PSA: Windows flaw = WoW accounts vulnerable to hijacking
Within the past week, two people in my guild have had their accounts hijacked (passwords changed, inventory stolen). Others have posted on our server forums that they were 'hacked' as well. I had written it off as account sharing gone bad until I came across this BBC News article:
I've heard reports that a stolen WoW account is now worth more to hack than getting a credit card number, as mentioned by this BBC report.
Gold prices are over $200 per 1000g now, assuming the hackers sell it to gold resellers for half that, that's a hefty profit if you hack a level 70 account with even just a few hundred gold on it.
Getting your account hacked sucks--I'm not really sure what there is to discuss though.
Can't these problems be avoided by using Firefox and keeping up to date with the Windows security fixes?
Firefox does not make you immune to this particular exploit. Fact is, if you run Vista Firefox is actually more vulnerable (this has got to be a first) as IE on Vista runs in protected mode with virtually no privileges. Yes, Windows update will protect you here.
The only reason I can think of for not having Windows update on all the time on a home machine is if you have a pirated copy and are afraid of black SUVs pulling into your driveway after letting MS connect to your machine. That fear is unfounded by the way as there is no published case of anyone getting busted for trying to patch a stolen home copy.
Firefox does not make you immune to this particular exploit. Fact is, if you run Vista Firefox is actually more vulnerable (this has got to be a first) as IE on Vista runs in protected mode with virtually no privileges. Yes, Windows update will protect you here.
The only reason I can think of for not having Windows update on all the time on a home machine is if you have a pirated copy and are afraid of black SUVs pulling into your driveway after letting MS connect to your machine. That fear is unfounded by the way as there is no published case of anyone getting busted for trying to patch a stolen home copy.
Well, you simply can't patch a stolen copy, at least by normal average user means. MS insists on having your software validated before it will allow you to patch.
Originally Posted by Apate
Zyla, International Man of a Certain Standard.
Originally Posted by Wraithlin
What have you brought to this discussion? The usual vacuous and contentless tripe that you contribute to these forums - no more and no less.
Well, you simply can't patch a stolen copy, at least by normal average user means. MS insists on having your software validated before it will allow you to patch.
Only for certain patches (like IE7); autoupdate is less picky. Also, WGA can be disabled for anyone to varying degrees of success.
From Microsoft's standpoint, why should they protect you if they stole their software? You didn't pay them for the service. It makes sense business wise, but it also allows pirated windows machines to be zombie computers to launch other spam and attacks from.
This vulnerability was open for several days before Microsoft patched. The advisory was posted on March 30th and was actively being exploited before then. Microsoft patched April 3rd (which was unusual, it was an out of cycle patch). Even being up to date with all your patches may not save you if you happened to browse a compromised site before Microsoft released the patch.
Active firewalls that block outgoing connections (such as ZoneAlarm and Microsoft's Windows OneCare Firewall) do help this since the exploit would trigger them and you can deny them access to upload your information somewhere.
Only for certain patches (like IE7); autoupdate is less picky. Also, WGA can be disabled for anyone to varying degrees of success.
*cough* MUBlinder *cough*
Yeah, that does look pretty nasty, if you dont mind me asking though how much success have the guild members in question had with getting their items/gold back from blizzard?
The one shaman we had lose his account got nothing but his char with only his healing gear. They basically reset his password and that was it.
Originally Posted by missiletoad
I get enjoyment out of constructing buildings out of my fries and demolishing them with my chicken nugget army as I make monster noises. But you people. You people are FREAKS.
From Microsoft's standpoint, why should they protect you if they stole their software? You didn't pay them for the service. It makes sense business wise, but it also allows pirated windows machines to be zombie computers to launch other spam and attacks from.
It really depends on the severity of the exploit. For example XP Service Pack 2 was really a new release and could have easily been sold as XP Second Edition. But they wanted everyone to have those security enhancements so they gave it away. For less critical patches they started to put on the screws in recent years.
A few months ago before TBC I hired a powerlevel firm (peons4hire, lol!) to power level my wifes toon, she wanted to play TBC with me but didn't want to re-level 1-60. This was on a seperate account with no other chars so I didn't care much, peons charged $120 for 1-60 then, which was worth the cost to me. I'd keep an eye on the farmer playing, they pretty much played 15 hours a day until level 45. Then suddenly they didn't login and had changed the password, and also tried changing the email address (fortunately that requires a validation from the current email holder).
It was easy getting the account back via forgot-password/etc, turns out the peons had stripped the char, sent all the gold somewhere else (I assume), and then deleted the character. I petitioned a GM, said I got hacked, etc, etc. It took nearly 6 weeks to get the character back and it came back naked, level 45, and with 10g - I know it had at least 150g before then, but I didn't really care.
I was pretty safe, I paid with paypal (credit card) and filed a chargeback, got my money refunded and wrote it all off as an interesting experience with China powerleveling services. I talked briefly with a GM who was handling the investigation, he said they get swamped with thousands of these and essentially have a HUGE queue to deal with it, and usually by the time they get to a specific character they can't do much other than restore the name/race/level, as the item history is long since backed up and purged.
So pretty much assume nowadays if you ever get hacked, you might get your char back but it'll be naked or near-naked and some random amount of cash will come back, and it'll take weeks. The old days of getting a full restore with enchants and everything is long since past I think, unless Blizzard decides to tackle dev solutions to address char rollbacks. Times like these are especially bad, I imagine there are at least 100,000 reported hacks right now. It gets even worse if the person who got your account botted/speedhacked/etc, as that can trigger a account ban for hacking which is very difficult to reverse.
(and before some retard thinks about reporting me for hiring a PL, my WoW sub is cancelled and I doubt i'll ever play again. just sharing what I thought was an interesting story)
It's interesting that they would investigate your account and restored the character given that it was powerleveled and any sort of investigation into what happened to your stuff should have revealed that.
I hadn't known, until this weekend, anyone who'd used a PL service. I found out this weekend that a friend of a guildy, who joined the guild on a new paladin when TBC hit, got to about level 50, then vanished, didn't actually vanish by choice- he was banned for hiring a PL service (he's now transferred across his hunter so he can re-join us). He told me that he never had any other infractions on any account: he just got insta-banned when they caught the power-leveller.
It's interesting that they would investigate your account and restored the character given that it was powerleveled and any sort of investigation into what happened to your stuff should have revealed that.
*snip*
He told me that he never had any other infractions on any account: he just got insta-banned when they caught the power-leveller.
It's not only incredibly easy to detect PL services (oh look, Character X is being logged on from Chinese and North American IPs, hmmmmm!), but I'm sure some of them use programs like Glider and teleport hacks, that Warden will notice.
Whatever GM dept handles item restorations probably doesn't handle the banhammer, and likely doesn't have access to stuff like IP/connection logs as a result. Unless you're suspected of being naughty, nobody's going to look at that stuff.
It's not only incredibly easy to detect PL services (oh look, Character X is being logged on from Chinese and North American IPs, hmmmmm!), but I'm sure some of them use programs like Glider and teleport hacks, that Warden will notice.
Whatever GM dept handles item restorations probably doesn't handle the banhammer, and likely doesn't have access to stuff like IP/connection logs as a result. Unless you're suspected of being naughty, nobody's going to look at that stuff.
8 million accounts make this sort of thing hard to notice, I'd imagine.
"There is much pleasure to be gained from useless knowledge." - Bertrand Russell
8 million accounts make this sort of thing hard to notice, I'd imagine.
If only some mythical hero, some... Oracle, perhaps, could invent a magical device for storing and managing large amounts of data. I'm sure, if such a magical "base of data" existed, that someone could make an appropriate sacrifice to the Oracle and find out many interesting trends and statistics.
Seriously, come on. You think they're not tracking this stuff?
he was banned for hiring a PL service (he's now transferred across his hunter so he can re-join us). He told me that he never had any other infractions on any account: he just got insta-banned when they caught the power-leveller.
Far more likely is that the powerleveling service was botting or teleporting or the like to help with the process. Things like dealing in gold or account sharing tend to get you a relative slap on the wrist if it's a first offense. Any sort of third-party program will cost you your account.
Our guild's most geared rogue woke up this morning to a stripped character and 0 gold
We'd never had a hacked account in WoW 1.x (probably helps that we don't have a culture of account sharing, even the guild bank was on the GM's account and accessible only to him). Really rams home the need for all of us to keep up to date on security.
If only some mythical hero, some... Oracle, perhaps, could invent a magical device for storing and managing large amounts of data. I'm sure, if such a magical "base of data" existed, that someone could make an appropriate sacrifice to the Oracle and find out many interesting trends and statistics.
Seriously, come on. You think they're not tracking this stuff?
The way GMs and Account Specialists handle information is all compartmentalized - unless your issue is elevated to someone higher in the chain, your average peon "account specialist" can access one area, and one area only. Item Databases, log on databases, IP databases, and so on. This is basically a safeguard to prevent exploitation and to be able to curtail any possible insider influence in the game.
So pretty much assume nowadays if you ever get hacked, you might get your char back but it'll be naked or near-naked and some random amount of cash will come back, and it'll take weeks. The old days of getting a full restore with enchants and everything is long since past I think, unless Blizzard decides to tackle dev solutions to address char rollbacks. Times like these are especially bad, I imagine there are at least 100,000 reported hacks right now. It gets even worse if the person who got your account botted/speedhacked/etc, as that can trigger a account ban for hacking which is very difficult to reverse.
cancelled
Actually a few weeks (perhaps a month or so now) back our warrior class lead (as well as one of the server's top jewel crafters) was hacked. He logged in to nothing. No cash, no bank, no equipment, nothing. He had piles and piles of JC mats as well epic level 70 blacksmith gear, teir 3/4, all fully enchanted and socketed. Gone. He paged and talked to a GM etc. etc. They locked him out of his account while his case was being investigated and when he got it back everything he had was restored as if he had never been hacked. All sockets, enchants, cash, bank inventory everything back. This all happened inside of 2 weeks iirc. This may be an exceptional case, but perhaps blizzard has improved their tracking/restoration of "hacked" toons. It's hard to say as it's usually a case-to-case basis and what GM you happen to deal with.
Last edited by sovelis41 : 04/10/07 at 2:49 AM.
Reason: Quote effed up
Actually a few weeks (perhaps a month or so now) back our warrior class lead (as well as one of the server's top jewel crafters) was hacked. He logged in to nothing. No cash, no bank, no equipment, nothing. He had piles and piles of JC mats as well epic level 70 blacksmith gear, teir 3/4, all fully enchanted and socketed. Gone. He paged and talked to a GM etc. etc. They locked him out of his account while his case was being investigated and when he got it back everything he had was restored as if he had never been hacked. All sockets, enchants, cash, bank inventory everything back. This all happened inside of 2 weeks iirc. This may be an exceptional case, but perhaps blizzard has improved their tracking/restoration of "hacked" toons. It's hard to say as it's usually a case-to-case basis and what GM you happen to deal with.
Same thing happened to one of my guild's officers. Funny thing is, he actually got hacked twice in the span of a weekend. Two Fridays ago, he logged in and got disconnected repeatedly until he finally got a wrong password message. (While this was going on, a couple people online in the guild witnessed his various characters logging in and out sequentially.) So he reset his password and logged in to empty characters. He reported the hack, took some measures which apparently were not sufficient to remove the keylogger on his machine, and things were quiet over the weekend. Then, on Monday night, his characters started sequentially logging in for a few seconds each. I think about seven or eight people called/texted/IM'd the guild leader (his wife) simultaneously, and she was able to reset his password immediately and stop the repeat attack.
The day after that (yes, a whopping five days after the hack) he had everything restored to all of his characters. All his money, all his items, and all his gear, including gems and enchants. Go Blizzard, apparently.
If your advice is simply "use firefox", congrats, you are at best ill-informed, and at worse stupidly overconfident in your ignorance. Either way you should shut up and listen.
Firefox has a lot of useful addons that you can apply to build a much more secure browser and network setup, although likely at the cost of some of your convenience. I personally run several and consider it to be an acceptable tradeoff. This is in conjunction with other programs designed to ensure security, and even I don't consider my system foolproof.
Vanilla Firefox however does NOT make you safe, not even close. Unmodified just about the only notable thing it prevents is unsigned ActiveX being run without your consent, which isn't the only attack vector being used to launch keyloggers and trojans anyway.
The best advice you will ever get to protect your account, your computer, and the time and money put into them is spend some time learning about basic browser security. It doesn't take a degree in mechanical engineering to understand basic hazards when driving a car, nor do you need to be a software engineer to grasp the basic ways your computer WILL be attacked.
I'm not even close to being an expert in this, but the experts write, its the Internet ffs, go read what they say. Odds are it will save you thousands one day. The value of information on pcs, and the complexity of the attacks used to steal that information are only going to escalate.
Yes, it does suck that people lose WoW accounts to this, I've watched it happen to several guildmates already with varying degrees of losses.
04/09/07, 12:47 PM
Similar Threads
