Curse

Erys Vasburg · Jan 02, 2010, 08:00 AM // 08:00

Quote:

Originally Posted by Regina Buenaobra

First of all, we have escalated this up to the NCsoft Security team, and they will investigate the issue.

There have been ongoing investigations on the hacking incidents for some time, and according to the data gathered, none of them appear to be directly or exclusively related to NCsoft Master Accounts. Some hacking victims have NCsoft Master Accounts, some don't. Data was recently reviewed, and about half are not NCsoft Master Account holders. Therefore the hysteria surrounding the idea that all hacks are coming through the NCsoft Master Account doesn't seem to be valid. However, this doesn't necessarily rule out that some hacks are coming through NCsoft Master Accounts. The information about this particular exploit is new to us, and we don't know what will happen as more people, due to this thread, learn about it and even try it. We're not brushing things under the rug, nor denying that there might be a problem. The Support team has not previously notified us of this issue as detailed in the OP. The first we have heard of this information, as detailed in this thread's original post, was brought to our (ArenaNet's) attention just recently (yesterday, according to Gaile), so it's incorrect to suggest that we've been covering it up for months. Please be assured that we are taking the concerns in this thread seriously, following up with NCsoft Security, and actively raising the issue with the Security team.

Thank you.

Quote:

Originally Posted by Regina Buenaobra

ArenaNet has been discussing the issues pointed out by players in this and other forum threads on the issue with NCsoft. Again, we take these concerns very seriously, and we're currently taking measures to address them on several levels, and we will continue to do so.

There is a change in one of the NCsoft Master Account processes that is being enacted, and we believe this change will help quite a lot in enforcing account security, and we're very grateful to the folks involved who've worked today to get those measures in place, on a holiday, and many of them away from home. They've taken our escalation of this issue very seriously, are listening, and are doing what they can do to proactively help, and to take your concerns on board and make improvements in very short order.

The security team continues to research and additional changes might be put in place. If you try to change your password on the NCsoft web site now, you will notice one of these changes: you will be required to input the old password to change it to a new one.

I would like to reiterate one point again, because people continue to ignore this fact: The account hacks are not likely related to the NCsoft Master Account security concerns. Roughly half of the hacked acounts do NOT have an NCsoft Master Account, and very few account thefts involved a password change at all. The hacker(s) knew the account credentials, and they did not access the hacked accounts through NCsoft Master Accounts. The hackers had a list of passwords, which they used to steal accounts.

Again, our NCsoft Security team is continuing to investigate this issue, and there might be additional changes forthcoming.

I am relieved that we do in fact have people on our side here! It is wonderful that you have helped us to push this issue through and get yet another much needed security feature implemented to help us protect our accounts. Hopefully NCSoft is working hard on fixing the bug that allows users access to other users' accounts, so our personal information will be as safe as our game accounts are soon to be.

I would like to pose some further questions related to this matter:

1. Why this issue is not being held responsible for 50% of reported account hacks. It was definitely a very big problem, that could very well have caused the loss of half of the accounts that were hacked. Why do you say it isn't likely this is the case? Even if the passwords weren't reset, it has been fairly common knowledge for a long time that bruteforcing or phishing NCSoft/GW accounts once you have the associated account name/email address is not a difficult task. If this issue was not at fault for that 50%, then... what was?

2. Where the list (or mystery list, as someone above very aptly put it) of passwords hackers are using for the other 50% is coming from. It's scary to think that hackers can obtain a list of such information without our knowledge through means other than keylogging.

3. Why ArenaNet was not informed of this issue by NCSoft when they found out about it, through Gaile (ArenaNet Support Liaison) or another medium. This issue has been public for months - shouldn't your publisher have warned you about it after GW accounts started being stolen?

Evil_Necro · Jan 02, 2010, 08:05 AM // 08:05

First of all, Happy belated New Years Everyone! Sad for the first time I opened this website on 2010 I received this news.

However, thanks to all who made this post, posted and interesting infos and finally Anet staff who still working on this issue despite the holiday.

Cheers to GW and 2010

PS: Hope my acc doesnt get stolen.. >_>

Inner Salbat · Jan 02, 2010, 08:58 AM // 08:58

Quote:

Originally Posted by Erys Vasburg

2. Where the list (or mystery list, as someone above very aptly put it) of passwords hackers are using for the other 50% is coming from. It's scary to think that hackers can obtain a list of such information without our knowledge through means other than keylogging.

We're never going to get a straight answer out of them over that one so lets have a stab at it shall I.

Quote:

3:] From reading the HTML for each page under the "secure.ncsoft.com" domain I found that the majority of the process functions are scripted in PERL but referencing Javascript multiple times for all sorts of verifying processes. This can easily be manipulated to a users intention.

The hacker injected code (manipulated the scripts Javascript/Perl) into doing something it shouldn't have done in this case send email/passwords or any other critical data to the hacker, presumably by email ( fake one no doubt about that ), so every time you logged into an account (NCMA) it would send that data to the hacker.

The hacker then used that data to log into the (NCMA) and change the password for Aion / Guild Wars accounts and pillage all that was available.

The problem is how long as this been going on? is this hack been in there since they gave away *free panes*, if so the hackers have been sitting on that data for a very long time waiting for the right time to attack and not being impatient and doing immediately.

The right time was when Aion was released so the hackers could gain a foot hold into Aion gold selling, and as a bonus they got guild wars along with the ride.

We must first ask ourselves the question of why?
As farming build after farming build gets nerfed the demand for gold goes up, the harder it is to farm the more people are being pushed into gold sellers, which give them more of a reason to hack accounts to satisfy the demand, because not everyone has 24 hours in a day to farm this was supposed to be a casual game and they've been trying to turn it into a WoW clone ever since EOTN.

So who is at fault with this cycle?
Gold seller?
Hacker?
The nerfing of farming builds?
The inaccessibility of rare items to some players, that they feel they need to buy gold?
Is it us demanding to higher price for rare items, driving the prices up forcing people to buy gold just to afford the item(s)?

There is some words that summarises the lot I feel, it's called GREED, JEALOUSY COVETING.

Lonesamurai · Jan 02, 2010, 10:20 AM // 10:20

Quote:

Originally Posted by Cacheelma

I knew Regnobra lies. I just want to call her out on what she said.

Ok, gonna weigh in here as I have never been lied to by either Martin, Regina or Gaile and ask what exactly we have been lied to about

(and misinformation about GW2 doesn't count)

Inner Salbat · Jan 02, 2010, 10:38 AM // 10:38

Quote:

Originally Posted by Lonesamurai

Ok, gonna weigh in here as I have never been lied to by either Martin, Regina or Gaile and ask what exactly we have been lied to about

(and misinformation about GW2 doesn't count)

Them blaming the community for weak passwords, sharing accounts, using the same password on 3rd party sites, presumably degrading there so called security, when if you look back a few posts an IT professional (outside of NCSoft / ArenaNet) on the Aion forum confirmed that there is security holes in the NCSoft site which have I presume always been there at least since october.

And no matter how much evidence we bring up they just won't accept some (not all) of the responsibility for this hideous invasion of our privacy (even IT professionals that I'll admit to some degree know more about it than I do, I just know how to understand there geek talk in some sense).

Riot Narita · Jan 02, 2010, 10:42 AM // 10:42

Require old password, before allowing you to set a new GW password.
This is VERY welcome. It was an obvious feature that should have been there from the start, it was conspicuous by its absence. But at least we finally have it.

People randomly accessing master accounts no longer get the keys to the (GW) kingdom.

I feel much safer now, but I hope that there is more to come.

GODh · Jan 02, 2010, 11:03 AM // 11:03

Sorry that i didnt read all 18 pages (it's sooo long), but are people who received the giveaway storage pane (4th anniversary) in danger too? Because i remember that i had to create something before i could receive it. Was that a NCsoft master Account?

Lycan Nibbler · Jan 02, 2010, 11:12 AM // 11:12

Quote:

Originally Posted by Edge Igneas

That websites been flawed from day one. Just look at all those people that forgot passwords to that website, because of the free storage pane rush. Then the horrible loading times on that bandwidth consuming excuse for a website. I wouldn't expect anything else, there has been no explanation into the massive hackings, and this is a pretty serious issue. I was never a fan of NCSoft, but Arenanet let me down too.

The communication regarding this has been so shallow. Something is just wrong.

This.. I remember issues coming up about NCSoft "security" on that site in previous years - cant believe this comes from a software company too.

On the side, Thanks to Gaile for spending the time and revisiting the issues on her page on New Years Day - too many answer something then wont look again.

Lonesamurai · Jan 02, 2010, 11:12 AM // 11:12

Quote:

Originally Posted by Inner Salbat

Them blaming the community for weak passwords, sharing accounts, using the same password on 3rd party sites, presumably degrading there so called security, when if you look back a few posts an IT professional (outside of NCSoft / ArenaNet) on the Aion forum confirmed that there is security holes in the NCSoft site which have I presume always been there at least since october.

And no matter how much evidence we bring up they just won't accept some (not all) of the responsibility for this hideous invasion of our privacy (even IT professionals that I'll admit to some degree know more about it than I do, I just know how to understand there geek talk in some sense).

ok, firstly those are standard security reasons and responses that even come from antivirus companies and companies like Microsoft

And exactly what responsibility do you want MARTIN, REGINA AND GAILE to take when this is an NCSoft issue, NOT ANET!

fenix · Jan 02, 2010, 11:18 AM // 11:18

Quote:

Originally Posted by Lonesamurai

ok, firstly those are standard security reasons and responses that even come from antivirus companies and companies like Microsoft

And exactly what responsibility do you want MARTIN, REGINA AND GAILE to take when this is an NCSoft issue, NOT ANET!

The issue is that they flat out blamed fansites and players, when clearly it's not our fault. It's an issue THEY could have done something about.

Lonesamurai · Jan 02, 2010, 11:24 AM // 11:24

Quote:

Originally Posted by fenix

The issue is that they flat out blamed fansites and players, when clearly it's not our fault. It's an issue THEY could have done something about.

But it IS in part fansites to blame! Partly for blowing it out of the proportion it has been blown to and also for not helping to make the fansite users follow basic security principles!

Hell, I would even blame myself if I got hacked for having my character name on my guru profile, which is a blatantly idiotic move that I'll be changing as soon as i finish this post, however, this is NOT an ANet issue and blaming ANet staff will not help the situation!

Especially as that blame is coming from fansite admins too!

DOCB22 · Jan 02, 2010, 11:26 AM // 11:26

We should all get a $25 GW store credit..

Aeronwen · Jan 02, 2010, 11:27 AM // 11:27

Quote:

Originally Posted by Regina Buenaobra

The Support team has not previously notified us of this issue as detailed in the OP. The first we have heard of this information, as detailed in this thread's original post, was brought to our (ArenaNet's) attention just recently .

Thankyou Erys

so we finally got the requirement to put in the old pw to change the new. Excellent

Quote:

Originally Posted by REDdelver

Through all the rough sea water......

Id like to extend apprectiation to the people who are supposed to be off the clock, relaxing, and/or just enjoying the holidays.....who are working hard on issues that need to be heading in the right direction.

Thank you to all who are involved. I'm not going to make assumptions that certain people arent doing anything to help the gaming community out.

Please pass along Miss Regina, that some of us appreciate the extra time spent.

Thanks

yep

fenix · Jan 02, 2010, 11:33 AM // 11:33

Quote:

Originally Posted by Lonesamurai

But it IS in part fansites to blame! Partly for blowing it out of the proportion it has been blown to and also for not helping to make the fansite users follow basic security principles!

Hell, I would even blame myself if I got hacked for having my character name on my guru profile, which is a blatantly idiotic move that I'll be changing as soon as i finish this post, however, this is NOT an ANet issue and blaming ANet staff will not help the situation!

Especially as that blame is coming from fansite admins too!

Re-read the thread. People aren't getting 'hacked' because character names were on Guru. Fansite users aren't lacking 'basic security principles'. You clearly didn't read a SINGLE post here.

Turbo Ginsu · Jan 02, 2010, 11:37 AM // 11:37

Yeah I agree with Aeronwen. +10 GG to Erys, good to see someone who was willing to take the time to gather evidence, compile it in a clear manner, then stick a blowtorch under the asses that needed it so badly.

Also a ty to aNet staffers for doing the right thing, rather than the easy, regardless of the fact that it could have been done sooner, done is better than not done.

Gun Pierson · Jan 02, 2010, 11:39 AM // 11:39

Quote:

Originally Posted by fenix

The issue is that they flat out blamed fansites and players, when clearly it's not our fault. It's an issue THEY could have done something about.

A good thing we had the mods here who closed every topic about an hacked account on the spot when one popped up. It helped covering up what was going on, although unwillingly. The fansites are also victim of NCSoft's RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GO up.

fenix · Jan 02, 2010, 11:42 AM // 11:42

Quote:

Originally Posted by Gun Pierson

A good thing we had the mods here who closed every topic about an hacked account on the spot when one popped up. It helped covering up what was going on, although unwillingly. The fansites are also victim of NCSoft's RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GO up.

Those threads were closed for two reasons.

1) We aren't Guild Wars Support. They deal with hacked accounts.
2) Every single thread ended up with trolling and flaming about internet security - which now clearly has no affect on whether you get hacked or not.

Inner Salbat · Jan 02, 2010, 11:42 AM // 11:42

Quote:

Originally Posted by Lonesamurai

ok, firstly those are standard security reasons and responses that even come from antivirus companies and companies like Microsoft

And exactly what responsibility do you want MARTIN, REGINA AND GAILE to take when this is an NCSoft issue, NOT ANET!

Those 3 can't take responsibility they have to say what there told too, the people that wrote the NCSoft website would do well to come out of the shadows and apologise publicly.

But with apologising in public there has to be some sort of redemption or it's just an empty apologising, I don't care if I never see my stuff I had again I really don't as long as, 1) no one else has to suffer this violation & 2) and others get there stuff back in some way.

We also need to know when these holes are fixed, it's no use continually changing passwords if there just getting the new ones.

Turbo Ginsu · Jan 02, 2010, 11:45 AM // 11:45

Unfortunately, due to the way liability laws work, a public apology is an admission of guilt, and something you'll almost never get from a Corp. Transparency, honesty and down to earth decency is generally something u only get with private operators...

zwei2stein · Jan 02, 2010, 11:47 AM // 11:47

Quote:

Originally Posted by Theocrat

Hrm. Where did they get that (and the matching list of accounts those passwords are paired with) from?

A forum.

username AND email to try to log against? check
password to try? check
character name? you bet!