Curse

DivineEnvoy · Apr 09, 2008, 07:28 PM // 19:28

As many players know, there is always a message on our login screen that tells us how third-party programs consist keyloggers, which will most likely be the reason to the loss of our accounts. In related to this, this message has recently changed into the following:

"We've noted a rise in attempted game account thefts. Account Theft often results from risky player behavior (purchasing gold online, sharing accounts, using third-party programs, answering bogus emails, or having weak passwords.) To protect yourself, use a complex password and change it regularly."

So what is really the reason for Anet to make this change? I'm not certain to what the reason is, but I do have an approximation. Just recently, a friend of mine who has not logged on for 7 months has logged on briefly. Knowing how he swore not to reinstall the game, I was shocked, and I asked him shortly afterwards. This is when I discovered that he has never reinstalled the game and that an email was sent to him about his password being changed. Of course, we have retrived his account as soon as possible. The one thing that troubled me was that although my friend is not wealthy in the game, none of his items were stolen in the process of being hacked. We've only notice the change in his password.

Here's a brief analysis of the reasons stated by Anet, which made have led to this incident:

Purchasing gold online: My friend hasn't logged on for 7 months, and he doesn't even care about his account upto this point of being hacked. So I doubt he would purchase gold online.

Sharing accounts: He has not given his account and password away to anyone; the only exception was made is because he wanted me to retrive his account.

Third-party programs: Same reason as purchasing gold online.

Answering bogus emails: I'm not sure about this one.

Having a weak password: He uses the password that's given of the password reset option, and in a sense, it is probably weak, but how does someone else know the string of his account name?

Just to speculate, I wish that the community can discuss what is likely to be the cause of this incident. To be more frightening, once again, I want to point out that the theif did not take any of his items. What was the theif planning to do with the account? Just think about it - how many of us would stop playing Guild Wars for a few weeks here and there. Imagine one day when we come back to this game, we are being accused of botting or selling in-game gold, which results in an account termination. That is truly scary.

oracle.delphi · Apr 09, 2008, 07:32 PM // 19:32

Someone may have hacked it to use it for botting purposes, is my best guess
kinda scary i'll admit

slowerpoke · Apr 09, 2008, 07:41 PM // 19:41

The botters have probably shifted their attention to stealing more accounts since the RTM has made the old way of business difficult.

Operative 14 · Apr 09, 2008, 07:48 PM // 19:48

Considering Taiwan has been cut off from trading with the rest of the game, it makes sense to me that the now defunct Asian gold farmers, that were using Taiwan as a gateway, are now trying to quickly build their numbers up on the global districts so they can continue farming and selling their wares to their 'customers'.

As to how it could have happened to your friend, I'm at a loss. Though, the e-mail address he uses for his account name, is it just his regular hotmail account or something?

DivineEnvoy · Apr 09, 2008, 07:58 PM // 19:58

Quote:

Originally Posted by Operative 14

Considering Taiwan has been cut off from trading with the rest of the game, it makes sense to me that the now defunct Asian gold farmers, that were using Taiwan as a gateway, are now trying to quickly build their numbers up on the global districts so they can continue farming and selling their wares to their 'customers'.

As to how it could have happened to your friend, I'm at a loss. Though, the e-mail address he uses for his account name, is it just his regular hotmail account or something?

It is his regular email.

Loviatar · Apr 09, 2008, 08:07 PM // 20:07

Quote:

Originally Posted by Operative 14

As to how it could have happened to your friend, I'm at a loss. Though, the e-mail address he uses for his account name, is it just his regular hotmail account or something?

the password sent for reset is minimal for convenience in your resetting to a strong one.

most people when they register their account use their normal everyplace email out of habit.

my accounts all have serarate one place only from my isp and are the maximum length allowed for an email name at my ISP dot com also the name is a randomly generated password giving something like this.

FvysNU6wNS4SHtDfoDDyQ @ my isp . com

max password as well but that one place email name is the blocker.

as well as keeping the nastys out

software firewall from zonealarm
hardware router firewall for my little network seems to work

VitisVinifera · Apr 09, 2008, 09:10 PM // 21:10

several people, myself included, have suggested some simple security measures, which I'm sure Anet doesn't care enough to implement.

Thinks like, if someone's trying to brute your pw, your acct is locked after x incorrect tries and you are notified via email

Despite Anet's shift the blame stance, some people will lose their accounts due to no fault of their own (ok partial blame for making easy to brute pws)

*Darcy* · Apr 09, 2008, 09:23 PM // 21:23

ANet, guru and other forums have been telling people for years about the steps needed to prevent account hacks.

The problem is that no one reads the warnings until after they have set up the account. Too late to use a one-off account name email that can be discontinued.

That only leaves changing your hard-to-hack password on a regular basis as a prevention measure.

Kerwyn Nasilan · Apr 09, 2008, 11:19 PM // 23:19

If this is happening I want the ability to change my account password the old way cause the new way is just a nightmare and not worth the time.

Numa Pompilius · Apr 09, 2008, 11:22 PM // 23:22

Quote:

Originally Posted by VitisVinifera

several people, myself included, have suggested some simple security measures, which I'm sure Anet doesn't care enough to implement.

Blame where blame is due: it's NCSoft which handles support and security now.

EDIT: To the OP: unless your friend has done something monumentally silly, like logging in from a public computer, it may be that your friends email account has been compromised.

mr_groovy · Apr 09, 2008, 11:28 PM // 23:28

"If there 's a hacker here, in your neighbourhood,

Who you gonna call:

Re gi na"

Ghost busters theme melody

SerenitySilverstar · Apr 10, 2008, 12:11 AM // 00:11

Quote:

Originally Posted by mr_groovy

"If there 's a hacker here, in your neighbourhood,

Who you gonna call:

Re gi na"

Ghost busters theme melody

Cute, but...no. Now it really IS Gaile, and support.

BladeDVD · Apr 10, 2008, 12:43 AM // 00:43

Quote:

Originally Posted by VitisVinifera

several people, myself included, have suggested some simple security measures, which I'm sure Anet doesn't care enough to implement.

Thinks like, if someone's trying to brute your pw, your acct is locked after x incorrect tries and you are notified via email

Despite Anet's shift the blame stance, some people will lose their accounts due to no fault of their own (ok partial blame for making easy to brute pws)

They have a feature that makes it take longer and longer to enter a password the more times an incorrect password is entered.

This frustrates brute force password programs while not requiring support having to unlock player accounts all the time.

They are continuing to work on the problem of not being able to change your login email once it is registered with NCSoft online. This seems to be more a problem with NCSoft than ANet. Mind you, we've only heard ANet's side of that story.

mr_groovy · Apr 10, 2008, 04:24 AM // 04:24

Quote:

Originally Posted by SerenitySilverstar

Cute, but...no. Now it really IS Gaile, and support.

>.> Gaile will not attend guru any more, neither does patrick (Not on a professional lvl anyways) so it is Regina if your doing the QQ on guru

.

gone · Apr 10, 2008, 04:34 AM // 04:34

as much as I hate to say this in public, and I'm sure many people already know...passwords aren't even case sensitive...at least the one the NCsoft/anet generated for me isn't.

that is pretty sad.

zwei2stein · Apr 10, 2008, 07:07 AM // 07:07

However, point is that someones account who was not active GW player for months was attempted to be cracked.

How would attacker know who to target?

gone · Apr 10, 2008, 07:28 AM // 07:28

they don't know who to attack, or care...unless they have your info via keylogger. brute forcing just isn't fast enough. I'm sure a few have been cracked via BFing but why do it the hard way?

and yes I've read what the op said. I'm not buying it. somehow, someone got a hold of his private info. active account or not. it's prolly just pure coincidence.

holababe · Apr 10, 2008, 07:44 AM // 07:44

Nobody would be stupid enough to try and brute force a GW account.
The numbers just don't add up -> 36^8 possible combinations, even at 10^6 per second (1 million) would still take more than a month to crack.

The vast majority of accounts will be hacked through a combination of keyloggers, phishers and social engineering.

MoriaOrc · Apr 10, 2008, 08:26 AM // 08:26

Acquiring Account name:
Did your friend have a forum account on a GW fansite (Guru or otherwise)? Did he use the same email to register it? Did he display that email address publicly? That seems like a pretty good way to find likely account names to me.

Password:
I don't know how they set "default recovery passwords" since I've never had to recover an account. If they're not strong passwords, or they're easily guessable, this could be how they got in to the account. Reset passwords are usually at least somewhat strong though.

Another possibility, if someone gained access to his email account through some other means and saw GW related emails. They could have tried the same account/password (and it worked).

Does NCSoft do "Answer the Question" password resets? If the answer is easily guessed, this could also be the source of the problem.

There are always ways, though a 7 month old account isn't usually a likely target for hijacking.

zwei2stein · Apr 10, 2008, 08:53 AM // 08:53

Quote:

Originally Posted by holababe

Nobody would be stupid enough to try and brute force a GW account.
The numbers just don't add up -> 36^8 possible combinations, even at 10^6 per second (1 million) would still take more than a month to crack.

The vast majority of accounts will be hacked through a combination of keyloggers, phishers and social engineering.

Dictionary attacks have amazingly high success rate and are reasonably quick.