the "hacking" oh please, i figured engadget to be more savvy on issues like this, i even know how its done.
all you do is call up Xboxlive and say, hey my brother did this or that or some BS story. tell them you forgot all this other info to deal with the account you "lost". naturally, you will get people who wont give you any of the info to recover and account onto your xbox. but their is some who will hand over small bits of that info. so 2-5 dozen calls later you just might have a new Xbox account
yeah, engadget "hacking"? i thought you would understand fraud and lying better then these 12 year old kids.
Yes, the proper term would technically be "Pre-Texting" or "Social Engineering". However, technically, they is accessing a network (Xbox Live Customer Support) and performing a security bypass (exploiting the staff), to gain access to account information which can be used to steal identities, fraud, etc. etc. Which could easily be described as hacking.
When we posted the news on our forums he had "hacking" mentioned a few times, and as such, it has been labeled as that despite us later learning that he simply called Xbox Live and was given the account information.
What is sad and scary is that anyone can pull of this technique with Live Support, whereas at least technical hacking would require some knowledge/ability.
is this something you just recently learned about? hey its fine, ive known about it for maybe 6months.
1 thing that is good about this, the publicity. maybe bungie/microsoft will change things so this will happen less.
anyway, i dont know the details but you can change your accounts name. seems like a shitty alternative, but hey look at the times we live in identity theft and credit card fraud are apparently rampant
As a long time Halo 2 player and having been involved with a variety of crowds at different times, the impression I got was that stealing accounts using social engineering wasn't the most common way. Phishing, thanks in part to the Windows Live ID account recovery system requiring only a GamerTag, password, and email, is a big issue. You can generally get people's email addresses simply by Googling their GamerTag. Many people use the same password everywhere, so if they get phished for anything, it often matches. I know a lot of people that used this method to steal accounts. Similarly, keylogging is also possible.
That's not to say "social engineering" isn't used at all. However, it's often used with already having a lot of info about the person. Between MySpace, Facebook, and various forums, it's easy for people to get enough info to the point where all they need is the answer to your password change "secret question." Even that can often be found, as many people and pros keep a blog with some tidbits of personal info that may be useful.
As a result, my suggestion is that if you're either: high ranked, well known, pro or semi-pro, or participating in Halo-based forums where you have the potential to piss people off, be extremely careful with your account info. Use an email address that you don't use for anything else and no one knows exists. Use a different password than what you've used elsewhere. Consider registering the account using information that is not your own, such as a family member or relative given that you have their permission.
I don't approve of account stealing or go out of my way to associate with the people who do it. But like a lot of people who played Halo 2 for a while, especially those who played competitively, you stumble across a lot of different people involved in a lot of different things. In fact, pretty much everything I just said could be picked up by listening to conversations and comments made in various MLG FFA games given you played a lot of FFA and played with tons of different people so long as you could get a game.
Anyways, it's good to know what's going on and I highly suggest taking my advice about protecting your account if you're in position where you're at risk.
@jessy That's ironic because everyone I know in the phreaking and hacking community is ashamed of crunch. I sat next to him for a bit at the last hope. Couldn't figure out how to use his cell phone. His friend/boy toy ("maybe google it..") had to show him how to use it. I would agree there are times when it's worth arguing the put forth definition of hacked or hacking. You know, when it's blatant. When the news reports about the man who "hacked the cafe's wireless". When really all he did was connect to the open AP from his car as opposed to inside the cafe. This, is not one of those occasions. Write the places that print stories like one above when you see them if it really bothers you.
Reader Comments (Page 1 of 1)
FThorn @ Dec 31st 2007 10:03AM
Wow. I'm worried. I hope this turns out okay. PLEASE keep us INFORMED!!!
jessy @ Dec 31st 2007 11:18AM
this has been happening for the last year.
the "hacking" oh please, i figured engadget to be more savvy on issues like this, i even know how its done.
all you do is call up Xboxlive and say, hey my brother did this or that or some BS story. tell them you forgot all this other info to deal with the account you "lost". naturally, you will get people who wont give you any of the info to recover and account onto your xbox. but their is some who will hand over small bits of that info. so 2-5 dozen calls later you just might have a new Xbox account
yeah, engadget "hacking"? i thought you would understand fraud and lying better then these 12 year old kids.
Skyllus vBi @ Dec 31st 2007 11:33AM
@Jessy
Yes, the proper term would technically be "Pre-Texting" or "Social Engineering". However, technically, they is accessing a network (Xbox Live Customer Support) and performing a security bypass (exploiting the staff), to gain access to account information which can be used to steal identities, fraud, etc. etc. Which could easily be described as hacking.
When we posted the news on our forums he had "hacking" mentioned a few times, and as such, it has been labeled as that despite us later learning that he simply called Xbox Live and was given the account information.
What is sad and scary is that anyone can pull of this technique with Live Support, whereas at least technical hacking would require some knowledge/ability.
Izzy @ Dec 31st 2007 12:50PM
Would the old term "phreaking" be better??
jessy @ Dec 31st 2007 12:59PM
is this something you just recently learned about? hey its fine, ive known about it for maybe 6months.
1 thing that is good about this, the publicity. maybe bungie/microsoft will change things so this will happen less.
anyway, i dont know the details but you can change your accounts name. seems like a shitty alternative, but hey look at the times we live in identity theft and credit card fraud are apparently rampant
jessy @ Dec 31st 2007 12:59PM
phreaking? please, cap'n crunch would be ashamed if this is the level it has become where you make a phone toll-free call for something.
if you think im referring to the cereal guy, maybe google the name and term
monstroy @ Dec 31st 2007 1:40PM
@Izzy
More like phishing I think, or even confidence tricking...
DWells55 @ Dec 31st 2007 2:01PM
As a long time Halo 2 player and having been involved with a variety of crowds at different times, the impression I got was that stealing accounts using social engineering wasn't the most common way. Phishing, thanks in part to the Windows Live ID account recovery system requiring only a GamerTag, password, and email, is a big issue. You can generally get people's email addresses simply by Googling their GamerTag. Many people use the same password everywhere, so if they get phished for anything, it often matches. I know a lot of people that used this method to steal accounts. Similarly, keylogging is also possible.
That's not to say "social engineering" isn't used at all. However, it's often used with already having a lot of info about the person. Between MySpace, Facebook, and various forums, it's easy for people to get enough info to the point where all they need is the answer to your password change "secret question." Even that can often be found, as many people and pros keep a blog with some tidbits of personal info that may be useful.
As a result, my suggestion is that if you're either: high ranked, well known, pro or semi-pro, or participating in Halo-based forums where you have the potential to piss people off, be extremely careful with your account info. Use an email address that you don't use for anything else and no one knows exists. Use a different password than what you've used elsewhere. Consider registering the account using information that is not your own, such as a family member or relative given that you have their permission.
I don't approve of account stealing or go out of my way to associate with the people who do it. But like a lot of people who played Halo 2 for a while, especially those who played competitively, you stumble across a lot of different people involved in a lot of different things. In fact, pretty much everything I just said could be picked up by listening to conversations and comments made in various MLG FFA games given you played a lot of FFA and played with tons of different people so long as you could get a game.
Anyways, it's good to know what's going on and I highly suggest taking my advice about protecting your account if you're in position where you're at risk.
tk @ Jan 9th 2008 2:47PM
@jessy
That's ironic because everyone I know in the phreaking and hacking community is ashamed of crunch.
I sat next to him for a bit at the last hope. Couldn't figure out how to use his cell phone. His friend/boy toy ("maybe google it..") had to show him how to use it.
I would agree there are times when it's worth arguing the put forth definition of hacked or hacking. You know, when it's blatant. When the news reports about the man who "hacked the cafe's wireless". When really all he did was connect to the open AP from his car as opposed to inside the cafe.
This, is not one of those occasions. Write the places that print stories like one above when you see them if it really bothers you.