do play halo3 sometimes and I do get a major woopass from time to time. Why ruin the fun game like halo3 with petty jealousy. If you think about it, then it’s probably something you feel.
this is VERY shitty on microsofts part. i thought it was actually someone using a computer and hacking into someones account, but it just boils down to MS and crappy security. i'd be kinda sketchy about using my live account if i knew that security measures w/ MS were so lax.
This is what happens when you give some players rewards that others can't get.
Sure, and houses getting broken into is what happens when some people have things others want, too. Does NOT make it ok.
Skyllus, if you didn't deserve the armor for getting killed, you deserve it for your good humor in the face of people worldwide seeing this happen. Anyone hacking your account (or anyone else's) is a coward and deserves jail time to learn some perspective. And thanks for being open about this problem. Now, as a result of this, I'm going to go renew my account with a prepaid account card, and hopefully get my credit card number removed or suppressed.
Thanks for pointing us towards some interesting physics in Halo :p
@drakono thanks for linking up the video - LOL
Hey Skyllus,
I’m sorry if I offended you in anyway. Let me offer you one year free webhosting solution including some limited support. If you’re interested contact me at our IRC channel, #mafiabrotherz @quakenet.org IRC servers. You'll have to proof your identity. Good luck in the future.