A month ago I would have said to someone who had their account hacked to update your anti-virus, check your firewall, download this, run that scan, etc etc, and I would have defended Anet's security and rode the "blame the ignorant user" bandwagon. But I came to the conclusion... Why should we (the customer) spend time and money to download/buy antiviruses, run lengthy scans, and learn how to use a outbound firewall, and spend a lot of time learning scattered and conflicting information about cybersecurity. I'm not saying that people shouldn't learn about internet security, but I think it's unreasonable to expect everyone to be well versed in cybersecurity to keep their account secure. Yeah there isn't any "vulnerabilities" inherent in the system that NCsoft and Anet uses... but their security practices are outdated compared to the industry average, and improved security practices could and would prevent a very large number of account hackings, saving the time of the support staff to concentrate on other matters like botting, cheating, misconduct etc.

:The NCsoft master account account allows anyone to change the game password without knowledge of the current game password. After the password change, the victim is only informed that the password has changed and to contact support immediately if they did not change the password. This makes it such that the attacker would only need the credentials for the NCsoft master account to steal your game account.

:Lets face it, tens millions of computers around the world are infected with some type of virus/worm/keylogger/malware/etc etc. No single antivirus solution is able to detect 100% of these threats, and there are many new variants that can’t be detected by any antivirus that lacks good heuristics. Even the industry leading behavioral engine can only detect up to 75% of new threats that isn’t contained in the virus definition file. On top of that, windows firewall is not very good at detecting unauthorized outbound connections that keyloggers use to send their payload to a remote server.
:There are certain things you can do to reduce the chance getting keylogged... When logging into NCMA allow the browser to remember the password, if you are using a private computer. This will allow logins without typing anything. Using a browser that allows the user to set a master password will add another layer of security since even if they keylogged the master password, they still can’t keylog the actual account credential. Also, again if you have a PRIVATE computer that ONLY you use you can use [[Command_line|command lines]] for character, password, and email such that you don’t need to type anything. Now this will open the computer up to remote attacks designed to steal credentials stored in short cuts, and browser profiles. Ones that steal credentials from short cuts are very rare... in fact I’ve never heard of such a thing. However, malware that steals browser profile files do exist, but no where as common as keyloggers, but that can be mitigated by using master passwords to protect the saved passwords, if the browser supports it.

:Character name. Now that “did” add one more level of security, however many people use their exact character names for forums and wiki user pages, while other people use variants of their in game name which can be easily matched by guessing. This made the “added” security meaningless for many people, while others forgot their ingame name because this system didn’t exist before when they quit the game. For hackers that don’t know the character name but knows the password and email, all the hacker would have to do is send a phishing email asking just for the character name. There are many ways to do this, for example, the phisher can say that” you have won a ingame prize for 15 ectos on a random NCsoft sweepstakes, please reply with your ingame name so that we can contact you in game to give you your prize.“ There are many variants to this and since they aren’t asking for the password, the victim is more likely to give away the character name. With the advent of the HOM calculator, people are more likely now to advertise their character name to show off their “stuff” despite the ability to use the in calculator link to hide the character name.

:This is actually a fairly common practice among most companies. For example, vulnerabilities on various Adobe software has been known for a long time. Details in many cases are never released, even if it is being actively exploited because in their view, “if” the details are released then the number of exploitations will dramatically increase. So many companies like Adobe take their time until they release a patch. Apple has been guilty of this as well with the knowledge that most viruses are built for windows systems, they have been laxed in closing vulnerabilities that many types of malware could exploit because those malware didn’t exist in the past. But with recent upsurge in MacOSX marketshare, viruses and exploits that target apple software are becoming more common and now they are taking a more proactive approach. Unlike Apple which are changing their philosophy, NCsoft and Anet hasn’t changed their philosophy and don’t believe in proactively closing possible vulnerabilities that are either obscure or rare in a timely manner. Communication of security issues should be relayed in-game automatically like the Aionsource security breach, the dangers of having common passwords for forums and game accounts, but that never happens.

:This has more to do with outdated security practices than anything else. Yes their system works just fine, and no successful theft of account credentials were obtained by breaking into the actual secure NCsoft or Anet servers. That’s because hackers don’t need to. Breaking into secure servers from an outside source is actually quite a rare occurrence. It is “MUCH” easier to fool an ignorant employee into opening an attachment containing a virus to steal information. For example, lets say hackers want to steal blueprints and schematic for a novel microprocessor. Now that data is securely stored in the main server safe and sound. But the head engineer works on it very often so he has a copy on his laptop and flash drive. The hackers, determined to steal the schematic obtains as much information as possible about the engineer to craft a personalized phishing email. The engineer clicks on the link in the email which took him to an attack site designed to exploit a flaw in his favorite web browser that allows driveby dowloads. The engineer unknowingly downloads a malware designed to steal that very data the hackers are wanting to get, while the engineer mistakingly thinks this is well crafted phishing attempt was a message from a love interest from a long time ago wanting to get together again. The above scenario occurs in the tech industry fairly often due to laxed net security policies or laxed enforcement of said policies and due to the value of the information for competitors and to nations that are playing catchup.
:Now value for value, guildwars accounts aren’t worth that much so phishing emails are generic, nondescript, and they are fairly easy to spot. However account theft via phishing, keylogging, trojans, hacking fansites, and other methods are the “ONLY” way hackers are stealing accounts. Hackers aren’t attacking the main gamer server. The average computer user and gamer is quite ignorant of what constitutes secure Internet practices, and Anet and NCsoft has been ineffective in educating the gamer community. Much like the engineer that specialized in semiconductor physics and assembly code, his knowledge of modern cybersecurity practices were outdated. I truly do not think that it is the sole responsibility of the gamers and clients to educate themselves to keep things secure. Much like a responsible IT department at a large corporations communicated clearly and effectively with every single employee, Anet and NCsoft should figure out how to communicate with every single active player via mass emails or ingame messages or anything. Modern IT now recognize the potential vulnerability an ignorant workforce poses, and I think Anet and NCsoft should recognize that too.

:This is not the NCsoft master account, it is the support page at NCsoft, here...http://help.ncsoft.com/cgi-bin/ncsof...acct_login.php. If you notice, there is no https on that site. When you log into the system the login name and password is sent through as plain text, which can be easily intercepted using password sniffers in the local area network. This becomes a problem when someone has the same login name and password as the NCMA for the NCsoft support system. An easy way to avoid this issue is to simply change your password such that it is different than the NCMA. Remember there are two different log in system for NCsoft... one for support, and the other for the master account. The one for support is not encrypted while the one for NCMA is. Also if you had communicated about account keys, the hacker can take these keys from the support logs associated with the account, leading to another way of stealing your account.

:Now most have heard that fourms are unsafe, don’t use the same password for everything etc etc... Why aren’t they safe? Well to start, most forums do not use SSL or any encryption techniques to encrypt the password as it gets sent for authorization. For example, Aionsource’s forum’s login and GWW/Gwiki/etc is sent via standard HTTP with no encryption. If someone on the network is using a man in the middle attack with a password sniffer, it can be easily extracted from the packet or packets containing the credentials. Guildwarsguru is a bit smarter. Their login is still unencrypted but the password is hashed via MD5 encryption. So if someone is using a password sniffer, they would get the MD5 hash for the password instead of plain text. While MD5 provides some security it is still quite easy to decrypt MD5 hashes.
:Now what the heck is a man in the middle attack? This is a problem with institutions that have very large networks. The most common source of these attacks occur in corporations, universities, and generally the attack must occur locally. The attacker would either poison an unprotected wireless router with fake ARP requests to spoof the attacker’s MAC address with the victims. Now this is a multi-step process but there are malicious tool kits available that automates this. Once its’s successfully spoofed, the router sends the information to the attacker’s computer, allowing the attacker to capture packets. On a wired connection, another thing an attacker can do is to plug in their computer to a monitoring port on network routers.
:Now there are ways to do with remotely, but is a lot more difficult. One would have to spread at bot-net that performs the same function as an attacker that captures passwords and poisons ARP requests automatically, as it sends captured passwords to a remote server. Also, same kinds of malware can be uploaded to major ISP’s and with knowledge of their internal network structure, they can capture any password that goes through that local ISP.
:So... this is why you don’t use the same passwords for everything.

:To put it simply, that would be quite difficult to do. The NCMA login system uses SSL encryption, and while SSL is not fool proof, it would take a very dedicated hacker to crack it... and only to crack one password. It’s just not efficient to harvest passwords in this manner. The guildwars log in at first glance seems unsecure. It uses an unencrypted HTTP connection though port 80. But the login credentials are obfuscated and uses an unknown encryption scheme. But the packets containing the credentials is only about 300 bytes so it wouldn’t be unreasonable to expect that a dedicated hacker can crack it... but again we run into the same efficiency problem. Like I said before, using a keylogger is much simpler than trying to crack the encryption.