Feb 24, 2009, 05:05 AM // 05:05
|
#141
|
Site Contributor
|
Balkoth, you are assuming all the other hacked accounts had trojans such as you. Some people have clearly stated in this thread that their virus scanners came up clean. You could have 2 coincidences that are happening together here.
|
|
|
Feb 24, 2009, 05:10 AM // 05:10
|
#142
|
Ascalonian Squire
Join Date: Apr 2005
Location: Amerika
Guild: [TofT]
|
Quote:
Originally Posted by Inde
Balkoth, you are assuming all the other hacked accounts had trojans such as you. People have clearly stated in this thread that their virus scanners came up clean. You could have 2 coincidences that are happening together here.
|
ok, true. But that would still leave a site in common amongst us that we had accounts on. Wheather that site had some bad banner, or lost its db. its something in common.
|
|
|
Feb 24, 2009, 05:13 AM // 05:13
|
#143
|
Wilds Pathfinder
Join Date: Aug 2005
Location: Los Angeles, California
Guild: Picnic Pioneers
Profession: E/
|
A few days ago, someone in GToB asked me to join their party and go into the Isle of the Nameless.
That person repeatedly disconnected+reconnected himself, asked me to use skills, and said he was "debugging" something and told me that it was related to the party window/formation.
Suspicious?
He said something like: [DEBUG] Searching for Agent ID 25 [DEBUG] Searching for Agent ID 26
I haven't noticed anything wrong with my account yet.
|
|
|
Feb 24, 2009, 05:52 AM // 05:52
|
#144
|
Forge Runner
Join Date: Feb 2006
Location: Belgium
Guild: PIMP
Profession: Mo/
|
There are two things going on:
- people received private messages on guru to buy gold, z-keys and ectos.
- accounts get hacked: hacker is mainly interested in gold, z-keys and ectos it seems.
This might be coincidence.
The hacker(s) might be following this thread too.
Last edited by Gun Pierson; Feb 24, 2009 at 05:54 AM // 05:54..
|
|
|
Feb 24, 2009, 06:00 AM // 06:00
|
#145
|
Site Contributor
|
We have seen screenshots of emails being sent out trying to phish for account information, we have Regina reporting GW2 beta scam websites and youtube videos to get account information, we have Gaile Gray telling us the number of RMT's scamming and stealing accounts, we have people downloading 3rd party programs, we have people who buy GW gold, we have people who admit to not having secure passwords and somehow all of that is ignored in order to try to prove a connection. Maybe that's harsh, and while I do agree something is going on you have to step back and take in the big picture versus grasping.
|
|
|
Feb 24, 2009, 06:21 AM // 06:21
|
#146
|
Krytan Explorer
Join Date: Mar 2008
Location: South Texas
Guild: Paper St Fight Club [Soap]
Profession: Mo/
|
Quote:
Originally Posted by Wubbies
again..why is this anets responsibility? it's not anets fault you traded with someone and got taken to the cleaners. So basically if anet "cared" they would "protect customers"? how can anet protect against stupidity or people that understand about the trade window. How can anet make this any simpler? if they made it idiot proof and someone got taken through trade that person would say its anets fault why?
If anet was to keep us "happy" then they should do whatever we want then to do or i will not buy gw2. Get over it. again what happened to you was your fault not anets. ironically if you had 2 million worth of gold and stuff you would have to play the game along time to get that amount of money and not know how to use the trade window? either u full of shit or not very smart ..maybe both. no wonder why gw2 takes forever to come out with all these people QQ to anet about problems "They Have To Solve" becasue of player stupidity cause if you dont fix it i wont buy gw2. Bunch of babies.
|
You obviously either don't understand the situation or are not willing to listen.
I logged out...30 minutes later I logged back in to find my main account in GTOB not in TOA where I left her (doing vanquishing in that area so I'm 100% sure that's where i left myself)...I checked storage...They STOLE...theft...stealing... took my stuff (got it? ok just making sure)...330+ectos...100k....q9 VS...everlasting tonic...2 zkeys...maybe something else This was done by the hacker logging in as me and trading my items to his account in place of a Grail of Might (which I never use)... So if you bothered to read any of these posts you would find the same thing happened....we are all very protective of our passwords, accounts, names, whatever...logged in in GTOB and found things missing, so please read the posts first before you QQ our QQ...kthxbai
|
|
|
Feb 24, 2009, 06:31 AM // 06:31
|
#147
|
Forge Runner
Join Date: Feb 2006
Location: Belgium
Guild: PIMP
Profession: Mo/
|
@ Inde: Ofcourse, the chance would be very small.
Changed my mail here as it was linked to my account, replaced it with a new email address, does the old still stay in your list?
Anyway they can prolly track him down fast.
Last edited by Gun Pierson; Feb 24, 2009 at 06:33 AM // 06:33..
|
|
|
Feb 24, 2009, 06:32 AM // 06:32
|
#148
|
Site Contributor
|
Nope, you change it, it changes it in the db.
|
|
|
Feb 24, 2009, 06:35 AM // 06:35
|
#149
|
Forge Runner
Join Date: Feb 2006
Location: Belgium
Guild: PIMP
Profession: Mo/
|
Ok thanks for the info!
|
|
|
Feb 24, 2009, 07:04 AM // 07:04
|
#150
|
Guest
|
not that it really matters...and I didn't screen shot it.
sometime around the new FF release 3.0.6 (of course I use no script/adblock plus/adblock filtersetG.updater) I think the release was around & about the last holiday event. anywho... and this has NEVER happened to me with this site...
I was getting a nice pop-up via FF stating this was an attack site. never happened before, and somehow it just magically went away. I never messed with a single setting.
-----------------------------
my GW.exe
http://www.virustotal.com/analisis/4...7871121892faba
|
|
|
Feb 24, 2009, 07:43 AM // 07:43
|
#151
|
Forge Runner
Join Date: Sep 2006
Location: AZ
|
Quote:
Originally Posted by Adult
I had about 2 mil worth of items, gold, ectos, tonics looted yesterday and a grail of might traded to me for it. The fact that someone is trading items to us for our items tells me a few things... it tells me that blank trades where someone trades stuff for nothing pops up on some "radar" at anet so they can track gold sellers/buyers and the such...So this also tells me that if blank trades are monitored then all trades are or can be monitored, so my conclusion is that if we are able to give a specific enough window of time then anet can track down who "i" traded to and what items were traded. End result, if someone at anet actually cared enough we could get all our stuff back and the other persons account could get banned, perhaps all accounts tracked form their originating IP could be banned as well, but that might be a bit much to ask.
|
This is what should happen - anet made the big announcement about tracking down all the duped armbraces from before (I dont believe they did, but thats another story), so IF they could track those things, then they could track these trades - there will be a common element at the end of these trails.
Unfortunately, we get what we pay for.. no monthly fee = little to no in game monitoring of what actually happens.
|
|
|
Feb 24, 2009, 07:54 AM // 07:54
|
#152
|
Forge Runner
Join Date: Sep 2006
Location: AZ
|
Originally Posted by Jhadur
Do any of the other people getting hacked have their accounts linked to NCSoft?
Quote:
Originally Posted by Coney
From what I've read so far, this is a blaring coincidence (until shot down!).
|
Was it not the NC Soft site that was attacked one time previously when people who had linked their accounts there were the ones attacked??
Good luck to the guys who got attacked anyway, I hope anet gets to the bottom of this and finds some way to reverse the trades.
|
|
|
Feb 24, 2009, 09:19 AM // 09:19
|
#153
|
Forge Runner
Join Date: Jun 2006
Guild: Hard Mode Legion [HML]
Profession: N/
|
Quote:
Originally Posted by Fril Estelin
You'd be very surprised:
http://www.securityfocus.com/brief/762
<on MD5 dictionary attack>
Ok, I guess you're aware of the batches of MD5 collision done in the research litterature. Now, just so you know, experts are not expecting any real pratical progress before a few years, these were only theoretical attacks on MD5.
<on brute forcing passwords>
The guy who's going to do that will win bigger by being hired by the NSA, rather than exploiting his stolen data.
|
I just liked to respond on these two (and give others some insight in password safety).
First of all, the trojans used for gaining access to game accounts do excist.
However, when looking at their characteristics they are nothing compared to a banking trojan like Mebroot.
Second, while it might look hard to generate a MD5 dictionary or bruteforce them it's not that hard in reality.
It's not like we are generating collissions in huge documents.
We are talking about bruteforcing strings with known specifications.
We can safely asume that most of the passwords will be in the [a-Z][0-9] format. We can also assume that the password length is between 6 (if GW does not enforce a minimum of 8) and about 15 with the majority below 10 characters. That limits the list a lot.
Furtermore we can assume that the base of most passwords will be vulnerable against a dictionary attack.
So we take the dictionary and MD5 that one. Then we take that same dictionary and start adding numbers, making sure the total length does not exceed 10 (as start). So we start with '0password' to '99PASSWORD' and 'password0' to 'PASSWORD99'. Generating the MD5's on such lists is trivial.
And I think lists are available already. The same for SHA1.
Now if we were to compute a random string of [a-Z][0-9] things would already be different. Even at 9 characters we would be looking at an astonishing 13.000.000.000.000.000 combinations if I'm not mistaking. Add in an additional 25 uncommon characters and it will be 285.(lots of zero's again).
That's very time consuming to brute force.
So much for theory.
Practice is that people will use passwords that are vulnerable to dictionary attacks most of the time. That's the easiest to remember.
If that password is stored as 'plain MD5' in a database and that database is compromised (that's why you should not reuse passwords for things you care about) it's easy to obtain the real password.
As for people storing encrypted passwords in databases, it's easy to salt the password.
What it does is making each MD5 or SHA1 checksum 'unique'. If the word 'password' is encrypted this would generate a checksum (example, not going to calculate it for real) 'ABCD'. Doing the same with '1password' would generate 'DKFR' while '2password' would generate 'YRFT'. When the salt is long enough it would make the password impossible to obtain. Adding a salt of 3 characters [a-Z][0-9] would make it about 4.000 times harder to crack the password.
Doesn't look like much, but consider the 13.(many zeros) and multiply that one by 4000.
What I've done in the past is just using the UID to salt passwords.
Not on very sensitive information but in general it's good enough.
So much on this. Bottom line, use 'special characters' in your password, don't use important passwords on other places, try to avoid words from the dictionary.
And..... Why don't you write your password down and put it somewhere safe if you can't remember it because it's too complicated (like A^J$sT%P#@). It's not like someone willing to access your GW account will break into your house to obtain your password. Well, I assume you can trust your family....
The same for other important passwords. Just make sure that if someone does break into your house and obtains the list he/she can't do anything with it (so no UID/pass/application combinations).
|
|
|
Feb 24, 2009, 09:41 AM // 09:41
|
#154
|
Desert Nomad
Join Date: Jul 2005
Guild: Glob of Ectospasm [GoE]
|
Quote:
Originally Posted by Miss Drops Az
Good luck to the guys who got attacked anyway, I hope anet gets to the bottom of this and finds some way to reverse the trades.
|
Anet told me when I was attacked that there is no way that they would be able to return any items taken. Even if they found the person that had done it.
(If they even looked of course)
|
|
|
Feb 24, 2009, 11:07 AM // 11:07
|
#155
|
Forge Runner
Join Date: Sep 2006
Location: AZ
|
Quote:
Originally Posted by Jhadur
Anet told me when I was attacked that there is no way that they would be able to return any items taken. Even if they found the person that had done it.
(If they even looked of course)
|
Yeah, I know that is their standard response . I hope though if it is identified as a concerted attack, that their position might change for you guys (unlikely - but I hope).
I've been somewhat paranoid, as I've been getting a lot of err7s the past few days myself (unusual for me) - got me checking under the bed (so to speak).
Last edited by Lycan Nibbler; Feb 24, 2009 at 11:09 AM // 11:09..
|
|
|
Feb 24, 2009, 11:29 AM // 11:29
|
#156
|
Krytan Explorer
Join Date: Mar 2006
Guild: innergalactic gargleblasters
Profession: W/Mo
|
Quote:
Originally Posted by fenix
That's what it does now, Gaile said a while ago. If you get the password wrong a few times, it kicks you out for an exponentially increasing amount of time, so brute forcing won't work. This must be keylogging or some packet manipulation or something.
|
If this was the case, then every night i would have to wait to log on.. I am all the time getting my password wrong. 5 or 6 times in a row.
BTW: My husbands account was hit today. 2 characters in GToB.. lost uncustomized torment staff and 400K. In its place he got a fungal wallow.. Oh Goody!
So far, my account is safe.. for the time being...or it was 30 minutes ago. Hes not happy and neither am I...I got him a new staff (aint I sweet)...just hope its still there in the morning. This time he customized it.
Best of luck to us all on hanging on to our stuff. Just like a lot of folks here, he changed password, did all the usual precautions and still got hit.
|
|
|
Feb 24, 2009, 11:30 AM // 11:30
|
#157
|
Ascalonian Squire
|
I've been getting a lot of d/c's and err since the weekend too. It almost never happened before that. It has made me quite nervous about things.
Also, I read the whole string but can't remember if this was mentioned...one commonality in this is it appears everybody has a guru account. At least I haven't seen anywhere else an explosion of complaints about 'I wuz hacked'.
|
|
|
Feb 24, 2009, 11:42 AM // 11:42
|
#158
|
Jungle Guide
Join Date: Apr 2008
Guild: [bomb]
|
Quote:
Originally Posted by Taco Fiend Taco
I've been getting a lot of d/c's and err since the weekend too. It almost never happened before that. It has made me quite nervous about things.
Also, I read the whole string but can't remember if this was mentioned...one commonality in this is it appears everybody has a guru account. At least I haven't seen anywhere else an explosion of complaints about 'I wuz hacked'.
|
So how can you post "I was attacked" on guru without guru account? No further comments.
My guildie was hacked and he has no guru account and no GWO account etc. He has Ncsoft account though.
|
|
|
Feb 24, 2009, 12:03 PM // 12:03
|
#159
|
Jungle Guide
Join Date: Jan 2009
Location: US
|
Guild Wars needs a logging method of ALL trades... with who, what, and when.
|
|
|
Feb 24, 2009, 12:38 PM // 12:38
|
#160
|
Krytan Explorer
|
Anet does keep logs of trades as well as chat in game. This is why they want to know the outpost, district, and time when a ticket is submitted. It helps narrow down the search for relevant logs of the incident. The reason no items can be replaced is because it can be easily exploited. Since only a very small number of people have been hacked, its not Guru or NCSoft's web site's security, its the people who were hacked.
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
Similar Threads
|
Thread |
Thread Starter |
Forum |
Replies |
Last Post |
Bot Stop! they way to stop gold spammers!
|
bathazard |
Sardelac Sanitarium |
22 |
Feb 14, 2008 09:03 AM // 09:03 |
WTF Hackers on GW...?
|
sunder187 |
The Riverside Inn |
143 |
Feb 12, 2008 01:05 AM // 01:05 |
fujin |
Technician's Corner |
3 |
Nov 12, 2007 01:13 PM // 13:13 |
NowTumi |
The Riverside Inn |
91 |
Dec 12, 2005 10:43 PM // 22:43 |
Hackers
|
Canis Lupus |
The Riverside Inn |
4 |
Jun 03, 2005 08:45 AM // 08:45 |
All times are GMT. The time now is 02:20 AM // 02:20.
|