GSU Team's Message About Account Security

True. Regina did a good job trying to patch up the problem. Really, the best solution for A.net CR's to this mess is to distance themselves from NCSoft like she did with that statement by directly contradicting it.

Late breaking news from NCsoft.... WAR IS PEACE, FREEDOM IS SLAVERY, and IGNORANCE IS STRENGTH

Poor Regina, no doubt earning her paycheck the hard way as of late...

So are you saying that you were actually able to just randomly access a NCSOFT Master account by just logging into your own account?

One of the things I got from the GSU's email is a pointer to a good Password Manager (I'm currently using PasswordSafe) and I think that's something everyone should now start to consider seriously:

with all the hacking happening around, it's safer to have specific emails/login/passwords for each websites/accounts and thus a Password Manager greatly eases this; they list in one place all your security info and protect them with strong cryptography, can create strong passwords for you, and they're now implemented so that you can run them from a USB or a mobile phone; furthermore it's quite easy to change information (in fact once you're used to use them everyday, you don't have to know account info any more...so don't forget to back up this application's files)

I r use OpenPim.

Remember to NOT store your database on your computer lol.

I thought they hired Scott Jennings to improve their anti-botting etc. efforts.

And I am really disappointed by him, all he said has been said ages ago countless of times. And of course he mentions nothing about the security flaws that are NCsofts responsibility. Because against those the players can do nothing at all.

Well of course people will only feel happy if Anet/NCSoft say its their fault for all the hacks that occurred and not some user mistake.

Anet claimed 50% of the account hacked weren't connect to a NCSoft master account.

At worse 50% of all hacks were due to NCSoft vulnerabilities.

If then you consider that people that are most likely to buy gold/ectos from gold sellers and/or installing bots/3rd party programs are probably more likely to have a NCSMA that 50% figure due to security flaws on NCSOFT site are likely to go down.

I'm not saying that aren't vulnerabilities there - I'm just saying unless Anet/NCSoft says its their absolute fault, people will complain.

After all how the hell can be the user fault?

We all have our PCs completely secure and never make any mistakes.

Meaningless data unless paired with the percentage of accounts (not just those that were hacked) which have been linked to the NCSoft Master Account.

Simply put, if only 20% of all game accounts are linked to the NCMA, and yet they represent 50%+ of the compromised accounts... then clearly the NCMA means you're far more likely to be hacked...

Did NCSoft/Anet/Regina/Gaile mention that relevant piece of data? I didn't see it, and without it their 50% figure is just blowing smoke up your ass... honesty is the last thing we expect from NCSoft lately, and we're not being disappointed in the least.

Speaking for myself, you better believe it buddy. I haven't had a virus or anything else of a less than kosher nature even come close to finding it's way into my pute for over 10 years.

Does a snide little comment like that explain exactly why it was that action was taken(bandaid) so promptly by both anet and ncsoft when we made enough noise, do you think? I don't think so, and I'll wager that 99.99999999% of the people posting in this thread agree with me.

Sure, there's plenty of net n00bs about, but most of them aren't gamers. Most net n00bs are far too busy saying hello/goodbye/hello/goodbye in chat rooms, or dicking about with their pox-ridden facebook
(buhhhh) pages.

That is of course true.

It is also true that most likely the people that are still playing have linked their accounts to get the pane.

Who in here didn't linked the account?

I did - actually I already had.

So while the linked accounts might only be 20% of the total accounts it can be 80% of the accounts being played, can't it?

And people that are playing are more likely to report the hack, more likely to install 3rd party programs, more likely to post on forums, more likely to deal with money traders, etc.

More interesting was the fact they said the majority of accounts hacked hadn't suffered a password change, which rules out the report random log into a different account problem.

Can NCSoft/Anet be lying? Surely.

But on the other hand why should I just take the word of people I don't know either?

In all this, other than the person that reported this specific problem, I only read of one guy claiming he logged into someone else account after some 60 tries and pheonix saying he logged into someone else account in the AION FORUMS and not in the NCSOFT web page.

At least after this has been exposed I expected people to just report it in this forum, safely hidden behind the anonymous status the internet confer.

And is the problem solved now? Was it really just logging in the first place?

Now some dude will come and post "Hey they changed stuff so that is clear evidence that there was a problem!"

Of course that same dude would be screaming "Anet does nothing! NCSOFT doesn't care! They are SHIT!" if no changes were made.

So it is just the word of someone against the word of others. People believe what they want to believe,

I asked Chton if actually logged in someone else account. Lets see what he says.

For myself I logged in some 10000 times using a script and never seen someone else account.

Does it prove anything? Nope.

As I said above you would be screaming rage if Anet/NCSoft didn't do a thing.

You chose to believe the hacks are NCSoft responsibility.

If they do nothing they are arses.

If they do something it is clear evidence that they are covering up their mistakes.

There is simply no way you can phantom them not being guilty.

And if you didn't have a virus in the last 10 years I bet its because they are there undetected.

I just format my HDD every couple of months and try not to keep relevant information on it.

In here? You're right of course... I totally forgot that the posters on Guru are in any way representative of the full scope of gamers still playing Guild Wars... I really should ask the dozen or so people in my Guild who DIDN'T get the free storage pane to uninstall Guild Wars, they're obviously not REAL people.

I'm rolling my eyes... on the inside.

As for Turbo Ginsu's claim, it's not that unreasonable... but seriously after 10 years, it's time to just let it go and get a new 'pute'. Yes, I'm just kidding.

Because those 50% figures are being thrown out, here are a couple of the original source quotes from ANet:

It's unclear to me why a nearly half figure (based on perhaps a small sample - "cross-section" and also possibly a biased sample) alleviated the concerns of ANet or should alleviate player concerns, but those "very few" account thefts which involved a password change would seem to be very much associated with the NCMA.

That's a bet you would most assuredly lose.

I might also point out, I never said that anet or ncsoft were responsible. Not like they're going to hack their own site is it?

What I said, was that if there was nothing wrong, you know, no faults, no vulnerabilities, no gremlins etc, then why was there such action over nothing?

I love how ppl of your ilk like to try to look down on other posters as if you knew them, you knew the limits of their net savvy, and you know what they think and how they'd react to various threats of one type or another.

You format your HDD every couple months eh? I haven't had to do that since I actually was a noob. What's your excuse?

And I should ask why half the dozens of my guildies that got the panes why the RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GO they haven't been hacked.

Why actually none have them has been hacked.

If it really is random then at least some or a couple should just say they have been hacked or know someone who has been hacked.

I actually only know a person that has been hacked but he was using bots.

Again the "thousands of hacks" that are being reported over forums mean has much has the "50%-50%" numbers of Anet.

As I said, you believe what you want to believe.

I didn't see any proof in favour or against the "random account login" only claims and I've no means to confirm or deny those claims.

As I told you I did use a script to login 10000 times in the PlayNC account - other than some "database error" I didn't log into any account other than my own. Since it was negative, it was inconclusive.

Basically there is no "real data" other than someone claiming there exists that problem.

And I'm not talking of other web site vulnerabilities - only the "random account login".

Other than that, all my requests of assistance with NCSoft were promptly attended.

I don't like many of the changes Anet did to GW, but the so far the costumer service has been quite good in my experience.

Reading these forums it seems I belong to the lucky minority.

What were the actions? And should people just wait for something to happen to improve?

Let me answer you:
I love how ppl of your ilk like to try to look down on other posters as if you knew them, you knew the limits of their net savvy, and you know what they think and how they'd react to various threats of one type or another.

Most likely if my account was hacked it would be for some security vulnerability on my side (or Microsoft side), even though I probably take more measures than the average person.

I do that for several reasons. generally not related to problem solving.

First security.

Second Windows like to create quite big folders where it saves all the old version of driver files, system files, etc, you know, winsxs folder that like to grow into GB sizes and SSD drives are still expensive and frigging dragon age takes 13+GB on its own.

Third I keep installing third party releases of the OS updated to that point and just ignore the automatic updates.

And yeah you see everywhere informatic noobs formatting their HDD left and right - that is just what people do.

Of course formatting and installing takes about 1-2 hours, which means its done while I'm asleep, so why not?


But in the end, you support your claim based "on my opinion".

I don't claim anything - I just want people to present hard reliable evidence one way or the other.

"My opinion" doesn't fall into that unless you are a internet security expert and then you still need to lay the evidence and I will still ask for the other side story.

What actions? Well, first the password change function was overhauled to remove a big fat security hole. i.e. Not asking for the old password. Secondly, the player name box on the GW login screen.

To answer a question with a question: Isn't waiting for something to happen before changing security features, exactly what NCSoft did?

I think that you are purposefully trolling this thread with your theories, which ultimately, are just theories. I don't see you laying down any more hard evidence than anyone else has here, all I see is you doing everything but outright accusing us of being full of shit.

One last thing. If you need to reformat to clean up windoze, well...lol

First they did the player name box.

That will boost the protection of even less security conscious players.

The asking for the password - well it is only a security hole if you can/could indeed log into another player account.

After all, it already asked for a password in the first place. If they even ask x number of passwords question, the security will be increased.

What you call reaction to a problem, I call covering their asses.

After all, if you need account name, password, character name and the old password to change the password on the NCSMA, it gets a bit difficult to believe that you were hacked because someone else logged randomly into your account.

So it can be reacting to a real threat, covering their asses so no one can accuse them of a non-existent threat or both.

I'm not trolling anything and I have no theories. I only have the desire to know the situation.

After all you keep hearing people that Anet/NCSoft doesn't share the information and they are dumb for not doing so.

So I'm asking the other people to share the information.

I'm sorry if my questions are logical and the best you can do is calling me dumb.

I'll take your word then - you are so smart that the only conceivable way that you were hacked (were you hacked? is that what you mean by "Speaking for myself, you better believe it buddy") was due to the "random login in to other people account bug".

After all, if you didn't have a virus in 10 years it is impossible for someone to hack into your pc or emails or whatever...

As long as our credit card numbers and all other personal information isn't compromised, I can care less about losing accounts; especially in a dead game. If our personal data does become compromised? Then Anet will have HELL to PAY! So, that best not be the case [ever].

I think what you're missing is that the rash of hacks occurred prior to needing all of that information to change the password, and stopped once additional authentication requirements were added. The accidental login hypothesis suggested a vector of attack that could have explained the volume of hacks. Neither brute force of NCMAs, nor social engineering, nor keyloggers seemed to fully fit the data; there were inconsistencies even if all three were at work simultaneously.

The data the CRs cited clearly was misleading. The inferences they were drawing from that data just didn't follow. I don't blame them; they're only as good as what they're told. But the fact that they kept sticking to that story even when refuted suggested dishonesty or incompetence on the part of the people they were representing.

The volume of hack reports (and the repeated identification of the same vector by users claiming sophistication) suggested that something was up. Sure, they all could have been lying. But the volume of upset, articulate people claiming to be IT and computer professionals made this unlikely.

Really, unless NCsoft is going to give an accurate figure on the percentage of accounts actually compromised in the recent spate of 'hackings', and that figure is surprisingly high, then it is pretty unreasonable to suggest that a few dozen accounts belonging to your guildies SHOULD be amongst those hacked. Grasping at straws for any reason in particular? Or do you get confused easily by really small percentiles?

I haven't seen THOUSANDS of hacks being reported on the forums during this recent spate of compromised accounts... but even if that were so, it is thousands of accounts out of HUNDREDS OF THOUSANDS of accounts.

And, it has NOTHING to do with Anet's 50%-50% figure, that figure was useless and misleading data used for spin doctoring as it was UTTERLY WORTHLESS without supporting data on the percentage of accounts linked to the NCSoft master accounts in the first place. You understand that?

I don't need to believe that the 50%-50% figure was MEANINGLESS and USED IN A MISLEADING MANNER, without knowing the percentage of accounts linked or not linked to the NCMA it IS MEANINGLESS and MISLEADING. That's a fact, not a matter of faith.

The question I have to you is where did you obtain this information (on the volume of attacks) and can I see it?

It seems people are basing the volume of attacks on a very simple exploit of the NCSoft web page - if you told me someone had hacked their website and obtained information I would find that quite plausible. But that wasn't the story present. Was/is it a real story or just a story designed to create panic and force a reaction?

And then does in fact the measures taken by NCSoft tackle the real problem?

Or is it the main fact behind the volume of hacks the release of Aion in the western market?

That is quite true - without raw data and the details on how the raw data was obtained any inferences can be misleading and/or used to show "a reality" that isn't.

This is reasonable, but again my problem isn't with the claim the NCSoft website isn't secure - my problem is with the claim that website is so insecure that when you its doing basic operations like logging into a user account can be exploited apparently by the act of logging by anyone that isn't even trying to hack anything.

If you don't have to brute force anything and just need to wait for a logging bug, well you can just use loads of unsophisticated computational power.

Of course, they could just be exaggerating for the sake of creating a reaction.

I think it's about time gaming companies stopped treating their customers like they are retarded by default. Such assumptions are to be made by developers when designing software, not by employees in contact with their user base.

I agree with you and that is why I'm doubting the problem was/is an easy exploit.

On the other hand using the example of your particular guild to demonstrate that there are players that didn't get the pane without other data doesn'r prove anything.



I haven't seen either.

Thousands of accounts compared to hundreds of thousands is a small percentage, so people can't just say "its impossible for so many to have security flaws or done some less licit activity or just got scammed".

We are in agreement here.

I understand and it is parallel to the comments that say thousands of hacks must prove that there is a weakness in the NCSoft website, especially one so basic that any single person could be a hacker by just logging into their accounts.



Same argument and same answer.

I don't understand why everything that Anet/NCSoft says is false and misleading and why everything that the person(s) that brought up the "random logging exploit" is to be believed without a doubt and with no proof.

Unless you think THOUSANDS of accounts hacked represent something in a universe of HUNDREDS OF THOUSANDS accounts.

Obviously, I don't have a conclusive number. The claims around November and December were +/- low hundreds. The earliest NCMA reports I recall seeing were around July.

If we deduce that some hacks went unreported because they were not discovered (dead accounts) and others went unreported because people didn't feel like signing up for this fansite, we can conclude that more accounts were hacked. At that point, brute force (even on the NCMA password reset mechanism) as an explanation for the expected number of "I have a secure password, no keylogger and don't share credentials" stories breaks down.

Well, if you cannot get into the account simply by getting unauthorized access to the NCMA, then any site vulnerabilities become irrelevant to claims of getting hacked. The intruder is then still short critical data necessary to gain access even if the game password is reset by the NCMA (and then throwing up barriers to actually resetting the GW/Aion password restricts things further).

In my view, this is why the hacks stopped and the phishing started once those barriers went up.

A few hundred is quite shorter than that massive panic I've seen.

Yeah, I would be very annoyed if it happened to me and a single account hacked to NCSoft vulnerabilities is very bad.

But unfortunately even much more important websites get hacked.

But short of "all of us are in eminent risk!" and short of explaining all single hack.

I pretty much spent my GW career only knowing a couple people hacked. The number of people I knew that got hacked easily quintipled around the late summer to early winter, though.

Improvavel, I was going to respond to you, but as I continued reading your posts over the last couple pages, it became clear to me that you're trolling.

So this is all the answer you're going to get: Since the moment I became convinced that the NCSoft site was vulnerable, I've stayed the hell away from it. My account there is already as secure as I can possibly make it, so going there only increases my risk. I believe the reports of the wrong-account-log-in bug are true because (1) certain people who have a reputation for honesty in my eyes have confirmed it, (2) too many people have confirmed it for them all to be trolls/attention trollops, (3) several people who have confirmed it have something to lose if caught lying -- good reputations on this forum built up over a substantial period of time, and, in one case, a modship, (4) no one has anything to gain by falsely confirming, (5) this sort of bug is concordant with the level of crappy design evidenced by the various brute force vulnerabilities, and (6) there is obviously something wrong with the NCSoft site -- everything in NCSoft and a-net's behavior, except their official statements, points towards that conclusion; as does the amazing coincidence that, as soon as they added third login credential and requirement of knowing the old password to change the password, reports of account theft went way down, and reports of phishing attempts went way up.

[edit: apparently "RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GO" is a censored word.]

No I'm not trolling.

Basically what I've seen in these forums was that massive thread around the new year.

I don't know the original poster and basically I've only seen another person backing it up.

If I'm wrong please be kind (no irony) to point where it was confirmed by other people - about the log bug.

Maybe you are in possession of information that I don't have, but I haven't seen that information disclosed in these forums - and I mean specifically about the log bug.

All was said was "when you log you might randomly access other people accounts".

Damn, if it is just that simple hackers can simply throw computational power and make thousands/millions of loggings - a simple script will do that. Getting it to change the password previous to the old password requirement and nabbing the email address doesn't seem particularly harder.

Had you answered that you actually seen that bug happen I would be more inclined to believe so, although I would still take it with a grain of salt as I only know you as a forum poster.

As why would people spread false information or what motivation would they have for that, I've no clue, but just because I can't imagine it, it doesn't mean that it doesn't exist - and again I don't know any of the people, either personally or just trough the game/forums.

Where do you get your numbers of reported hacks/phishings/etc? Are you just basing them on the forum reports? Or do you have better numbers? If do you have are they publicly accessible or can you share them?

What I've seen, and I admit I might not have looked exhaustively, was loads of rage against Anet but actually not that many people supporting the log bug claim.

And my reservations about this log bug claim, isn't because I don't believe NCSoft website can be hacked - it is because that bug seems so simple that any half assed programmer could take advantage of it.

Had the claim been "NCSoft website has been hacked and some information was stolen" I wouldn't have so many reservations.

Additionally if the bug existed is it solved now? Or did they just add the old password requirement? Were any other changes made to the website?

People make claim there was (still is?) a log bug, people claim there were never so many GW hacks, etc.

But is there any evidence that I or any other simple forum poster in here can see? Any numbers on hacking? Even any "before there was like 5 threads per time period about hacking on guru and now its 15" data?

If you want to believe I'm a troll it is up to you, but it seems it is "Either you take the OP poster and a few other posters word or you take Anet word".

And I can't even take your word on the bug claim, as you have not experienced it and neither did I, which doesn't prove anything.

Without evidence I can't take either Anet word or the posters word.

What I have is 10 GW accounts under my responsibility or someone really close, as in real life close, all linked and not hacked, which again proves nothing.

Aha, that makes alot of sense. Wow, I should have been able to connect those dots. Any idea on how they get those emails for phishing though? I mean they're trying to phish one of my emails not associated with any gaming OR forums at all, which I just laugh like hell over.

They sell an addicting product, they can do whatever they want and people will still play. Tons of people cry and say they will quit about the SF nerf, they won't quit, they will just start on the next ecto farm build.

A great example of this is smokers, no matter how high cigarette prices go, people still smoke. The time for client respect is gone, it's a take it or leave it situation.

Are you sure you read that thread closely? Here's posts fro mthat thread by Guru members confirming:

• Firebaall (link)
• niek2004 (post deleted, quoted)
• fenix (mod, link)
• Sierraa (mod, link)
• Theocrat (mod, link)
• Friends of Theocrat who do not want their identities disclosed (same link)
• HellScreamS (link)

You can sort through wiki and AionSource for yourself to find more.

I keep tabs on forum reports of "I got hacked." Sure, not a representative sample, but representative enough to reliably indicate huge shifts -- of which we've seen two, thefts going way up from late summer until early Jan., then thefts going way down (and phishing going way up) in early Jan.

1. They were.
2. By all indications, the bug is fickle. Neither your nor NCSoft's attempts could reproduce it. Others claim to have reproduced it within less than 1000 tries.Surely whatever impeded you and NCSoft also impeded the thieves.
3. While the Chinese government may have top-notch hackers on payroll, most gold sellers do not.
4. While the log-into-somone-else's-account bug is dramatic and damning, it's not the worst problem with the NCSoft site by a longshot. The file mirroring and SQL injection vulnerabilities reported by Mung on AionSource are far, far worse. A sophisticated attacker could do much more damage than we've seen so far.

We have no way of knowing. Perhaps they fixed it and lied when they said they couldn't reproduce it. Perhaps it remains unfixed. The requirements of knowing a character name and the old password make it impossible to steal a GW account simply by compromising the NCSoft account without more.

You present it as a pure "he said/she said" when you have more information available than that. Ask qui bono if they successfully deceive you? Who has the stronger incentive to be dishonest?

I suspect they just buy them from the usual purveyors of spam e-mail lists.

The ones regarding the aion site, i thought i read that they were ONLY cosmetic? with the name of another account..but your own details?
So no way to manipulate or change anyone elses data?

Sorry ive not kept as upto date on this or looked very indepth as you have so im more than likley recalling it wrong xD

Fenix there is talking about the Aion and not the NCSMA.


Ok, but not really firm evidence/numbers - and summer and xmas seems to always see a surge of old players return to the game.



With this bug, gold sellers wouldn't have to have top notch hackers.


True.


This is all conjectural.

And only because you referred "he said/she said", I could say I find it funny that even if this subject started in Aion forums the NCSoft response clearly mentioned "a thread on a third-party Guild Wars forum this New Year's".

Considering that NCSoft in the past was quick to point that the most likely reasons for being hacked was dealing with RMT, user vulnerabilities/error and 3rd party websites, I could imagine some people being annoyed with NCsoft.

Which is interesting on the recent news of the attacks on the Guru.

But I'm out of this question now and not feeling worried.

Maybe silly me. Lets just hpe for the best.


Curiously had you said you have seen this bug, I would have believed you Chton - see you don't need to be a mod to have respect - even if I think you are a bit silly about discord. Dunno why I would take your word for it, but I would.

I'm dropping (or hopping to drop) this subject, although still interested in evidence should it appear.

Peace.

Both sites suffer from a similar bug. The bug on the Aion site is cosmetic. The bug on the NCSoft Master Account site gives full-blown account access to a random individual. The initial response on the Aion forums confused the two. Perhaps fenix confused them as well. Plenty of people understand the difference and confirm the problem with the NCMA site.

Well now, it has been said before, but this GSU (Giant Sample of Untruths) article is just a feeble attempt at trying to CTA (Cover Their Asses) and 'attempting' to fool the fools, but only making themselves look like fools in the process.

Simply ridiculous. FTL NCSoft and to a degree ANet too.

(See, I can use acronyms too!)

Not entirely sure. I figure there's a database of associated e-mails that gets resold. Why they would have my work account (which was not used for a game until recently) but not my home account is beyond me. I get WoW and Aion spam at the work account, and nada at the home account...which ironically was set up as the focal point for spam.

@ Improvavel: I know you're not a troll. You're asking reasonable questions that a newcomer to the discussion would ask. There was an active thread (ok, fine, locked but maintained) that Inde maintained with 100+ reports, plus all the deleted threads from July-November. I wasn't able to get an accurate count at the time, but there were literally in the low hundreds of reports of NCMA hacks without obvious causal attribution.

Induct from there to the number of hacks using the NCMA that didn't get posted, and you get the idea. Think about it this way - consider the number of people you know that would post if they got hacked, against the number that are not active/registered and would not do so. The only reasonable conclusion is that there were a lot of unreported hacks.