Guild Wars Forums - GW Guru
 
 

Go Back   Guild Wars Forums - GW Guru > The Inner Circle > The Riverside Inn

Notices

Closed Thread
 
Thread Tools Display Modes
Old Feb 25, 2009, 03:11 AM // 03:11   #181
Wilds Pathfinder
 
Shadowmoon's Avatar
 
Join Date: Jun 2006
Guild: N/A
Profession: N/
Advertisement

Disable Ads
Default

Well at least they did not delete characters this time around. Personally i really wish they would devote a 3 month update period for a character locking feature. Even if i had to pay to get this feature, I would paid a reasonable fee to know my main will make it for gw2. The long period b4 gw2 make me paranoid that I might do something stupid that removes all the work I've done in the HoM
Shadowmoon is offline  
Old Feb 25, 2009, 03:35 AM // 03:35   #182
Atra esternĂ­ ono thelduin
 
Eragon Zarroc's Avatar
 
Join Date: Jan 2008
Location: Madness Incarnate
Guild: [Duo]
Profession: W/P
Default

of course hackers never stop. The chance to steal something awesome instead of earn it themselves is just too tempting for some people. simple as that.
Eragon Zarroc is offline  
Old Feb 25, 2009, 03:58 AM // 03:58   #183
Site Legend
 
Join Date: Oct 2005
Default

My account was accessed by someone too. Logged on couple of days ago, popped onto guild chat, and it said I had been online 5 hours ago which I hadn't. Nothing was taken as I have nothing worth stealing these days.
__________________
Old Skool '05
Malice Black is offline  
Old Feb 25, 2009, 06:44 AM // 06:44   #184
Jungle Guide
 
AKB48's Avatar
 
Join Date: Jul 2008
Location: みやき町
Profession: Mo/A
Default

Quote:
Originally Posted by Malice Black View Post
My account was accessed by someone too. Logged on couple of days ago, popped onto guild chat, and it said I had been online 5 hours ago which I hadn't. Nothing was taken as I have nothing worth stealing these days.
I think the same thing happened to me, too. When I logged onto one of my characters yesterday, somehow it was in GtoB. Even though I was in my GH before I log out. Note that I do know it is well and possible to get a "transfer" for your GH to GtoB if you log out in your GH and log in later. But I was watching the screen the entire time and no such "transfers"(the picture of GtoB will show, but it didn't) happened. Luckly none of my stuff was taken and my good, old 5k gold is still in the vault. But man, these hacks must be desperate, hard times for them too, eh?
AKB48 is offline  
Old Feb 25, 2009, 09:11 AM // 09:11   #185
Desert Nomad
 
Jhadur's Avatar
 
Join Date: Jul 2005
Guild: Glob of Ectospasm [GoE]
Default

Quote:
Originally Posted by fusa View Post
Your computer security is your own responsibility. There's no reason why NCSoft or Anet should replace items you had stolen due to your own stupidity.
So can you prove that everyone that was hacked was due to their "own stupidity"
Jhadur is offline  
Old Feb 25, 2009, 10:14 AM // 10:14   #186
Forge Runner
 
the_jos's Avatar
 
Join Date: Jun 2006
Guild: Hard Mode Legion [HML]
Profession: N/
Default

Quote:
Originally Posted by Inde View Post
Everyone seems to be missing the key point of nearly all these stories. You were all hacked within minutes to hours of signing onto your game. Some even kicked out of game while playing. Read through all the stories... it's something that keeps being reported.
....
Nearly everyone of them tells us that they were active and playing when their data was compromised. Make of that what you will. They aren't going mindlessly through and testing hundreds of emails and passwords, they aren't mindlessly going through and sifting through hundreds of inactive accounts. If the majority of people can not find an infection on their system then these hackers are either getting around multiple anti-virus systems or they are monitoring the game/your client somehow. Let it speak for itself.
Ok, let's consider two things here, Inde.

First of all, the stories could be similar for those users because the attacker decided to break into the account at an active playtime. Not everyone looks at their last login time when they access the game again. But it's very obvious when you are kicked out of the game for no good reason.
If I would go hacking GW I would do it at a time that's convenient for me.
When hacking a company or robbing a place it's best to wait till everyone is gone. But there will always be people playing GW, could be that the ones erroring out are just collateral damage.

Besides that, it was HA weekend and MAT, on Friday-evening my router somehow disconnected from the internet (resulting in a 007) and I had several moments of severe lag or disconnects during the weekend.
There could be a relation between the disconnects and the hacks, but this could also have other causes.

Second, let's assume the attacker monitors the game or the client.
This means that they must have compromised either the local system (most probably a troyan) or they have compromised a piece of infrastructure at one of A-net's datacenters. Otherwise routing mechanisms on the internet would make it hard to target an active session and break into it.

A compromise at A-net's side would probably have caused many more people reporting loss of items. Or that did happen but those people ain't active on guru.

It could be targeted attacks on active connections, but it's not one of the usual suspects.
Pulling an active connection from the internet isn't something just the average guy is able to do. And requires monitoring a certain infrastructure point on the internet. I would target

Now there is one more option I didn't consider yet.
Man in the middle with a compromised HOSTS file.
This way all traffic could be rerouted through the systems of an attacker who could be able to take over the connection without A-net even noticing.
And the user would get problems connecting when the route is cut.
Dunno how many AV companies scan that file.

The last resort option is the option no-one wants to know but everyone is somewhat aware of.

So based on the information I have atm I'd either expect compromise of the client or people who have reused or submitted their login credentials somewhere else.
It's the most obvious cause given the information we have and general knowledge of hacking.
the_jos is offline  
Old Feb 25, 2009, 10:26 AM // 10:26   #187
So Serious...
 
Fril Estelin's Avatar
 
Join Date: Jan 2007
Location: London
Guild: Nerfs Are [WHAK]
Profession: E/
Default

Quote:
Originally Posted by the_jos View Post
Man in the middle
This is the option I thought was most probable given the nature of the problems stated here. Very troubling is someone found such an opportunity, but unless he's some serious hacker, Anet should find him (or them, RMT is probable).

I'll reply to your other post by PM when I get the time.
Fril Estelin is offline  
Old Feb 25, 2009, 12:27 PM // 12:27   #188
Forge Runner
 
Gun Pierson's Avatar
 
Join Date: Feb 2006
Location: Belgium
Guild: PIMP
Profession: Mo/
Default

Quote:
Originally Posted by the_jos View Post
Man in the middle with a compromised HOSTS file.
This way all traffic could be rerouted through the systems of an attacker who could be able to take over the connection without A-net even noticing.
And the user would get problems connecting when the route is cut.
Dunno how many AV companies scan that file.
Spybot checks the hosts file if I'm not mistaken. Anyway that's what I was thinking too. The hacker sniffs, intercepts packages after which he can take on the identity of the user while Anet and the client aren't aware of it. The user gets a disconnect ofcourse, but that happened to all of us in the past at some point. So the user is not aware he's being hacked.
Gun Pierson is offline  
Old Feb 25, 2009, 12:44 PM // 12:44   #189
Forge Runner
 
the_jos's Avatar
 
Join Date: Jun 2006
Guild: Hard Mode Legion [HML]
Profession: N/
Default

@Fril and Gun,

MitM could be an option but still it would most likely indicate a problem on client side.
It's not possible to just sniff traffic and take over the connection without compromising some vital parts of the internet (main routers etc). Else, because of the routing infrastructure, it would be more a gamble.
So an attacker should gain control of the initial connection and relay traffic from the client to his/her own computers. From there just forward the traffic to the real A-net servers. At a certain time cut the connection and reconnect from the hackers computer.
I'm not sure how the GW client handles this, but there seems to be state-control in it.
I know that when 'friends' disconnects and I do a reconnect later at some times this functions normal and some times it will ask for credentials again.

I'm not sure how login credentials are send from the client to the GW infrastructure.
If plain it's vulnerable to MitM. If not, only taking over a working connection works.

In all cases MitM is a rather sophisticated attack and hard to pull off.
And in almost all cases requires some action from the user.
the_jos is offline  
Old Feb 25, 2009, 01:32 PM // 13:32   #190
Frost Gate Guardian
 
Join Date: Jul 2006
Profession: A/N
Default

Speaking of "disconnect before the hack" issue. I'm not totally sure but I think that you will get disconnect message if someone else tries to log into your account while you're still ingame.
Glider of chaos is offline  
Old Feb 25, 2009, 01:38 PM // 13:38   #191
Gli
Forge Runner
 
Join Date: Nov 2005
Default

Looking for things these incidences have in common might be a futile effort if the hackers have been harvesting user credentials for an extended period of time before acting on them. If the exposure that gave them the info happened some weeks or even months ago, looking for the avenue through which it happened is too late now.

If I were an account stealing RTM parasite, I'd sit on stolen account info until I had a whole bunch of it, then plunder them all in as little time as I could and sell the spoils before a ANet could stop me. Money in the bank, they could ban me for all I'd care.

It's my belief this is how these things go. Account hacks don't happen en masse because of a sudden exploit, they happen that way because it's convenient for the account thief.
Gli is offline  
Old Feb 25, 2009, 01:42 PM // 13:42   #192
Pre-Searing Cadet
 
Join Date: Feb 2009
Profession: R/
Default

One simple solution I have seen MMO's take to prevent loss of character due to hackers is simply put a 7 day waiting period on character deletion. For PVE characters only I would see no reason to do this for PVP characters since we all switch them around according to what our guild/team needs. Put PVE characters in "timeout" for 7 days at which point at anytime during those 7 days you can cancel deletion. Because I am with everyone else losing cash/items would irritate me but it just means more farming. Losing my ranger or warrior that was created 44 months ago would prolly make me /ragequit and uninstall.
Triaz is offline  
Old Feb 25, 2009, 01:47 PM // 13:47   #193
Ascalonian Squire
 
Big John Thomas's Avatar
 
Join Date: May 2006
Location: Urgoz Warren
Profession: R/Rt
Default

Ok this is part of the email I sent to supportliaison which explains what happened to me a bit better
Quote:
Hello, just read the post on Guildwarsguru about getting in touch with you if affected by the "hacking" incident at the weekend.

I've already sent a report via Ncsoft support the incident number is xxxxxx-xxxxxx.

The character I mainly use and the one that has been been logged into is xxxxxxxxxxxxxxx. I'm sure I left him at Kamadan am1and I think when I logged into him he was at The Great Temple of Balthazar. None of my characters have been deleted.

The items taken from my account are approx 730k 10 ectos I'm positive of because about 10 minutes before I logged off I bought an everlasting searing tonic for 100k and 40 ectos which was also taken and my tormented shield. The items placed onto this character was a mandragor mini pet and 6 armor of salvation.

I cant remember exactly when I logged off but it must have been about 1.00am gmt and back on shortly after 17.00 gmt on 23/02 so it happened between these hours.My guild leader said he saw me log on about 3.00am for 1-2 mins but he's on mainland Europe so not sure about that because of the time difference .I did actually try to log in about midday but couldn't get past the loading screen but this is a problem I been suffering for a year now,I cant even play the game during weekdays but that's another story.

A couple of times over the weekend I got disconnected while playing.It was not the usual type of d/c like when you get bit of lag like a network error,It was a sudden d/c and and when it asked if I wanted to try reconnect I clicked yes and it just came up with a box saying unable to reconnect straight away all really quick, usually there's a bit of delay while it try's. I'm sure you know what I mean.I'm sure this was when someone was logging into my account and kicking me out.A few other alliance members said it happened to them but haven't heard of anyone else loosing anything yet.

It's annoying because I'm careful what I do,I'm well aware that this goes on.Windows is kept upto date I have a couple of anti spyware programs which I run nearly everyday,Avast antivirus,hardware and software firewalls.My login username is actually an old email that hasn't been used for about 2 years. I actually only reinstalled Windows a couple of week ago and not much has really been put onto it yet although GW was put back on with a backed up dat file.
Now I've been looking at whats been posted on here. My Guru account uses a different email and password,so does my Ncsoft account and I dont have a Wiki account.Like I said my login name is an old email address that hasn't been used for about 2 years now.

Now, Xunlai House.I made an account there when it first started,logged in a couple of times and never used it since.I just thought I'd try it but dam, what was my email and password for it! So Thought I'd try my GW details and oh dear it worked This is the only place where I have used the same login details.Yes I know I shouldn't have but at the time I didn't know about peoples accounts being compromised and had completely forgotten about the Xunlai House.
Big John Thomas is offline  
Old Feb 25, 2009, 03:54 PM // 15:54   #194
Desert Nomad
 
Join Date: Feb 2007
Profession: Mo/W
Default

Quote:
Originally Posted by Malice Black View Post
My account was accessed by someone too. Logged on couple of days ago, popped onto guild chat, and it said I had been online 5 hours ago which I hadn't. Nothing was taken as I have nothing worth stealing these days.
exactly the same thing happened to me, all i had were some elite tomes, 20 gold weapons(all customised though ) and like 3k in storage :P.
Wish Swiftdeath is offline  
Old Feb 25, 2009, 03:58 PM // 15:58   #195
Academy Page
 
Wubbies's Avatar
 
Join Date: Dec 2008
Location: Bananna Dipper
Guild: It Varies
Profession: W/
Default

Quote:
Originally Posted by Glider of chaos View Post
Speaking of "disconnect before the hack" issue. I'm not totally sure but I think that you will get disconnect message if someone else tries to log into your account while you're still ingame.
yes this is true... you get logged out.. i cant believe people still trying to figure this out and point fingers everywhere at anet, other people, this and that.. it's like being on the freeway and it's stop and go traffic.. to only find out its a silly car accident and everyone stops to see blood.. its like beating a dead horse. let anet deal with it.
Wubbies is offline  
Old Feb 25, 2009, 04:06 PM // 16:06   #196
Jungle Guide
 
Tullzinski's Avatar
 
Join Date: Mar 2006
Location: Trying to stay out of Ryuk's Death Note
Profession: N/R
Default

[QUOTE=
Now, Xunlai House. This is the only place where I have used the same login details.[/QUOTE]

Do any of the other affected player have the same login/pword in Xunlai house? Alot of people have multiple/old accounts also.....
Tullzinski is offline  
Old Feb 25, 2009, 05:12 PM // 17:12   #197
Site Legend
 
Join Date: Oct 2005
Default

Quote:
Originally Posted by Inde View Post
Edit: GWBBCode has indeed screwed up all emails that get sent out from Guru. Known issue since forever.
I'll vouch for Inde on this. Had this issue before on Guru, just had an admin wipe my PMs and the problem was sorted.
__________________
Old Skool '05
Malice Black is offline  
Old Feb 25, 2009, 05:42 PM // 17:42   #198
Academy Page
 
Join Date: May 2006
Location: Netherlands
Guild: Lowland Lions
Default

First of all...

I would appreciate it, that some kind of assurance is given to us players by ArenaNet that the infrastucture of Guild Wars and all connection to other company parts (NCSoft) are thrustworthy.

Due to to SOX 404 i would like to have extra insurrance by a trusted thirth party to start an audit against the confidentiality, integrity and availability of the different systems (server, databases, application, network and middleware).
The report can give us players some assurance that at ArenaNet's all posible has been done to mitigate the risks of comprimisation of our accounts. I also know that IT is in scope of the audit reports for the financial results review by those auditors. What is their statement? If their is no audit report then i think this could also result in legal problems for Arenanet because they don't make transparant that they take security meassures serious. I mean taking preventive security meassures befor and not after occurance.

Also i want to mention the opportunity of implementing a challenge/respons system with a token just like Blizzard has implemented for those people who want more assurance that there hard work and labour in the game is extra protected. The level of security meassures should be increased by the value increasing over time. That means, to be answering another post, you by a car with a basic security level. You by all kind of nice expensive stuff resulting in the fact that the insurrance agencies wanting to add a higher alarm system. This is also the case with Guild Wars. I would like to pay for a challenge response system to know i am saver. It's like a life insurrance. To bad this is not implemented but investigated (see one of my posts on gaile gray's talk page on wiki).
didis is offline  
Old Feb 25, 2009, 06:04 PM // 18:04   #199
Academy Page
 
Wubbies's Avatar
 
Join Date: Dec 2008
Location: Bananna Dipper
Guild: It Varies
Profession: W/
Default

Quote:
Originally Posted by didis View Post
First of all...

I would appreciate it, that some kind of assurance is given to us players by ArenaNet that the infrastucture of Guild Wars and all connection to other company parts (NCSoft) are thrustworthy.

Due to to SOX 404 i would like to have extra insurrance by a trusted thirth party to start an audit against the confidentiality, integrity and availability of the different systems (server, databases, application, network and middleware).
The report can give us players some assurance that at ArenaNet's all posible has been done to mitigate the risks of comprimisation of our accounts. I also know that IT is in scope of the audit reports for the financial results review by those auditors. What is their statement? If their is no audit report then i think this could also result in legal problems for Arenanet because they don't make transparant that they take security meassures serious. I mean taking preventive security meassures befor and not after occurance.

Also i want to mention the opportunity of implementing a challenge/respons system with a token just like Blizzard has implemented for those people who want more assurance that there hard work and labour in the game is extra protected. The level of security meassures should be increased by the value increasing over time. That means, to be answering another post, you by a car with a basic security level. You by all kind of nice expensive stuff resulting in the fact that the insurrance agencies wanting to add a higher alarm system. This is also the case with Guild Wars. I would like to pay for a challenge response system to know i am saver. It's like a life insurrance. To bad this is not implemented but investigated (see one of my posts on gaile gray's talk page on wiki).

*court is in session *
Lawyer for the people of GW: Your honor.. my clients are suing ANET for loss of ectos...

Keep smoking whatever it is that makes you happy i guess.

when i log into gw i see all the time security precautions they advise you dont give out info.. change password..etc.. Anet gives info about the number of people busted for gold scams etc.. i mean what do u want anet to do hold your hand on every site or everytime u change your password? how would u know what anet takes serious? do u work for them?

Security measures increased for increased level of play? life insurance for gw players? i tohught that life insurance crossed the line when j-lo had insurance taken out on her ass..but this...now im QQ in stiches..lol..wets self

Anet u could make alot of money selling in game life insurance.. if gieco has the gecko what mini would anet use for the "life insurance" campaign?

my vote would be a unicorn with a baskin robbins ice cream signature on the side.
Wubbies is offline  
Old Feb 25, 2009, 06:05 PM // 18:05   #200
Furnace Stoker
 
Painbringer's Avatar
 
Join Date: Jun 2006
Location: Minnesota
Guild: Black Widows of Death
Profession: W/Mo
Default

I guess I will not assume it is just GW that has the problem? Or that they have an issue at all. From the action taken from A-net they are taken this very seriously and are probably reviewing the logs with a fine tooth comb. Fast response and individual contact is impressive. The easily could have took the e-mail support route.

One question I have is- If someone where to get your e-mail address how long would a hack program take on a 6 – 7 digit password

P.S. I also worry these hackers are using innocent Hacked Mules to transfer goods further hiding there existence. Three way trades worry me.

Because when a Ban Stick starts smacking people it takes the Military Approach “Guilty until you prove your innocence”
Painbringer is offline  
Closed Thread

Share This Forum!  
 
 
           

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bot Stop! they way to stop gold spammers! bathazard Sardelac Sanitarium 22 Feb 14, 2008 09:03 AM // 09:03
WTF Hackers on GW...? sunder187 The Riverside Inn 143 Feb 12, 2008 01:05 AM // 01:05
fujin Technician's Corner 3 Nov 12, 2007 01:13 PM // 13:13
NowTumi The Riverside Inn 91 Dec 12, 2005 10:43 PM // 22:43
Hackers Canis Lupus The Riverside Inn 4 Jun 03, 2005 08:45 AM // 08:45


All times are GMT. The time now is 02:21 AM // 02:21.


Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("