Is it just me or are more people getting hacked nowadays?

Hi everyone,

Just thought I'd pose the question to the guru community - do people find that more and more players are getting hacked nowadays? I only bring it up because it happened to me recently after years of not being hacked and after looking at various forums online it seems to me that hacking is becoming more frequent.

I hope anet introduce better security for accounts for gw2, I know you can change passwords frequently which helps, but it would still be nice if there was some other layer(s) of security, perhaps not to the same extent but like you may get with online banking/shopping.

W!ck3dS!ck

P.S. Hope I've posted this in the right place, sorry to the moderators if I haven't I'm new to the guru community.

I got hacked about a year ago. Lost all my stuff, but caught them before they deleted my chars.

I have heard about people being hacked all the time I have played GW, but mainly from 3rd party programmes in the earlier years, these days it seems anyone can get hacked, because I can guarantee, I as the only person that knew my log in details, and never used any 3rd party programmes, changed my pw every month, and then it just happens out of the blue.

Not impressed, but not alot you can do about it, apart from contact support.

Same here, would have been gutted if they had deleted my chars.

Yeah anet told me I got hacked by gold scammers, apparently I may have been hacked via a keylogger (think its called that) which I don't really understand but it made me paranoid about the rest of my computer shizz.

Yeah it sucks, I understand why they can't return your stuff, but like I say would be nice if there was some sort of other safety net in place.

Account hacks run in cycles. What happens is hackers accumulate large quantities of information and then resell that information in bulk packages of associated information to more serious computer criminals. Shortly after a package moves, you're going to see hack reports.

Hacking in general has become a much bigger business. A lot of international jurisdictions cannot or will not expend the resources to enforce computer crime laws, and people living in those jurisdictions more or less have free license to make money via hacking as they please.

ANet and NCSoft would like you to believe that getting hacked is your own fault. Either you got keylogged, or you credential shared, or you got attacked by someone profiling you using social media (such as Facebook and, well, this forum), or you used a weak password, or some combination of the above. They're probably right in the vast majority of cases when it comes to the normal background noise hacking that we've come to expect.

If you see the community come out with pitchforks and torches as happened late in 2009 (due to the marked increase in volume and the frequency of hacks through NCSoft accounts), there's probably something to the argument that there's a security vulnerability on the developer's end. Should something like that happen again, you'll never get an admission. ANet makes the rules on their playground, and at the very least an admission would imply a moral responsibility to do something about the problem.

By contrast, online banking gets held to a very strict and obvious legal standard. That means that banks expend a lot more resources protecting their bottom line from the fallout of a mass hacker intrusion than a company like ANet does. Having an online banking system badly compromised would result in both restitution to the account holders and depositors taking their money elsewhere, and asset-starved banks just can't have that. So they invest resources in providing sufficient security to redirect would-be cybercriminals to easier targets.

Online shopping is a different animal, but suffice it to say that the largest online retailers will rapidly cease to be such if they fail to provide top-notch account security. Smaller, marginal operators generally aren't as secure because they just don't have the resources.

It's a little early to start theorizing that there's something unusually sinister going on. If you start seeing "I got hacked!" threads popping up faster than the mods can close them, that's a strong signal that something new is happening.

I have an odd hacking story, I got hacked, my account was banned because of "unauthorized use" and when ANet restored my account(quite a pain in the arse) I had almost a stack of ecto, 400k and +20 black dyes in my inventory.

I was still pissed my acct got hacked, but couldn't help laughing a little

Haha this sounds like the 'Dear Hacker' thread that started up recently, does make me feel better that sometimes it backfires and the account holder can actually reap the rewards of being hacked :P

----------

@Martin Alvito

Wow you know your stuff :P
Yeah it would be nice if games could maybe begin to have increased security though. Ok I guess its not real money you are losing like with banking or shopping online but you do effectively end up feeling like you have wasted your own time working hard to get items/weapons/armour etc.

Yes, because there's more money to be made selling ectos in the real world than hacking for illegal credit cards purchases...

/rollseyes

Seriously, do you think a "serious criminal" is going to bother with trying to fence five bucks of ectos when they can more easily steal a credit card number and buy a $2,000 plasma TV?

I don't have any issue with the rest of your statements, and very much agree that serious hacking by serious criminals is a serious issue. But to say that they are going to bother with virtual property in a video game is just ludicrous. It takes too much time, and too much effort, and yields too little profit.

As noted already, I think we've had periods of times when hacking activity seemed higher.

I think there are just a lot of people coming back to the game now in anticipation of GW2 and finding their accounts have been hacked. Who knows when the account was actually compromised.

That's a very good point actually (Y) I found that mine had been hacked after a fair bit of time being inactive.

I agree. It had been several months (well, probably over a year) since I last dropped into GW, but reading about GW2 got me interested in playing again. That's when I found my account hacked, too.

I believe there's not really an increase of account hacking, its just more people are finding out that their account(s) got hacked. As GW2 hype increases, people start coming back from years of not playing. Their accounts could have been hacked yesterday or 3 years ago, and they don't find out until they try to log in.

Also, there are a lot more new players in the game that are joining because of GW2 hype. New players may not be as keen to phishing attempts as the rest of us. And there is likely a small number who want to catch up to older players and try to buy GW gold and ectos from illegal sites and then the creators of those sites use information given to them to hack the account(s).

lets not forget that 50/50 acc go for 200-300 $ these days i have a friend who sold one of his secondary acc for 300$ 50/50 off-course.

The poster above me doesn't seem to know that can be ban-able o-o

90% of accounts that get hacked are done by people in Asian countries. Virtual currency and goods trading has become quite the lucrative business over the years for them, most likely because they live in impoverished areas. This gives them a reason to try every possible means to get your account info, your rare weapons and minipets = food for their family. Unfortunately gaming companies can't do much since the hackers are outside their jurisdiction. It is incredibly surprising though that companies like NCsoft have such lax security because their security flaws could lose them a lot of potential business. I remember a scare not too long ago about a huge flaw in the NCMA mainframe that swapped people from their account to someone else upon logging in. Lets pray GW2 is a different story and that NCsoft took a lesson from the tragedy that is Sony's security.

I uninstalled GWs for 2 years because I went to raid in WoW. When I came back my account was perfectly fine. It makes me wonder if being a cautious gamer does any good at all.

Not worth it in America/Europe, for the amount of time invested, but well-worth it for those in any impoverished country. $300 is a heck of a lot - my girlfriend is from another country, and $400 was a month's wages @ 40-60 hours of work a week. And it was a good, well-paying job by the standards of the country, and her country is doing well by African/South American standards.

I imagine it's quite lucrative for any with internet access.

Hmm, I have two 50/50 GWAMM accounts.

Ah well, $600 doesn't nearly cover the hours spent .

@ Martin

Agreed 100% with regard to NCSoft/a-net and the causes of account theft.

Disagreed as to the banks. Their security is just as bad, possibly worse. (Just one recent example: link) It's just that they have smarter thieves who do a better job of not being detected (they tend to steal small amounts repeatedly) and the banks do a better job of staying silent when it happens. (Also, there's no "citibankguru" for members of their online services to get together and compare experiences and complain.)

I've been playing Rift and there was a lot of hacking going on, but after the developers put in a 'coin lock', there have been less complaints.

How it works is if you don't log in from your regular IP addy (say I take my laptop to the coffee shop), you get a coin lock on your account and an email is sent to the email address you registered with your account. You have to go to your email, get the unlock code and enter it when you log in. Only then can you access your bank account. It's a pain, but I appreciate the extra security.

Now obviously this won't work if the hacker has your email password as well, but if you're paranoid like I am, I keep an email account that I only use for sensitive things such as paypal or Anet or Rift. It's never ever used as a general email account.

friend got hacked a week ago, and sent 100's of tickets with all cd codes etc in, they ROLLED back his account then closed the accounts involved, according to arenanet it happened after he did a "great deal" on ectos for 50k. 19 ectos for 50k...and my bud has a great nack at deals. soon after he did the trade said ty etc, 2 mins later, account kicked him off for being on another pc.

but i think they are starting to ANTI grief player accounts within reason

I got hacked sometime in the last few weeks, I noticed it just yesterday. My account was permabanned for engaging in gold selling or something.

I sent a ticket to support, only to receive a neutral unhelpful response that I apparently sold gold and items or/and botted for real money. I sent another ticket a little more aggressively in tone and my account was unbanned a few hours later.

When I logged in, all my characters were naked, everything was gone except customized and quest items.

.. yay, I'm more poor than a noob now.

and the price was 300$ when calculator went out i think the price will go up as the gw2 release date gets close.
And if i understand subject mater hacking an account is not that hard for some1 who has time and the will to do it. and as some1 stated 300$ is not a lot of cash on its own but sell a 1000 of them and u have a different story.

Try this out for size:
http://www.pcgamer.com/2011/08/08/no...o-fund-regime/

While that article focuses mainly on botting, you can imagine how much easier it becomes for the hackers when their required botting is cut down simply by having 'access' to loaded player accounts who have done all the hard work for them; then simply sell all those accumulated resources back to other unsuspecting players.

@Martin Alvito: I always enjoy reading your posts, mostly because I tend to agree with them and since they are structured well and insightful.

Sounds exactly the same as my experience tbh, sounds like we could start up some kind of society for hacked and impoverished characters

The banks are a particularly attractive target, so they're going to get hit if they have a vulnerability. It doesn't follow that their security is worse than anyone else's. All else equal, they should experience far more intrusions that we hear about, but they don't. Legally, they have to report even minor events to those affected or suffer stiff civil penalties, and I'd bet that most adult Americans have gotten a letter from their credit card company about their account maybe possibly having been compromised at some point.

In the link you cited, it's likely that the real treasure trove for those hackers was the personal information, as the article suggested. Card numbers without security codes aren't worth much, and the banks don't focus their resources on protecting them.

Now, I agree with the general sentiment that just about everybody has a problem. It's a matter of degree. The strategic goal of account security is not to prevent all intrusions (which is impossible), but to provide sufficient security to get malicious hackers to decide to find an easier target. You expend different levels of resources to protect different things; online banking has to be far more secure than a database of credit card numbers in order to protect it, and the downside risk of having the just credit card numbers stolen is low for the bank, so they structure their defense profile accordingly.

There are plenty of sites out there where people gather to complain about banks, which were already plenty hated even before 2008. I'd imagine that I drove my share of nasty comments, back when I worked for the dark side of the Force all those years ago. The funny thing about that is that there are plenty of good reasons to be upset about banks and their behavior, but they're not the things people generally complain about.

That article proves the more cash strapped you are the more a dollar grows in size and you will expand your options to obtain that dollar, even if its illegal.

RSA tokens in GW2? 8)

The majority of so-called "hackers" are phishers because the average gamer is gullible as hell and will give away their login information on their own accord. The best part is that most people will deny this and pretend that they were hit by some drive-by hacking. You know, because rather than steal your bank password or social security number, they would rather go for your ectos in Guild Wars. If somebody is going to install a trojan or keylogger on your computer, then they don't want your Guild Wars crap. That's like saying during an armed robbery of a convenience store, criminals just want to steal the Slim Jims and beer.

I used to not believe this myself that people could be so gullible. But last year, the Team Fortress 2 forums had a thread about a real-life phisher. They showed a backpack of a phisher, and you could see before and after pictures proving that he was basically stealing loot from other people. The phisher setup a fake beta test or contest giveaway page, specifically targeting TF2 gamers. The page made you login to your Steam account, so you voluntarily handed the info straight to the hacker.

Who would fall for such a dumb trick? Well, in two weeks, the "hacker" had suckered so many people that he filled up five pages of his backpack, including 100 rare items including 10 to 20 ultra-rares. If you want a Guild Wars equivalent, this is like saying that you managed to steal 25 stacks of ectos in just two weeks. That's ONE guy running ONE phishing site.

I also want to point out that the phisher carefully cherry-picked items that he wanted; he didn't just go out and clean out every item in your inventory. So in other words, so many people were handing over their login information to the hacker that he couldn't even take everything because he ran out of storage.

I can't tell you how many times I saw this story repeated. There was a guy that was a father of two kids and he fell for an obvious trade scam. He fell for the old "triangle trade" scam (you hand your items to a middleman, but the middleman is actually the scammer's second account). He posted a "warning" to others about it and confessed his naivety. So it's not just little kids that don't know better.

They don't give a damn about the reporting requirements. They exhibit the same attitude here as they do with respect to capitalization requirements, standard accounting principles, FTC act violations, TILA violations, FCRA violations, FDCPA violations, bad faith HAMP denials, robosigning, etc. -- the decision-making process is *purely* whether the profit gained (or loss avoided) from a given illegal activity is greater than the penalty for getting caught multiplied by the chance of getting caught. The fact that something is illegal (or immoral) does not even enter into the calculation when the banks decide whether or not to do it.

(OK, rant over.) Now, how that's relevant to hacker intrusions: The reason we don't hear about more intrusions than we do is not that the intrusions aren't happening; it's that they choose not to tell us about intrusions that they think they can keep a lid on.

I'm going to issue a prediction here: In 15 years, if not sooner, that security philosophy is going to be as dangerous and self-destructive as "security through obscurity" is today. It relies on a psychological model of the attacker who thinks "there's plenty of fish in the sea; I'll go find a different one that's easier to catch." Over the next few years we're going to see an increase in hacktivism ("That fish is evil; I must catch that fish!") and low-grade economic warfare sponsored by the Chinese government ("I want all the fish!"). Staying ahead of attackers with those mindsets is going to require a shift back to trying to build an impenetrable wall, coupled with some tertium quid to deal with the fact that the impenetrable wall is impossible. (No, I don't know what the terium quid will be, only that it must be.)

19e for 50k. Anyone on here who believes that is a moron. In reality he bought ecto for real cash and got caught.