Hacked accounts - another possibility

There have been numerous threads here recently with tales of hacked accounts. Why is this? Well here are a few possibilities.

1. You downloaded a program from a disreputable site. This happens all the time. Kids see advertisements for free gold farming bots and other instant cheats and think Wow!! Cool!!! I can have more gold than anyone else in my guild and instantly beat all campaigns with this cheat!!!!! Such programs are just scams to get your account. If you were "hacked" this way then personally I feel that you got what you deserved.

2. You gave your account e-mail and password to the hacker. This happens when you let your cousin use your account. Your little brother. Your girlfriend. Maybe your cousin has a keylogger on his computer or maybe he got mad at you and this is his way of getting even.

3. You aren't careful with your e-mail and password. You use the same password on every site. The admins on most forums can see the password you used for the forum. If it's the same as your guildwars password then you better be darn sure that you trust your forum admins. If you've been hacked and others in your guild have also been hacked then I'd start looking at your guild forum for possible suspects or possibly a new guildie that you've been overly friendly with on TS or Vent. Someone that has asked for your e-mail address a few times.

4. Here is a possibility that has not yet been brought up on this forum (as far as I know anyways). There was a recent article about The Geek Squad being sued for stealing personal info. The Geek Squad is in most Best Buy stores and they basically are techies that can help you with computer problems. They can troubleshoot and repair most computer issues and also install new hardware/software for you. Most major electronic stores have some techies on hand that can do this. You drop off your computer at the store and they fix it up for you. However while they have your computer they also have free unlimited access to your hard drive and personal information. I'm sure most are honest, but there is also the possibility that they can steal your account info. Especially if you have your GW password stored with the shortcut. A lot of these "geeks" are gamers themselves and might take the opportunity to grab an unprotected account.

If you've been hacked, ask yourself this: Has your computer been out of your possession recently? Did a Geek Squad member or other techie use it or come to your house to troubleshoot a problem?


5. How tough is your password? A guildie of mine was recently hacked. It turns out that her password was "guildwars". Not the best choice. She learned her lesson the hard way and now has a stronger password.

Scarily enough there is also another option.

I know of at least one script that will attack multiple gw accounts. Input the user emails that you want to attempt, point it towards your word lists and let it run. Effectively a brute force script created solely for GW.

That was mentioned in 5).

Wont that be seen by Anet?

The biggest question is...why only average/bad accounts?

Why have none of the rich been hit? They would be obvious targets if these were planned attacks.

This is the song that doesn't end,
Yes it goes on and on my friend.
Some people started singing it, not knowing what it was,
And they'll continue singing it forever just because...
This is the song that doesn't end,
Yes it goes on and on my friend.
Some people started singing it, not knowing what it was,
And they'll continue singing it forever just because...



Why does it matter?

Too many people use the word HACKED. Even companies. If you give someone your password because you were TRICKED, then your account was NOT HACKED.

If you're stupid enough to download a program with a keylogger and someone gets ahold of your password, your account was NOT HACKED.

If you did nothing at all, played the game normally, and someone brute forced their way into your account, then your account WAS HACKED.

Well Malice, basically...average/bad accounts belong to average/bad players. So...really, they are gonna be easier to hack because they don't know any better. I don't imagine there are any RICH players being hacked, because they'd want their accounts safe...and would have made sure of it.

It's weird how these hacks popped up all of a sudden. Couple years ago everyone thought GW was bullet proof.

I'd love to see you actually support any of that by showing some data that provides a meaningful correlation between computer literacy and video game competency...

Bullet proof, or it just wasn't a popular enough game a few years ago to make for a useful target?

After all, a couple of years ago, there probably wasn't nearly as much to steal, nor as much of a market for those stolen goods.

I think it started when Anet okay'd TexMod, because people started thinking outside the box in terms of modding. And of course, one might assume that allowing TexMod extends outwards to other mods, in order to make certain hacks, or farm some accounts...

Yeah that has some weight to it.

There was still plenty of money around 2 years ago. I had 20-30mill back then. That isn't a lot comparedto the stacks of armbraces granted, but that kind of cash could have bought anything ingame at the time. Nothing went over 1750ecto back then. It's only since duping that things got stupid.

Texmod has never sat right with me, you know when you just get that iffy feeling? I won't go near it, not when I know what kind of people play this game and well just any online game.

Do you think that anyone who wanted to interact with the game illicitly wouldn't have been able to anyway?

The communications and the reaction of the client all happen on your own machine, and you have unfettered access to everything on your own machine. If Guild Wars can read the memory, so can you. If Guild Wars can send the traffic through your NIC, you can watch it go past.

Deducing what packets and commands to send to invoke certain actions is not hard, it just requires a great deal of patience. TexMod has nothing to do with that.

Furthermore, it's much easier to just install an existing keylogger or packet sniffer alongside a bot or other cheat than it is to create a customized version. Why would an attacker go out of their way to customize a keylogger or packet sniffer when they could use any of the innumerable pieces of malware already widely available?

What I mean is, 2 years ago there were a lot fewer players, and even fewer players with lots of money and valuables stored up. That's a double-edged sword, too: fewer people to steal from AND fewer people to eBay to.

TexMod is fine, but most don't understand that it ONLY changes textures, it doesn't modify code. So I imagine people just went ahead and hacked the crap out of the game, expecting it was okay to do.

GW accounts dont lock up after failed password entries .-.

What about that GWLP thing I read about ages ago on server emulation project for Guild Wars.
I'M NOT saying it's anything to do with this project at all but if they are still trying surely someone else thought of it for some other purpose.

Ahh found a linky to ithttp://www.guildwarsguru.com/forum/s...php?t=10205152

Believe it or not, Not everyone who plays gw knows about this site. Not everyone who plays posts on forums, and even if something bad happens they probably know not to post on this site because (A) it does no good and (B) you just get flamed/insulted if you do.

So we dont know if any rich people have been hacked or not. Maybe they have, or maybe the hackers are only going after semi-new accounts, low end accounts to reduce risk of being caught. Who knows.

Being rich in game has nothing to do with knowing how to protect yourself online. Two completely different things.

As for who is doing the hacking. I think its someone no one wants to believe. its someone with access to information, probably an admin to a site or possibly someone involved in a company behind the game. We dont know for sure, we only know what is said, and people can lie and do so often.

I'm not going to voice my thoughts on "WHO" because it would just be thrown out anyways and might put my activity on the forums at risk.

I am sorry for those of you who got hacked or are going to get hacked, if its not a result of something shady like a download program (bots, in game hacks, blah blah,) then I hope something gets done so your accounts are finally safe. because in theory we are ALL at risk at this point.

And saying you cant or wont get hacked for whatever reason is just begging for a thousand ROFL+LOL+PWNT replies if you do get hacked.

Maybe now is a good time to take a break from the game for a month or two and hope the hackers can only locate currently active accounts. Maybe everyone should email ncsoft in massm changing passwords and email addresses. maybe people should except the fact that playing an online game comes with risks, risk that should not exist but do anyways.

I'v accepted that I could get hacked or banned for no reason at any time. I dont allow myself to get to attached to anything I own in game, I keep everything customized and I only keep what I use. I sell anything worth value asap (for cheaper than normal if need be) my account is basically worthless, I spend my plat when I get it. the only thing a hacker will get from me is a bunch of useless items, some basic material from salvaging my cheapo kurz armor, and some mini's. All of which I can live without. If i do get hacked, i wont have any thing keeping me bound to this game, I will be FREE to move on and quit for good. So being hacked is both a good and bad thing for me. I dont want it to happen, but if it does, no big deal. I just bought a ps3 and I dont play it or my other pc games enough. lol.

so good luck, becareful and dont take it so serious. i understand how you feel, but in the end its only a game and not a very good one at that. It could be worse. You could be paying a monthly fee for 3 years then get hacked. your credit cards could be hacked. you could be homeless, you could be dying in the hospital, but your not. so smile, play a game, and relax.

PS: Pull my finger, it might help!

PS number 2: I farted just for you. Now my post is through, so continue the QQ.

Well, whether or not that's the root of the problem, it sure as hell don't help. I'm just glad I use an e-mail address for GW that I haven't used for anything else in four years.

All I said is I got an iffy feeling from it, I don't pretend to know what all this crap is about and I don't understand half of what you are talking about. If something doesn't sit right with me I avoid it until someone I know and trust tells me it is fine.

I'd rather exercise caution than go gung ho into something I don't understand.

This is a very easy accusation. And I am failry sure that GWG and its staff are beyong these suspicions, unless someone can bring solid and verified PROOF. Not a word, or an information leading to a doubt, but a real and evidential PROOF. While it cannot be tangible in the digital world, the educated person can see when the information is dubious.

Reality shows that the insider attack is prominent, but I cannot believe that GWG staff would turn on the GW population, not for one second. Like in the OP option 5, it is perfectly possible that ONE very specific guy is corrupt and made the terrible mistake of selling this information. You shall not at any point in time generalise this to an organisation, always mention that it can be this one guy.

This reminds me of the infamous truth about guild wars event. Words, words and more words, without any serious, solid and verified information to back it. In net-speak, this is the FUD (Fear Uncertainty Doubt) technique and it fails. Remember guys, security is about preventing bad things from happening, but protecting ourselves to the point where we become paranoid (or on the fringe of it) is actually a very bad thing (unless you're antisocial and wants to be let alone).

P.S.: there are even people spreading false rumors to take revenge on, say, having been banned for duping or another exploit. It's very difficult to assess everyone's opinion on the fact, unless we stay purely factual (and even then one can always claim that a "friend" or a "guildie" saw this and that ...).

Fansite admins/mods have no access to such information. They can only see what information you provide when you sign up.

Do any fansites require you to enter in an e-mail address?

Yes. But, your internet address used for the game shouldn't be the one used for forums etc.

It's not like e-mail address are hard to get.

Well there you go.

I'm not sure how all sites work, but as a super admin of my guild's website I can tell you this:

I can only see your email address if you allow it to be seen.

I cannot see your password.

An e-mail address is usually all it takes.

Unless things have changed overnight, you still need a password to get into an account.

How come so many of the scams involve a person simply asking for your e-mail address? See what Lyra mentioned up above, being that passwords aren't locked after failed entries. Getting the e-mail is the hard(er) part.

My email address is [email protected]

Now, hack my account!

my username for GW is no where near related to anything anyone knows of me publically.

my steam entity is also completely different.

i keep my various game accounts seperate so theres nothing to tie together and no one can social engineer to gain access to my account.

Theres only 1 other person who knows my account and i trust her with my life.

Unfortunately (or not?) I do not have the means of doing so, nor do I know where I can get a password thingamajigger (dunno what it's called). We can see what Google brings up, though.

Lyra: Is that why you never want to TF2 with me : ( ?

You Have Mail

If you play UK servers, you probably already played me and didnt know it. ;p

Every fought moi?

(Haven't been on in awhile, thanks college).

But yeah if you're on UK servers I may not have shot at you, since I'm US here.

ANYWAYS! On topic.

y doesnt anet implement a time lockout for incorrectly inputted passwords?
many other places do this, im sure it wouldnt be hard to do

if someone tries to hack an account thru brute force
anet can prevent this easily by:

after 'x' number of wrong attempts, the account is locked down for 'x' minutes, and needs to wait before trying again

I am confident enough in my password. Also, I believe GW has a system where each failed attempt results in a longer time interval before the next attempt is processed. It would take so long to hack my account that it wouldn't be worth the time invested, unless you got extremely lucky.

bingo. pure and simple. no texmod BS... good luck getting people here to believe it though. and no, i'm not saying it's those specific people, but....I have my beliefs...and i'll leave it at that.

Go to website control panel (not forum admin control panel; the site itself) go to databases, find the forum's database, (default is vbulletin for this forum software, I believe) look around, find encrypted passwords in table, record them, decrypt them (requires knowing what format they're in and finding an online or downloaded decryption tool). Voila, you have passwords. Compare to user ID to find out which is which.

So, yeah, if you enter a password when making an account on most forums, the site admins (NOT forum admins) can get it if they really want it.

I have to agree with flubber and Aussie Boy. Some of the people that were/is part of the project have used exploits to bring stuff to pre, been able to imitate a GM in game and tell people the servers are shutting down, and crash everyone one in a district. After seeing people from this project do so much to hack/ruin the game it wouldn't surprise me if they're involved in this too.

True, but most sites have such a high level of encryption that it becomes a full time job if you want to hack site accounts. Plus, one shouldn't use the same password for multiple uses. Typically, on a site like this I use a simple password, but in game and on my email and other important accounts my passwords are longer and more complex.