Our Guild had been going downhill for a while now. At the beginning of the year, key officers and members, cornerstones of our raiding team, quit the game for one reason or another. Some of our members got hacked, just like WoW Insider's Amanda Dean. This took the wind out from under our sails, despite great success in Serpentshrine Cavern and Tempest Keep. As 2007 closed, I envisioned us taking down Vashj and Kael within the first quarter of 2008. I was stoked. There were good times when we'd take down two new bosses a week. Of course, Murphy's Law happens. While key team members quit the game, others took extended (sometimes unannounced) leaves of absence, and with diminishing raid attendance and obviously performance, other members looked elsewhere for better raiding opportunities. And when it rains, it pours.
A little over a week ago our Guild bank was robbed. It was cleaned out -- so empty I could almost imagine the sound of flies buzzing about -- well, okay, it wasn't that empty. On the third tab, the robber was kind enough to leave us ten stacks of Roasted Clefthooves. At first it struck me as odd because we had fixed our Guild permissions somewhat after our GM left the game to take a shot at a relationship and play with his Nintendo Wii. In what order exactly, I can't be sure. He passed the mantle off to one officer who passed it to another officer who later passed it on to me. So for a while, I was GM of a Guild that wasn't quite doing anything but waiting on people to come back to the game. So imagine my shock (more like anesthetized indifference, to be honest) when I was going to deposit items into the Guild bank only to find that it had nothing. Well, nothing but those clefthooves.
The most frightening thing about the whole affair wasn't the fact that we were robbed, but that we could've been betrayed by one of our own. Because the officers were in charge of cleaning and arranging the bank items, they pretty much had unlimited withdrawal capabilities. This turned out to be a mistake. Set your permissions very carefully so that users are unable to withdraw more than a few stacks at a time. One of our officers' characters was the culprit, and checking the Guild Bank log only showed the mysterious 'Unknown' to be the robber indicating that the thief must've transferred the guilty toon off the server.
Trying to check who the person was on WoW Armory's Guild Bank log feature, I was shocked to find that the culprit was *gasp* me. Well, not me but the Guild Master supposedly, although my name was certainly not 'null'. Alarmed at the potential brouhaha that could ensue, I quickly fired off a ticket to a GM who later dramatically arrived in a zeppelin (you know those types) and proceeded to tell me in not so many words that there was just nothing they could do about it. What was bugging me, really, was that I wanted to find out who did it. It was one of our officers, certainly, because they were the only ones with permission to take anything out of the bank. But the dilemma was that one of our officers had moved his toon off the server earlier that day (who could resist an invitation to raid BT as a Moonkin?) and another one was no longer on the server without warning. The money was on the latter, who had made no announcement about his move.
The troubling thing was that this person was our friend. The officer and I had gone way back when Molten Core was still fashionable, and I couldn't bring myself to believe that the person who would ask me how my three-month old daughter was every time I logged on could do such a dastardly thing. So I needed to know. Reading the Help section, I found that restoration of items stolen from the bank is beyond a GM's capability. In short, you give permission to a person, then that person cannot be reprimanded or punished for taking what he has been allowed to take. Understanding this, all I really wanted to know was who did it. I wanted to be sure. I wanted, more than the restoration of items, to know who it was that could do something like that. The GM's answer: sorry, we can't tell you. Wasn't I well within my rights to know who the person was? As the GM of the Guild that was just robbed blind, didn't I deserve to know who 'Unknown' was? Well, according to Blizzard, no.
The GM's sobering advice: "put stronger restrictions on who can and can't acces (sic) your guild bank." Well, thanks a lot. Putting restrictions now would be like closing the barn doors after the horse has run off. There was nothing to protect. Fortunately, we later found out that the officer in question had been hacked. One of the more important things after being robbed is being assured that the robber wasn't your friend. Unfortunately, we're still waiting on the results of the investigation. It has been almost two weeks since the incident and there has been no word from either Blizzard nor our guildmate. We fear the worst.
No question, the hacker must've made a hefty profit from selling all the materials in our bank. A profit good enough to sell for a few hundred dollars, to be sure. This is why people simply must stop patronizing power levelers and gold selling outfits. The gold they sell, aside from being against the EULA that players agreed to before entering the game world, are often obtained through duplicitous means. We were fortunate in the sense that it was a hacker who had done us in. I can imagine the horror if it were simply one of your trusted colleagues who decided to make a sweet profit -- with no repercussions.
A word of caution to all Guilds with a Guild Bank... remember to set your permissions carefully. If there's anyone in charge of rearranging the items in the bank, allow only that person access to do it. Even then, allow that person access for limited periods of time or limited stacks. If the person decides to take all your items, Blizzard believes that if the Guild agreed to give them permission to withdraw, there's pretty much nothing they can do about it. For all of Blizzard's hard line stance against gold sellers and their methods, they don't punish asshats. Needless to say, be wary of keyloggers, always protect yourself. Of course, as much as you can restrict permissions with your members, there's nothing you can do if the Guild Master himself gets hacked. It makes me doubly glad that I play on a Mac.