Guild Wars Forums - GW Guru
 
 

Go Back   Guild Wars Forums - GW Guru > The Inner Circle > The Riverside Inn

Notices

Closed Thread
 
Thread Tools Display Modes
Old Feb 23, 2009, 09:26 PM // 21:26   #101
Ascalonian Squire
 
Xun Rama's Avatar
 
Join Date: Jan 2009
Profession: W/A
Advertisement

Disable Ads
Default

Quote:
Originally Posted by Zorgy View Post
I asked a friend of mine who is studying SECURITY to try to hack me (he knows the tricks) HE WAS UNABLE TO DO IT & told me that I cannot be hacked.
With all due respect, your friend is an idiot. The only computers that "cannot be hacked" are ones without internet access (have never had, and never will have it), and even then, they can be hacked if someone has physical access (though, not a problem in this scenario).

I'm betting on keyloggers, myself. Texmod perhaps?
Xun Rama is offline  
Old Feb 23, 2009, 09:45 PM // 21:45   #102
Frost Gate Guardian
 
Zorgy's Avatar
 
Join Date: Jun 2007
Location: Paris, France
Guild: [any]
Profession: W/Me
Default

"...With all due respect, your friend is an idiot..."

He is as idiot as you are lol.....I know & he knows that hackers have been able to hack the CIA or big companies sites As far as I know those guys are not interested by me or you or any GW players. Do you understand?

Dont judge too quickly the people thank you.
Zorgy is offline  
Old Feb 23, 2009, 09:49 PM // 21:49   #103
So Serious...
 
Fril Estelin's Avatar
 
Join Date: Jan 2007
Location: London
Guild: Nerfs Are [WHAK]
Profession: E/
Default

Quote:
Originally Posted by the_jos View Post
But the really hard to detect ones are used for stealing bank and creditcard stuff, not online game stuff.
You'd be very surprised:
http://www.securityfocus.com/brief/762

Quote:
And a brute force can happen over days, if you have like 10.000 or more valid e-mail accounts and you scan all of them slowly you won't generate many time-outs on the accounts.
True but: 1) you'd have statistically very little credentials; 2) it couldn't explain more than 2 people being hacked at the same time.

Quote:
Next step is an compromised e-mail account. This one would apply if the account uses the same credentials as the actual login for GW.
See #2 above.

Quote:
The same thing could be true for a compromised database from a forum/fansite that didn't encrypt and salt the passwords. Storing MD5 hashes of passwords looks smart, but is vulnerable to dictionary attack.
Ok, I guess you're aware of the batches of MD5 collision done in the research litterature. Now, just so you know, experts are not expecting any real pratical progress before a few years, these were only theoretical attacks on MD5.

Quote:
Or brute-force them, but that could take a long time.
The guy who's going to do that will win bigger by being hired by the NSA, rather than exploiting his stolen data.

Quote:
Last but not least there is also the possibility that the entire story is not true.
We have to assume that the OP and others are speaking the truth in this matter but there is no way to verify that.
I'd assume something in the middle: some have been hacked, and some have not.

Quote:
Everyone is vulnerable to social engineering.
All human beings are in fact social engineers, but they don't realise it .
Fril Estelin is offline  
Old Feb 23, 2009, 09:54 PM // 21:54   #104
Furnace Stoker
 
Painbringer's Avatar
 
Join Date: Jun 2006
Location: Minnesota
Guild: Black Widows of Death
Profession: W/Mo
Default

I guess word of warning to anyone that has been hacked. GW may not be the only thing at risk. Although the hackers 1st target is your GW they may be selling everything else. If you have other accounts I would be leery of accessing anything and maybe if you have accessed anything change the passwords form a different computer for the short term. (Bank, New egg, I-tunes, WOW, Tax programs etc…) They all could be at risk.

Manually update date your virus protection, and run full scan. Run full scan in safe mode as well. Run a couple different programs no virus software is 100%.

Manually document anything your software finds (anything) for future reference.

If you have pay for virus software get on there forums and post what’s going on and see if they will look at a hijack log. If not go to someone like Bleeping Computers / Major Geeks etc..

Keep in mind when you submit a log you can not change anything on your computer until after the log is reviewed.
Painbringer is offline  
Old Feb 23, 2009, 09:56 PM // 21:56   #105
Ascalonian Squire
 
Join Date: Apr 2005
Location: Amerika
Guild: [TofT]
Default Yes!

Quote:
Originally Posted by Xun Rama View Post

I'm betting on keyloggers, myself. Texmod perhaps?
Yes! It was texmod, everyone who uses texmod got hacked.
Great observation.

Going from Painbringers point to prevent future attacks!

I want to know what we had in common, was it this site?
Or was the attack so wide spread as to conceal a point of orgin?

What did I do wrong I think is the question most people are asking.

Assuming its a trojan keylogger; which i believe it to be, passwords or other account information has no impact. So also under the assumption we are not using previously compromised systems(as one infection can lead to another) and all have adquate anti-virus, firewall, and secure browser settings(not IE, no-script etc) what was our point of entry?

I'm looking for constructive ideas here. I'll admit im not running a watertight system, but im looking for what hole I should stop up so I don't sink any more!

Last edited by Balkoth; Feb 23, 2009 at 09:58 PM // 21:58.. Reason: Painbringer is right
Balkoth is offline  
Old Feb 23, 2009, 10:06 PM // 22:06   #106
Jungle Guide
 
therangereminem's Avatar
 
Join Date: Jan 2007
Profession: R/Mo
Default

i never been hacked but mu guildy got hacked thism morning, for those that got hacked the most important things

di dyou use auto login if not thats one reason why key loggers cant get your password if you stop typing it in , last year when this happen i thought maybe it had to do with xth, becuz its not a secure website, but was flamed but saying so , i also thought guru was to blame go flamed by it, but everyone i know that uses auto login never been hacked , when my guildy reformated his computer and stopped using it he got hacked
therangereminem is offline  
Old Feb 23, 2009, 10:20 PM // 22:20   #107
Ascalonian Squire
 
Xun Rama's Avatar
 
Join Date: Jan 2009
Profession: W/A
Default

Quote:
Originally Posted by Zorgy View Post
"...With all due respect, your friend is an idiot..."

He is as idiot as you are lol.....I know & he knows that hackers have been able to hack the CIA or big companies sites As far as I know those guys are not interested by me or you or any GW players. Do you understand?

Dont judge too quickly the people thank you.
If you don't want to be judged by what you say, then don't come to a forum. We're speaking in English here. "Cannot be hacked" was a very clear message. "Would be hard to hack" would be another (more appropriate) message.

Quote:
Originally Posted by Balkoth View Post
Yes! It was texmod, everyone who uses texmod got hacked.
Great observation.
I have texmod myself and have not been hacked. I'm thinking certain versions of it may be infected, as my texmod I've had for years. In any case, any 3rd party program in itself leaves a risk of being infected; so, it's not a horrible guess.

What else might Guild Wars players have in common?

Texmod is unlikely as someone most likely would not want to wait for months before using account information, just waiting for someone to find out that it happened and cause a panic.

If this is all recent, then it probably has to do with another vulnerability somewhere. The only real connection I see so far is that all of these people seem to both play Guild Wars and be members at Guild Wars Guru (I assume? Perhaps one not.) Though, the latter is improbable in the first place as some have mentioned that they do not use the same e-mail address on Guru as they do on Guild Wars.

I will assume most (if not all) also have XTH accounts, in which case that may also be another possible link; however, many probably do not have the same e-mail addresses for that either. But, we are overlooking something...

If someone gets into an XTH account, they then can go to Account Management and there they can see the Game Account Name (e.g. login e-mail for your Guild Wars account), and this could possibly have something to do with it, if XTH accounts are being compromised. It is an explanation I suppose.

Still, doubtable. How many of these people do we think may have the same password as they use for GW, but a different e-mail registered for XTH? Could that be the link? Who knows...

Just tossing stuff out there.
Xun Rama is offline  
Old Feb 23, 2009, 10:21 PM // 22:21   #108
...is in denial
 
dr love's Avatar
 
Join Date: Sep 2006
Location: Hyperion
Guild: starcraft 2
Profession: P/Me
Default

the only strange things i've noticed lately were
2 msgs in my guru inbox to buy gold today
and on saturday there was some dirty lag in HA and alot of weird d/cs

maybe all these guys use the auto xunlai predictor? or they all live in a certain area? or they all have 'password' as their 'password'?
dr love is offline  
Old Feb 23, 2009, 11:03 PM // 23:03   #109
Desert Nomad
 
Jhadur's Avatar
 
Join Date: Jul 2005
Guild: Glob of Ectospasm [GoE]
Default

I was hacked last year but they changed the PW on my game account to try to lock me out.

As I've got my main account linked to NCSoft site the only way they could have changed my PW is through the NCSoft site.

I mentioned this when I did my support ticket but support basically said that it must have been my fault.

Strange that they didn't touch either of my storage accounts (which I had accessed that day)that aren't linked to NCSoft if it was something at my end.

Lost over 6mill of items and cash including customised weapons.

Quote:
Originally Posted by therangereminem View Post
but everyone i know that uses auto login never been hacked
I had been using auto login for about 5 months when I was hacked.



Whoever accessed my GW account MUST of had access to my NCSoft account.

Do any of the other people getting hacked have their accounts linked to NCSoft?

Last edited by Jhadur; Feb 23, 2009 at 11:23 PM // 23:23..
Jhadur is offline  
Old Feb 23, 2009, 11:04 PM // 23:04   #110
Desert Nomad
 
Join Date: Jun 2006
Location: Look out!
Profession: E/
Default

There must be some way to track down what everyone who got hacked has in common, but only if people are 100% truthful about what they have done or not done. For instance,

-I DID use the same email for my gw account and xunlai account (I though you had to?) And also for guru (it no longer is tho)
-I did not use textmod, or any other mod. I know some are legal or whatever, I just never bothered
- I did not have password as my password. I've worked in computers, and spent enough time yelling at people for this
- my password was not completely random, and only contained letters and numbers, so it's possible that someone could have intelligently guessed until they got it although I can't imagine why they would, they must have thought I was richer than I was lol

Does anyone remember a few weeks ago when guru was listed as a possible attack site on google? I don't remember seeing any info on that - and I'm not saying that guru was the culprit of anything, but does anyone know what the nature of that problem was?

It would be interesting to find out how many people got hacked who were not a member of guru.
crazybanshee is offline  
Old Feb 23, 2009, 11:08 PM // 23:08   #111
Wilds Pathfinder
 
illidan009's Avatar
 
Join Date: May 2008
Location: Volterra, Italy
Profession: A/
Default

Changed my pw several times personally, but I hope I don't get hacked...
50 keys isnt TOO bad considering how much more you couldve lost (ie your GWAMM); still, GL recovering and protecting your account.
illidan009 is offline  
Old Feb 23, 2009, 11:11 PM // 23:11   #112
Jungle Guide
 
Gigashadow's Avatar
 
Join Date: Aug 2005
Location: Bellevue, WA
Profession: W/
Default

Most of the time it turns out that someone got hacked because they gave their account out to a "friend".

However, if that isn't the case, make sure you are browsing with Firefox and have Noscript installed. Late last year, I got keylogged in another MMO, and the virus scanner determined that it was from an Adobe Flash vulnerability -- the security bulletin for that vulnerability was only 2 days old at the time! Normally I browse with ads disabled (Adblock Plus), but I decided to allow ads to be shown on a particular site, to support it. It turned out to be a bad idea.
Gigashadow is offline  
Old Feb 23, 2009, 11:26 PM // 23:26   #113
Krytan Explorer
 
RedNova88's Avatar
 
Join Date: Oct 2007
Location: Behind you!
Profession: W/
Default

Quote:
Originally Posted by DreamWind View Post
I got a nice chuckle out of that Anet response. They essentially said "deal with it dumbasses" but in a little more polite PR way. If I was a hacker I would be foaming at the mouth at the opportunity to hack a game whos creator blames it on the players.
Well get used to it, it's a pretty standard response no matter the MMO or company. If any RMT is involved it's likely that the account will never see the light of day again. I had a friend playing WoW lose his account a while ago, and he had to wait 6 months to get it back, and he was lucky to even get it back. On top of this, it was his second account, his first had gotten hacked and was never restored because they found "dirty" gold in his inventory. There are specific procedures that companies have to go through when this sort of stuff happens. If they don't ban the account it's possible that it will just get hacked again and used for RMT repeatedly.

It really worries me that RMT and hacking has escalated to such a level that it's unsafe to even browse normally anymore. I guess the internet is a war zone in it's own way.

I truly hope and pray that the recent hackings go down in number, it saddens me to no end that a game and it's people are so maliciously attacked. The saddest thing of all is that it's the communities fault for buying gold and participating in RMT in the first place.
RedNova88 is offline  
Old Feb 23, 2009, 11:44 PM // 23:44   #114
Jungle Guide
 
Gigashadow's Avatar
 
Join Date: Aug 2005
Location: Bellevue, WA
Profession: W/
Default

You can prevent yourself from ever getting hacked in WoW by buying the Blizzard Authenticator keyfob for $7. It's well worth it. To log in, you must press the button on your keyfob and then enter the sequence of pseudo-random digits generated (these are individualized for each keyfob, and the server knows the sequence for each keyfob; and it changes every 20s-60s or so). I wonder if NCSoft is considering something like this.
Gigashadow is offline  
Old Feb 23, 2009, 11:54 PM // 23:54   #115
Furnace Stoker
 
Sir Skullcrasher's Avatar
 
Join Date: Jun 2005
Location: California
Guild: 15 over 50 [Rare]
Profession: W/Mo
Default

Quote:
Originally Posted by Gigashadow View Post
You can prevent yourself from ever getting hacked in WoW by buying the Blizzard Authenticator keyfob for $7. It's well worth it. To log in, you must press the button on your keyfob and then enter the sequence of pseudo-random digits generated (these are individualized for each keyfob, and the server knows the sequence for each keyfob; and it changes every 20s-60s or so). I wonder if NCSoft is considering something like this.
I used that authenticator too Giga. It's nice to know that your accounts is protected by dual password system instead of one!

As for NCSoft doing something similar, I don't know. It might be too late for them to implement it since they have to create new login system for the authenticator. But still, it's a great way to keep your accounts secure.

Last edited by Sir Skullcrasher; Feb 23, 2009 at 11:59 PM // 23:59..
Sir Skullcrasher is offline  
Old Feb 23, 2009, 11:57 PM // 23:57   #116
Ascalonian Squire
 
Xun Rama's Avatar
 
Join Date: Jan 2009
Profession: W/A
Default

Quote:
Originally Posted by Gigashadow View Post
You can prevent yourself from ever getting hacked in WoW by buying the Blizzard Authenticator keyfob for $7. It's well worth it. To log in, you must press the button on your keyfob and then enter the sequence of pseudo-random digits generated (these are individualized for each keyfob, and the server knows the sequence for each keyfob; and it changes every 20s-60s or so). I wonder if NCSoft is considering something like this.
I'd definitely get one if they did. But, I'm paranoid like that.
Xun Rama is offline  
Old Feb 24, 2009, 12:23 AM // 00:23   #117
Wark!!!
 
Winterclaw's Avatar
 
Join Date: May 2005
Location: Florida
Profession: W/
Default

Quote:
Originally Posted by Painbringer View Post
I guess word of warning to anyone that has been hacked. GW may not be the only thing at risk. Although the hackers 1st target is your GW they may be selling everything else. If you have other accounts I would be leery of accessing anything and maybe if you have accessed anything change the passwords form a different computer for the short term. (Bank, New egg, I-tunes, WOW, Tax programs etc…) They all could be at risk.
Sometimes hackers do it the other way, they hack other websites in order to get your account to sell the stuff in it for real money.
Winterclaw is offline  
Old Feb 24, 2009, 12:26 AM // 00:26   #118
Lion's Arch Merchant
 
Kyosuki's Avatar
 
Join Date: May 2006
Profession: A/
Default

SHIT!

**logging in to see if I actually got hit**

EDIT: Didnt get hacked,but I didnt have any z-keys and only 2k to start with

Last edited by Kyosuki; Feb 24, 2009 at 12:29 AM // 00:29..
Kyosuki is offline  
Old Feb 24, 2009, 12:48 AM // 00:48   #119
Site Contributor
 
Jensy's Avatar
 
Join Date: Apr 2007
Location: Phoenix, Arizona
Guild: Blinkie Ponie Armie [bpa]
Profession: N/Mo
Default

Quote:
Originally Posted by Kyosuki View Post
SHIT!

**logging in to see if I actually got hit**

EDIT: Didnt get hacked,but I didnt have any z-keys and only 2k to start with

O_o Where did you download the client from, btw?
Jensy is offline  
Old Feb 24, 2009, 01:09 AM // 01:09   #120
ArenaNet
 
Regina Buenaobra's Avatar
 
Join Date: Apr 2008
Profession: Me/
Default

We’re currently investigating this specific series of incidents. The more data we are able to put together, the more information we’ll have to get to the bottom of this, so we would like to get in touch with the players who were affected. This request applies ONLY to players who were affected by this recent incident. Unless you match these criteria below, please go through the support ticketing system:
  • Your account was affected on February 22 or February 23.
  • You were able to login (your password was not changed).
  • You had gold and/or items removed, or items added to your account

It would really help the support team know the following details when you write:
  • The outpost your character was in when you logged in.
  • Whether any characters were deleted.
  • Exactly what was removed and/or what item(s) may have been deposited on the account by someone other than yourself in the last two days.

Any other details of note, no matter how small.

If you believe you were affected by the incident yesterday, please contact [email protected], and provide you real name, account name, and a telephone number (along with the time you could accept a call about this matter and your time zone). Please note that the earliest you can expect a phone call is tomorrow.

Thanks.

EIDT: Please do not give us your password in the email!
__________________
Regina Buenaobra
Community Manager
ArenaNet, Inc.

Last edited by Regina Buenaobra; Feb 24, 2009 at 01:17 AM // 01:17..
Regina Buenaobra is offline  
Closed Thread

Share This Forum!  
 
 
           

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bot Stop! they way to stop gold spammers! bathazard Sardelac Sanitarium 22 Feb 14, 2008 09:03 AM // 09:03
WTF Hackers on GW...? sunder187 The Riverside Inn 143 Feb 12, 2008 01:05 AM // 01:05
fujin Technician's Corner 3 Nov 12, 2007 01:13 PM // 13:13
NowTumi The Riverside Inn 91 Dec 12, 2005 10:43 PM // 22:43
Hackers Canis Lupus The Riverside Inn 4 Jun 03, 2005 08:45 AM // 08:45


All times are GMT. The time now is 02:20 AM // 02:20.


Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("