I just caught a hacker... - Guild Wars Guru archive powered by Guild Wars Legacy

Jetdoc

Hell's Protector

Join Date: Jul 2005

The Eyes of Texas [BEVO]

D/A

13 May 2008 at 02:43 - 1

Don't mess with Jet.

I was in the middle of Alliance Battles, and got kicked out. I got the old "lost internet connection" error message.

So, I close out of the program, and try to log in. And my password had been changed.

I went to support, and couldn't find where to change the password.

Then I logged back in and saw the magic "reset password" button.

Changed it (about 5 minutes had elapsed), and logged back in with my new password. The character I had been using had "magically" used all 47 Zaishen Keys in my storage. But the hacker hadn't gotten the chance to sell the items.

So, I have an inventory full of 47 items, and nothing missing. Looks like I caught that mutha just in time.

Justice for all the hacked!

UPDATE on May 13th:

Here's the response I got from Support when I filed my ticket (at Regina's request).

Quote:

Thank you for contacting us regarding this matter. Dealing with a hacked account is terribly frustrating, and can leave a victim with a feeling of sincere vulnerability and loss. We have constructed this document to help players get through this situation, as well as to empower you to take action on the individual(s) responsible.

Please understand that NCsoft only considers a "hacked" account to be the unauthorized access of an account resulting from the criminal act of distributing and propagating a keylogger, Trojan, or other computer virus. We do not recognize a "hacked" account to be the theft of items resulting from any sort of account sharing, trading, or selling. Please remember that the integrity, security and interactions of characters on an account are the sole responsibility of the account owner, and not NCsoft's. Additionally, we do not return any items that are missing as a result of hacked/stolen accounts or having been accessed by another person. Owners are responsible for maintaining the confidentiality of their password and security of their account at all times.

The act of writing and distributing malicious code is a criminal act, one that the police will often investigate. A victim will need to contact their local authorities in order to report this activity. Because the actual crime was committed on the user's system, and not a system owned by NCsoft, we cannot file such the report on behalf of the user.

During the investigation, police will likely need to contact us with a subpoena request to identify and track down the perpetrators.

Once we receive this information, we will then proceed to review the account history and pursue the individuals responsible. If there are any additional questions or concerns, or if there is anything else that we may be able to assist with, please let us know and we will help as soon as possible.

It sounds like they won't do an "offical" investigation unless I file a police report and the police issue a subpoena.

Interesting official response, to say the least.

Neo Nugget

Site Contributor

Join Date: Jan 2006

R/

13 May 2008 at 02:48 - 2

That's interesting,and a little nerve wrecking.... sucks ya got hacked. But did you get anything good out of the chest he opened?:P

Haskell

Ascalonian Squire

Join Date: Oct 2007

13 May 2008 at 02:48 - 3

*Hey look at me i'm stupid enough to get tricked and am proud of it.*

/doh

Jetdoc

Hell's Protector

Join Date: Jul 2005

The Eyes of Texas [BEVO]

D/A

13 May 2008 at 02:49 - 4

He actually had decent luck...

Other than the standard 25 firewaters/brulees and 5 normal tomes, he also got around 20 golds.

Not a bad ratio.

Bront

Wilds Pathfinder

Join Date: Feb 2008

Honored Order of Light

W/Me

13 May 2008 at 02:50 - 5

Odd that they would use your keys and not simply pass them to a new character instead.

HuntMaster Avatar

Wilds Pathfinder

Join Date: Feb 2007

Around

Pillar's of Earth [ROCK]

W/

13 May 2008 at 02:50 - 6

awesome! Hopefully anet will handle his/her ass. Perm ban + chopping block for all hackers!

Sorry it almost happened to you, But good job!

So you didnt lose anything? I hope you didnt! Thats freakin awesome that you foiled his plans.

lets just hope anet handles this. its getting stupid. actually is beyond stupid, no one should have to constantly worry about being hacked.

Jetdoc

Hell's Protector

Join Date: Jul 2005

The Eyes of Texas [BEVO]

D/A

13 May 2008 at 02:51 - 7

Quote:

Originally Posted by Haskell

*Hey look at me i'm stupid enough to get tricked and am proud of it.*

/doh

How exactly did I get "tricked"?

I didn't sell my account (or buy any accounts from anyone), I've never bought gold, I've really never done anything out of the ordinary. No bots, no text mod, nothing...I'm a purist.

Haskell

Ascalonian Squire

Join Date: Oct 2007

13 May 2008 at 02:52 - 8

Quote:

Originally Posted by Jetdoc

How exactly did I get "tricked"?

I didn't sell my account (or buy any accounts from anyone), I've never bought gold, I've really never done anything out of the ordinary. No bots, no text mod, nothing...I'm a purist.

Then you would not get "hacked" how people like you call it. I mean, there are many, many ways...

HuntMaster Avatar

Wilds Pathfinder

Join Date: Feb 2007

Around

Pillar's of Earth [ROCK]

W/

13 May 2008 at 02:52 - 9

Quote:

Originally Posted by Haskell

*Hey look at me i'm stupid enough to get tricked and am proud of it.*

/doh

Wow that was uncalled for. Maybe hes the hacker and hes pissed off! LOL!

poasiods

Krytan Explorer

Join Date: Apr 2008

R/

13 May 2008 at 02:55 - 10

The title is deceptive. You didn't actually 'catch' a hacker.

Inde

Site Contributor

Join Date: Dec 2004

13 May 2008 at 02:56 - 11

Haskell,

If you have been following the last 2 weeks, there are a number of accounts that have been "hacked" into and items stolen. This is a widespread problem. Anet stated that last time it was someone from Germany using 2 different computers to do it. It looks like he's back. I'm not sure anyone's account is protected at this time.

Jetdoc

Hell's Protector

Join Date: Jul 2005

The Eyes of Texas [BEVO]

D/A

13 May 2008 at 02:58 - 12

Quote:

Originally Posted by Haskell

Then you would not get "hacked" how people like you call it. I mean, there are many, many ways...

You see, I'm a picture perfect case for the security flaw that A-Net is encountering. I seriously haven't done anything remotely out of the ordinary...I'm actually a bit paranoid about such items.

If Regina or anyone else from A-Net happens upon this, I'd love to chat with you about what just happened.

Very odd, a bit nervewracking, but at least I know what to do if someone tries it again.

holababe

Jungle Guide

Join Date: Dec 2006

Goon Squad [LLJK]

Mo/

13 May 2008 at 02:59 - 13

I fail to see how you caught a hacker

Shai Lee

Krytan Explorer

Join Date: Aug 2006

Somewhere

13 May 2008 at 02:59 - 14

We don't feel safe. I wonder if Anet will make any type of changes to their security to remedy that perception/feeling.

Jetdoc

Hell's Protector

Join Date: Jul 2005

The Eyes of Texas [BEVO]

D/A

13 May 2008 at 03:00 - 15

Quote:

Originally Posted by holababe

I fail to see how you caught a hacker

No, I didn't apprehend a hacker. That's virtually impossible to do.

But I did stop the hacker while he was in the middle of his theft. Not sure if I could find a better phrase for it other than "caught in the middle of the act"...

Haskell

Ascalonian Squire

Join Date: Oct 2007

13 May 2008 at 03:01 - 16

Inde,

if you can't handle your adverts and people use outdated versions of Browsers with old versions of 'Adobe Flash'; don't use plugins like 'No-Script'; work with admin-permissions under Windows (...) then that's their problem, as said before.

V E R A T T A

Lion's Arch Merchant

Join Date: Mar 2006

N/

13 May 2008 at 03:01 - 17

looks like you got 47 x 5 points added to your zaishen title track, how nice of him to start that title for you.

Inde

Site Contributor

Join Date: Dec 2004

13 May 2008 at 03:01 - 18

He "caught" a hack in action everyone. In other words, the hacker was in progress of selling his items but he was able to log in and stop it.

fenix

Major-General Awesome

Join Date: Aug 2005

Aussie Trolling Crew HQ - Event Organiser and IRC Tiger

Ex Talionis [Law], Trinity of the Ascended [ToA] ????????????????&#

W/

13 May 2008 at 03:02 - 19

Quote:

Originally Posted by Haskell

Inde,

if you can't handle your adverts and people use outdated versions of Browsers with old versions of 'Adobe Flash'; don't use plugins like 'No-Script'; work with admin-permissions under Windows (...) then that's their problem, as said before.

Read Inde's post, you're pretty wrong. It's not the normal 'hacking' (trojans, etc), it's ACTUAL hacking.

Mesmer in Need

Forge Runner

Join Date: Mar 2006

[ToA]

13 May 2008 at 03:03 - 20

Lol as soon as i opened this thread, my Norton Antivirus scan started running. My computer is paranoid for itself lol. Grats for catching him before did any major damage.

MisterB

Furnace Stoker

Join Date: Oct 2005

Planet Earth, Sol system, Milky Way galaxy

[ban]

W/

13 May 2008 at 03:03 - 21

Congratulations on safeguarding your account. Keep it up.

TPike

Lion's Arch Merchant

Join Date: Jan 2008

Pennsyltucky

The Imperial Gaurds Of Ascalon [TIGA]

E/

13 May 2008 at 03:05 - 22

Quote:

Originally Posted by Inde

Haskell,

If you have been following the last 2 weeks, there are a number of accounts that have been "hacked" into and items stolen. This is a widespread problem. Anet stated that last time it was someone from Germany using 2 different computers to do it. It looks like he's back. I'm not sure anyone's account is protected at this time.

I know I haven't been following the forums the past 2 weeks.

Today I was ABing for the 1st time in over a week & all my $$$ is gone, I didnt even look to see if ZKeys were missing (only had 2).

Jetdoc

Hell's Protector

Join Date: Jul 2005

The Eyes of Texas [BEVO]

D/A

13 May 2008 at 03:05 - 23

Quote:

Originally Posted by Haskell

Inde,

if you can't handle your adverts and people use outdated versions of Browsers with old versions of 'Adobe Flash'; don't use plugins like 'No-Script'; work with admin-permissions under Windows (...) then that's their problem, as said before.

My computer is less than a month old. I've got the latest and greatest browser. I have the latest version of Adobe Flash. And no, I don't work with admin permissions under Windows...I have a separate login under Vista to do so that has a separate password.

No, I don't use any plugins...not sure if that is part of the problem.

garethporlest18

Forge Runner

Join Date: Jan 2006

[HiDe]

W/

13 May 2008 at 03:10 - 24

Okay so everyone who's ABing stop Abing right now because apparently he's doing it through AB.

I'm tired of this BS people need to stop being bastards and leave our damn shit alone. Get the sniper team! Time to bust some skulls!

Chthon

Grotto Attendant

Join Date: Apr 2007

13 May 2008 at 03:12 - 25

Quote:

Originally Posted by Jetdoc

If Regina or anyone else from A-Net happens upon this, I'd love to chat with you about what just happened..

You should PM her with the date and approximate time. Their logs will definitely show them the IP that the attack logged into your account from, so at the very least that IP can be banned. If they're luckier, watching that IP's activity will give them a clue into how it was done so the vulnerability can be patched.

Jetdoc

Hell's Protector

Join Date: Jul 2005

The Eyes of Texas [BEVO]

D/A

13 May 2008 at 03:13 - 26

Good suggestion Chthon...will do that right now.

slowerpoke

Desert Nomad

Join Date: Jul 2007

Cuba

13 May 2008 at 03:21 - 27

i take it these are brute force password attacks if the user hasnt given away the password (in)directly?

would have guessed they have an account lockdown after x many failed attempts

and how exactly long would it take to crack a 13 char(max length) string of random chars?

AidinSwiftarrow

Frost Gate Guardian

Join Date: Jan 2008

Lion's Arch

R/Mo

13 May 2008 at 03:26 - 28

Haskell, don't argue with the administrator. But, yes, you can't really phrase it differently. He caught the hacker in the middle of taking his items. Luckily, just in time. This happened to me in WoW. No items taken but somehow somebody changed my password. My brother didn't do it so I thought it might've been his friend or something. After that I've been pretty paranoid...

Yeah, you should have some sort of account lock. Hmm after about 5 tries it autolocks and I guess you would have to do something to unlock it.

I pwnd U

God of Spammers

Join Date: Oct 2005

in the middle of a burning cornfield...

Scars Meadows [SMS] (Officer)

13 May 2008 at 03:30 - 29

Wow you got lucky jet. Many people would of had their accounts hacked and lost a bunch of stuff. Congrats on catching it.

Konig Des Todes

Ooo, pretty flower

Join Date: Jan 2008

Citadel of the Decayed

The Archivists' Sanctum [Lore]

N/

13 May 2008 at 03:31 - 30

Well congrats on stopping the hacker in progress. I hope sending the time and date of the hack will help ANet at least hurt the hacker's hacking into accounts. I have yet to be hacked and personally, wouldn't care too much about it as the most important things are my titles and stuff in HoM, but I will still be pissed beyond belief if I do get hacked.

pamelf

Forge Runner

Join Date: Aug 2006

Australia

Lost Templars [LoTe]

Me/Mo

13 May 2008 at 03:31 - 31

Omg, I did AB for the first time in my life last friday. I hope I don't log in and find all my stuff gone. *starts paranoidly freaking out.*

Seriously, good work saving your stuff Jet.

slowerpoke

Desert Nomad

Join Date: Jul 2007

Cuba

13 May 2008 at 03:31 - 32

Quote:

Originally Posted by VitisVinifera

slower: this isn't brute force -- this is a sudden surge in account hacks that certainly must be through some security hole.

Thats interesting. I had heard of the crash exploit before.
Maybe they are somehow able to capture other players IP addresses in an instance, then force a disconnect and somehow intercept the reconnect packets.

Have ANet acknowledged this hacking problem?

Well hopefully theyve learned from the previous exploits and bolted things down, disallowed modified clients etc.

Monk In The Box

Banned

Join Date: Mar 2008

Deutschland und in mein zimmer

[한국어]

Mo/Me

13 May 2008 at 03:32 - 33

Quote:

Originally Posted by Jetdoc

No, I didn't apprehend a hacker. That's virtually impossible to do.

But I did stop the hacker while he was in the middle of his theft. Not sure if I could find a better phrase for it other than "caught in the middle of the act"...

You thwarted his attempt.

o m g pizowned

Site Contributor

Join Date: Aug 2006

13 May 2008 at 03:33 - 34

i change my password every week or two

kade

Lion's Arch Merchant

Join Date: Oct 2005

Currently residing in ToA dis 1

Mo/

13 May 2008 at 03:36 - 35

Quote:

Originally Posted by Jetdoc

He actually had decent luck...

Other than the standard 25 firewaters/brulees and 5 normal tomes, he also got around 20 golds.

Not a bad ratio.

wtb account hacker pls...

congrats on your catch, always nice to know these people don't always get off scott free.

Jetdoc

Hell's Protector

Join Date: Jul 2005

The Eyes of Texas [BEVO]

D/A

13 May 2008 at 03:38 - 36

Quote:

Originally Posted by slowerpoke

Thats interesting. I had heard of the crash exploit before.
Maybe they are somehow able to capture other players IP addresses in an instance, then force a disconnect and somehow intercept the reconnect packets.

That's actually something I omitted....once I got kicked out of AB, GW asked me if I wanted to attempt to reconnect...and it failed. That's when I got the "you lost your internet connection" message. It was right after that when I got the "your password is invalid" message.

Your explanation is plausible...the hacker could be forcing you out, and intercepting the reconnect packets (which may also have your account name and password information encoded in it).

garethporlest18

Forge Runner

Join Date: Jan 2006

[HiDe]

W/

13 May 2008 at 03:40 - 37

Quote:

Originally Posted by Monk In The Box

You thwarted his attempt.

"Yes that's right Theograd I thwarted that silly hackers attempts to compromise my most prestigious of hobbies. He' shall not attempt to deprive me of my mass of riches now!"

That's the type of people, people who say thwarted hang around. So I'm guessing since the OP isn't an 15th century englishman, he's using the more modern version of a thread title for this sort of event.

Where is Pablo I'm sure he could figure out what is going on and I agree that Anet should have a password lock after 5 failed attempts even if this isn't about brute forcing, it's just better company security.

fenix

Major-General Awesome

Join Date: Aug 2005

Aussie Trolling Crew HQ - Event Organiser and IRC Tiger

Ex Talionis [Law], Trinity of the Ascended [ToA] ????????????????&#

W/

13 May 2008 at 03:43 - 38

Jetdoc, if you know the exact time that you were hacked, send that info to Anet, they'll be able to check what IP addresses were logged into the account in that time of day, and possibly be able to do SOMETHING to stop it.

Adja1005

Frost Gate Guardian

Join Date: Mar 2008

Scotland

R/

13 May 2008 at 03:45 - 39

Anyone else kind of pissed off at the lack of acknowledgement about this recent surge in threads concerning hacked accounts? I've not seen anyone from Anet, Regina specifically, comment about what they intend to do or what they are doing to combat these hackers.

Perhaps Regina could grace us with her presence and make some comment about these recent events? Afterall isn't that her job?

Also good job on saving you're account, you lost Z-Keys but atleast you have some items to sell and hopefully make up for it!

Mac Sidewinder

Lion's Arch Merchant

Join Date: Jun 2007

13 May 2008 at 03:46 - 40

I was just wondering Jetdoc, if the hacker changed your password....how did you change it back to something you know? I've never used the change password feature from the main screen but doesn't it make you put in a valid old password first before it accepts a new one?