The most frightening thing about the whole affair wasn't the fact that we were robbed, but that we could've been betrayed by one of our own. Because the officers were in charge of cleaning and arranging the bank items, they pretty much had unlimited withdrawal capabilities. This turned out to be a mistake. Set your permissions very carefully so that users are unable to withdraw more than a few stacks at a time. One of our officers' characters was the culprit, and checking the Guild Bank log only showed the mysterious 'Unknown' to be the robber indicating that the thief must've transferred the guilty toon off the server.
Trying to check who the person was on WoW Armory's
Guild Bank log feature, I was shocked to find that the culprit was *gasp* me
. Well, not me but the Guild Master supposedly, although my name was certainly not 'null'. Alarmed at the potential brouhaha that could ensue, I quickly fired off a ticket to a GM who later dramatically arrived in a zeppelin (you know those types) and proceeded to tell me in not so many words that there was just nothing they could do about it. What was bugging me, really, was that I wanted to find out who did it. It was one of our officers, certainly, because they were the only ones with permission to take anything out of the bank. But the dilemma was that one of our officers had moved his toon off the server earlier that day (who could resist an invitation to raid BT as a Moonkin
?) and another one was no longer on the server without warning. The money was on the latter, who had made no announcement about his move.
The troubling thing was that this person was our friend. The officer and I had gone way back when Molten Core was still fashionable, and I couldn't bring myself to believe that the person who would ask me how my three-month old daughter was every time I logged on could do such a dastardly thing. So I needed to know. Reading the Help section, I found that restoration of items stolen from the bank is beyond a GM's capability. In short, you give permission to a person, then that person cannot be reprimanded or punished for taking what he has been allowed to take. Understanding this, all I really wanted to know was who
did it. I wanted to be sure. I wanted, more than the restoration of items, to know who it was that could do something like that. The GM's answer: sorry, we can't tell you. Wasn't I well within my rights to know who the person was? As the GM of the Guild that was just robbed blind, didn't I deserve to know who 'Unknown' was? Well, according to Blizzard, no.
The GM's sobering advice: "put stronger restrictions on who can and can't acces
(sic) your guild bank."
Well, thanks a lot. Putting restrictions now would be like closing the barn doors after the horse has run off. There was nothing to protect. Fortunately, we later found out that the officer in question had been hacked
. One of the more important things after being robbed is being assured that the robber wasn't your friend. Unfortunately, we're still waiting on the results of the investigation. It has been almost two weeks since the incident and there has been no word from either Blizzard nor our guildmate. We fear the worst.
No question, the hacker must've made a hefty profit from selling all the materials in our bank. A profit good enough to sell for a few hundred dollars, to be sure. This is why people simply must stop patronizing power levelers and gold selling outfits. The gold they sell, aside from being against the EULA that players agreed to before entering the game world, are often obtained through duplicitous means
. We were fortunate in the sense that it was a hacker who had done us in. I can imagine the horror if it were simply one of your trusted colleagues who decided to make a sweet profit -- with no repercussions.
A word of caution to all Guilds with a Guild Bank... remember to set your permissions carefully. If there's anyone in charge of rearranging the items in the bank, allow only that person access to do it. Even then, allow that person access for limited periods of time or limited stacks. If the person decides to take all your items, Blizzard believes that if the Guild agreed to give them permission to withdraw, there's pretty much nothing they can do about it. For all of Blizzard's hard line stance
against gold sellers and their methods, they don't punish asshats. Needless to say, be wary of keyloggers, always protect yourself. Of course, as much as you can restrict permissions with your members, there's nothing you can do if the Guild Master himself gets hacked. It makes me doubly glad that I play on a Mac