Quote:
Originally Posted by Inde
Everyone seems to be missing the key point of nearly all these stories. You were all hacked within minutes to hours of signing onto your game. Some even kicked out of game while playing. Read through all the stories... it's something that keeps being reported.
....
Nearly everyone of them tells us that they were active and playing when their data was compromised. Make of that what you will. They aren't going mindlessly through and testing hundreds of emails and passwords, they aren't mindlessly going through and sifting through hundreds of inactive accounts. If the majority of people can not find an infection on their system then these hackers are either getting around multiple anti-virus systems or they are monitoring the game/your client somehow. Let it speak for itself.
|
Ok, let's consider two things here, Inde.
First of all, the stories could be similar for those users because the attacker decided to break into the account at an active playtime. Not everyone looks at their last login time when they access the game again. But it's very obvious when you are kicked out of the game for no good reason.
If I would go hacking GW I would do it at a time that's convenient for me.
When hacking a company or robbing a place it's best to wait till everyone is gone. But there will always be people playing GW, could be that the ones erroring out are just collateral damage.
Besides that, it was HA weekend and MAT, on Friday-evening my router somehow disconnected from the internet (resulting in a 007) and I had several moments of severe lag or disconnects during the weekend.
There could be a relation between the disconnects and the hacks, but this could also have other causes.
Second, let's assume the attacker monitors the game or the client.
This means that they must have compromised either the local system (most probably a troyan) or they have compromised a piece of infrastructure at one of A-net's datacenters. Otherwise routing mechanisms on the internet would make it hard to target an active session and break into it.
A compromise at A-net's side would probably have caused many more people reporting loss of items. Or that did happen but those people ain't active on guru.
It could be targeted attacks on active connections, but it's not one of the usual suspects.
Pulling an active connection from the internet isn't something just the average guy is able to do. And requires monitoring a certain infrastructure point on the internet. I would target
Now there is one more option I didn't consider yet.
Man in the middle with a compromised HOSTS file.
This way all traffic could be rerouted through the systems of an attacker who could be able to take over the connection without A-net even noticing.
And the user would get problems connecting when the route is cut.
Dunno how many AV companies scan that file.
The last resort option is the option no-one wants to know but everyone is somewhat aware of.
So based on the information I have atm I'd either expect compromise of the client or people who have reused or submitted their login credentials somewhere else.
It's the most obvious cause given the information we have and general knowledge of hacking.