I just caught a hacker...

The reason why an anti-virus might pick up texmod is because its a 3rd party program that changes files. Try this with another game and get a trainer, your av might act the same way.

I would assume the hacker probably knows that if he starts taking items like z-keys, ectos, gold, or collector material etc... It is easier to trace by A-net rather then a random spawned gold from the z chest that the hacked account would have no record of in the first place. Just a guess

JET... the PM i sent you (I run NORTON as well) took three days to catch the trojan on my system. I ran numerous scans 2 full and at least 4 quick, I update daily my definitions

Yeah it really does just sound like some one messed with ya here ... i mean if some one was to take the time to hack and have time to pop a chest 50 times they would just as quickly have moved cash / ectos instead ..

Jet, you did well by PMing Regina. I hope they can figure out what happened and prevent it from happening again.

Because it allows me to be a jerk by entering "123456" X times each day to keep your account locked out indefinitely. (Note: This wouldn't be a problem if accounts tied to PlayNC could change their username. Just one more reason to NEVER tie your account to PlayNC if you can avoid it.)

Half the time it's going to be the hacker displacing the legitimate user, and half the time it's going to be the legitimate user displacing a hacker who logged in while the use was out.
But, what should be happening is that anet's system should be automatically logging whenever one user bumps another off an account and sending a notification to support to investigate it.

That's a good idea, and I have no idea why it still hasn't been implemented.

There is no excuse for this. There is also no excuse for permanently binding your username when you link to PlayNC.

It's encrypted, but pretty weakly. The GWLP team had no trouble breaking it. However, man-in-the-middle doesn't fit Jet's scenario, because he was already logged in for some time when his account was accessed. Unless the hacker had been waiting for Jet to log in, then just sat on the password for awhile instead of using it.

I very much doubt that. Moreover, your comments are defamatory. Unless you can back them up, you shouldn't go around saying things like that.


---

@ Haskell: I see you've crawled out from whatever rock you were hiding under to troll these forums again. I've got an idea: Instead of trolling this thread, why don't you head over to the technical forum and post that method of connecting GW to a VPN that you once claimed you had? I've seen at least two people ask for it since you crawled under that rock, and I'm sure they'd appreciate it a lot more than Jet appreciates you calling him an idiot.

I doubt a 'hacker' wants to stand around and sell keys in Temple of Balth, as they're not worth anything at the merchant as I recall. Easier to sell the crap that comes out of the chest to the merchant Which probably left no time for him to move the ectos. Doesn't sound like a very bright 'hacker' whichever way you look at it.

gee we seem to think that everyone who has been having problems WILL get visit a fansite and post about it....
LOTS of players have no idea what guru (or other fansites) is, and since this one is in english I bet there are tons of non-english players who have never heard of it and since they may not read/write english wont visit this site....

AND

who says that others were not hacked???? Only a few people have come forward, I am sure they are others who have no clue what do to if they get hacked or just give up and stop playing altogether.....

(and usually these threads have been deleted in the past---so why would you post if you know your thread is just going to get deleted?)

Hmm im a bit afraid, how do I prevent this notorious hack from hacking me?

Maybe so, but:

#1 It needed to be said. I wasn't the only one thinking it, just the one who isn't bothered by the forum kiddies, the self righteous and the general forum idiots.

#2 There is a very good chance it is this person, or someone associated with this person.

To get to the bottom of this, every angle has to be covered. If someone e-feelings get hurt, tough shit.

This just in on the official gw site:

Update - Tuesday May 13
Bug Fixes

* Fixed an exploit.

Kind of lacking in detail, don't you think? I'm thinking it perhaps has something to do with the problems discussed in this thread.

So... Who do you suspect?

¿¿

LOL, even I know the respuesta to that one, Señor and I don't know most of the regulars all that well.

ok whomever told you that from support needs to be fired or they misunderstood your question.

Everytime you change your password, you get an email telling you that your password has been changed AND the ip address from which the change was made. So the hacker has to change your email addres to something you dont know in order to change your password without you knowing.

What really should be done to upgrade security is something like these:

1) require ALL email address changes to be verified and the verification email sent to both the old and the new address...this would help notify you if someone sneaks into your plaync account and changes the email firrst. The REquired verification would be limited to a 5 minute experation..after the 5 minutes, the account would be locked and you would be required to contact support to get your account back

2) require that all password and email changes be made only AFTER a secret security question is answered

3) limit the number of times someone can enter an invalid password. After 3 attempts, the account cannot be accessed again till you verfiy your idenity via security question.

I have noticed that the majority of hte hacks reported seem to be after someone has been in PVP or AB. Sounds alot like a smart hacker group is lingering in the pvp areas and targeting those whom have elite armor or whom they notice frequent the pvp arenas. This would flag that player as someonen whom possibly has alot of goodies and keys. Now I am not sure how they would get your user name, but perhaps they have hacked into a fan site database or are just that good at snooping into someones computer ip.
a

anyhow just my 2 cents on what could help improve security

Okay guys, here's the response I got from Support when I filed my ticket (at Regina's request).

So, in short, it sounds like A-Net and NCSoft's offical stance on hackers is that they won't do an "official" investigation unless we file a police report and the police issue a subpoena. I'm not sure if the police would issue such a subpoena unless it can demonstrated that the individual was "distributing and propagating a keylogger, Trojan, or other computer virus."

In my situation, I'm not sure if I can do that, unless (as Painbringer suggested above) my antivirus program subsequently detects a keylogger, Trojan or some other sort of virus (which it hasn't thus far)...and I'm not sure if that was even the cause of this hacking attempt.

Interesting official response, to say the least.

Basically they said screw you, come back with evidence.

"Hi guys, our security sucks so you get hacked, but ofcourse, it's YOUR problem!"

PS: HI ANDREW

This has got to be the most idiotic response I've seen from a company. Any company that cares about its customers aren't going to tell them basically too bad you were hacked but don't ask us to waste our time with it. Their response was complete bullshit also since you don't need to contact the police they can themselves. My Ebay account was hacked, luckily I caught it it quickly and talked to customer support person. She said I didn't need to contact the police since they were doing this for me. She also refered me to a page that listed people who were convicted all over the globe hacking ebay accounts.

We should place bets on how umm...'quick' the police will act when one person reports having been hacked.

Police wouldn't do shit. It would be passed to the cyber division, who would in turn sweep it under the carpet.

it's gonna be hard for them to really do anything considering that the individual(s) is/are underage...mommy and daddy might catch hell, but junior will walk.

Looks like the hacker just pulled the same stunt on someone else, but took it a step further (i.e. actually bought keys with the guy's gold before using them).

Ok sorry but this is starting to get funny. Not for the victims but generally.

1. Whoever got onto your accounts doesn't look for ectos but ZKeys to USE them! That's seriously random and I would love to have this guy on my account to get me a Zaishen Emote. I am too lazy to do it myself and opening the chest is frustrating as I had enough Firewaters and Brulees before the title came. I'll buy the keys now.

2. Anet is right with their response. They are not responsible for the account theft but the way they put it is insane. They could have added that the police is not going to do anything about it or at least that your chances are slim. No clue how they handle it in the US but here in Germany there are unofficially no actions taken against cyber criminals unless the crime would result in 2 or more years of arrest. Otherwise it is just too much work to contact Anet, get the IPs involved, backtrace them, all the paper work, etc etc etc for a $200 account and since Anet does not allow RMT and selling items for cash your account is worth the price you payed for the gamecodes (about $200 for all) and maybe less cause it is used . That's probably not even worth a mail to the cyber division.

Anet is using Dismiss Responsibility on themselves!

I wonder if the hacker suspects that A-Net only actively tracks (or "flags") trades that are one-sided that only involve gold, ectos or Zaishen Keys (in order to identify gold sellers). That could be the reason why he's just pilfering gold items, since he may suspect that A-Net doesn't actively track those types of trades?

Please Anet. Just give me a perma lock on my characters. If everything else is stolen I can replace it. My toons I cannot. I don't want to hear about how some people would qq after the perma locked a character. And now regret the decision. Because I would instantly perma lock all my toons and never look back.

That is, to be frank, tremendous bullshit.

Support has no way of knowing if it was your system that was compromised or theirs. Moreover, it could have been their code on your system, which would also be their problem. They need to be taking a lot more responsibility for this.

What's more, even if they were not responsible, it would be in their best interest to figure out what happened and fix it. No one is going to buy GW2 if GW1 accounts aren't secure. Even the morons at support should understand this.

Go back to Regina, and also talk to Gaile; between the two of them they should be able to get the devs looking at it, instead of the support personnel who apparently try to avoid actually dealing with a ticket, no matter how serious the problem is.

Yes please. I can always make new obsi armor for my ele but i have a totally full hom and I'm very close to 30 maxed titles (the hard way, no drinking bot or textmod or anything) and I couldn't bring myself to do it all again if that char got deleted.

Quoted for truthfulness.

Once I opened, this page exited out and my anti-virus came up.

All good now

If the guy was really after something he wouldn't just get on the account and spend. He would have a second computer ready to make the trade so he could get your valuables right away. Is there seriously a consequence for stealing accounts?

The whole "you downloaded a keylogger or shared your account" thing is getting old. Stop posting it and read the thread.

yes please

/signed

Ironically, I'd have said the most common cause of getting hacked was the stealing of information from websites where players use the same email and password. And before someone suggest that I'm saying the Guru mods are the cause, I am not.

I said in another thread that stealing information, or intercepting information from websites is a lot easier than from a custom client like GW. And forum sites are hardly known to be as secure as shopping sites - let's face it, they don't need to be.

Jet, glad they didn't take much from your account, good job with your quick actions!

ok i have seen many different questions about hacking, and how they are able to change your password,now my friend a very very good hacker was able to steal of 140 lvl 70 WOW accounts in 2 days using a fourm exploit as i dont know excatly how he manged to do it but i was sitting next to him as he did this along with a myspace account and several gmail accounts. after he did his thing with the fourm exploit he used a password cracker/reseter to get the passwords. i was a really intresting process but somehow he can take WOW accounts through a fourm. so my question is, could this be happening using the guru forums here?

/signed
I don't know what I would do if my Necro got deleted

Move on with life? It's still a game, but I get your concern...

It's not the end of "all" tough, however, people filling their HoM so they get some nice extra's in GW2 SHOULD atleast get the opportunity to secure their character...

(Make it soo that when U "lock" a character, there is a 30 days waiting period when U try and delete it. IF within these 30 days you "un-delete it", the timer will reset, and the account will go back to normal. This way you yourself could still delete a character, but a hacker couldn't. 30 Days seems a nice period of recovering your account)

You also got lucky you caught him, also what he did is kinda suspicious, expect a temp ban for "exploiting" or something soon... (You know, with the gay message they will look into it within the next days, which actually means the next weeks)

Wow how incredibly disappointing. I'm generally a bit of a fan girl but I think Anet just lost me. While I understand they can't be responsible for users getting keyloggers or being stupid with their acct info, this situation does not appear to be in any way the user's fault.

The fact that they are basically saying they will do nothing unless they get a subpoena from the police (which they know damn well won't happen) is leaving an awful taste in my mouth. They do have a responsibility to track down the how of all this and get it fixed. This may very well be on their end.

As it stands, there is no way in hell I'll invest any time or money in GW2 if this is all we can expect from them when our accts are on the line. I am so dissapointed.

Does the "do nothing" mean they will not perma-ban those they find hacking other players accounts? This doens't make any sense...

The mention of the police in the official response was pretty funny. I doubt Anet was trying to be snide, but police looking into a game hack? I cant think of a country where that would happen. Certainly wouldnt happen here (US).

Anet are being a bit silly, all they have to do is check the IP address that hacked the account, and ban it from GW servers, or SOMETHING.

Fail support team is fail.

1st off, I am sorry about the response you got jet, thats complete crap and shows me that we could all get hacked and nothing would happen, Anet just doesnt care.

Here's another idea, its a bit of a pain in the ass, but humor me. Anet could add these security features.

Log in password (which we have)

Character passwords (each character has its own password that must be input before it can be accessed.) yes this would take people a few extra seconds to get to playing, but it would add more security, and if like jet, we got booted cause someone hacked our log in pw, then we could get back on, change our log in pw before they hacked a character password. (this would make hacking passwords more time consuming, and we could log back in, boot them out, and change log in password, so they have to start all over again from the begining.
I doubt anyone can hack two different passwords in less than 5 minutes (without a program)

Add in a Lock feature for characters so they can not be deleted. I would love to lock my warrior, I'm never going to delete him ever, I would buy more character slots if need be, but after the work and time i put in on him, Hes never ever getting deleted.

Each password change needs to be confirmed through email, this way no one can change your passwords without access to your email.

In-game password. Once you finally get in the game on a character, you have another password you have to enter, you have 120 second (2 minutes incase of lag) to enter this password, or you are disconnected for 5 minutes.
This way even if they get two passwords correctly, they have to get the third quick or be shut out for 5 minutes, plenty of time to reset ALL passwords if need be.

for each failed attempt, the account would be disconnected for 5 minutes, so 2 failed tries would result in a 10 minute lock out, 3 tries means 15 minutes and so on.

Yes this is a pain in the ass, as I said, but it would be very effective in protecting our accounts. Anet says we are responsible for our security but then gives us very few ways to protect ourselves, And then when our protections fail, they say they wont help because its not their responsibility!

Another option would be a internal false key and password, so when a program tries to read it, it will only get the fake key or password.

I would rather it take and extra couple of minutes to get into each character and log on, than log in quickly and find all my items gone or characters deleted.

Because of this very real and very common problem I am taking a break from GW until it can be resolved. I am going to play other games and do other stuff. But if this keeps up I see people getting sick of doing everything over again to regain their items or characters and finally quitting the game, and if anet/ncsoft keeps treating their playerbase like they have with jet, I see people refusing to purchase ncsoft products in the future. Including gw2.

No point in getting into something that will only leave you frustrated in the end.


PS: Jet, If you are willing, You should call the police and report this, with all the information including the response, and then post what the police have to say, send the polices response to ncsoft and then post there counter response. Also look online for free legal advice and explain the situation, See if there is any action we the consumers can do to either persuade or force ncsoft to do their job and safeguard their product. It seems very shady that we spent our money on something that will fail in the end, almost as if the provider is scamming its customers. This just smells bad on all ends. Everyone who has been a victim of this (hacking) should also do the same. With enough support something will get done.

Hunt that would never work because everyone that plays GW would QQ so much for having to do all that crap Anet/NCSoft would be forced to switch it. I'd like it though.

Maybe those who QQ about it are infact the ones trying to break passwords and steal loot. But I understand. Damned it ya do, damned it ya dont.