An interview with a scammer
by Robin Torres 
Jun 6th 2009 at 2:00PM
Late last night, The Spousal Unit saw someone spamming Trade Chat, supposedly offering a Spectral Tiger Mount for sale. Since he knew two people that had been scammed by this, he called the seller a scammer in Trade Chat. The scammer sent him a tell and they proceeded to debate the issue in whispers. TSU called me over to show me the conversation, so of course I had to log on and pursue the interview further. Following are both interviews, copied over from in-game whispers.
Scammer: Lies
The Spousal Unit: lol bulls***
Scammer: Are you just going to say that every time I post?
Yes
Okie. Doesn't matter, I still get whispers lol
Probably. A lot a stupid people out there. Lots of suckers for you.
I know. So why try and ruin my business?
Because it's dishonest? Scamming gamers out of their stuff?
It's not dishonest. It's wrong. I'm being completely honest
Orly? You're really giving them a tiger mount?
Correct.
Uh huh.
Who knows how long they'll keep it, but yeah I give them a mount :P
Well, whatever you gotta do to justify it to yourself, I guess.
That sentence doesn't make sense. I don't need to justify myself. What I need is gold. You know any idiots by chance?
Sure it does, unless you don't care about ripping people off.
I don't care. It's their own fault if they're that stupid.
So do you just recycle the scam with different people's accounts as you get them?
Yes, I get an account, use their account to scam, and rinse and repeat. Right now, I unfortunately have no accounts.
Are you the same dude doing [this] across different servers. Or is there like a cartel?
No, there's a lot of us.
This is where I started sending him whispers from my druid.
Robin: Hi. My name is Robin Torres. May I please interview you for WoW.com? Anonymously, of course.
Scammer: Sure. (He declined an email interview, but agreed to continue via whispers.)
Do you work for a company?
No.
Are you a part of a loose organization of people?
Not really an organization. Lots of us around. The companies use a lot more complex scams: keyloggers, emails, etc. Most of us have our own thing. Then we sell to companies. People who are good at it get hired. Well, people who make an incredible income. I've only made about 70K through a week's work.
So how do you conduct the transaction? (At this point I was unaware that this was actually the scammer who hacked my friend.)
I just email them an email -- [it] looks pretty official -- and within, there's a hyperlink and you can figure the rest out. :P
You've only been doing this a week?
Yeah.
How do you get hooked up with a gig like that?
I set it up myself. Who are your readers, if I might ask?
The readers of WoW.com. I wrote an article about the scam this week. The article is called Beware of Blood Elves selling mounts.
I'm not a Blood Elf.
LOL no, but it was a Blood Elf who scammed the guy I wrote about.
You're putting this on the official WoW.com? You're ruining my business. :P
WoW.com used to be WoWInsider.com. Look it up. The article is on there now.
(I told him how to access it quickly. There was a long pause while he looked it up.)
LMFAO That article you wrote was about me. You got the numbers wrong, though. "But wait! There's more! As I write this, Cobra's account got hacked again. Not only did the phishing site take his old account info, it downloaded a keylogger to steal the new account info." Lies.
Then how did you get back in?
He didn't change [his] password.
How embarrassing.
Fishers aren't related with keyloggers. Keyloggers need to be downloaded, unattached from an email, something had to be opened: a movie, something. None of that ever happened. [It's] his own fault.
So do you do this on multiple servers?
Yes, I do this all over.
What do you do if there is an Authenticator on the account?
Most people have taken off their Authenticators because the hacking rate went down. 50+ accounts, 0 Authenticators so far.
That's sad. Do you have a way to get around the Authenticator?
Actually yes. For the very FIRST login, I can get around it. So I have to change the password then or make a quick clean sweep of the account.
Ah, how do you do it?
Just enter the Authenticator code they put into my site.
Do you sell to US or Chinese companies?
Both.
How do you develop contacts with the companies you sell the gold to?
Sorry, that's not info to give out. I don't ruin other people's business. :P
Ah, honor among thieves. Do you feel bad about what you do?
Nah, I don't screw with their gear or anything. I get gold, mats, and gone. I could turn into a real hacker: delete characters, items, transfer servers, but nah. And gold and mats can get restored within hours.
Another friend fell for this on another server and his main character was deleted. So that wasn't you?
Yeah, I don't delete other characters. [It] had to be someone else.
Are you at all afraid of getting shutdown by Blizzard?
They have before. I unplugged my router for 5 minutes, plugged it back in, tada all fixed. Now, just so I don't waste 5 minutes of my day, I run behind a wall. This wall sends out millions of IPs a second, never giving my true [one]. Like, right now, if Blizz shutdown my IP, I could immediately log back in, without a scratch.
Were you running different scams previous to this one?
Nope. This is my first ever scamming. Actually, the only reason I got into this is because someone tried hacking me, so I got them back, then moved on. LOL There's less than 100 of us out there right now, but the number jumped from 5 to 78 so far this week. People are learning.
So, how long do you think you'll be able to do this?
Forever. There's no stop. As long as people keep falling for easy s***, I will never be shut down. I, am the real napster. How do I post a comment on wow.com? I want to post that that one was me! LOL (I told him how, but as of this writing, he has not done so. UPDATE: He's here and he's commenting.)
When you say you made 70,000. Is that gold?
Yes. $5 = 1000g. Do the math. :P
Thank you so much for talking to me.
Cya :P
I can't tell you how embarrassed I am for my friend who re-used his old password when he got his account back. But use this as a warning. I know it's hard to remember different passwords, but once you've been hacked, you can never use that password again. For anything. Ever. As despicable as this scam is, this scammer actually seems to have a code that he follows. Other hackers won't do that and will try to use your username and password in other places -- email, online banking -- wherever they can make a buck. And just because you don't have much, either in your WoW account or in real life, doesn't mean you won't be a target. As you can see, your account and identity is still useful to scam others.
Some of my friends and commenters have, in fact, legitimately purchased rare items legally and for reasonable prices in-game. But while there may be legitimate Spectral Tiger Mount sellers, still be extra cautious of any deal that seems too good to be true. Follow some basic account security at a minimum and, when available, get yourself an Authenticator or the free software for your iPhone ASAP. It's an extra step, but it's well worth it for when we make mistakes.
Be careful out there!
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.Filed under: Economy, Mounts, Interviews, Account Security
Reader Comments (Page 1 of 11)
Ebontail Jun 6th 2009 2:07PM
A week my @$$ someone in my guild fell for this about a month ago, either hes been doing it longer or hes unoriginal and stole the idea. Either way blizz needs to get off there duff and catch this guy and ban his IP
Dex Jun 6th 2009 2:14PM
He says he has an IP scammer, and he got into it from someone trying to do it to him, and there are 78ish of them...sooo, yeah.
Grendalsh Jun 6th 2009 2:26PM
The Scammer specifically states that he's IP Spoofing.. Blizz can't ban his IP cause he changes it repeatedly. Systematcically, the only way Blizz could ban this asshat is to contact his IP and get him blocked at his internet connection. Or trying to get the IP to divulge the knuckledragger's identity so they can pursue him legally. While stealing virtual property is problematic to prosecute, hacking someone's account directly equates to theft/denial of property. That they CAN prosecute.
As with most any ecosystem, predators prey because they CAN. They only stop when threatened by a larger predator, or gangraped by their prey.
To put it in caveman terms..
"Selling Spectral Tiger for Gold!" = "I'm a predator and I'm here to eat you"
the proper response is to get a hunting party together, track the predator down, and kill it before it kills anymore of the tribe.
So, the next time you see someone selling something unbelievable for gold, report them immediately. Don't bait them, don't taunt them. Just call in a nuclear strike.
Clbull Jun 6th 2009 2:51PM
This is just one person in a large group pulling off this scam. There are probably quite a few others pulling off this same scam or scams that are a lot like it.
Superthrust Jun 6th 2009 3:04PM
harsh words coming from someone like you man...(Grendalish)
The first post on the comments, sounds like the guild member i got into. It was fun. I actually had the account for about a week because he never changed his password. I even left him signs, and a note (a mail letter mailed from an alt, put in his bag where is gear was.) and he still never did it. Eventually i took over, sold the gold, then sold the account.
People are stupid. Whoever falls for stupid ideas, tricks, etc. should be punished. I went and scammed a guild leader of the top horde guild on the Arathor server. (name not mentioned!)
This is should be voted UP to warn all people, I do not do it randomly, i target people. Some others might do the same. Keep your account safe, and be wary.
Wither Jun 6th 2009 4:14PM
"Whoever falls for stupid ideas, tricks, etc. should be punished."
If this article serves to embolden all the amoral idiots out there to step out into the open so we can go ahead and shoot them all at once, then great.
What goes around comes around, treat people like crap and don't expect to get far IRL.
Arlen Jun 6th 2009 4:16PM
Actually you're wrong Grendalsh. If the scammer is smart enough and using something like Tor (tor.eff.org) then Blizzard will never know his actual IP or the ISP he's using.
Wither Jun 6th 2009 4:56PM
@Arlen. Internet 101.
You communicate across the internet through many computers, starting at your own, going through your ISP, then the internet "backbone" and eventually Blizzard servers.
Every one of these computers, routers and switches has an IP address.
You can attempt to spoof yours, but not those in the rest of the chain, so yes your identity is still pretty obvious to anyone who cares to figure it out. IP spoofing is like changing the house number attached to the front of the house, hoping that no-one can find your house.
The reason individuals are not prosecuted is not that they are technology savvy hidden ninjas of the internet that they believe themselves to be, but that is usually not economical to do so.
Manatank Jun 6th 2009 6:20PM
@Wither:
Glad you think you understand networking enough to scold someone else... It is very possible to spoof the origin of a packet in much more complicated ways than you appear to believe. It is even possible to legitimately hide your traffic by passing it through multiple hops. Keep in mind there are millions of compromised windows machines out there that could be used for tasks like this. Most of the time people who have compromised PCs have no idea that they have been compromised.
Wither Jun 6th 2009 6:40PM
@Manatank
That's sounds too clever to be true and it is, think on this - given most services on the internet (such as WoW) require 2-way communication, how do think the packets from Blizzard ever find their way back to your PC? If they can route, so can a human, it doesn't matter how many hops it takes.
I'm trying to do you guys a service, you're putting your hands over your eyes and presuming that means no-one can see you. I restate - you're not get caught because it's not economically viable to try to, not because you are "invisible".
Pravus Jun 6th 2009 7:07PM
In very basic terms. Blizzard would only see the IP of the compromised machine. When packets get sent to that computer it the virus/trojan routes it back to the scammer's computer. For blizzard to track that, they would have to get a warrant to log the compromised machine to see who connected to it. Do this multiple times. Computer to computer to computer then to Blizzard. It becomes virtually untraceable because each packet can take a route though a different set of machines to reach its destination. Just to find the route would be prohibitively costly or impossible because of privacy laws. Each compromised machine is privately owned and would have to be logged or a warrant served to the ISP. Even then they would have to hope the same scammer went though the same machines which when looking at the number of compromised machines out in the wild is next to 0 possibility.
Anonymous Proxy. Google it.
Bertus Jun 6th 2009 7:10PM
The problem is that this isn't something Blizzard can crack down on. The only element the scam involves that Blizzard has any control over is the chat channels, and it's just not feasible to have humans watching them 24/7, nor is it reasonable to entirely shut down the chat channels. This is all social engineering; the only broken system is the person being scammed. You can't fix that with a patch or database rollback.
Wither Jun 6th 2009 7:42PM
@Pravus
Anonymous FTP, yeah great idea. Oh hang on, one of those machines happened to be a insecure machine at a minor government office. How could you know? You couldn't, you just got a list of IPs off the internet.
You've committed a felony, you've got the FBI and Patriot Act on you, forget about "search warrants", welcome to the real world and a cold jail cell. Hey, tho, maybe you could sue Google and the results it gave you on anonymous proxy.
Naix Jun 6th 2009 8:05PM
IP spoofers are easy to catch if you know what your doing.
Sol Jun 6th 2009 11:54PM
@Wither
In theory, yes, it's very intuitive to suggest that any communication on the Internet can be traced back to the source. However, in reality, there are myriad forms of indirection that can obscure that path, as well as real-world security holes to exploit along the way, rendering the tracking process virtually impossible.
For example (one of very many), as long as one of the many computers in the chain between the enforcement authority and the scammer is a somewhere in eastern Europe or Indonesia or an similarly apathetic locale, the chances of having the necessary cooperation from authorities to track past that link in the chain are next to nil.
The resources to learn more are freely available on the Internet, and from experience I can tell you that a first-year graduate course in Computer Security will teach you a number of (questionably legal) ways to become essentially untrackable on the Internet. I encourage you to research more on your own :)
agnoster Jun 7th 2009 2:11AM
@Wither
You didn't even go to tor.eff.org and read up on it, did you? Yes, Tor has vulnerabilities, but for practical intents and purposes I very much doubt that someone using Tor could be traced by Blizzard. (Note: any further attack of the strawman that is IP spoofing will not make you look smart!)
As we say on the internet, "It's poor form to respond to someone's comment when the comment links to a source explaining why you're wrong, illustrating only your ignorance and/or laziness, especially when you are acting patronizing," or sometimes more succinctly, "l2read, nub."
Wither Jun 7th 2009 5:59AM
All I can say is that there's a lot of fresh bright computer science grads out there who are evidently rather naive. I wish I could say I've been working as a low level computer programmer for the last 20 years and actually have some hacking experience from the days before P2P, oh hang on - I have.
Guys seriously, if your first year of comp sci is currently teaching you that you are untraceable or unprosecutable, you need to find a better university or go practice law instead. You're playing with fire.
Wither Jun 7th 2009 6:45AM
Just as an attempt, to haul this thread back "on topic".
Despite many attempts to characterize small time crooks like this scammer as a untraceable cyber-espionage mastermind, who like cat-thieves descend via ropes and pulleys and can never be caught - the better acronym is a guy walking into a house through an open window.
You are always dealing with the lowest common denominator and human sociology. This guy wasn't routing his "attack" through a myriad of anonymous proxy servers using every trick up his sleeve, he was a simple confidence merchant with simple tools.
To those comp sci grads who like to pretend it's more than that, like some sci-fi movie, keep dreaming. Yes there are more sophisticated methods, but at the higher end of spectrum, there also exists counter cyber-espionage, federal laws and means and ways to stop attacks. As they say, all you need is one weak link in the chain to comprise the strength of the entire chain. Con-men and hackers are socially as susceptible to making mistakes as the people they try to exploit, quite evidently due to their biggest social flaw - arrogance.
Prepare a better defense that "I didn't think I would get caught or prosecuted.".
Eisengel Jun 7th 2009 5:06PM
Re: Wither
Quite so... on all counts. I do research in wireless networking and have done a lot of wired work. Anything that can be sent can be replied to, or else the Internet wouldn't work. This implies that somehow the receiver can be found.
Traffic anonymizing is not perfect, it is concealment. Concealment makes things harder to find/attack, but does not make finding the traffic source impossible, only harder.
Keep in mind we aren't dealing with a web browser or some other piece of brain-dead software that has a set behavior pattern, you're dealing with an interactive high-throughput piece of commercial software. All Blizzard has to do is add a few code mechanisms to WoW in a patch that they can turn on at will, and no amount of anonymiziing traffic shuffling will ever work.
If Blizzard wanted to, they could make account hacking nearly impossible a number of ways. One way would be to include authenticator-like code on the game CD, and you have to insert your game CD to play. Then, when logging in, the Blizzard server sends a bunch of crypto queries to your CD. If it isn't the CD your account is bound to, bang, no login. Sure it's limiting, but it would make hacking pretty tough, and that's only 1 possible solution. Like anything else though, it's all a question of time and money... how much are they losing vs how much are they going to spend? Unless people that have their accounts compromised start canceling, Blizzard isn't going to move.
Radiophonic Jun 8th 2009 4:15PM
Why do you all assume he's anonymizing his IP? He doesn't have to. Quite a few providers will give you a fresh IP when you drop connection, it's not rocket science. If they don't, it's very easy to release your IP, change your MAC and renew again. They use IP based blocking, why? Because it is too much effort to write to each individual ISP and get information on the person doing the scam. Besides, isn't scamming in a virtual world a bit of a grey area as far as law is concerned. You'd be hard pressed to get a customer banned from their ISP for scamming virtual lootz in a virtual world and thus, there's no reason to use anonymous proxies or other packet obfuscating mechanisms.
Smart gaming is like smart browsing, learn it or fall victim to it. In fact, there are so many 'smart browsing' web sites out there, how come there isn't one dedicated to WoW? ;) Get on it.