Log in

View Full Version : Account 'Hackers'


Bunneh
04-01-2010, 10:18 AM
A friend of mine, a GM of a guild had his account fucked over recently, I use the term 'hacked' as it's a more commonly used term, but he was likely keylogged. I don't know if he had an authenticator, or what his security was like; I don't believe he was as paranoid as I was. Whilst I abhor people who do this to other peoples' property what I don't get is what they did next.

They strip him of all his armour, all badge/token stuff, which can't be sold or DE'd. They then ransacked the guild bank and left it with nothing. Next, and the worst thing is they actually kicked everyone out of the guild... What Is The Fucking Point? They've got the gold, can't they just fuck off back under their rock.

I hated these people before but now I'd be more than happy to see them all lined up against a wall and shot. I'd also suggest we did the same to gold buyers too, they're the fuckers who are helping proliferate this trade.

Grrr

Faylin
04-01-2010, 10:32 AM
"Lined up and shot" is maybe a bit out of proportion for a videogame isn't it?
I know you probably don't mean it literally, but still, no thing to make fun of.

Sema
04-01-2010, 10:49 AM
Exactly this happened to Volition when the guild was still active on Shadowsong. And our GM was a paranoid bastard when it came to security and still got keylogged (most of the antivirus programs recommended by Blizzard was unable to detect it in that case).

It doesnt really matter how anal you are about your account security, there is ALWAYS a risk of losing it.

Tarasn
04-01-2010, 01:09 PM
I didn't think much of too much security of my account since I was playing for about 3 years and nothing happened.

Then one day. I log on and everything was gone. I was also a GM of a high end raiding guild at that point so all of my 6 chars + guild bank + a guild bank with a rl friend was stripped from all its content.

After it happened I of course was kicking myself for being so sloppy about not being prepared for what could happen. Basically concluded that a script on some site got me logged and did a full clean up.

I got a new anti virus recommended by a few friends, I don't use Internet Explorer anymore (Firefox with Keyscrambler and NoScript) and I got myself an authenticator.

The worst wasn't really that all of my things/my guild bank(s) items was gone. It was more the fact that you go through a lot of hassle to retrieve your account again, make sure you get everything/gold back and the panic rushing through you every time you miss type your password when you log in :).

Can only recommend getting an authenticator. Either a normal one or for the hip people with them Iphones'n'stuff.

Edit: Oh ye, I got every single item/gold back and luckily the gm's were very swift and helpful and it only took a couple of days to get everything back.

Turiel
04-01-2010, 03:17 PM
There is no reason to not have an authenticator. Period. You can get it free for almost all phone models.

I have less sympathy nowadays for people who get hacked because it IS preventable. It still sucks, and while its not your fault that you got hacked, it is your fault to an extent for not having the proper precautions. Everyone knows nowadays that you can't use a computer without having an antivirus on it - now people have to realise you can't play WoW without having an authenticator.

Llort
05-01-2010, 12:47 PM
I have an antivirus on my PC... although it is switched off by default :P I only scan files I don't trust.

You should be fine, as long as you don't do stupid things. Don't click some kind of .exe/ .bat Always show file extensions.
Don't click on strange links on websites.

Don't use internet explorer :-/

Oh, and an authenticator will help too of course ;-)

dantheman
05-01-2010, 03:17 PM
Never had any problems in 5 years of playing. No Authenticator, no Anti-virus. I use Firefox and the odd Spybot scan.

Metakerk
05-01-2010, 03:37 PM
After reading too many of these threads, I decided to get myself a mobile authenticator last night. My phone isn't supported, but carrier is. Had a go with this (http://deathcoil.net/authguide.html) and it's running smoothly.

Bunneh
05-01-2010, 04:13 PM
5 years of WoW, admittedly I was careful but I did download quite a bit via Torrents and used the mod sites frequently. I didn't get keylogged or exploited once and back then my passwords were pathetic. As of this moment my mate hasn't heard from Blizzard yet. It just seems so pointless to gkick everyone...

AngelSakura
05-01-2010, 05:09 PM
He should call blizz instead of e-mail them.
that's way faster. I got hacked last summer and called them. had all my stuff back within 4 days
________
Mazda G Platform Specifications (http://www.ford-wiki.com/wiki/Mazda_G_platform)

Llort
05-01-2010, 06:44 PM
heh, not had a problem since vanilla wow day 1....

And I don't *just* download a *few* torrentz *-). I also frequently visit sites like astalavista.b*x.sk

Borwin
07-01-2010, 12:36 PM
I just try to wait with downloading new keygens for uuh stuff. Its mostly keygens/cracks that I've found trojans in, and sometimes antivirus can't find them because they are so new. I agree though, you are not 100% safe without the authenticator.

Vegelus
07-01-2010, 01:38 PM
And you're not 100% safe with one too, anyway.

Turiel
07-01-2010, 03:40 PM
And you're not 100% safe with one too, anyway.

How not?

Its a one-time-use key. So if you use it to log in, even if a keylogger grabs it that very second and tries to use it, they won't be able to.

It's pretty much 100% safe as far as I can see.

Vegelus
07-01-2010, 03:55 PM
How not?

Its a one-time-use key. So if you use it to log in, even if a keylogger grabs it that very second and tries to use it, they won't be able to.

It's pretty much 100% safe as far as I can see.
Don't know about that one-time-use. How your authenticator would know that key was already used? If your authenticator turns off and you turn it on again the same time, there is high chance you'll get "old" key again. It's "use" window is much longer that one second, it's at least 5.
Well, even if it's possible to use key once again in that timeframe, good luck with that.
But, if you are sure that once used key will be rejected by server, even if it's still ok, then yea, you're right.

Turiel
07-01-2010, 04:07 PM
Its not the authenticator itself that controls one time use, its the server. I.e. you can get the same number on the authenticator but the server will reject it if you used it already.

Tested this myself (unintentionally) by getting DC'd straight after connecting, so I had the same key and I had to wait till the authenticator gave me a new one.

Kryptonix
07-01-2010, 04:25 PM
Its not the authenticator itself that controls one time use, its the server. I.e. you can get the same number on the authenticator but the server will reject it if you used it already.

Tested this myself (unintentionally) by getting DC'd straight after connecting, so I had the same key and I had to wait till the authenticator gave me a new one.

Confirmed.

If I log into my two accounts with the same code, only one of them will make it to the character selection screen.

Turiel
10-01-2010, 12:22 AM
Looks like they're considering making authenticators required, which is fine as then they'd have to include them free in Cataclysm. Would solve account hacking overnight.

imigrid
10-01-2010, 06:26 PM
All my characters are currently deleted after a recent hack.
Very funny indeed.

Bunneh
11-01-2010, 10:02 AM
Sorry to hear of your loss Imigrid :( I don't see why they delete the characters. Take the gold, take the stuff you can sell, but why fuck someone's work over? Assholes.

Incidently my mate got his account sorted, got most of his stuff back and is busy trying to rebuild the guild. Here's hoping they do include an authenticator with every bought copy of the expansion. I have the one for mobile phones and when I was playing it did a great job.

Gwynin
11-01-2010, 11:54 AM
I have 2 accounts (main and alt/bank accounts) and for some stupid reason I never activated/added the 2nd authenticator I had for the alt/bank account, couple of months ago I suddenly see my alts logging on and off while raiding ToC10 with the main.

Within the 10 minutes it took me to notice this and quickly change passwords and add the damn authenticator, they managed to clear out all chars of their golds even chars I havent played for years on other servers.

Thankfully the GM team sorted me out within roughly 1 days, got everything back and even a few extra greenies on the bank alt..

Never found any nasty stuff on the pcs where I play wow on tho, so cant say where the keylogging or whatever did happen tho.

Still Im saying that getting hacked is a proof of foolishness and in most cases directly caused by stupidity and shouldnt reward any pity whatsoever, this also applies to me and even more so since I still dont know where the security breach was :D

Rhidon
11-01-2010, 12:25 PM
Looks like they're considering making authenticators required, which is fine as then they'd have to include them free in Cataclysm. Would solve account hacking overnight.
That's a fantastic idea of them, and the additional manufacturing costs would compensate very likely with the current staff cost needed for the restorations.

There does however seem to be a bottleneck with the manufacturing of the devices. Especially when they were introduced, Vasco was notoriously behind schedule crafting the tokens requested by Blizzard.
Assuming Cata will be released in roughly 7-8 months they'll need to step up production right now for the many million retail units the expansion will no doubt sell on day one.
Not saying it's impossible, but it'll be quite a challenge for Vasco to do such a huge rollout.

Flawless
11-01-2010, 12:38 PM
I dare say Cata will be out sooner, with the last major content patch already out I can't see it having the legs to last 8 months.

Ordered my authenticator on friday due to this thread, thought 6 would be worth it vs. the hassle of getting hacked.

Theory
11-01-2010, 01:35 PM
Looks like they're considering making authenticators required, which is fine as then they'd have to include them free in Cataclysm. Would solve account hacking overnight.

Would be a good thing, yet I'm not waiting and ordered mine.
third hack in a long time, this time all honor gold and gear gone, except my tanking set :x sucks

imigrid
13-01-2010, 12:56 AM
I dare say Cata will be out sooner, with the last major content patch already out I can't see it having the legs to last 8 months.


Unless you noticed a confirmation i didnt, i really doubt that the last major patch for wotlk is out yet :P

TBCs last patch was 2.4, and i dont see any reason why they wouldnt include an afterstory once this patch is done with. Like they did with TBC.

Turiel
13-01-2010, 01:28 AM
There was a blue post saying 3.3 would probably be the last content patch before Cataclysm. And 'probably' is as close you get to a confirmation in Blizzard land.

I can't find the original blue post, but there's articles all over the place repeating what the blue post said.

Tiberus
13-01-2010, 03:33 AM
Protip: Don't format the phone you use with a mobile authenticator before deactivating it. Going to be spending some time on the phone tomorrow with Blizzard I think -_-

Theory
13-01-2010, 06:06 AM
There was a blue post saying 3.3 would probably be the last content patch before Cataclysm. And 'probably' is as close you get to a confirmation in Blizzard land.

I can't find the original blue post, but there's articles all over the place repeating what the blue post said.

Yet sunwell was known about, but never knew when. What "afterstory" would you suggest / preffer then?

imigrid
14-01-2010, 03:31 PM
I have a few possible scenarios in mind, but nothing i could talk about witouth spoiling.

Flawless
14-01-2010, 04:30 PM
Blizzard felt not having Illidan as the final boss was a poor choice when he became just another boss to farm, I can't see them doing another major raid after Arthas in Wrath.

Vegelus
14-01-2010, 04:36 PM
Blizzard felt not having Illidan as the final boss was a poor choice when he became just another boss to farm, I can't see them doing another major raid after Arthas in Wrath.

Almost whole story about Sunwell and Kil'jaeden was already in game waiting to be finished by that patch. Is there any story after Arthras' demise to be continued?

Jimmy the Necromancer
14-01-2010, 05:44 PM
Seeing as how the possible release date for Cataclysm is somewhere around late August, and Heroic 25-man Lich King coming out in the end of February, I'd expect there to be at least another patch with a super-hard-mode boss from the Kosmic Krew involving Archimonde/Kil'jaeden (both used) and Sargeras.

Involving Sargeras would actually be a logical step, seeing as how Aegwynn is still alive, Medivh is somewhere in a space/time distorted nether region, and Thrall is the upcoming Guardian of Tirisfal. We may not see Sargeras defeated, not even close, but he could very well (incoming hypothesis on story) very powerful minions to murder the weakened Aegwynn, thus freeing the Guardian spot and would require it be filled. Thrall has yet to participate in the Wrath of the Lich King storyline, and so has Wrynn.

I could go on for hours, but I'll patiently wait for Senex or anybody lore-inclined to elaborate a more sensible theory.

imigrid
14-01-2010, 11:42 PM
Quote from Nethaera commenting on a poster complaining about draggin out the storyline.
That said, there is a lot of story that is still being explored and left to explore. To diminish that story to only being about Arthas and the Lich King is a bit short-sighted. There are many prominent figures in the lore and many stories and stories within stories to be told.
Link: http://blue.mmo-champion.com/1/22418943079-arthas-is-defeated-but-bigger-things-coming.html

Im not sure what to make of it, but it gives me a feeling where are not quite done in northrend after Arthas.
Altho IF there is gonna be an afterstory, i would prefer it has something to do with Arthas in some way.

Turiel
15-01-2010, 02:41 AM
This post was in relation to further expansions, mainly that Arthas was only the most recent villian and there were far more (and worse) ones than him in the Warcraft universe.

Believe me, we're done with Northrend :P

dantheman
15-01-2010, 12:38 PM
Maybe Malganis might pop up.

imigrid
15-01-2010, 07:46 PM
Nah im just waiting for Kaelthas to come back.

Ring0
16-01-2010, 04:21 AM
Involving Sargeras would actually be a logical step, seeing as how Aegwynn is still alive, Medivh is somewhere in a space/time distorted nether region, and Thrall is the upcoming Guardian of TirisfalIf there's going to be any new content in Northrend after Lich King hard mode, which I doubt, it's either going to be a tie-in for Cataclysm, like other Dragonshrines in Wyrmrest Temple opening (would be nice), or it will be tied in to the Lich King fight event, which I won't spoil on here but can be easily found if you want to.

I think this is pretty much it for this expansion though. Been quite a ride. Can still hope for underground Azjol'Nerub or upside-down Karazhan raids though.

Flawless
16-01-2010, 01:54 PM
Maybe Malganis might pop up.

Q. Will Mal'ganis have any involvement in patch 3.3?
A. He will continue to menace you in Culling of Stratholme. Smiley


zing!

From the blizzard developer chat on blizzard

Vegelus
21-01-2010, 03:06 PM
Back on topic:

If you see craploads of cheap flasks on AH or trade, well, those might be our (around 400 flasks). Seems one of our guildies been hacked. Funny thing: he has an authenticator, keyloggers and hackers monitoring their stuff ftw.

Turiel
21-01-2010, 03:38 PM
Lol I stocked up on flasks yesterday cause they were half the price of normal. Doh! (edit: Horde though, so I guess thats ok)

But I find it hard to believe he got hacked with an authenticator? As posted earlier in the thread, they are one time use keys so no amount of keylogging can get the proper password+key combination.

Llort
21-01-2010, 03:47 PM
Lol I stocked up on flasks yesterday cause they were half the price of normal. Doh! (edit: Horde though, so I guess thats ok)

But I find it hard to believe he got hacked with an authenticator? As posted earlier in the thread, they are one time use keys so no amount of keylogging can get the proper password+key combination.

Unless someone cracked the keys of them authenticators. Which is a doable-thing

Turiel
21-01-2010, 04:27 PM
Each one is unique though with a different sequence. They'd have to not only break it but figure out which account out of the 10 million its tied to. Seriously that's not going to happen.

Flawless
21-01-2010, 04:27 PM
I was under the impression each authenticator has a unique encryption key, rather than one global one. Which seems pointless to crack one for one account.

Vegelus
21-01-2010, 05:25 PM
Well, someone else brought this nice idea: use keylogger to get login, pass and auth key. Emulate sending them to Blizz, send them to hacker instead. Block WoW's ports so client can't connect to the server, or send some message, like "wrong password" or immidiate "disctonnected". Voila, you have unused login, pass and key. And a small timeframe to use them.
Doable?

Turiel
21-01-2010, 05:44 PM
If the client can't connect to the server there would be no point at which the user is asked for the key.

And you can't modify the client to fake-ask for something.

ber
21-01-2010, 06:47 PM
Face it Vegelus, your guildie didn't get hacked. He/she just sold all the flasks because he/she can't be arsed to grind gold and made up a story which you bought instantly.

I vote for guildkick.

Vegelus
21-01-2010, 07:21 PM
Face it Vegelus, your guildie didn't get hacked. He/she just sold all the flasks because he/she can't be arsed to grind gold and made up a story which you bought instantly.

I vote for guildkick.

Haha, well, he's one of the most poor ones. But I'd rather see him doing this drunk. He was so drunk once that he fell asleep in the middle of ZA timed ;).

But on the topic, I still think it is possible to fake some generic data packages on login to be able to retrieve unused login/pass/key while telling WoW client (and user) that he did something wrong/got immediately dc'ed. And it's not that hard, if you have installed software with enough administrating rights. Blocking ports, looking and hijacking some data packages, sending some fake responses/requests (which are easy to get/emulate, take private servers for example). The most difficult thing is to get login/pass/key quick enough to be able to use them to get access to hacked accoun.
And you know, goldsellers want more easy and cheap gold.

Turiel
22-01-2010, 08:17 AM
Here's how you check.

If the GMs replace stuff, then he wasn't on an authenticator.

If they don't replace anything, then he did it himself.

It would surprise me that this was the first account in the world with an authenticator to be hacked. And this exact same authenticator system is used by banks, government, and large networks. They don't get hacked (by keylogging one time use keys), and are much more valuable targets.

I'm going to call bullshit.

Ring0
22-01-2010, 04:27 PM
So many fallacies in those arguments.

Still, I call bullshit as well.

ber
22-01-2010, 04:54 PM
I'm going to call bullshit.

I call bullshit as well.

Welcome to the club, fellas. Slowpoking a bit with figuring it out, but hey - still way ahead of the majority!

Vegelus
22-01-2010, 09:46 PM
Oh well, moar bullshitz incoming then.

I've googled a bit today. Seems there were few hacking accidents with authenticators involved.
First one is quite old, and a bit fishy, seems it involved hacker calling Blizzard and using his social skills (and/or knowing the owner). Last report from WoWInsider, with mostly all needed links is found here:
http://www.wow.com/2008/08/05/authenticator-failure-revisited-blizzard-responds/
Second one, well, happens in Europe and never got blue's response:
http://forums.wow-europe.com/thread.html?topicId=10711183739&sid=1&pageNo=1
Funny and interesting things start at the second page. Guy claims that hacker logged on his account even after getting authenticator (not that silly mobile software, real one). Tho all hacks after first one or two are quite interesting. Like I've wrote earlier: no blue response. Tbh I don't think they would leave such topic unanswered (and/or undeleted) if it wasn't true. I've got on track of this one while reading silly mmo-champion thread:
http://www.mmo-champion.com/general-discussions-22/world-first-authenticator-hack/105/ (link to wow-europe forums is on last page, 3rd from bottom atm)
And according to this person, at least 8 hacks on accounts secured with authenticators were confirmed at that time (but this is the part of the information I don't rely on tbh). BTW this thread has posts with easier method of getting your login/pass/auth key data: wow-a-like website that were already posted in this thread. For some people (I'd say non english speaking (or ones that with weakly skills) one are the most vulnerable) those mails and might look ok.

Those are the two most confirmed hacks on accounts with authenticators I could find in about 10 minutes. And if you search a bit more, you will find more links to claims that account with authenticators addes have been hacked. But as those aren't on official forums, I don't bother with posting any links.

As for my friend? Well, his son was using his accounts too. And it seems his system was infected with some keyloggers or other shit. He contacted Blizz, will see what happens and if this was a bullshit. Personally? Well, I trust him. He's always been ok.

As for authenticators and any type of tokens. Well read this old blog:
http://www.schneier.com/blog/archives/2009/09/hacking_two-fac.html
Modyfing "Man in the middle" you'll get method I've described earlier.

Conclusions?
1. Tokens/Authenticators really make things safer.
2. Safer only from currently the most stupid ways of getting someone's account data. But they really aren't 100%. Stupid (or ones that don't know how to use internet) people are never save. And as always, not only security becomes better. Every security will be hacked/cracked/whatever.
3. Blizzard won't confirm that authenticators can be hacked/used by hackers so easily. No one would do that tbh.

Btw it seems that goldsellers found another way to anger people. Keylog those that still don't have an authenticator added. And then add one to their account. Looking from US posts it's quite popular these days:
http://forums.worldofwarcraft.com/thread.html?topicId=12890946439&sid=1&pageNo=4 (that's only one of many threads).

Deng
22-01-2010, 11:36 PM
First of all hi to the Shadowsong community. The server brings memories.

But back to the topic:

There are serveral confirmed man-in-the-middle attacks to the one-time-passphrase (also used by tokens) authentication method. It's much safer (and much more pain in the ass for the goldsellers) but still vulnerable to some extent.

http://en.wikipedia.org/wiki/Securid#Theoretical_vulnerabilities will give you some light on the subject.

Turiel
23-01-2010, 04:41 AM
I'd point to the section name "Theoretical Vulnerabilities".

I'm not saying its impossible (its not) but m-i-m attacks I just can't see being within the resources of the goldsellers at this time.

Ask him to put his Core Hound Pup in trade window. Just to see if he does have an authenticator attached.

Mangwold
23-01-2010, 06:23 AM
I have been playing this game since beta, and i have never been hacked ( knock on wood ) But i still recently bought an authenticator - not to be able to ignore security and feel safe and click on every link..etc, but as an extra safety, just in case :)

If you keep your computer up to date with antivirus/spyware firewall-programs and win update itself, and dont open dodgy exes or go to strange sites, well, you have a really low probability of being hacked even without an authenticator id say.

But id advise everyone to get an authenticator anyway, just to be sure(er) :)


/Mang

Deng
23-01-2010, 07:55 AM
I'd point to the section name "Theoretical Vulnerabilities".

I'm not saying its impossible (its not) but m-i-m attacks I just can't see being within the resources of the goldsellers at this time.


It's a multi-million dollar business. What lack of resources you speak of? Ever read this? :)

http://www.1up.com/do/feature?cId=3141815

Vegelus
23-01-2010, 09:27 AM
But id advise everyone to get an authenticator anyway, just to be sure(er) :)
/Mang
Yea, but current the most important reason is the same as with battle.net accounts, before Blizzard made them mandatory. Just read last link in my previous post.

Oh, and Deng reminded me about some hack/exploit/bug/whateva that Blizz is aware of: you CAN use one key more than once. You can find more on EJs (it requires multiple wow accounts on one battlenet account so it's not used in hacks but shows that it isn't perfect solution, sadly).

imigrid
23-01-2010, 10:39 AM
Ye my account is currently hacked with an authenticator added by the hacker, too bad it takes several weeks for blizz to start fixing it atm.

Not at all worried about it tho, at least the chinese bugger gets to have food on the table for another day beacuse of it i suppose.

Turiel
23-01-2010, 12:54 PM
It's a multi-million dollar business. What lack of resources you speak of? Ever read this? :)

http://www.1up.com/do/feature?cId=3141815

I know it is, but that's nothing compared to the multi-billion dollar other criminal organisations who have problems pulling it off (with regards to banks and corporate networks that use the same type of security).

Deng
23-01-2010, 02:40 PM
I know it is, but that's nothing compared to the multi-billion dollar other criminal organisations who have problems pulling it off (with regards to banks and corporate networks that use the same type of security).

You don't use that in banking. In banking you authorise every transaction, not just the logon process (or at least you should). Imagine World of Warcraft where you have to type authenticator key and password every time you get something from the guild bank, disenchant gear, buy on AH etc. Then it would be similiar and kind of useless for gold farmers.

If you use one time passphrase for the logon process only it's very easy as pointed earlier by Vege in this article - http://www.technologyreview.com/computing/23488/page1/

As for the WoW logon process - it can be automated once you have the user/password/token key (and that can be received immediately after you type the info). It's not that they have to do anything special - they don't have even to sit around.

Vegelus
28-02-2010, 02:21 PM
/Bump:

http://www.mmo-champion.com/news-2/authenticator-accounts-hacked-icc-quests-crimson-deathcharger/

from Blizz:
After looking into this, it has been escalated, but it is a Man in the Middle attack.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

This is still perpetrated by key loggers, and no method is always 100% secure.
Told ya.

Goonerr
28-02-2010, 02:31 PM
If people didn't use stupid, retarded passwords which are vulnerable to brute force or rainbow table cracking then they wouldn't get their accounts hacked.

Learn to use secure passwords, and don't go to any dodgy websites, or if you must then make sure you have a decent security system like ESET for example.

There is absolutely no reason anyone should get hacked, unless they do something stupid or use easy passwords.

Vegelus
28-02-2010, 04:02 PM
Yes, cause any kind of password makes any difference in man in the middle attack type.
You could start reading, before spewing all those posts, Gooner ;<.

Goonerr
28-02-2010, 04:42 PM
Don't click on any links then if you are sent links via email or such, allways manually type the URL in your browser, this way you will avoid any.
MITM attacks.

Never click a link you do not recognise and don't go through links such as Tinyurl, and if you do get a "Click here" image button in your email, inspect the URL behind the image, and if it is legit, manually type it instead of clicking the image.

Just as a side note, if you are using wireless at home, make sure you are not using WEP, anyone in your street can crack it in under 5 minutes, its crippled with security flaws, update your system to use WPA2

Theory
28-02-2010, 04:55 PM
Just as a side note, if you are using wireless at home, make sure you are not using WEP, anyone in your street can crack it in under 5 minutes, its crippled with security flaws, update your system to use WPA2

this is why i have free internetz in my complete street

Goonerr
28-02-2010, 05:04 PM
this is why i have free internetz in my complete street

You would hate to live in my street, my linux box is set up to send out thousands of fake SSID's.... muahaha :)

Turiel
28-02-2010, 06:38 PM
I eat my hat.

Metakerk
01-03-2010, 04:06 PM
http://letitb*****roflroflurl

It's really working cheats (GM-modification). We liked it!

Heh, nice post in this topic.

Turiel
01-03-2010, 04:22 PM
Epic.

Theory
01-03-2010, 05:57 PM
You would hate to live in my street, my linux box is set up to send out thousands of fake SSID's.... muahaha :)

Evil ><

Goonerr
01-03-2010, 06:45 PM
Evil ><

:) its called FakeAP if you wanna try it
you can download it here

http://www.net-security.org/software.php?id=259

Theory
01-03-2010, 10:19 PM
:) its called FakeAP if you wanna try it
you can download it here

http://www.net-security.org/software.php?id=259

thanks definatly going to try it. :)

YuanTi
02-03-2010, 05:50 PM
Got hacked today for the first time in my 5 year wow gaming period,i had a fairly strong password,both antivirus and firewall up and running.
After several checks i've yet to come up with any search results so i'm concluding that it can't have been something on my end,i've run spybot,spyware doctor,spyware search and destroy,norton antivirus and mcafee antivirus,nothing has shown up exept a few tracking cookies.

Only thing i'm missing is the authencicator.

So,to whomever my toon Blackfaith might have been insulting during the time it was hacked ,it was'nt me..the bastard emptied every toon i had ,sold all the gear and took out everything it could withdraw from my guild's guildbank,likely 10-20k gold worth of mats.

Waiting for a gm to respond to my ticket now

/sadface on

Goonerr
02-03-2010, 06:31 PM
If you answer yes to any of the following questions then you are at "High" risk of being hacked.

1, Do you play wow at a internet cafe or any social area such as library, cafe, games shop... etc.

2, Do you use a retarded password such as "password123".

3, Do you visit dodgy websites to download files including programes such as Limewire, (4chan, porn, hackin.g) ... etc

4, have you ever bought gold, power leveling or items ( they store your account name in a brute force cracking name file )

Its even possible you have been phished without knowing by clicking a fake link in an email or on an un-official website.

There are others ways such as packet sniffing if you are on a wireless network but its highly unlikely unless you have pissed off a computer geek that happens to live in the same city as you.

YuanTi
02-03-2010, 08:19 PM
If you answer yes to any of the following questions then you are at "High" risk of being hacked.

1, Do you play wow at a internet cafe or any social area such as library, cafe, games shop... etc.

2, Do you use a retarded password such as "password123".

3, Do you visit dodgy websites to download files including programes such as Limewire, (4chan, porn, hackin.g) ... etc

4, have you ever bought gold, power leveling or items ( they store your account name in a brute force cracking name file )

Its even possible you have been phished without knowing by clicking a fake link in an email or on an un-official website.

There are others ways such as packet sniffing if you are on a wireless network but its highly unlikely unless you have pissed off a computer geek that happens to live in the same city as you.

1:no
2:no
3: who has'nt :P but very rarely do i ever download anything i don't have too download.
4:never


it took em 5 years so i'm concluding i'm fairly safe but i'm also concluding that this can happen to anyone,yes,anyone!

Sylfide
02-03-2010, 09:55 PM
Porn sites are just a cover up for hacking geeks wow accounts!

Goonerr
02-03-2010, 10:16 PM
Well, if you use a secure password and i mean a password which looks like "J78PpO300l7".... its almost as good as impossible to crack, a password which consists of dictionary words is fairly weaker.

Turiel
02-03-2010, 11:13 PM
You're missing special characters in that password.

Bunneh
03-03-2010, 11:14 AM
He could have used the quotes :P

mmm that seemed funnier when I first typed it. These tablets make my head fuzzy...

Jimmy the Necromancer
03-03-2010, 12:41 PM
Waiting for a gm to respond to my ticket now

/sadface on

If you wait for more than 3 days make a new ticket kindly reminding them to reimburse your items.

I got hacked, waited a week, got annoyed since they said "a couple of days", made a ticket, got everything within 15-20 minutes.

YuanTi
03-03-2010, 04:01 PM
got it ll back now so i'm fine:)

Coven
08-03-2010, 04:00 PM
got it ll back now so i'm fine:)

I think that's half the problem, it's like insurance fraud, there's "no real victim." All you lose is a few days of gametime, but it all gets reimbursed. Those that do it will be like "...I'm keeping my babies fed, all they get is a couple of days inconvenience and I'm the bad guy?!"

The only way to stop it is stop buying gold and/or power levelling services.

Sylfide
08-03-2010, 05:59 PM
Its just not going to happen. People still pay real money for Diablo2 items...

Bunneh
13-03-2010, 12:05 PM
Holy crap, my Aion account's been compromised! *panic panic*

Oh wait, I don't have an Aion account. Christ these account thieves need to realise I play Everquest 2 instead...oops...

Belina
13-03-2010, 03:39 PM
hmmm had that Aion account thingy to -.- was thinking wth... since i dont play it or own it.
But got load of spam mail from *fake blizzard* telling me that my chars was been watched for illigle trade`ings, spams, gold buying etc.
At fist i got alittle worried and called blizzard about it, since i got hacked once before.
but account is still in good standing.. umh w00t ever that means.
I get spams like that 10times aweek the last month.
bloody presictent little bastids...

when they ask you to log in to the account page, it looks like
account page before you change in to battle net.
and the http adr is long and strange.
so becarefull.
call blizzard insted then clicking on mails and get d00med.

*worldofwarcraft*
*Norply@*
*blizzard*
*blizzardnet*
*accountteam*
*wowworld*
etc etc
this are just some of the names you need to look after on mails

Rokky
21-03-2010, 03:30 PM
I keep getting the spammed aswell, it's actually so fucking annoying *rages* :p

Bunneh
21-03-2010, 05:54 PM
3 mails today, both from various blizzard.com addresses. :P

Skepta
21-03-2010, 08:04 PM
I get a stupid amount of these everyday, I've never been silly enough to fall for anything of the sort - yet somehow the cunts have cleaned my account out twice since TBC launch.

/sadface

Rokky
21-03-2010, 10:34 PM
3 mails today, both from various blizzard.com addresses. :P

Only 3? You're lucky, I get 3 in about 30 secs :p that's why I never go on my emails now lol.

Bunneh
22-03-2010, 08:15 AM
Noes, NCSoft have told me that I have failed to pay for my account...oh wait I don't have one. Fucking moronic account stealing cunts!

Safe to say they have our addresses from this forum :P

Turiel
22-03-2010, 08:32 AM
Well, you have made your MSN address public after all. Account emails aren't public.

Bunneh
22-03-2010, 09:25 AM
I know, it is my own fault :) It could actually be form other places too, used the same Hotmail addy with a few other WoW forums too. I ain't fussed anyway, just felt like throwing a sponge ball around.

Vegelus
31-03-2010, 09:13 AM
Oh hai, launcher hack:
http://blue.mmo-champion.com/1/12947099646-launcher-hacked-photo.html

Bunneh
16-04-2010, 11:17 AM
Pretty obvious this one...

When we carry out a routine check when the account, we have evidence to show that your account has been involved in the disputed transactions.
So we have to inform you visit our website( //wow-e-mail-blizzard.*** ) fill out some information to facilitate our investigation.

If you can not tie in with our soon we will have to temporarily lock your account.

Sincerely,
Blizzard, Inc.
Copyright @2010 Blizzard, Inc. All rights reserved.

Address edited so no one clicks on it.

SoniqBoom
16-04-2010, 11:45 AM
Pretty obvious this one...



Address edited so no one clicks on it.


lol yeah I got that one too, blatently obvious due to the grammar etc

i get his one nearly everday talk about spam....

Greetings,

An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:
WoW -> Legal -> End User License Agreement
and Section 8 of the Terms of Use found here:
WoW -> Legal -> Terms of Use

The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.
In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage:
//battle.net/account/support/xxxxxxxxxxxx

Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Sincerely,


Account Administration
Blizzard Entertainment

Bunneh
18-04-2010, 11:15 AM
Getting them every day now only via Hotmail though. I just squeal in glee as I report it as a phishing scam. Where's the Eve account scam? Not got one yet *grump*

Gwynin
19-04-2010, 07:04 AM
Ive got both City of Heroes, Warhammer, EVE and Conan scam mails, which considering Ive never played those games is quite entertaining :)

Nixxar
20-04-2010, 08:39 AM
Well, I never found those account hackers smart enough to do anything usefull. It's always terrible spelling/grammar with such weird requests.

As in the Blizzard EULA or something: A Blizzard employee will never ask for your accountname, or password.

So people filling it in, are pretty stupid :). And those that get keylogged, get a proper virus scanner and download an authenticator to your mobile phone. Safest you can get tbh.

Llort
20-04-2010, 09:31 PM
I've just found out, that if you have an Android phone (HTC Desire in my case) you can get the Authenticator App for free through Android Market. O.-

Jurgan
20-04-2010, 09:58 PM
... bastard... I ordered a physical Authenticator nearly weeks ago now and the wee shit hasnt arrived yet.

Vegelus
20-04-2010, 10:04 PM
... bastard... I ordered a physical Authenticator nearly weeks ago now and the wee shit hasnt arrived yet.
Just wait till any of those with mobile one will upgrade software/system on their phone. Authenticator's S/N reset with call/e-mail to Blizz after that is a sure thing, most of times ;>.

Erendira
21-04-2010, 05:44 AM
I ordered my authenticator about 5-6 weeks ago, had to call last week and ask what was going on, they said they sent a new one wich would arrive in a few days, still waiting =(

Llort
21-04-2010, 12:07 PM
I ordered one for a friend of mine, two weeks ago, arrived last thursday (livin' in the netherlands)

Nixxar
23-04-2010, 09:17 AM
Just download one for your phone, cheaper, easier, always with you so no one can even get to your account ever! :)

Bunneh
02-07-2010, 11:55 AM
NECRO!

Been getting a lot of these lately, along with the usual plethora of 'you has won free epic mownt'

http://www.shadowsongeurope.com/forum/picture.php?albumid=9&pictureid=90

Coven
02-07-2010, 01:26 PM
NECRO!

Been getting a lot of these lately, along with the usual plethora of 'you has won free epic mownt'

http://www.shadowsongeurope.com/forum/picture.php?albumid=9&pictureid=90

You mean, you're getting dodgy GM /w in game? lolz - "...erm, if my account has been suspsended, how comes I'm chatting to you right now, in game?"

If anyone falls for that they almost deserve to be key logged! Mind you, lots of kids play and they can be green...

Bunneh
02-07-2010, 03:20 PM
There was a guy in the old guild I was in who got a message via MSN that his account had been banned. He was absolutely sure it was a Blizzard GM, even though he'd never given them his MSN address. Some people just don't grasp things as well as others.

Hannibal
06-07-2010, 11:11 AM
I don't see why they delete the characters. Take the gold, take the stuff you can sell, but why fuck someone's work over?

I guess it's so Blizzard are forced to spend more time on restorations and less time on solving the problem. Still doesn't quite add for me though, but then nor does any of their business model so I'm obviously missing something.

zaldim
07-07-2010, 01:41 PM
little more then 1 week ago i noticed i was hacked, use 2 accounts so had to send 2 requests for gettin them back.
first account i got back in about 3 hours.
second account im still waiting on an answer, allready send 3 emails to blizz:S

Bunneh
14-07-2010, 10:13 AM
Well I got close last night I can tell you. I was trying to get hold of Decursive mid raid, so I went to Curse which was extremely slow. Just below that there was a 'decursive.org' so I assumed, stupidly it was the official site. I clicked the download link and Kaspersky went insane! 'GameStealer Trojan' Weewooweewoo! Stay away from that site!

Done a complete scan, nothing's appear since Kaspersky grabbed it and immediately slammed it in jail, then deleted it. I'm watching what's going on and have run AV and Spybot checks a few times.

Just shows how easy it is to be caught out and how much I'd like to shoot every single one of the account thieving twats in the head with a cattle gun.

Coven
14-07-2010, 11:27 AM
...a cattle gun.

Gatling gun ftw!

Rosa
16-07-2010, 07:33 PM
Well I got close last night I can tell you. I was trying to get hold of Decursive mid raid, so I went to Curse which was extremely slow. Just below that there was a 'decursive.org' so I assumed, stupidly it was the official site. I clicked the download link and Kaspersky went insane! 'GameStealer Trojan' Weewooweewoo! Stay away from that site!

Done a complete scan, nothing's appear since Kaspersky grabbed it and immediately slammed it in jail, then deleted it. I'm watching what's going on and have run AV and Spybot checks a few times.

Just shows how easy it is to be caught out and how much I'd like to shoot every single one of the account thieving twats in the head with a cattle gun.
Lol just downloaded decursive through the curse application...

Flawless
16-07-2010, 08:08 PM
This thread is just full of paranoid, people who can't install adblock and noscript, and false positives. True story, no anti-virus is perfect.

AND TEH CURSE APP IS FULL OF TEH VIRUS!!1!11!1 I INSTALLED AND GOT HACKED AFTER I CLICKED ON FREEVIGRA HERE.
/rant.

Bunneh
16-07-2010, 08:55 PM
/pat Flawless. Wanna borrow my tinfoil hat?

Bunneh
11-02-2011, 01:31 PM
Got this this morning and it made me chuckle.



Recently, the problem of account invasion is getting worse and worse which cause enormous player's equipments and virtual currency stolen. This severely damages the benefits of mass players, also causes our company lose a lot of customers.

Our company has to adopt some measures to safeguard our common benefits in order to strengthen the safety of mass players'accounts, and firmly resist the account to be stolen again.Through our company's research and investigation to xxx customers,we will make the following decisions: we launch a package of updated Battle.net Mobile Authenticator and dynamic code protection card which can effectively prevent the accounts invaded. We will send this package of code protection system to players free of charge.

Please open this connection: url removed

If your account passes the check successfully, we will send this package of dynamic Battle.net Mobile Authenticator to you in the form of e-mail.

In 3 days after you receiving the e-mail, if you don't submit your information, we have right to freeze your account, every player is obligated to protect the safety of the account. You must work together with us to be determined to crack down all the behaviors of destroying games.

If you had already authenticator your account, please disregard this automatic notification.

Regards,

The World of Warcraft Support Team
Blizzard Entertainment

Gwynin
11-02-2011, 03:23 PM
I get alot of those, all of em on the email I use here :P

And most of em are quite fancy and entertaining, the number of really shitty ones is rising tho :/

SoniqBoom
11-02-2011, 03:33 PM
get 2-3 of those per day + various others, only one has ever nearly caught me out and that was a recent one which looks extremely authentic (has the bnet background and logo`s and everything) advertising authenticators etc luckily I ALWAYS mouse over any email links to see where there directed too, So I saw it right away.

funnily enough Ive just started getting these spam mails on a new email addy i set up specifically to make an account for my kids for playing Need for speed world..
it has been used for nothing else.

Talsin
11-02-2011, 06:09 PM
Never had any problems in 5 years of playing. No Authenticator, no Anti-virus. I use Firefox and the odd Spybot scan.

yeah well, if there is nothing to get why bother :P

but yeah also don't forget you can now set ranks up as GM with authenticator only so you know your officers have one set up.

Sinistera
12-02-2011, 11:42 AM
it still boggles my mind why they aren't selling authenticators with their boxed version or hand out a free download for the mobile phone auth application when purchasing the digital version of Wow

Turiel
13-02-2011, 06:19 PM
It was something a lot of people expected, for an authenticator to be boxed with Cataclysm. But I guess then you piss off all the people who bought one already, and they're paying for it again.

Gwynin
14-02-2011, 08:33 AM
I do like how I get "account warning" etc etc emails for games I have never played, oh noes they are gonna ban my WAR/Lotro/the mmo with wings account :D

Bunneh
26-02-2011, 11:16 AM
I thought the last one was pathetic but this one, wow... I haven't changed the formatting to reflect how shite it really is. Anyone falling for this shite must need their eyes checking. Also seems my Aion account is going to get banned, as is my Lineage 2 (does anyone play that gold faming shite any more?) aaccount, nooooo...

Dear Blizzard Customer,

Your Account have been created purpose of defrauding other Customers.
As the account holder,Your prompt attention to this matter is greatly appreciated(Visit

address removed and Log in to your account and sign an agreement, promise that similar

incidents do not occur).

Else, we will lock your Account.

If you encounter any problems or have any questions, our Customer Support department is
ready to help, around-the-clock, seven days a week.

Customer Support:
E-Mail: wowaccountadmin@blizzard.com
Phone: 0800-892-1630
Fax: 0800-892-1631

For further information, log in to your account at https://www.blizzard.com

I sorry mista blizzard do not ban mi accunt plz i r good boy and will not du it agaun.