Does anyone know HACKER ISSUE

so far in the past two weeks 2 of my friends have been hacked that don't buy or sell gold. Don't use 3rd party programs. or any of that mess and they have been hacked and lost all their stuff.

Is there something going on like a new way of hacking or is this an inside job.

One of my friends said that in the past 2 weeks 6 of his mates have been hacked as well under similar circumstances...

Any insight would be appreciated..

I already know that you can't do anything about the problem just wondering if anyone has any idea of how people are getting hacked when they are not doing the things that would make them prone to hackers.

Any of them belong to fansites like Guru? If so, did they sign up with the same email address/password on that site as they use in the game? Some sites out there you just don't know about.

You're always "prone" to crackers. Most likely they just had easily guessable passwords and their e-mails were discovered somehow.

How were they in keeping up with their PC security. Something like a keylogger could have been dropped on, possibly from the same place if they visit the same websites?

Either that, or they all visited compromised websites which infected their computers with malware.

I'd consider sending a ticket into support to see if they could monitor the accounts in question. I don't know if the 'intruder' will dip into the same well twice, but if anet has the ability to monitor and they do come back, at least you would be saving someone else some grief.

Have they scanned their PCs since the hacking incident? Did their Virus scanners find anything?

It's likely since these are 6-8 people that know each that they all belong to the same forum that compromised their accounts. (Are they all in the same Alliance? Got an Alliance forum?) Or did they all pass around a particular e-mail attachment or program that one found and forwarded to the rest?

If you find out what caused it, let us know so we can be prepared.

No actually they aren't all in the same guild or alliance.. Only 2 of them are. And they are in my alliance the other 6 are just mates that the one guy plays with from time to time. I am in thinking that it is a site that people are visiting but I can't begin to figure out which one. I am still asking questions and if I come across anything I will let you know.

And I know for sure one of them scanned and didn't find anything on his pc.

Hmmm, probably a sit which asks for email registration. In 50% of the cases, people use the same password for EVERY account they make (Mails/games/forums, etc...)

So if you can find someone's email, you can easily hack him (Yes MSN hacking for dummies...), often 5/10 chances it's the same password as his GW account.. Huray, free ecto's...

The first check you should do (and your friends, and everyone else) is whether your password safe. It's not common knowledge, but password stealing and guessing is still a significant problem that opens the doors of your accounts to hackers.

If you shared your password with ANYONE (even mum, dad or your best friend), you're at risk. The people may not reveal it consciously, but it may be stolen from them at one point. It's the same if your password is stored unsafely on your computer. Always have the latest updates for your Operating System, have the default firewall activated and an updated antivirus software. (and pass this advice on to everyone around you, security is as strong as the weakest link of the chain so improving the security around you will improve your security)

Lastly, the strength of your password may not be enough. It should ideally: contain letters both in lower and upper case, numbers, special signs (@#$%^&*) if allowed; be at least 8-symbols long. It should NOT be: a word you can look in a dictionary, a name or date. Even the "phrase acronyms" (where you take the first letter of each word in a given phrase) is not so good, but better than the previous ones. Some people use a trick to make passwords stronger, change a letter to something that look the same: "e" to "3", "A" to "4", "a" to "@", "and" to "+". But this can also lead to weak passwords (password cracker programs have dictionaries with words like that).

Oh and NEVER, EVER USE THE SAME PASSWORD FOR 2 DIFFERENT ACCOUNTS (unless you know exactly what you're doing). But that's common sense: would you have only one key for your house, your office and your car? If it's stolen, you're in big trouble.

The best passwords can be easily generated. Even better, you can even create them and manage them from a small Password Manager utility software such as [rul=http://passwordsafe.sourceforge.net/]PasswordSafe[/url]. This application protects all your password with one "master password" (you should choose it wisely, make it strong and make sure no one but you knows it) and encrypts the password list. It can even be put on a USB dongle if you want to have your passwords with you all the time.

Here are a few password strength testers:
http://www.microsoft.com/protect/you...d/checker.mspx
http://www.securitystats.com/tools/password.php
http://rumkin.com/tools/password/passchk.php

An interesting read to start to understand how people would proceed to crack a password:
http://onemansblog.com/2007/03/26/ho...eak-passwords/
I'd also advise you to clean your computer regularly using an application such as CCleaner.

One last important thing to remember: do not let security issues make you paranoid, this could make the job of the hacker easier as paranoia can also be exploited. Reason and calm decisions are your best allies. Keep informed about the topic of securing your information and computer. Always ask questions when you don't know.

Check for:

* Fansites (the shadier, the worse it is)
* Vent/TS servers (that require registration)
* Other MMOs they play (security breach there == security breach of all your accounts if you share passwords)
* ANY other forums.
etc ..

You never know ... maybe admin of you sewing and knitting forums is GW player who would not mind extra ectoes.

Nowadays most of "hacks" are based on fact that user has same password for everything so all you need to do is to lure em to registration screen. Good old social engineering.

Tell your friends they need to stay off PORN sites. That's the easiest way to get a backdoor keylogger trojan virus and never even know it. Plus really going to ANY website that is not an OFFICIAL one is subject to doing the same. Just because everyone is using a site doesn't mean it's legit either.

Funniest I've seen lately: the hacker leaves a USB dongle on a table, at a public event, someone grabs it (greed and curiosity FTL!), plugs into his computer and a spyware is installed! (you can read the equivalent penetration testing story here)

It's old as man, but the lesson is that most people don't learn lessons. People still learn by the broken-then-repair method. And fortunately for us, the risk is moving away from personal data to corporate resources. But still, people hack.

Another opportunity to remind everyone of the GWG phishing attempts:
http://www.guildwarsguru.com/forum/announcement.php?f=2

It's just a game .

Tell your friends they can get their accounts back if they still have their CD keys. Send the Keys to Support and they'll reset the passwords so you can go back to playing.

OR!

They all lied and were with the group of [117]

I wonder if they got hit with the disconnect please input your login information popup box after the disconnect? I've gotten these before and found them very suspicious since the way I logon would not require these popup boxes asking for your login information. I bet that is what they got hit with. Never ever input your login information in a popup box after a disconnect. Always go completely out of the program and use the folder .exe icon or your shortcut whichever you use.

Oh. I remeber it happening with CDs couple of years ago (autorun was one of worst ideas in windows) usually labeled so that it would look like they contain pirated version of latest hot movie.

It was quite bad when it happened to one major computer related mag cover cd over here.

You're wrong because: 1) there are legitimate GW windows asking you for your password after disconnect; 2) a pop-up not inside the GW window (even in full screen mode) should be visibly different. (I may say as 3) that there's never been such a scam reported) As clearly stated in the GWiki:
http://gw.gamewikis.org/wiki/Reconnect_After_Disconnect
Following reconnect, you will need to reconnect to the friends server in order to use whispers in the in-game chat window. You will be prompted to re-enter your password.

Suspicion is both the basis of a sound approach to security and the slipery slope leading to paranoia.

That's it!! Arena net stole your stuff!!!11!1!!11.... LOL

Srsly you guys.. you guys, srsly

What sort of idiotic operating system is still running arbitrary code on removable media without an explicit request by the user to do so?

Oh... right... Redmond's.

I don't think it's still the case in Vista. External peripherals are treated as totally untrusted by default. It was about time!

(let's not start the Windows-Linux war on this thread, this would defeat the point of trying to improve the security... and yeah, people should try Ubuntu )

Bad thing is, vistas "its dangerous, proceed?" dialogs are everywhere and do good job at teaching people to simply press "okay" button asap without thinking.

There is no point in secure system if user can't take advantage of it.

They can take advantage, they just won't because it's a hassle.

There are three things you can have in computing with our current standards and hardware:

1. A completely unobtrusive computing experience.
2. Security.
3. Functionality.

You can have any two simultaneously. If you have a secure, functional system, you have to manage it yourself on some level in an intelligent way. If you have a secure system that you never have to think about, it's because it doesn't do anything. If you have a functional system that you never think about, it's not going to be secure.

I've argued for years that the arguments over which OS is "more secure" are a waste of time because the main problem with security on home systems anymore is a social and education problem, not a technical one. There was a time when you could foist most of the blame on Windows, but now there are lot of groups keeping Microsoft on its toes and honest about patches, and Windows is shipping with plenty of capabilities for securing a home system. People just don't know about patching and firewalls and how to pick an effective anti-virus tool, and they don't care to learn, and the first time any of the above inconveniences them, they just turn it off.

Prime example: it was just too much work for some people to put a CD in their drive and manually launch an installer, so to save a few clicks we got "autoplay" which promptly turned into an enormous virus distribution system. Yay...

Why... yes... I am in IT and I do find my users extremely frustrating from time to time... why do you ask?

i wish it was that simple for one of my mates.. But unfortunately the hackers sold gold from his accounts in the process of him trying to get in touch with ANET and they banned both his accounts.

The other they took all his stuff and deleted all but one of his toons.

Account wide titles ftw Thats what I keep pushing for but some people can't figure it out. Individual character titles get lost if deleted. Atleast if they get there accounts back they would have only lost weapons, money, armor. Plus even more benifits of account wide titles. It's a bit off topic but I just wanted to point it out.

Another question is that have they linked their account to PlayNC? They at least used to have weak security and hackers got their information from their server (while you have to give your account's e-mail and password to them when doing purchase, i.e. char slots).

Anyone have an update to said problem btw? I'm burning to get at least one more char slot and create a dervish I'm missing from all 10 professions. Is it safe to link your account to online shop in these days?

If that is true ...... I'm done!

bull shit they were hacked. after playing GW for two years I have never heard or anyone's account actually getting hacked. these people that cry about getting hacked are usually just idiots that downloaded a keylogger or gave someone their password. Fail less at the internet and you get to keep your account.

I have to concur. Of all the "hack" attempts I know, they were:
- Sibling walking by logged in account, deleting the characters, stealing stuff
- Spyware/keylogger, installed through a third-party application, usually pirated one
- Using a widely known e-mail/password
- Giving account info around guild mates

There was one incident where use of forum and plaync sites did reveal some information, which in several rare cases was used to steal accounts. This is long gone history though.

But outside of that incident, there hasn't been a single confirmed case of someone simply brute forcing their way without some "help" from account owner.

I've also been told you can get keylogger virus trojans from downloading free music and movies from 3rd party sites even like Kaza and Napster. I think many people download stuff all the time that they have no clue what is inside the program. I only download from official patch sites and rarely goto 3rd party sites like this one (yeah I'm trusting them with my data), but, GW doesn't have an official site and I've always been kinda picked by that. Forcing us to goto 3rd party sites to give feedback. I personally think that's pretty lazy service by not providing an official SAFE site for us to visit and give feedback.

That's the role of the official GuildWiki. I even found the list of GW mods!

could someone from Anet advise why we are not allowed anymore to use special symbols in password when we ask to change current one?

I believe this reduces a lot the strength of the password and really made me curious when i read it...

Uh huh and how long has that official Wiki been available? Certainly not since the beginning of GW and not even until nearly half of last year was gone. I do like the official wiki though, but, it took it's own sweet time coming and an official forum should have been put up as well. I find official forums more beneficial than 3rd party ones.

I perfectly understand Anet's stance on the topic of forums: look at GWG, there is A LOT of interesting stuff and very helpful people (it even has the equivalent of the auction house). But when it comes to Anet's business and decisions, it's mainly about QQing (if you agree too much, you quickly become Anet's fanboy and end up in the thread bin). Look at the recent case of the 117s, Gaile came on the thread to clarify issues and was met with very harsh comments. Yet she continues to come here and give information. (I've noticed that GW online's forum seems more calm and less PvP, in the sense of people trying to "win the thread" as in I'll fight you to death...)

And the official GW wiki actually has discussions on the various points. You can talk to the devs. What more would you want?

This would be my guess! Biggest concentration of keyloggers, vira etc. anywhere ... or so I've been told! ... Obviously never visited any of those sites myself! ... Actually I never heard about those sites before now! ... In fact,- what is porn? Never heard about it! *goes off in search of a halo to polish*

Blunt but Truth.

Yep, some people seem to lack a common sense. If you left your back door open, they will come.
-_-......lol

i agree, the 13 digit alphanumeric passwords we are allowed to create is hardly up to date security. but its no reason to panic either, if our password is as secure as ncsoft allows us to make it, a brute force attack would still take 1 billion years - on a really cheap pc, on a really good one maybe only a million or a thousand years
its much more likely that an actual hack would happen via 3rd party software on the system or social engineering.

and some people seem to like to lie about being hacked. maybe they were running a bot on their second account and got banned for it, or they got scammed out of a stack of ectos and don't want to admit to their stupidity, or they are simply using it as an excuse to quit the game.

Only partial truth, but truth nevertheless I'll admit.

The other side of the truth is "naive users", who use passwords simple to guess or share them with friends and family. There's been so many stories like that.

I'm not saying the OP didn't install 3rd party programs, I'm just giving a more objective opinion than the, indeed, blunt "you shouldn't have install anything".

Give your advice and just leave it like that, that's what years of forum-ing has told me. Discussion can go in one thousand directions, most of which (but not all of course) lead nowhere.

I use to think so about that too, but then I read somewhere that it was ok and now I just do it. I've never had a problem with hacking (knock on wood). Just don't use any 3rd party programs with gw and change your password to something that would be very hard to guess.

/fail

To some of us this really isn't funny...