Guild Wars Forums - GW Guru
 
Forums Guild Wiki PvX Wiki
 

Go Back   Guild Wars Forums - GW Guru > The Inner Circle > The Riverside Inn
Reload this Page Hackers: What's Their Deal?
Register FAQ Calendar Mark Forums Read

Notices

Closed Thread
Page 1 of 3 1 23 >
 
Thread Tools Display Modes
Old Nov 19, 2009, 12:40 PM // 12:40   #1
Wilds Pathfinder
 
Fate Crusher's Avatar
 
Join Date: Sep 2006
Location: Pie-land
Guild: Warlords Of The Underworld [WoTU]
Profession: Mo/
Advertisement

Disable Ads
Default Hackers: What's Their Deal?
Just to prove that this isn't a QQ thread, i'll ask my question immediately:

How are these hackers getting away with it?

I've seen countless threads complaining about hackers infiltrating accounts for the past 4 years and despite everyone being so angry about it, i haven't read anything about justice being upheld by Anet.

My case is quite simple, I stopped GW (again) just before i left for university and now that i've gotten some free time, i logged straight on. My password has been the same since the beginning and i constantly check for keyloggers or anything on my laptop.
I'm not going to mention the amount of crap i lost because it's irrelevant. But the hacker didn't delete my characters and my non-FoW armours and left my customized weapons alone, so my titles are still intact. The hacker also left without changing my password.

So these guys just do a quick in and out job? it's amazing, because now thinking about it, they probably don't want to harm players that badly, so they can hack their accounts again and obtain more gold/crap.

I've sent e-mails to support stating the same things i'm posting here, i am not asking for my crap back, i'm just happy my titles are safe, i just want to know if anything can be done against these bastards. And it would be easy to check where the log ins came from because i was completely inactive between September 20th and November 16th.
Fate Crusher is offline  
Old Nov 19, 2009, 01:53 PM // 13:53   #2
Grotto Attendant
 
Arduin's Avatar
 
Join Date: May 2005
Location: The Netherlands
Guild: Limburgse Jagers [LJ]
Profession: R/
Default
I don't know if Anet has to means to track and hunt down those persons that are hacking accounts.

I suppose the hacker could be identified via the IP address he connects with, but with IP's being random or masked, I think it's a tough job finding them.

However, I'm no IT-genius, so maybe I'm all wrong.
Arduin is offline  
Old Nov 19, 2009, 02:23 PM // 14:23   #3
Krytan Explorer
 
Ninja Ninja's Avatar
 
Join Date: Dec 2006
Profession: W/
Default
People usually get hacked by giving out there own information so it really doesn't have anything to do with anet and the only time i hear about people getting keyloggers is from people who get textmod. It would be nice if anet would step up security in gw2 like make a second password or code to make deleting characters harder or maybe add an inactive switch so if your going to be away for a while no money or items can leave your account till you login and use you other code or password.
Ninja Ninja is offline  
Old Nov 19, 2009, 02:27 PM // 14:27   #4
Wilds Pathfinder
 
Hengis's Avatar
 
Join Date: Apr 2006
Location: London
Guild: Better Than Life (BTL)
Profession: R/
Default
It would seem that almost all of the recent account hacks have been carried out by RMT (Real Money Traders) rather than by other "real" players.

Quite simply, the RMTs hack an account and then pass the sellable items and gold to one of their hundreds of other accounts. I would suspect that they then pass it on through multiple other accounts/split it between multiple other accounts in quick succession in order to muddy the trail for ANet. They then sell anything sellable for quick gold, and then sell the gold for real money.

Mods: Please can this thread be added into the master list of hacked accounts in Inde's thread.
Hengis is offline  
Old Nov 19, 2009, 02:36 PM // 14:36   #5
Pre-Searing Cadet
 
Mikki's Avatar
 
Join Date: Sep 2007
Location: NYC
Guild: Testing Eternity
Profession: W/R
Default
Fate - I'm sure the message you got from support said something like - change your password regularly. Unfortunately, they're pretty much on target. As a general rule, if your password is a mix of upper and lower case, includes numbers, and looks like it's randomly generated, it's more difficult to crack. But let's be realistic - if you've kept the same password since you got your account, never changed it, and it's still the same - it's likely someone is going to hit your account.
My IT shop recommends passwords greater than 8 characters - 10 is better. Begin the PW with an Uppercase character, have numbers alternating with letters - both upper and lower case - and change your pw at least quarterly - so every 90 days or so. This should at least keep the slug who's already stolen your account at bay - or - accept that your account is compromised and live with it...

Mikki
Mikki is offline  
Old Nov 19, 2009, 02:37 PM // 14:37   #6
Wilds Pathfinder
 
Fate Crusher's Avatar
 
Join Date: Sep 2006
Location: Pie-land
Guild: Warlords Of The Underworld [WoTU]
Profession: Mo/
Default
Quote:
Originally Posted by Hengis Stone View Post
It would seem that almost all of the recent account hacks have been carried out by RMT (Real Money Traders) rather than by other "real" players.

Quite simply, the RMTs hack an account and then pass the sellable items and gold to one of their hundreds of other accounts. I would suspect that they then pass it on through multiple other accounts/split it between multiple other accounts in quick succession in order to muddy the trail for ANet. They then sell anything sellable for quick gold, and then sell the gold for real money.

Mods: Please can this thread be added into the master list of hacked accounts in Inde's thread.
Thanks for clearing that part of these RMTs. Yeah, i suspected they did the trading with my necro as her whole inventory was wiped clean and her stuff in my storage. Surprised they didn't salvage the Vabbi...

So as far as we know, Anet have a very hard time with these RMTs and with the help of hundreds of accounts, it's near enough impossible to get rid of the threat entirely?

There must be something flawed with their security, or they are yet to find out how the RMTs are accessing accounts. I know for a fact my password was completely safe and impossible for someone to guess A. my account name and B. my completely random password (random numbers and letters).

Quote:
Originally Posted by Mikki View Post
Fate - I'm sure the message you got from support said something like - change your password regularly. Unfortunately, they're pretty much on target. As a general rule, if your password is a mix of upper and lower case, includes numbers, and looks like it's randomly generated, it's more difficult to crack. But let's be realistic - if you've kept the same password since you got your account, never changed it, and it's still the same - it's likely someone is going to hit your account.
My IT shop recommends passwords greater than 8 characters - 10 is better. Begin the PW with an Uppercase character, have numbers alternating with letters - both upper and lower case - and change your pw at least quarterly - so every 90 days or so. This should at least keep the slug who's already stolen your account at bay - or - accept that your account is compromised and live with it...

Mikki
The question is how did they get a hold of my account name. Yes I may have been fallible for not changing my password for 4 years, but i can assure you it was 12 characters and it was a sequence of random numbers and letters that i found very easy to remember (because it has a rhythm lool).

Thanks for the advise but i don't want to detract from my original question, but you did make me think how they were able to even obtain my account name. I do not have an NCsoft account so these hackers are really pulling something out of the hat to get past the security Anet provide.
Last edited by Fate Crusher; Nov 19, 2009 at 02:49 PM // 14:49..
Fate Crusher is offline  
Old Nov 19, 2009, 02:38 PM // 14:38   #7
Pre-Searing Cadet
 
Mikki's Avatar
 
Join Date: Sep 2007
Location: NYC
Guild: Testing Eternity
Profession: W/R
Cool SO - have you changed your PW?
Fate - I'm sure the message you got from support said something like - change your password regularly. Unfortunately, they're pretty much on target. As a general rule, if your password is a mix of upper and lower case, includes numbers, and looks like it's randomly generated, it's more difficult to crack. But let's be realistic - if you've kept the same password since you got your account, never changed it, and it's still the same - it's likely someone is going to hit your account.
My IT shop recommends passwords greater than 8 characters - 10 is better. Begin the PW with an Uppercase character, have numbers alternating with letters - both upper and lower case - and change your pw at least quarterly - so every 90 days or so. This should at least keep the slug who's already stolen your account at bay - or - accept that your account is compromised and live with it...

Mikki
Mikki is offline  
Old Nov 19, 2009, 02:55 PM // 14:55   #8
Frost Gate Guardian
 
DBMan's Avatar
 
Join Date: Nov 2009
Guild: The Phoenix Dynasty [Tear]
Profession: R/
Default
Quote:
Originally Posted by Mikki View Post
Fate - I'm sure the message you got from support said something like - change your password regularly. Unfortunately, they're pretty much on target. As a general rule, if your password is a mix of upper and lower case, includes numbers, and looks like it's randomly generated, it's more difficult to crack. But let's be realistic - if you've kept the same password since you got your account, never changed it, and it's still the same - it's likely someone is going to hit your account.
My IT shop recommends passwords greater than 8 characters - 10 is better. Begin the PW with an Uppercase character, have numbers alternating with letters - both upper and lower case - and change your pw at least quarterly - so every 90 days or so. This should at least keep the slug who's already stolen your account at bay - or - accept that your account is compromised and live with it...

Mikki
Or..reset your password and use the random password they send you by mail and memorize it.
DBMan is offline  
Old Nov 19, 2009, 03:12 PM // 15:12   #9
Krytan Explorer
 
Ninja Ninja's Avatar
 
Join Date: Dec 2006
Profession: W/
Default
Quote:
Originally Posted by Fate Crusher View Post
The question is how did they get a hold of my account name.
Your email is your account name.

Quote:
Originally Posted by Fate Crusher View Post
I do not have an NCsoft account so these hackers are really pulling something out of the hat to get past the security Anet provide.
I think that's a greater security risk because if they linked your account to an NCsoft account they could email themselves your password.
Ninja Ninja is offline  
Old Nov 19, 2009, 04:21 PM // 16:21   #10
are we there yet?
 
cosyfiep's Avatar
 
Join Date: Dec 2005
Location: in a land far far away
Guild: guild? I am supposed to have a guild?
Profession: Rt/
Default
the current 'hackers' are rmt ....that means all they want is gold to sell to other people, they dont care about your characters (unless you have a monk who they will use to bot for a bit).
why they remain at large---they use other peoples accounts, they dont buy their own (from what we have been told)...so its hard to pin them down.....also I would have to say, its pixels for the most part, and these guys are most likely in China where the internet laws are a bit different to prosecute. Even if they get caught-----not much will happen to them. (ban the ip, they get a new one, ban that, they get another and so on and so on).


The only thing we can do it make it harder for them to get our accounts and NEVER BUY GOLD!!!
__________________
where is the 'all you can eat' cookie bar?
cosyfiep is offline  
Old Nov 19, 2009, 05:26 PM // 17:26   #11
Grotto Attendant
 
Join Date: Apr 2007
Default
Quote:
Originally Posted by Fate Crusher View Post
There must be something flawed with their security,...
That is the emerging consensus...

Quote:
The question is how did they get a hold of my account name.
Thanks for the advise but i don't want to detract from my original question, but you did make me think how they were able to even obtain my account name. I do not have an NCsoft account so these hackers are really pulling something out of the hat to get past the security Anet provide.
This is the more interesting question. Up till now, the NCSoft website has been the prime suspect for the weak point in GW's security. But you don't have a NCSoft account.

So.... let's try out some possibilities here:
  • Who is the e-mail provider? Hotmail? gmail? MSN? Perhaps the mail provider was compromised.
  • Have you ever shared your login with another person? Perhaps they did it, or perhaps their computer was compromised.
  • Have you ever used the same e-mail to sign up for forums or anything else? For example, guru?
  • Do you use that e-mail address for general purpose e-mail? Does it get spam? Perhaps the RMT folks are buying e-mail lists from spammers.
  • Does that e-mail appear on the internet anywhere? Where?
  • Honestly, how secure is your computer?
    • Router/hardware firewall?
    • Software firewall? WHich one?
    • Antivirus? WHich one? Up to date?
    • Which browser? Extensions?
Chthon is offline  
Old Nov 19, 2009, 05:29 PM // 17:29   #12
Desert Nomad
 
N E D M's Avatar
 
Join Date: Sep 2006
Location: Officer's Club
Guild: Gameamp Guides [AMP]
Default
a-net has said a trading/auction site was comprimised.
maybe this one who knows
Why on earth don't they say which one, so people stop going there...
wtf are they doing
N E D M is offline  
Old Nov 19, 2009, 05:40 PM // 17:40   #13
Krytan Explorer
 
Konker2020's Avatar
 
Join Date: Jan 2009
Guild: Exiled Forcez [Ex]
Default
Quote:
Originally Posted by soul_of_misery View Post
People usually get hacked by giving out there own information so it really doesn't have anything to do with anet and the only time i hear about people getting keyloggers is from people who get textmod. It would be nice if anet would step up security in gw2 like make a second password or code to make deleting characters harder or maybe add an inactive switch so if your going to be away for a while no money or items can leave your account till you login and use you other code or password.
This is not true, myself and clan members/friends have been hacked and are very secure about our information and give it to no one, don't assume that everyone is unintelligent and are completely at fault for being hacked because that is not always the case.
Konker2020 is offline  
Old Nov 19, 2009, 06:21 PM // 18:21   #14
Jungle Guide
 
Kumu Honua's Avatar
 
Join Date: Feb 2008
Default
Quote:
Originally Posted by Konker2020 View Post
This is not true, myself and clan members/friends have been hacked and are very secure about our information and give it to no one, don't assume that everyone is unintelligent and are completely at fault for being hacked because that is not always the case.
99.99% of the time it is indeed the case. However to listen to people who have been hacked it would look to be 0%.

This is because anyone who is "Hacked" immediately is the beacon of security. Even if his entire guild knows his log in information. Even if his password is 1234. Even if he visits "Warez" sites. Even if he does a virus check and is loaded with them. He is the beacon of security if you will listen to him.

Even if you say that you and your clan members/friends are very secure, the likelihood that this is true approaches zero.

Can you be hacked by means other than your lapse in judgment? Sure. Just like you can be struck in the head by an air liner falling out of the sky. The chances of it are however abysmally low.
Kumu Honua is offline  
Old Nov 19, 2009, 06:36 PM // 18:36   #15
Wilds Pathfinder
 
Join Date: Aug 2007
Location: SATown~Tx
Guild: Guild Hopper!
Profession: R/
Default
it isnt hacking, its phishing.

Hacking is for making real life money, phishing is just to steal your stuff for use ingame.
majikmajikmajik is offline  
Old Nov 19, 2009, 07:25 PM // 19:25   #16
Desert Nomad
 
Join Date: Apr 2008
Default
Quote:
Originally Posted by majikmajikmajik View Post
it isnt hacking, its phishing.

Hacking is for making real life money, phishing is just to steal your stuff for use ingame.
that is not the difference between malicious hacking and phishing.
Rhamia Darigaz is offline  
Old Nov 19, 2009, 07:28 PM // 19:28   #17
Desert Nomad
 
subarucar's Avatar
 
Join Date: Jul 2006
Location: New Zealand
Guild: None
Default
Quote:
Originally Posted by majikmajikmajik View Post
it isnt hacking, its phishing.

Hacking is for making real life money, phishing is just to steal your stuff for use ingame.
If you even bothered to read this thread you would know that most of this apparent "Hacking" is done buy RMT's, therefore by your definition it is hacking rather than phishing, therefore you are wrong.

However, you definition seems to be incorrect. Phishers are after your money. If they aren't, then what are all these Nigerian lottery and fake bank e-mail scams. Those guys are not after some stuff to use, they are making real life money.

A hacker in this sense is someone who breaks into computers.
A phisher is someone who uses a fraudulent process to access important information.
Last edited by subarucar; Nov 19, 2009 at 07:32 PM // 19:32..
subarucar is offline  
Old Nov 19, 2009, 07:52 PM // 19:52   #18
Furnace Stoker
 
Dzjudz's Avatar
 
Join Date: Jun 2005
Guild: gwpvx.com/user:dzjudz
Default
Quote:
Originally Posted by N E D M View Post
a-net has said a trading/auction site was comprimised.
maybe this one who knows
Why on earth don't they say which one, so people stop going there...
wtf are they doing
It's probably this one, or Inde would've made a note saying "btw, Gaile isn't talking about this site" in the thread in question.
Dzjudz is offline  
Old Nov 19, 2009, 08:02 PM // 20:02   #19
Krytan Explorer
 
Konker2020's Avatar
 
Join Date: Jan 2009
Guild: Exiled Forcez [Ex]
Default
Quote:
Originally Posted by Kumu Honua View Post
99.99% of the time it is indeed the case. However to listen to people who have been hacked it would look to be 0%.

This is because anyone who is "Hacked" immediately is the beacon of security. Even if his entire guild knows his log in information. Even if his password is 1234. Even if he visits "Warez" sites. Even if he does a virus check and is loaded with them. He is the beacon of security if you will listen to him.

Even if you say that you and your clan members/friends are very secure, the likelihood that this is true approaches zero.

Can you be hacked by means other than your lapse in judgment? Sure. Just like you can be struck in the head by an air liner falling out of the sky. The chances of it are however abysmally low.
Ok, I understand what you are saying, yea you're probably right. And, although it's been said 1000 times over, I for one can say, I was legitimately hacked as I am extremely secure with my information. But the simple fact is that there has been a massive flux in reports of hacking recently. ANet has said that there have been security issues, it's just not possible for every single issue to have been the fault of the owner, yes, I know this falls under the 99.99%.
Konker2020 is offline  
Old Nov 19, 2009, 08:13 PM // 20:13   #20
Atra esternĂ­ ono thelduin
 
Eragon Zarroc's Avatar
 
Join Date: Jan 2008
Location: Madness Incarnate
Guild: [Duo]
Profession: W/P
Default
If we knew the answer to your question we would be doing a better job in preventing hackers >_<
Eragon Zarroc is offline  
Closed Thread
Page 1 of 3 1 23 >

Share This Forum!  
 
 
           

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:32 AM // 11:32.

Contact Us - Guild Wars Guru - Archive - Privacy Statement - Top

Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("