I just caught a hacker...

Yes, and that is people that have sold million of dollars worth of pirated software, or hacked US military computers, or set up mail bot networks, not hacked Joe Zmoes game account.

Did you not read all the reports of people who had their accounts hacked? The person/people were using someone else's account to access Anets servers with malicious intent.

The federal government prosecutes people for VERY small amounts of damage, I've known people prosecuted over $30 in damage in computer crime. They've got billions in assets to prosecute people and over 90% conviction rate. They only bother with releasing news reports of large arrests that you mentioned.

Not the same thing at all. If they were using the hijacked account to stage some kind of attack on the server or something, maybe, but they're not. They were using other people's accounts to access Anet's servers yes, but to take things off that account. Malicious? Yes. Something at all likely to be prosecuted? No. Game items/gold have no real world value. The police are unlikely (to put it mildly) to have any interest whatsoever.


I would really appreciate hearing Anet's stance here. (Hint: time to jump in Regina ) What they said in Jet's email is far, far from satisfactory and is losing what little faith and loyalty they had left.

Well, you go catch them and prove it, because it does not seam like A-net/NC-soft gives a crap, and without their logs you will have a hard time unless you can get hard evidence your self.

Send me a PM with a link to that thread and I will try to help out. I don't play GW too much anymore, so i don't track every post. Sorry for that.

Don't be silly. A "hacker" *cough* would just use proxies. There is really no need to look for IPs or even try to "ban" them. It's useless.

GW is one of the most secure MMOs i've seen. They pretty much know what they are doing. On that part Anet just rocks. Whoever has written the protocoll should get a big cookie.

You can do nothing else. You can just hope people believe you.

Anyways, wasted enough time reading through all that stuff. Enjoy your Guild Wars, don't be stupid and have a nice time.

Using someone else's account to access a server without the permission of the person and with the intent to do malicious acts is a felony under federal law. In game gold doesn't have real world value, but the time the person spent in gaining this does have real world value. Also anything in game is Anets property, the hacker was maliciously manipulating this for their own gain.

I'm not trying to argue with Anet's position I'm arguing against it, that ANET should be the one taking this up with authorities, NOT the people.

Really not understanding the last few responses since the people obviously feel that the people who were hacked were at their own fault, which is just as ignorant as the reply Jet received.

lmao i know it probally has nothing to do with it but right after reading this is log in to see its an ab weekend

My point was that the government/police are highly unlikely to spend time or resources prosecuting a case like Jet's. Perhaps if Anet got involved and brought them records of all the hacks, with logs etc, but expecting them to run with just Jet as their letter seemed to state? Ridiculous really.

I agree that Anet should get actively involved in this as I've stated here and other threads. To say that I'm disappointed in their (lack of) response to Jet is putting it too mildly.

I hope the comment about "the people obviously feel that the people who were hacked were at their own fault," was not directed at me at all since nothing I've ever said here even hints at that, quite the opposite.

In all honesty, I believe that unless Anet can find any evidence of intrusions into their servers, they won't take form of actions.

And, as long as Anet does nothing, neither will the police, if you report to them.

If there really was a cyber law department, they would be more interested in probable cyber attacks on key financial institutions and infrastructure. Those actually have a very high economic impact on the real world.

A crime spree of a multiple hijackings of GW accounts for robbery and profit, will hardly be given any significant attention, as no "real" world impact can be readily assessed.

Thus, as such, getting and real world enforcement agency to take real action, might be even more difficult then asking them to find a home for a lost kid.

I agree that police aren't going to do much for individuals going to the police. But if a multimillion dollar company goes to the police with logs of a German group of people gaining access to their servers by using someone else's accounts then they probably would listen.

And no the one comment was towards you.

Proxies can't stop a good IP search. Only hardline security can stop that. Let me show you what I mean....

BAH! My Digicam is deader then a doornail. Will update this with a picture of a crossover switch and T3 box I have.

Proxies can be mapped. They cannot hide you forever. PlayNC can get around them, in many ways.

You guys are being hacked because of bad internet security and poor internet safety practices. I am not insulting you, but it is the truth.

First and formost, use FIREFOX. I cannot stress this enough. Secondly, get a ROUTER. This will help a lot! It is a hardware based firewall, and most "hackers" won't bother trying to pierce it. Update your antivirus EVERYDAY, and have it on active process mode. Period! If a site looks suspicious, don't go to it. If you are looking at pornography, make sure the site doesn't require you to download anything. After you are done, clean out your .temp folder and clear your cache and cookies (look, we know we look at porn if we are of age, most people do, you don't have to admit it or discuss it, but you need to be serious about security when you do look at it). Don't download torrents unless you are 100% POSITIVE they are virus/keylogger free. If you are going to illegally download music, movies, games, programs, porn, etc, know what you are doing. If you are not an expert in this area, don't fiddle with things that might make you say "Ouch" later. Leave this for the big boys and girls.

You are safe on the internet only if you make yourself safe. You need to know how to cover your tracks, how to stealth yourself, and how to be savvy about what sites you go to. Never download anything that looks suspicious. If it is too good to be true, it is. Nothing is ever free unless it is pirated by a RELIABLE source. If you don't know the tags (Names) of the popular pirates, then don't download illegally. You are playing with fire. Let the pyromancers who do it on a daily basis handle that.

Example: this is from 30 days ago after a fresh XP reinstall, and I have been "good" this month.


If you are going to be a bad boy/girl and download illegally, do me a favor... either be really intelligent about doing it, or don't do it at all. If you second guess files a lot, if you virus scan each file you download, if you are weary of the files you are illegally downloading, you shouldn't be in this business. I don't want to hear the ethics about it either. I am "bad", and I admit I do it. I am not going to tell you it is right or wrong, or tell you how to do it, or where to get it. But if you are not in the know, then get out of the way. You are asking for it. Pirates who want your passwords WILL GET THEM. No anti virus or antispyware can stop us if we turn bad. Trust me. I am on your side. Don't play with fire kids, you will get burned.


If you don't want to be hacked, then protect yourself by being internet smart. Know your websites, cover your tracks, be anonymous, don't download from places you don't know, and don't ever think you can cheat the system. The system will just crush you. Clear enough? Stop getting hacked.

Oh and one more thing....

You can't cheat in Guild Wars. If you are downloading "cheats", they are not cheats, they are keyloggers/trojans. Stop being idiots.

Oh, and use good passwords! Want an example of a good password?

Here is one.

uFJGkPMu74jn8dtbBinzwhoZ8JinM46rYFRa4yx5Rn2iHaTrYK gcim1iktzmsfF

want another? Try hexdec!

FE2BE97084AC2D69C67F2FDF6276B12C86D887E813B0009C18 E9017917836BF2


Trust me, your birthday + your last 4 of your social security is a weak password. So is your dog's name... Get better passwords.

Use this to create them!
http://en.wikipedia.org/wiki/Rijndael_key_schedule

I approve of this message.

Seriously though, excellent post. People need to read and understand this. Even though the hacking might be something else, this'll sure help people.

Everything true except the password part. It's crazy to expect people to remember that kinds of passwords. They have to be easy to remember but complicated enough so they can't be brute-forced. From my personal experience with users and their passwords, the best practice is to take a line (movie quote or whatever), write it down and randomly replace letters with numbers and capitals. Throw in a few special characters for good measure and you're set. Here are a few examples:

"You can't handle the truth!"
y0u.C4nThandL3!tehTr00th

"Use the Force, Luke."
u$eTHef0Rce.lUke


You get the idea. Another way of encrypting your password is using keyboard layout. Write a password ("I like cookies", for example) and type it with key rows nugded up or down. Let's say you nugde it up. QWERT would become 12345, ASDFG becomes QWERT, 12345 becomes ZXCVB. This way, even if your password falls prey to social engineering, the bad guy (or evil doer, I hear that's popular now) will have a tough time guessing your encryption.

Use this methods for sites that have a max password length. For stuff that doesn't have it, use sentences. Something like "morbodoesntlikekittensbecausetheygivehimgas" is way more secure than an 8-char complicated password.

That reminds me of this time on Wheel of Fortune, where the puzzle was Famous Person. The dude chose the typical R S T L N and E. It was Vivica A Fox.

Personally, I'd never use passwords like those - they are made of words, common deliberate mispellings of words, common number-replacements of letters, and common phrases. The only thing in favour of those examples are the somewhat random placement of "special" characters.

I prefer to take two or more unrelated phrases or song lyrics etc, that are not in everyday cliche usage, and use their abbreviations as the password with the odd number and special characters thrown in.

Using your two examples:
"you can't handle the truth!" + "use The Force, Luke" -> ych7t!uTFL as your password.

That's much more "random" looking, contains no words, and yet it's as easy to remember as the phrases you originally gave. You can get a decent length password this way, but not so long that you end up mistyping it constantly. Nobody wants to attempt "morbodoesntlikekittensbecausetheygivehimgas" 2 or 3 times every time they log in :-P

Me neither, but don't tell anyone.

Nevertheless, they do provide a good start for an average user. Gradually, with time, people will develop their own systems for creating passwords and will have a habit of making them complex. I've been gradually implementing requirements for password complexity and now, some two years later, users are accustomed to changing them and making them complex. Which is great, considering they were a crazy, disorganised mob without any passwords whatsoever a couple of years ago.

This is good but the next step, as you increase your security, is to use a password manager. There are a few good ones out there (check magazines and trusted websites) but I can advise you to try one that is very good (both very secure, usable and lightweight, plus you can take it with you everywhere on a usb dongle):
http://passwordsafe.sourceforge.net/

With a password manager, you protect all your passwords by strong encryption and you simply have to remember one "master password" which is asked when you run the application (this has to be a strong password). Plus the application can generate strong passwords for you and you will never see them on the screen (you double-click the password entry in the application and the password is copied to the clipboard, then you use Ctrl+V).

P.S.: passwords such as those indicated by cataphract are strong (if people used his rules, we'd increase the security of the internet by one order of magnitude) and a few tweaking will make them resistant to dictionary-attacks (e.g. use special symbols + % $ )

P.P.S.: the length of Rahja's passwords are unnecessarily long, though for things like webforums it's ok because it's only hashed, I guess he was pointing at the fact that it's useless to remember passwords.

P.P.P.S.: I know how to prevent Rahja to hack me ... I do not connect to the Internet ;P (there are a few other tricks, including being at the NSA )

So like, can ANet just do a simple 5 wrong passwords = 10 minute lock thingy in the meantime?

If you type in your pw wrong 5 times, I'd be more worried about Darwin than angry at Guild Wars.

It was said before, from quoting an old post from Gaile, that they use a "smarter" technique where each unsuccessful attempt acutally makes the next loggin attempt longer.

I think that they should now step up to the current perception of security and implement the solution you mention. Not so much for fixing security issues, but more for appeasing the population. I'm wondering whether some people are not becoming paranoid in the current context, and this is not a "threat" that Anet should ignore.

Furthermore, this mechanism is not complicated to implement, it's a low-cost/high-benefit trade-off, though it'd remove the intelligence of the initial mechanism (i.e., making hackers believe there's no failed-password-attempt detection).

I know Regina already has a lot to do, but it'd be helpful to hear her on this topic.

You can use sections of my passwords I provided, etc.

The point is, TOTAL randomness is required, and you can write down your passwords on a piece of paper and put it in your desk drawer. Passwords you can memorize typically are not good enough.

If a person gets into your house and steals your password list from your desk, they obviously have issues, and the inability to steal valuable things (like..... your PC!?) and you can change your passwords... So yeh, write them down. The hacker from Germany isn't going to see him through his XRAY satellite technology. Most hackers are poor or very wealthy, but not THAT wealthy.

After reading everything in the several threads here on Guru I changed my mind. I am no longer convinced that it is the user's fault.

I decided to secure my account with the following:

1. I stopped playing GW for good so my account can't be stolen.
2. I bought a second computer just to post on forums and surf the net. This one won't log into my GW accounts.
3. I deinstalled my Floppy Drive incase a mean hacker breaks into my flat and installs a trojan on 3.5''
4. I protected my DVD drive with duct tape incase it is a high end hacker with a CD.
5. I hired a security team to watch my network cable to catch the trapper inside once he tries to break into my PC.
6. I modded my PC case and it now includes a dog kennel with a Pitbull to watch my network card.
7. An soon I will unplug my internet cable, electricity and move to the forest nearby where I will be forth known as Mystica the bearded Eremite.


On a more serious note:
Please people read Inde's post on page 10, Rahja's on page 11 and several others before AGAIN. Truth they speak young Padawans. Stop being paranoid, you are just getting yourself into trouble by assuming more nonsense like hacked clients and stolen board passwords instead of finally careing for your own security.

I know some of you don't want to admit that you did not care enough so far.

Please read...good quote ^^

You don't have to feel offended. This is the internet. We don't give a shit if you tell us that you are an oh-so-legal-internet-user who never visits suspicious sites, never gives any info away, never uses the same passes etc etc. You don't need to tell us. If you know that you might have done something stupid it won't get better by telling us that you didn't. You are just fooling yourself cause (I'll glady repeat it) even though some users here will quote you with a "I AM SO SORRY MATE"...once the thread lands on page 2 they won't give a shit anymore but your crappy security still remains.

I have written some smaller trojans and downloaders, was part of the Alpha testing team of a formerly well-known trojan and edited about 100 stubs to make them undetectable. I know exactly how dangerous they are and how hard it is to find them if the author does not want you to find them (self-destruction is a common feature in every trojan nowadays...no traces are left after the intruder has finished his job) and still...I catch myself pretty often doing stuff that I shouldn't, downloading things without further checking the source, trusting people that I should not trust etc...at least I am well aware that if something like that happens to me, it was my own fault and I won't QQ.

So please, for your own best, stop posting crap and take a minute to read the advice given here and on other sources regarding internet security.

Crap being:
- AB is dangerous! All hacked accounts happened while the player was ABing!
- GWGuru has security problems OMFG
- Someone hacked the Anet servers to use my ZKeys!!!111onetwothree
- OH NOSE WE HAVE MASSIVE LAG CAUSE SOME1 IS CASTING BRUTEFORCE ON TEH SERVER!11volleyoncharravenger
and more.

Please don't. Now flame

EDIT: Re-read it and it might sound harsh to some people so I'll explain it. If you ask me now about the guy that lost his account on his third gw bday or the guy that was lucky enough to catch the thief while he was using zkeys my answer will be: "Ah yeah I just read about it. Sucks to be them, hope they don't stop playing and stuff".
Ask the same question in one month and you'll get a "Uhm...sounds familiar I guess...any other news?". It's not like we are all monsters without feelings or emotions. We just tend to forget things on the internet if they don't affect us personally, so don't be offended. I am just honest enough to tell you.

Good post Mystica

And so true - no matter what the Drama Du Jour, the GW community forget so easily the reasons, facts and resolvements, only to scream about the same things weeks or months later.

Something to think about: Those that put there email and password in the shortcut. Someone could read that file using a script and bam, your account is compromised.

Another thought: with the dbl AB weekend going on, is it to draw more people out and maybe catch the hacker? *crossing fingers*

Your accounts compromised the moment they've got their trojan on your computer. Your password doesn't need to be saved anywhere.

Mystica is correct downloading pirate software/bots is playing with fire if you encounter a new trojan(surprisingly common) and arn't a real I.T expert you're screwed nomatter how up to date your AV/windows/spyware blocker is. And you probably deserve it :P

I am passing this along, this is what I was told. I am not implying this is the cause, or a solution but in my opinion 1 can never be "to safe". I can not confirm this info officially. I know I would be upset if I got hacked, so without further adieu,

The theory is that on the hacked account a character has a quest called Plan B active. (yes, I know there are several plan b quests). Then while in AB the player is booted by the hacker, during the reconnect the hacker intercepts the packets, has your account info and then logs in as you. Then does what he/she does.

Once again, I can not confirm this, but I do trust my source, I believe the info to be at the very least not fabricated by my source. This is a pass it along to help others post.

I don't know about that. Isn't Plan B a Sorrow's Furnace only quest. Just like FOW/UW quests, isn't it impossible to have these quests "active" outside of Sorrow's Furnace.

http://guildwars.wikia.com/wiki/Noble_Intentions_Plan_B

I really hate people trying to pass off dumb rumors as information.

I just found something incredibly funny xDD

Then i thought about it, and i wonder just how many people have fallen for this??

>>>>>>>>>>NOT REAL DO NOT TRY IT IS A FAKE/SCAM<<<<<<<<<<<<<<<<<<<<<
removed by mod
>>>>>>A SIMPLE EASY EXAMPLE I FOUND PEOPLE DOING TO TRY AND GET YOUR INFORMSTION FOR HACKING DONT FALL FOR IT<<<<<<<

(I am doing research on hacking, just to see what i come up with)

Sorry, i should put warning signs everywhere! I wanted people to see this so they know to avoid it.

I suggest you take the link out. Some people are actually stupid enough to try it.

To explain: The information in the video is false. The email provided there does not belong to ANet's services. It is an @europe.com email that you can easily register yourself. The intention is that people willing to try that out send their account names and passwords to the creator of the video and owner of the email address. DON'T try it. And if you really do...don't QQ here that your account got "hacked".

Ok so you removed it -_- now people will not know how to avoid some things good job -_-
I guess i see your point though, people might fall for it even in this thread lols

Fake emails have been made by people (example: gw_password_recovery@ blah blsh)
Some say if you put in certain info you can hack other peoples accounts
and others say, if you lost your pw send to this and so on.

They are fakes and you are setting yourself up to be hacked.

I searched around many forums and help sites, that gave out links and emails to loads of scammers.

Hacking Anet is highly unlikely, i really think it is just people falling for simple things (doesnt mean you are dumb) you got to be extra careful to what you download or put your info in to.
A simple small file downloaded from friend to so called friend will do it, a small file downloaded form a website (as innocent as a gif or something) can do it.
If you download anything and it did'nt work, check your pc immediatly.

Always check URL addresses, even if the site itself looks legit. It is so easy to re-create webpages to look like the original. Heck i made my myspace page out of the ingame box designs lol

Jetdoc man- Ive been seeing you around for years now - Im glad the hacker didnt REALLY mess with your account. Glad it was just keys and not deleted characters or merched/salvaged elite armor. Look on the brightside at least i guess eh?

Doesn't sound like a begging thread to me, but a QQ thread. Sorry you got hacked but it happens... a lot recently. It can't be helped. And don't think people will feel sorry for you and donate, at least you kept your character so you can farm a little to progressively re-buy your stuff. The people of this community, no, the world, do not care for petty things like others losing stuff in a video game. I hate to be the asshole and slap you in the face to get you to realize things like that, but its true, no one will give a shit about your lose, they just say "Sorry" and thats it. I have seen worse hacking outcomes, and they didn't get, nor ask, for any donations, so don't expect any when you ask.

Also, not to be mean, but how can we know you didn't just store everything on other characters?

The more of these threads I read the more uneasy I become.

Only thing you can do is report this to Anet.

lol.

Thanks for showing us what an empty storage and blank character look like. Sure, you could have been hacked, but you could have also put everything on another character.

Let's make a separate sub-forum that's just for hacked victims to start these kind of threads so as not to annoy or inconvenience those in Riverside that are sick and tired of them.

Every time that someone will make a new thread they will just be served with indifference, ridicule (har har, uz got hacked, can i haz ur acount?), or conspiracy theories so let's save everyone the trouble and put a cork on this issue.

/sarcasm

Whats the point in QQ'ing, Just start again or Quit.

Personally I would quit.

ROFFLE/

i like the idea actually or anet actaully to do somethign about it

I beg to differ. Good security, being internet savvy, and having the common sense not to play with fire (aka pirating etc) when you don't really know what you are doing is how to help avoid it, or for that matter, COMPLETELY prevent it. That is unless... a super hacker randomly targets you and your Guild Wars account in some government conspiracy, which I have a funny feeling, isn't going to happen.

LOL, very smart, get perma ban for moving your stuff to other account and the send in a support ticket.

THE LOG at NC-soft would show that (possibly even with a red flag beside it for the transaction)