Curse

Xun Rama · Feb 23, 2009, 09:26 PM // 21:26

Quote:

Originally Posted by Zorgy

I asked a friend of mine who is studying SECURITY to try to hack me (he knows the tricks) HE WAS UNABLE TO DO IT & told me that I cannot be hacked.

With all due respect, your friend is an idiot. The only computers that "cannot be hacked" are ones without internet access (have never had, and never will have it), and even then, they can be hacked if someone has physical access (though, not a problem in this scenario).

I'm betting on keyloggers, myself. Texmod perhaps?

Zorgy · Feb 23, 2009, 09:45 PM // 21:45

"...With all due respect, your friend is an idiot..."

He is as idiot as you are lol.....I know & he knows that hackers have been able to hack the CIA or big companies sites

As far as I know those guys are not interested by me or you or any GW players. Do you understand?

Dont judge too quickly the people thank you.

Fril Estelin · Feb 23, 2009, 09:49 PM // 21:49

Quote:

Originally Posted by the_jos

But the really hard to detect ones are used for stealing bank and creditcard stuff, not online game stuff.

You'd be very surprised:
http://www.securityfocus.com/brief/762

Quote:

And a brute force can happen over days, if you have like 10.000 or more valid e-mail accounts and you scan all of them slowly you won't generate many time-outs on the accounts.

True but: 1) you'd have statistically very little credentials; 2) it couldn't explain more than 2 people being hacked at the same time.

Quote:

Next step is an compromised e-mail account. This one would apply if the account uses the same credentials as the actual login for GW.

See #2 above.

Quote:

The same thing could be true for a compromised database from a forum/fansite that didn't encrypt and salt the passwords. Storing MD5 hashes of passwords looks smart, but is vulnerable to dictionary attack.

Ok, I guess you're aware of the batches of MD5 collision done in the research litterature. Now, just so you know, experts are not expecting any real pratical progress before a few years, these were only theoretical attacks on MD5.

Quote:

Or brute-force them, but that could take a long time.

The guy who's going to do that will win bigger by being hired by the NSA, rather than exploiting his stolen data.

Quote:

Last but not least there is also the possibility that the entire story is not true.
We have to assume that the OP and others are speaking the truth in this matter but there is no way to verify that.

I'd assume something in the middle: some have been hacked, and some have not.

Quote:

Everyone is vulnerable to social engineering.

All human beings are in fact social engineers, but they don't realise it

.

Painbringer · Feb 23, 2009, 09:54 PM // 21:54

I guess word of warning to anyone that has been hacked. GW may not be the only thing at risk. Although the hackers 1st target is your GW they may be selling everything else. If you have other accounts I would be leery of accessing anything and maybe if you have accessed anything change the passwords form a different computer for the short term. (Bank, New egg, I-tunes, WOW, Tax programs etc…) They all could be at risk.

Manually update date your virus protection, and run full scan. Run full scan in safe mode as well. Run a couple different programs no virus software is 100%.

Manually document anything your software finds (anything) for future reference.

If you have pay for virus software get on there forums and post what’s going on and see if they will look at a hijack log. If not go to someone like Bleeping Computers / Major Geeks etc..

Keep in mind when you submit a log you can not change anything on your computer until after the log is reviewed.

Balkoth · Feb 23, 2009, 09:56 PM // 21:56

Quote:

Originally Posted by Xun Rama

I'm betting on keyloggers, myself. Texmod perhaps?

Yes! It was texmod, everyone who uses texmod got hacked.
Great observation.

Going from Painbringers point to prevent future attacks!

I want to know what we had in common, was it this site?
Or was the attack so wide spread as to conceal a point of orgin?

What did I do wrong I think is the question most people are asking.

Assuming its a trojan keylogger; which i believe it to be, passwords or other account information has no impact. So also under the assumption we are not using previously compromised systems(as one infection can lead to another) and all have adquate anti-virus, firewall, and secure browser settings(not IE, no-script etc) what was our point of entry?

I'm looking for constructive ideas here. I'll admit im not running a watertight system, but im looking for what hole I should stop up so I don't sink any more!

therangereminem · Feb 23, 2009, 10:06 PM // 22:06

i never been hacked but mu guildy got hacked thism morning, for those that got hacked the most important things

di dyou use auto login if not thats one reason why key loggers cant get your password if you stop typing it in , last year when this happen i thought maybe it had to do with xth, becuz its not a secure website, but was flamed but saying so , i also thought guru was to blame go flamed by it, but everyone i know that uses auto login never been hacked , when my guildy reformated his computer and stopped using it he got hacked

Xun Rama · Feb 23, 2009, 10:20 PM // 22:20

Quote:

Originally Posted by Zorgy

"...With all due respect, your friend is an idiot..."

He is as idiot as you are lol.....I know & he knows that hackers have been able to hack the CIA or big companies sites

As far as I know those guys are not interested by me or you or any GW players. Do you understand?

Dont judge too quickly the people thank you.

If you don't want to be judged by what you say, then don't come to a forum. We're speaking in English here. "Cannot be hacked" was a very clear message. "Would be hard to hack" would be another (more appropriate) message.

Quote:

Originally Posted by Balkoth

Yes! It was texmod, everyone who uses texmod got hacked.
Great observation.

I have texmod myself and have not been hacked. I'm thinking certain versions of it may be infected, as my texmod I've had for years. In any case, any 3rd party program in itself leaves a risk of being infected; so, it's not a horrible guess.

What else might Guild Wars players have in common?

Texmod is unlikely as someone most likely would not want to wait for months before using account information, just waiting for someone to find out that it happened and cause a panic.

If this is all recent, then it probably has to do with another vulnerability somewhere. The only real connection I see so far is that all of these people seem to both play Guild Wars and be members at Guild Wars Guru (I assume? Perhaps one not.) Though, the latter is improbable in the first place as some have mentioned that they do not use the same e-mail address on Guru as they do on Guild Wars.

I will assume most (if not all) also have XTH accounts, in which case that may also be another possible link; however, many probably do not have the same e-mail addresses for that either. But, we are overlooking something...

If someone gets into an XTH account, they then can go to Account Management and there they can see the Game Account Name (e.g. login e-mail for your Guild Wars account), and this could possibly have something to do with it, if XTH accounts are being compromised. It is an explanation I suppose.

Still, doubtable. How many of these people do we think may have the same password as they use for GW, but a different e-mail registered for XTH? Could that be the link? Who knows...

Just tossing stuff out there.

dr love · Feb 23, 2009, 10:21 PM // 22:21

the only strange things i've noticed lately were
2 msgs in my guru inbox to buy gold today
and on saturday there was some dirty lag in HA and alot of weird d/cs

maybe all these guys use the auto xunlai predictor? or they all live in a certain area? or they all have 'password' as their 'password'?

Jhadur · Feb 23, 2009, 11:03 PM // 23:03

I was hacked last year but they changed the PW on my game account to try to lock me out.

As I've got my main account linked to NCSoft site the only way they could have changed my PW is through the NCSoft site.

I mentioned this when I did my support ticket but support basically said that it must have been my fault.

Strange that they didn't touch either of my storage accounts (which I had accessed that day)that aren't linked to NCSoft if it was something at my end.

Lost over 6mill of items and cash including customised weapons.

Quote:

Originally Posted by therangereminem

but everyone i know that uses auto login never been hacked

I had been using auto login for about 5 months when I was hacked.

Whoever accessed my GW account MUST of had access to my NCSoft account.

Do any of the other people getting hacked have their accounts linked to NCSoft?

crazybanshee · Feb 23, 2009, 11:04 PM // 23:04

There must be some way to track down what everyone who got hacked has in common, but only if people are 100% truthful about what they have done or not done. For instance,

-I DID use the same email for my gw account and xunlai account (I though you had to?) And also for guru (it no longer is tho)
-I did not use textmod, or any other mod. I know some are legal or whatever, I just never bothered
- I did not have password as my password. I've worked in computers, and spent enough time yelling at people for this
- my password was not completely random, and only contained letters and numbers, so it's possible that someone could have intelligently guessed until they got it although I can't imagine why they would, they must have thought I was richer than I was lol

Does anyone remember a few weeks ago when guru was listed as a possible attack site on google? I don't remember seeing any info on that - and I'm not saying that guru was the culprit of anything, but does anyone know what the nature of that problem was?

It would be interesting to find out how many people got hacked who were not a member of guru.

illidan009 · Feb 23, 2009, 11:08 PM // 23:08

Changed my pw several times personally, but I hope I don't get hacked...
50 keys isnt TOO bad considering how much more you couldve lost (ie your GWAMM); still, GL recovering and protecting your account.

Gigashadow · Feb 23, 2009, 11:11 PM // 23:11

Most of the time it turns out that someone got hacked because they gave their account out to a "friend".

However, if that isn't the case, make sure you are browsing with Firefox and have Noscript installed. Late last year, I got keylogged in another MMO, and the virus scanner determined that it was from an Adobe Flash vulnerability -- the security bulletin for that vulnerability was only 2 days old at the time! Normally I browse with ads disabled (Adblock Plus), but I decided to allow ads to be shown on a particular site, to support it. It turned out to be a bad idea.

RedNova88 · Feb 23, 2009, 11:26 PM // 23:26

Quote:

Originally Posted by DreamWind

I got a nice chuckle out of that Anet response. They essentially said "deal with it dumbasses" but in a little more polite PR way. If I was a hacker I would be foaming at the mouth at the opportunity to hack a game whos creator blames it on the players.

Well get used to it, it's a pretty standard response no matter the MMO or company. If any RMT is involved it's likely that the account will never see the light of day again. I had a friend playing WoW lose his account a while ago, and he had to wait 6 months to get it back, and he was lucky to even get it back. On top of this, it was his second account, his first had gotten hacked and was never restored because they found "dirty" gold in his inventory. There are specific procedures that companies have to go through when this sort of stuff happens. If they don't ban the account it's possible that it will just get hacked again and used for RMT repeatedly.

It really worries me that RMT and hacking has escalated to such a level that it's unsafe to even browse normally anymore. I guess the internet is a war zone in it's own way.

I truly hope and pray that the recent hackings go down in number, it saddens me to no end that a game and it's people are so maliciously attacked. The saddest thing of all is that it's the communities fault for buying gold and participating in RMT in the first place.

Gigashadow · Feb 23, 2009, 11:44 PM // 23:44

You can prevent yourself from ever getting hacked in WoW by buying the Blizzard Authenticator keyfob for $7. It's well worth it. To log in, you must press the button on your keyfob and then enter the sequence of pseudo-random digits generated (these are individualized for each keyfob, and the server knows the sequence for each keyfob; and it changes every 20s-60s or so). I wonder if NCSoft is considering something like this.

Sir Skullcrasher · Feb 23, 2009, 11:54 PM // 23:54

Quote:

Originally Posted by Gigashadow

You can prevent yourself from ever getting hacked in WoW by buying the Blizzard Authenticator keyfob for $7. It's well worth it. To log in, you must press the button on your keyfob and then enter the sequence of pseudo-random digits generated (these are individualized for each keyfob, and the server knows the sequence for each keyfob; and it changes every 20s-60s or so). I wonder if NCSoft is considering something like this.

I used that authenticator too Giga. It's nice to know that your accounts is protected by dual password system instead of one!

As for NCSoft doing something similar, I don't know. It might be too late for them to implement it since they have to create new login system for the authenticator. But still, it's a great way to keep your accounts secure.

Xun Rama · Feb 23, 2009, 11:57 PM // 23:57

Quote:

Originally Posted by Gigashadow

You can prevent yourself from ever getting hacked in WoW by buying the Blizzard Authenticator keyfob for $7. It's well worth it. To log in, you must press the button on your keyfob and then enter the sequence of pseudo-random digits generated (these are individualized for each keyfob, and the server knows the sequence for each keyfob; and it changes every 20s-60s or so). I wonder if NCSoft is considering something like this.

I'd definitely get one if they did. But, I'm paranoid like that.

Winterclaw · Feb 24, 2009, 12:23 AM // 00:23

Quote:

Originally Posted by Painbringer

I guess word of warning to anyone that has been hacked. GW may not be the only thing at risk. Although the hackers 1st target is your GW they may be selling everything else. If you have other accounts I would be leery of accessing anything and maybe if you have accessed anything change the passwords form a different computer for the short term. (Bank, New egg, I-tunes, WOW, Tax programs etc…) They all could be at risk.

Sometimes hackers do it the other way, they hack other websites in order to get your account to sell the stuff in it for real money.

Kyosuki · Feb 24, 2009, 12:26 AM // 00:26

SHIT!

**logging in to see if I actually got hit**

EDIT: Didnt get hacked,but I didnt have any z-keys and only 2k to start with

Jensy · Feb 24, 2009, 12:48 AM // 00:48

Quote:

Originally Posted by Kyosuki

SHIT!

**logging in to see if I actually got hit**

EDIT: Didnt get hacked,but I didnt have any z-keys and only 2k to start with

O_o Where did you download the client from, btw?

Regina Buenaobra · Feb 24, 2009, 01:09 AM // 01:09

We’re currently investigating this specific series of incidents. The more data we are able to put together, the more information we’ll have to get to the bottom of this, so we would like to get in touch with the players who were affected. This request applies ONLY to players who were affected by this recent incident. Unless you match these criteria below, please go through the support ticketing system:

Your account was affected on February 22 or February 23.
You were able to login (your password was not changed).
You had gold and/or items removed, or items added to your account

It would really help the support team know the following details when you write:

The outpost your character was in when you logged in.
Whether any characters were deleted.
Exactly what was removed and/or what item(s) may have been deposited on the account by someone other than yourself in the last two days.

Any other details of note, no matter how small.

If you believe you were affected by the incident yesterday, please contact [email protected], and provide you real name, account name, and a telephone number (along with the time you could accept a call about this matter and your time zone). Please note that the earliest you can expect a phone call is tomorrow.

Thanks.

EIDT: Please do not give us your password in the email!