Do hackers ever stop here?

Another one here Lost about 750k few ectos, my torment shield and an everlasting searing tonic which I had bought just before I logged off.I'm very careful about using the same password and usernames for other things too.

Two or three times over the weekend I had straight disconnect while playing and not able to reconnect.A few alliance members said it was happening to them too.

Gotta think myself lucky my chars didnt get deleted and all my other good stuff didnt get taken.

As far as we know: the premises of your statement are improbable (XTH or GWG hacked), the conclusion is almost impossible (login checks take a longer time after each failed attempt?). Don't spread rumours because of an uneducated guess at what's happening. You're right to be mad, but don't turn this into a "I'm looking for someone to blame".

People would be amazed by RL security enquiries, many of them revealing that the user failed to mention something very important (shared account info) or misleading (weak password). This doesn't mean that a piece of software isn't at fault here, but until many pieces of evidence points to this, the single most common security explanation is: the user made a mistake.

Last but not the least: we're talking here, it's just words, nothing can really be trusted. There's been recently a Guru-er claiming his account was banned for reason X, only for Regina to reveal that it was for a different reason. And we've seen after the "119 affair" (I don't remember the number, it was the number of people banned after the Mallyx glitch?) many angry people trolling this forum. I'm convinced a few simply want revenge for Anet taking legitimate actions against their bad behaviour in game (I'm not saying you're that kind of person, only mentioning that so that you can look at this thread and realise it doesn't tell us "facts", even if you know what you know, we don't!).

I got a nice chuckle out of that Anet response. They essentially said "deal with it dumbasses" but in a little more polite PR way. If I was a hacker I would be foaming at the mouth at the opportunity to hack a game whos creator blames it on the players.

you cant read... i know what the topic is about.. i dint chage the topic to jell-o did i? if i did then i can see where u coming from. again it's stupidity..get a better anti-virus..uses diff passwords..dont give freinds info.. dont goto 3rd party sites..etc... im not paying attention... im paying more attention than those that claimed they got "hacked".

point is they got hacked for reasons not dumb luck. again why should u expect anet to trace the trade? it's not anet fault u got hacked.

lets say i want a to join a ferry to the consulate docks.. i join a grooup..the person says "pay now" and i do.. thats person grabs everyones money and leaves the group. Is that anets fault? my stupidity not anets. i made the decison give my $ to the person before services rendered, not anet.

if you gonna pick apart and say thats different it's not. somewhere down the line u made a decision to give info out..with or without your consent. it is not anets responsibility that u made a bad decision somewhere down the line.

if i gave you info to my account and you go in and take my ectos and zkeys leave me junk should i blame anet because they shouldnt allow it? sounds like a big QQ.

another great point..

if i was a hacker why hack gw? no money in doing that. although to see these forums and people attack each other is so classic.

I just want to know how it's possible a person is getting into folks' account if they don't know their info. Someone must be doing something wrong, somewhere.

I've had one of my 5 accounts hacked...lucky it was one of the newer ones. Lost all my gold (800k or so) and all the weapons that weren't customized. All characters safe and stuff. (I wasnt' able to get the account back for about 5 months, thnx gmail and anet for being slow /end sarcasm; thanks for real for getting me my account back)

I'll just say it out right: some hackers are nice enough to not steal and just kill your account. Also the next time you get kicked even if it happens often log back on and change passwords, this might be annoying but just do it.

Also I don't know if anet still generates a random password for you when youwant a reset since they seem to have changed everything but doing that and then making a variation of it is good too since they give very strong passwords.


Oh trst me there is money in it. You can sell off rare items and money for real money..minor as it may be compared to other hacking things its still money no?

I was on a forum earlier and saw a kanaxi mini pet going for 700usd...so...chump change to some but that could pay for an entire year of food for me.

I'm just going to assume you're a troll and put you on my ignore list now, since it's become apparent that's what you are. I'm far from uneducated - I have a bachelor in computer science, although the focus was on programming not on security. I use comodo firewall, avira and avast antivirus, and I use spybot, adaware, superantispyware, spywareblaster, malwarebytes, rogueremover, and ccleaner to look for anything those might have missed. Yes, I do use all of them. I'm careful about security, which not only means I don't store my passwords on my computer anywhere, I always use letters and numbers (not symbols, I'll obviously have to start using them) don't use bots, textmods, cheats, timers, and I don't even visit sites that look like cheat sites or gold buying or anything sites - in fact the only game related sites I visit are guru, wiki, and the forum for my guild where I use a different email and pw. Nobody has my account info - not a roomate or friend or guildy. It really doesn't matter if you believe me or not - you're irrelevant. There's obviously been a spate of thievery - call it hacking, or whatever you like. Anet should look into it - granted it's probably less than 5% of active accounts, but it could be an alarming trend. I'm glad you didn't get hacked, but I don't understand the joy you're taking in seeing other people get hacked. Is that how you feel better about yourself?

I did a scan on thursday and got hacked on sunday.
I found a trojan when i did a scan, after i got hacked.

It makes me feel better about it because its so common, but it still sucks really really bad.

Strong passwords don't help if something else compromises your security
Now if i only knew what!

Ok guys, I been on this forum long enough. Like Inde say and I'll only repeat this ONCE! (not a mod but I'm tired of peoples constantly attacking each others)

Keep on topic and no flaming or trolling on each other or suffer the consquences!!!

I think there is two side to each stories. Maybe the peoples that got effected didn't tell the complete truth. Not saying you deserved this but it's weird to see 4 to 5 peoples (last I counted on here) to be hacked at once.

Well, gmail is not slow and the support is provided by NCsoft, not Anet. Just want to clarify that in passing.

Yes, if you got hacked. Contact NCSoft support team and make sure you change your password.
I think it's weird how most of the peoples that claimed they got hacked, lost Zkeys/Gold/Rare items but not one of them had their characters deleted nor banned.

Something is fishy about all this!!

Also the only things I could determine that is common for all the victims. They were placed in GtoB and lost their stuffs. All the items is replaced by junks. Whoever doing this, is clever and quick and seems to not want to delete characters. They just grab and go, very weird indeed!

At any rate, if this is really happening, it seems to me that it would be due to one of the following.
1. Ye ole' keylogger. Could just be repackaged/recoded so that it's not currently AV recognizable (tho 1 mentioned he did find a trojan).
2. Some session swapping exploit happening on the GW servers, akin to buffer overflow... Imagine the hacker on their account, issuing some sort of unrecognizable string to the server, causing some random logged in player's account to pop up as their own, and disconnecting that player. The hacker could then move items during this session...

I'd bet it's just 1 myself. It's really a shame that every time you log into GW, you have to type the password (perhaps this is where that recommended PWmgr comes into play?). If it was like almost EVERY other game out there, you'd only type it once, then it'd be remembered, so that it would no longer need to be typed (unless on a different PC or you changed it).

2 seems quite a stretch, though not outside the realm of possibility. I didn't get hacked, but I wasn't logged in yesterday either...

Not surprised that they are not deleting characters (It takes time to do this) and Z-keys are hard to trace since everyone is trading them constantly.

Back to my first post: yeah it was Ncsoft sry was thinking anet 'cause I'm talking to my friend about Anet right now. And gmail is fast but not at getting your account back really. Took them a while to confirm my information which could be good? as they do checks before just giving account back, but bad when I'm losing things every second.

And when my account was hacked I wasn't in GToB I was still in LA. And I only lost gold and green items. That account was kinda cheap so I only did greens and a few golds I picked up. Only thing I'm cheesed off about is the 800k.

Also why the hell are items being replaced? Hackers don't leave gifts unless its a calling card (wtf why would this even happen) And yes some hackers just go for the gold and uncustomized weapons first as they never know when peope will log back on. So the question is why would they spend so much time stealing things as to delete your characters too (typing names in takes time). So its not that fishy at all, if they are semi-smart enough to hack they do their time limits.

The way most AV work make it so that you need significant rewrite to escape heuristics. And I'm not even mentioning SW profiles and behaviour.

Where did you learn hacking 101? All modern compilers prevent most buffer overflows, and even if you had one on the GW servers, you wouldn't use it to swap sessions...

Get ready for 2-3+ weeks of email hell, going back/forth through support... These guys take anywhere from 3-8 days to respond to each email/request.
They'll ask for your first/last name first, then if/when that fails, your activation keys for all GW campaigns in that account. At least that's what it took for me to get the Xunlai House account name issues corrected (well, still not quite corrected, but they've had my 4 keys for a while now)...

lol yeah................

"...I think there is two side to each stories. Maybe the peoples that got effected didn't tell the complete truth. Not saying you deserved this but it's weird to see 4 to 5 peoples (last I counted on here) to be hacked at once...."

QFT. I have the feeling that some of these "supposed" hacked peoples are mythomaniac.

Can they provide us/Anet any proof ???? NO...no & no

They only failed & if its true....then they didnt protect themselves enough.

I play since May 2005 + I have a good AV/firewall (20€/year) = I have never been infected & never been hacked.

I asked a friend of mine who is studying SECURITY to try to hack me (he knows the tricks) HE WAS UNABLE TO DO IT & told me that I cannot be hacked.

So folks don't be greedy & spend few bucks/euros in a good security system = simple & easy.....END OF STORY

There are several ways this could happen.

The most obvious is a keylogger. Not all of those are discovered, there are some nasty pieces out there. But the really hard to detect ones are used for stealing bank and creditcard stuff, not online game stuff.
I would put my money on this one.

Next would be a 'brute force' on the e-mail account. It is (or was till recently, didn't try) possible to figure out if an account is valid or not for GW. I've seen at least two verify's of that on my secondary account. And a brute force can happen over days, if you have like 10.000 or more valid e-mail accounts and you scan all of them slowly you won't generate many time-outs on the accounts. Once you have access you determine if there is something valuable. If so, rob. If not, just wait till there is something valuable. You have the credentials and as long as those don't change you have access.

Next step is an compromised e-mail account. This one would apply if the account uses the same credentials as the actual login for GW.
The hacker gets into the e-mail account and can log in with the same password on GW.
The same thing could be true for a compromised database from a forum/fansite that didn't encrypt and salt the passwords. Storing MD5 hashes of passwords looks smart, but is vulnerable to dictionary attack. In this case the dictionary is just translating MD5 hashes to their regular counterparts. Or brute-force them, but that could take a long time.

The least obvious hack would be a server hack. It could happen, but it's far easier to target a massive number of end-users with on average low security practices than targetting a limited number of servers which are on a hardened infrastructure.
And even if they got on a server, my guess is that the servers containing the login credentials are even more secured and only used for verifying credentials. And those don't have the passwords in plain text in the database.

Only thing I could check out with a packet-sniffer would be if the client sends out plain text UID/password to the server or that this is hashed/encrypted on client side.

Last but not least there is also the possibility that the entire story is not true.
We have to assume that the OP and others are speaking the truth in this matter but there is no way to verify that.

But it remains guessing what happened but like I said before, I would put my money on a keylogger.


Edit:
Well, he is still studying
Trying to enter a system from the outside might be hard, but getting you to install this very nice and shiny and very fun game is probably a lot easier. And it's a very nice game indeed, you can even play it online with your friends.
And it was one of your friends that send it.
So you open up your firewall to play with your friends and at the same time you allow other data to flow out as well.
Everyone is vulnerable to social engineering.

With all due respect, your friend is an idiot. The only computers that "cannot be hacked" are ones without internet access (have never had, and never will have it), and even then, they can be hacked if someone has physical access (though, not a problem in this scenario).

I'm betting on keyloggers, myself. Texmod perhaps?

"...With all due respect, your friend is an idiot..."

He is as idiot as you are lol.....I know & he knows that hackers have been able to hack the CIA or big companies sites As far as I know those guys are not interested by me or you or any GW players. Do you understand?

Dont judge too quickly the people thank you.

You'd be very surprised:
http://www.securityfocus.com/brief/762

True but: 1) you'd have statistically very little credentials; 2) it couldn't explain more than 2 people being hacked at the same time.

See #2 above.

Ok, I guess you're aware of the batches of MD5 collision done in the research litterature. Now, just so you know, experts are not expecting any real pratical progress before a few years, these were only theoretical attacks on MD5.

The guy who's going to do that will win bigger by being hired by the NSA, rather than exploiting his stolen data.

I'd assume something in the middle: some have been hacked, and some have not.

All human beings are in fact social engineers, but they don't realise it .

I guess word of warning to anyone that has been hacked. GW may not be the only thing at risk. Although the hackers 1st target is your GW they may be selling everything else. If you have other accounts I would be leery of accessing anything and maybe if you have accessed anything change the passwords form a different computer for the short term. (Bank, New egg, I-tunes, WOW, Tax programs etc…) They all could be at risk.

Manually update date your virus protection, and run full scan. Run full scan in safe mode as well. Run a couple different programs no virus software is 100%.

Manually document anything your software finds (anything) for future reference.

If you have pay for virus software get on there forums and post what’s going on and see if they will look at a hijack log. If not go to someone like Bleeping Computers / Major Geeks etc..

Keep in mind when you submit a log you can not change anything on your computer until after the log is reviewed.

Yes! It was texmod, everyone who uses texmod got hacked.
Great observation.

Going from Painbringers point to prevent future attacks!

I want to know what we had in common, was it this site?
Or was the attack so wide spread as to conceal a point of orgin?

What did I do wrong I think is the question most people are asking.

Assuming its a trojan keylogger; which i believe it to be, passwords or other account information has no impact. So also under the assumption we are not using previously compromised systems(as one infection can lead to another) and all have adquate anti-virus, firewall, and secure browser settings(not IE, no-script etc) what was our point of entry?

I'm looking for constructive ideas here. I'll admit im not running a watertight system, but im looking for what hole I should stop up so I don't sink any more!

i never been hacked but mu guildy got hacked thism morning, for those that got hacked the most important things

di dyou use auto login if not thats one reason why key loggers cant get your password if you stop typing it in , last year when this happen i thought maybe it had to do with xth, becuz its not a secure website, but was flamed but saying so , i also thought guru was to blame go flamed by it, but everyone i know that uses auto login never been hacked , when my guildy reformated his computer and stopped using it he got hacked

If you don't want to be judged by what you say, then don't come to a forum. We're speaking in English here. "Cannot be hacked" was a very clear message. "Would be hard to hack" would be another (more appropriate) message.

I have texmod myself and have not been hacked. I'm thinking certain versions of it may be infected, as my texmod I've had for years. In any case, any 3rd party program in itself leaves a risk of being infected; so, it's not a horrible guess.

What else might Guild Wars players have in common?

Texmod is unlikely as someone most likely would not want to wait for months before using account information, just waiting for someone to find out that it happened and cause a panic.

If this is all recent, then it probably has to do with another vulnerability somewhere. The only real connection I see so far is that all of these people seem to both play Guild Wars and be members at Guild Wars Guru (I assume? Perhaps one not.) Though, the latter is improbable in the first place as some have mentioned that they do not use the same e-mail address on Guru as they do on Guild Wars.

I will assume most (if not all) also have XTH accounts, in which case that may also be another possible link; however, many probably do not have the same e-mail addresses for that either. But, we are overlooking something...

If someone gets into an XTH account, they then can go to Account Management and there they can see the Game Account Name (e.g. login e-mail for your Guild Wars account), and this could possibly have something to do with it, if XTH accounts are being compromised. It is an explanation I suppose.

Still, doubtable. How many of these people do we think may have the same password as they use for GW, but a different e-mail registered for XTH? Could that be the link? Who knows...

Just tossing stuff out there.

the only strange things i've noticed lately were
2 msgs in my guru inbox to buy gold today
and on saturday there was some dirty lag in HA and alot of weird d/cs

maybe all these guys use the auto xunlai predictor? or they all live in a certain area? or they all have 'password' as their 'password'?

I was hacked last year but they changed the PW on my game account to try to lock me out.

As I've got my main account linked to NCSoft site the only way they could have changed my PW is through the NCSoft site.

I mentioned this when I did my support ticket but support basically said that it must have been my fault.

Strange that they didn't touch either of my storage accounts (which I had accessed that day)that aren't linked to NCSoft if it was something at my end.

Lost over 6mill of items and cash including customised weapons.

I had been using auto login for about 5 months when I was hacked.



Whoever accessed my GW account MUST of had access to my NCSoft account.

Do any of the other people getting hacked have their accounts linked to NCSoft?

There must be some way to track down what everyone who got hacked has in common, but only if people are 100% truthful about what they have done or not done. For instance,

-I DID use the same email for my gw account and xunlai account (I though you had to?) And also for guru (it no longer is tho)
-I did not use textmod, or any other mod. I know some are legal or whatever, I just never bothered
- I did not have password as my password. I've worked in computers, and spent enough time yelling at people for this
- my password was not completely random, and only contained letters and numbers, so it's possible that someone could have intelligently guessed until they got it although I can't imagine why they would, they must have thought I was richer than I was lol

Does anyone remember a few weeks ago when guru was listed as a possible attack site on google? I don't remember seeing any info on that - and I'm not saying that guru was the culprit of anything, but does anyone know what the nature of that problem was?

It would be interesting to find out how many people got hacked who were not a member of guru.

Changed my pw several times personally, but I hope I don't get hacked...
50 keys isnt TOO bad considering how much more you couldve lost (ie your GWAMM); still, GL recovering and protecting your account.

Most of the time it turns out that someone got hacked because they gave their account out to a "friend".

However, if that isn't the case, make sure you are browsing with Firefox and have Noscript installed. Late last year, I got keylogged in another MMO, and the virus scanner determined that it was from an Adobe Flash vulnerability -- the security bulletin for that vulnerability was only 2 days old at the time! Normally I browse with ads disabled (Adblock Plus), but I decided to allow ads to be shown on a particular site, to support it. It turned out to be a bad idea.

Well get used to it, it's a pretty standard response no matter the MMO or company. If any RMT is involved it's likely that the account will never see the light of day again. I had a friend playing WoW lose his account a while ago, and he had to wait 6 months to get it back, and he was lucky to even get it back. On top of this, it was his second account, his first had gotten hacked and was never restored because they found "dirty" gold in his inventory. There are specific procedures that companies have to go through when this sort of stuff happens. If they don't ban the account it's possible that it will just get hacked again and used for RMT repeatedly.

It really worries me that RMT and hacking has escalated to such a level that it's unsafe to even browse normally anymore. I guess the internet is a war zone in it's own way.

I truly hope and pray that the recent hackings go down in number, it saddens me to no end that a game and it's people are so maliciously attacked. The saddest thing of all is that it's the communities fault for buying gold and participating in RMT in the first place.

You can prevent yourself from ever getting hacked in WoW by buying the Blizzard Authenticator keyfob for $7. It's well worth it. To log in, you must press the button on your keyfob and then enter the sequence of pseudo-random digits generated (these are individualized for each keyfob, and the server knows the sequence for each keyfob; and it changes every 20s-60s or so). I wonder if NCSoft is considering something like this.

I used that authenticator too Giga. It's nice to know that your accounts is protected by dual password system instead of one!

As for NCSoft doing something similar, I don't know. It might be too late for them to implement it since they have to create new login system for the authenticator. But still, it's a great way to keep your accounts secure.

I'd definitely get one if they did. But, I'm paranoid like that.

Sometimes hackers do it the other way, they hack other websites in order to get your account to sell the stuff in it for real money.

SHIT!

**logging in to see if I actually got hit**

EDIT: Didnt get hacked,but I didnt have any z-keys and only 2k to start with

O_o Where did you download the client from, btw?

We’re currently investigating this specific series of incidents. The more data we are able to put together, the more information we’ll have to get to the bottom of this, so we would like to get in touch with the players who were affected. This request applies ONLY to players who were affected by this recent incident. Unless you match these criteria below, please go through the support ticketing system:

• Your account was affected on February 22 or February 23.
• You were able to login (your password was not changed).
• You had gold and/or items removed, or items added to your account

It would really help the support team know the following details when you write:

• The outpost your character was in when you logged in.
• Whether any characters were deleted.
• Exactly what was removed and/or what item(s) may have been deposited on the account by someone other than yourself in the last two days.

Any other details of note, no matter how small.

If you believe you were affected by the incident yesterday, please contact [email protected], and provide you real name, account name, and a telephone number (along with the time you could accept a call about this matter and your time zone). Please note that the earliest you can expect a phone call is tomorrow.

Thanks.

EIDT: Please do not give us your password in the email!