account-hacking
Latest
WoW account hackers sentenced to 2 years in Chinese prison
We've all been affected by account theft in some way. Maybe your account has never been hacked, but I'd be willing to bet a guild mate or friend has had to deal with this annoyance. Blizzard has a pretty smooth system in place to fix these things for the account holders, but it doesn't stop it from being profitable for the hackers involved. They still get their gold in the end. Would you wish prison time on these people? Last week, a group of 10 Chinese men were sentenced to prison for stealing from a total of 11,500 World of Warcraft accounts. The leader of the group, Chen, purchased hacked WoW accounts for $1 each and emptied them, selling the resulting gold for an average of $3 per account. Eventually one of Chen's accomplices left to start his own hacking "studio" to flip WoW accounts with several employees. A series of complaints led to an investigation and subsequent trial where Chen was found guilty, fined $8,000, and sentenced to 2 years in prison. The others involved were fined $1,000 and sentenced to just under 2 years in prison. Their $10,800 in profits and computer equipment used was also confiscated by the authorities.
Botters, how do they work?
One of the things almost everyone in every corner of our World of Warcraft can agree upon is that we hate botters... with the possible exception of those that bot themselves. Being the inveterate forum watcher that I am, this forum thread caught my attention. Should World of Warcraft have a system built in to randomly confirm that people engaged in excessive gathering or other 'suspicious' activities are in fact not botting? Well, I hope not the one described, a kind of captcha that would pop up a window needed to be typed into with an answer. That would just ruin gameplay for me the first time I had that pop up. Similarly, I have to agree that hiring thousands of staff to simply monitor for bots wouldn't be time or cost effective. We live at a period in the game where the game has automated a great deal of its customer service, after all. What I really found interesting, however, was Takralus' takedown of a very old argument by players about Blizzard's stance on botting.
Guild Wars 2 fan site compromised, 11,000 game accounts affected
Ars Technica is reporting that 11,000 Guild Wars 2 accounts have been compromised after an attack on an unknown fan site. ArenaNet is emailing account holders who log in from new locations, and the company says that it received 8,500 hacking-related support requests last weekend and another 2,500-plus by Monday. The firm is also dishing out plenty of common sense advice, like "don't use the same email address and password for Guild Wars 2 that you've used for another game or web site."
Mortal Online hacked, Star Vault encourages users to verify accounts
If you've got an active Mortal Onlne account, you may want to think seriously about changing your password. A new post on the sandbox title's forum describes a security breach that led to the destruction of in-game assets and account status changes. The intrusion has since been contained, according to a Star Vault GM, and "additional security is in place." The company says that customer payment information was not affected, but users are encouraged to verify their account status and passwords anyway. As to the breach itself, details are understandably scarce, but Star Vault does say that a member of the GM staff had his account compromised and his details used to carry out the aforementioned mischief. [Thanks to slapshot1188 for the tip!]
SOE releases account authenticators
Sony Online Entertainment has joined the growing list of gaming companies that offer physical authenticators for protection against account hacking and associated fraud. EQ2Wire brings us the details on the new device, which at $9.95, is slightly more expensive than Blizzard's comparable Battle.net fob. SOE's authenticator may be used on multiple Station accounts, and for now at least, is shipping out sans handling charges (even for overseas orders). EQ2Wire also has a handy and detailed guide to the new authenticators from last month's Fan Faire, and the website notes that free iOS and Android security apps will be forthcoming at an as-yet unannounced date.
RIFT bringing out a new authentication service today - but not yet
Authenticators are one of the most popular forms of account security around, giving players an extra layer of defense against hackers and keyloggers. RIFT has been dealing steadily with account security issues since launch, so the upcoming authenticator service is no surprise to players. Using a digital authenticator service, players will very soon be able to use their Android mobile devices for authentication services -- but carefully note the "soon," as the service isn't yet ready for prime time. Currently, using the authenticator will prevent players from logging in, as the code for using said authentication isn't yet in place. A new launcher will be put into place for the game later today, allowing players with Android devices use of the authentication service. While the current release is only for the Android platform, code for the iOS is being finalized, meaning that iPhone and iPad users won't be left out in the cold. So if you're playing RIFT and want to have a little more random number to go with your login, you'll soon be able to do just that. (But not quite yet.) [Thanks to Puremallace for the tip!]
RIFT adds Coin Lock to improve security... probably
Getting your account stolen in an MMO is generally accepted to be about as much fun as having your car's engine fuse into a solid block of melted parts or getting bamboo slivers shoved under your fingernails. RIFT's newest patch, 1.02, includes a new feature designed to fight precisely that dreaded eventuality, with the new "Coin Lock" system restricting use of a character if the parent account logs in from a different location. While locked, the characters cannot access the auction or trade functions until the player verifies his or her identity. While the system is a great idea in theory, several players are reporting that the coin lock system is not working as intended, with supposedly "locked" characters remaining accessible and capable of using all features freely. There are also several threads devoted to claims that account hacks are still taking place, although as with any account security issue, culpability is difficult to determine. While RIFT's Coin Lock is an excellent idea, it remains to be seen whether it's actually accomplishing the stated goals. [Thanks to Simon for the tip!]
Codemasters unveils Lord of the Rings Online hacked account program
With great playerbase numbers comes great security responsibility. Wait, no. That's not the movie metaphor we're looking for. How about keep it secret, keep it safe! That's more like it, but unfortunately for some Lord of the Rings Online fans, the secret (and the safe) parts are being compromised as the free-to-play title sees a rise in hacked accounts to go along with its expanding user numbers. All hope is not lost, however, as Codemasters (LotRO's European publisher) has introduced a new Hacked Account Restart Program designed to assist victims and speed them back onto the road to Mordor. The program has a few prerequisites, among them player support eligibility and GM verification of the actual account owner. Claims must also be filed within seven days of the security breach, and reimbursement methods will vary at Codemasters' discretion. You can read the official announcement on the Codemasters website, and you'll also want to check out Customer Service Manager Sincilbanks' blog entry on the subject.
The Daily Grind: What would you do if your account were compromised?
There's no denying that MMORPG security issues are on the rise and have been for several years now. As more people flood into the MMO space, script kiddies and social engineers naturally have more targets. Account compromises aren't always the result of end-user ignorance either, as several of us know computer-savvy folks who've logged into their favorite game to find their characters stripped (or haven't been able to log in at all). Some game companies are fighting back, notably Blizzard with its World of Warcraft authenticators and NCsoft with its new Aion PIN system (which basically amounts to a second password). That said, ladies and gents, today's Daily Grind is more concerned with you. Specifically, what would you do (or have you done) if your account were compromised? Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!
The Lawbringer: Account security and you
Pop law abounds in The Lawbringer, your weekly dose of WoW, the law, video games and the MMO genre. Running parallel to the games we love and enjoy is a world full of rules, regulations, pitfalls and traps. How about you hang out with us as we discuss some of the more esoteric aspects of the games we love to play? New players will soon be streaming into World of Warcraft come Cataclysm time, as well as old friends and enemies returning from prolonged sojourns. With these new or old accounts becoming active again, as well as a demand for grey market services increasing with a growing player base, account security is going to be on the tip of everyone's tongue again. For good reason, too. World of Warcraft has had one of the most daunting burdens of any MMO to date in dealing with account security, account hacking and a legal nightmare overseas.
Adobe announces new Flash security vulnerability
On Sept. 13, Adobe Systems released a security advisory detailing a vulnerability in its Flash Player 10.1.82.76 for earlier versions of Windows, Mac, Linux and Solaris, and Adobe Flash Player 10.1.92.10 for Android. The vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and Unix and Adobe Acrobat 9.3.4 for earlier versions of Windows and Macintosh. The vulnerability allows remote attackers to cause a denial of service crash and execute a code to take control of your system by delivering this malicious code through a specially crafted PDF or Flash file. For WoW players, this can mean infection by keyloggers that could potentially steal your login information and compromise your account. Adobe Systems is working on a patch to stop this type of attack from being possible and plans to make it available the week of Sept. 27, with plans to update Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4 the week of Oct. 4.
The Daily Quest: Feeling safe and warm
Here at WoW.com, we're on a Daily Quest (which we try to do every day, honest) to bring you interesting, informative and entertaining WoW-related links from around the blogosphere. Is there a story out there we ought to link or a blog we should be following? Just leave us a comment and you may see it here tomorrow! Take a look at the links below, and be sure to check out our WoW Resources Guide for more WoW-related sites. For many realms, Ruby Sanctum is up and running, and Halion's being smacked around by countless guilds (check out our Halion guide to learn how your guild can smack him around, too). With Ruby Sanctum as the last raid before the release of Cataclysm, players are still looking forward to the Cataclysm beta. With the beta now up and running, players are subject to piles of false email and announcements from people trying to steal valuable account information. With all these scammers trying to worm their way into player's accounts, how about we take a visit to that ever-pertinent blogging topic, account security? Letters from Birdfall has some wise words about security programs and what you can do to avoid the dangers of keylogging. Slice and Dice talks about safeguarding your guild bank. Flame Shock talks about phishing emails, what to look for and how not to write them. Now that we're feeling a little more secure, let's visit Oddcraft and get warm and cozy with a statement from A Basic Campfire.
Real ID security concerns
Ever since the Real ID friend system was announced, players have voiced concerns about hackers and phishers exploiting this system. They're worried that hackers will move through a group of Real ID friends like a wildfire during a drought. While it is always good to have concerns about account security, sometimes paranoia is a bit too much. Yes, you do need your friend's email address to add them as a Real ID friend. However, that is the last time you'll ever see that email address in your game client -- once you hit the "Send Request" button, that's it. There is no way to look up that person's email address from the interface again. The only personal information in the client after that is your friend's name. Just remember that this system is meant for your real-life friends and family and not for some guy who was a good healer in your ICC PUG last week. If you don't know where to go to knock on the person's door if something happens to your account, then don't share your email address.
EVE Online devblog discusses account security
Every MMO suffers the horrors of gold spammers and EVE Online is no different. The RMT (Real Money Trading) industry is massive and EVE's developers CCP have waged a constant war against it in recent years. The PLEX initiative gave players a way to safely buy ISK for cash while at the same time helping players who couldn't afford their subscriptions pay with ISK. The result was a dramatic hit to the RMT market, who had to drop their prices to compete with a legitimate service replacing their own. As part of Operation Unholy Rage in August of last year, EVE GMs also banned over 6200 accounts belonging to farmers known to be supplying the RMT industry. The effect on the market was instant, with the population in farmed mission systems like Ingunn disappearing overnight. Almost immediately, the farmers reacted with a spate of account hackings to claw back some ISK.
Why Blizzard can't (and won't) sell gold
In any discussion concerning botting, farming, hacking, or gold-buying, someone inevitably makes the argument that Blizzard should cut out the middlemen and sell gold to players themselves. I wanted to use this article to explain why this would not necessarily be a good idea. We don't need to get into the legal situation, or examine why assigning a real-world price to in-game currency edges us closer to a world where in-game property can be taxed. All I have to do is tell you a story from the not-too-distant past that involves: Prices that would make Zimbabwe look like a model of inflationary restraint, and: What happens when money -- in this case, gold -- loses meaning.
Account Administration encouraged not to restore hacked characters
Please see the update to this original post. In a stunning revelation from a veteran account administrator at Blizzard, WoW.com has learned that account administrators are being encouraged by Blizzard managers not to restore people's characters and items after their account has been ransacked by gold sellers and keyloggers. Instead, account administrators are being told to give people a "care package" and get them to accept the package in lieu of total account restoration. If the player does not accept this care package, they are then forced to go into a character restoration queue that is consistently several days to weeks long. According to sources familiar with the situation, this "care package policy" has been implemented in order to lighten the work load of those Blizzard employees who perform account restorations. Similar policies have existed at other times account compromises have been high, such as during the transition from Vanilla WoW to The Burning Crusade. This care package being offered consists of the following:
Anti-Aliased: Hax0red
Today was a beautiful morning. It was a morning filled with sunshine, chirping birds, and a good night's rest. I was up writing late last night, so it was nice to sleep in a little before getting a start on the day. Yet, all cozy naps must come to an end, as I had to get up to man my computer, check my e-mail, and get a start on today's work.As I booted up Mozilla Thunderbird and looked over the e-mails that were floating in my inbox (yesterday's MAG comments, Star Wars Galaxies comments, and some new screenshots for D&D Online) I saw one that kinda stuck out. It was from Blizzard Entertainment Support, and it was a password change notification from Battle.net. At first I chuckled, thinking it was some type of spammer who was trying to get me to give up my password, but on looking through the letter, I noticed it was authentic Blizzard material.That's when my phone rang. It was one of my guildmate's numbers flashing on the screen. Those birds stopped chirping after that booming string of profanities escaped my mouth.
Gold farmers connected with $38 million money laundering bust
We've heard about gold farmers tangling with the law before, but this is pretty extreme from initial accounts we've turned up. So while a few of the details coming out of Korea are still a bit hazy, it seems a money laundering operation (working with gold farmers and MMO account thieves) was busted this week while trying to move $38 million between Korea and China. The Seoul Metropolitan Police Agency stated the operation was headed by a man named Jeong who, with a number of other individuals in Korea, was caught wiring the $38 million in illicit funds. Korean news site dongA reports: "Jeong and his ring reportedly sold the game money illegally produced in China using cheap labor and virus programs. They are believed to have taken a commission of three to five percent of the money traded to purchase game money."
EVE Online calls RMT evil
GM Grimmi of EVE Online comes out strong against RMT in an official post called 'Real money trading is bad, mkay?' In no uncertain terms, RMT activities are said to be linked to keyloggers, phishing sites, and hacking attempts, and lead to real-world illegal activities like fraud and theft. Grimmi then goes on to say that there is a service available to players who want more ISK that is not only legitimate, but also helps both the game economy and supports other players: the Secure ETC Trading system.From the post: 'When you buy an ETC and then sell it for ISK via the Secure ETC Trading System you are directly contributing to the growth of EVE as the code will be applied to an account and someone will be using it to play. Some players do not have the means to pay for their subscriptions with credit cards or similar and the Secure ETC Trading System helps them pay and play. The economics are quite different as well since wealth is redistributed between active members of the community rather than injected into the game.' This is a much more creative approach to fighting RMT activity than simple banning of accounts (though that happens as well). Bravo, EVE, slam evil!
