Drama Mamas: Hacking a friend's account
by Robin Torres 
Jun 25th 2010 at 5:00PM
Drama Mamas Lisa Poisso and Robin Torres are experienced gamers and real-life mamas -- and just as we don't want our precious babies to be the ones kicking and wailing on the floor of checkout lane next to the candy, neither do we want you to become known as That Guy on your server.
It was really hard to choose from the many dramalicious emails we got this week. So much drama, so little time. I'm happy we have so many topics to choose from, but sad that so many of you have to go through so many dramafied situations. This one really did stick out as pretty dramarific, however. Dramarily! Drama-lama ding dong! Dramastified. OK, I'm drama-done. Turn the page for all the dramaness.
Hello Drama Mamas, I'm going to leave myself as anonymous today. Recently me and my friend had an argument about something stupid while I think back, we fell out and both /ignored each other, this was all fine until I remembered that I had just sent him 500g and some adamantite ore (80, to be exact) I sent him the 500g because he needed it for repairs that night (He was doing ICC 10 and was broke). I asked him to send it back and he proceeded to tell me how he was going to sell the adamantite which goes for around 240g a stack on my realm (Yep, 240g)... He posted it on the auction house and kept mocking me on alts he created named things like loliwinnoob, etc. He is an IRL friend so I happened to know a few things about him, I answered his secret question and got the password change email to be sent to him, I also knew his E-Mail password. I changed his password and went onto his account, bubble hearthed in the middle of blood princes hc and sent my 500g and adamantite back to myself. My question to you is, should I have done this? And should I tell him that it was me or just leave it alone? Signed, Anonymous
Drama Mama Robin: Anonymous, no. No, no, no. No. Of course you shouldn't have hacked your friend's account. It's unethical, immoral, cruel, illegal, can get you banned -- you know this, right? Neither of you win in the "how to treat your friends" category here, but you really escalated it from something recoverable (he could have paid you back after you guys made up) to a probably permanent breach. Here is how you should have handled the issue:
- Don't burn bridges. You admit now that you argued over something stupid. Though you were upset (nothing wrong with that), it is likely you two would have laughed about the incident later. Even if you argued over something serious, the acquaintance may be worth renewing down the road -- for both of you.
- Let him keep the money and ore. In general, physically or virtually, if you give a gift to someone, you are giving the gift from the person you are at the time to the person he or she is at the time. It's usually best for both of you to just let the gift stand. And while it is the nice and good thing to do, I think it is also best for selfish motives. You will know that no matter what happens, you did the right thing. Also, these things are pretty easily replaceable in game. Your character was obviously not crippled without them.
- Ignore the taunts. If he behaves like an immature git, who cares? Report his harassment to the GMs, if it gets out of hand. But otherwise ignore him. Childish is as childish does.
- Don't be a criminal. Captain Obvious has steam coming out of his ears. Whatever happens in the rest of your life (which I am guessing you are near the beginning of), don't turn to criminal behavior as a solution. It's wrong (duh) and you may end up paying pretty nasty consequences (double duh).
Drama Mama Lisa: It's probably a good thing that you put each other on /ignore -- because now you'll have to talk to one another in person, as you should have done in the first place.Let's make the facts perfectly clear:
- It's up to the recipient of a gift to decide whether or not to return it, should the relationship go sour. In this case, the gold and ore now clearly belong to your friend. By breaking into his account and taking them back, you stole his property.
- Your friend's poor behavior (taunting you in chat and so on) does not excuse your actions. He did not "make" you hack his account and steal from him. This was entirely your decision and responsibility.
- You've escalated a simple online spat between friends into multiple illegal acts.
As for whether or not you should confess to him ... I suspect you already realize that you've crossed lines that should never have been crossed, and I'm betting (hoping?) you wish you could take back all those rash actions. Obviously, your friend will figure out that the hacker was you. You'll be lucky if he doesn't report you to every authority he can. Time to man up. Give him a call on the phone or in person. (Don't email; your online shenanigans have caused enough trouble already, don't you think?) You need to come face to face with your friend and this situation before it blows up any worse than it already has.
Drama Buster of the Week: And now it's time for a public service announcement. As you can see, your account (WoW, email, etc.) is only as secure as the people who know your pertinent data. Don't tell anyone (except perhaps your parents if you are a minor) your password for anything. Also, don't use secret questions that have answers that are easily figured out. If the secret question choices are limited to publicly available information, the best thing to do is to make that another password. What is your mother's maiden name? Y3RM0M What is your pet's name? B1T3M3 Note: Security questions are usually not case-sensitive, so changing case won't help here. Keep your secret question password to yourself, but feel free to use it on all secret questions for all kinds of accounts. It's an extra layer of protection that will keep your online identity that much safer.
Also, get an authenticator (mobile or keyfob), please. That tiny extra step adds a lot of extra security.
Remember, your mama wouldn't want to see your name on any drama. Play nice ... and when in doubt, ask the Drama Mamas at dramamamas@wow.com.Filed under: Analysis / Opinion, Drama Mamas
Reader Comments (Page 1 of 8)
Succulent Jun 25th 2010 5:13PM
Whoa, yeah, hacking his account was probably a step too far, even if you only really took back what was yours, as you could've done a lot worse.
People can be really irritating bastards sometimes (like him taunting you), but you just have to be the bigger person and take a step back. You'll find that you not being irritated by their taunts probably just irritates them :P
I'm not sure what I'd do at this point if I were in your shoes. I'd be reluctant to admit everything to him, if you two have still fallen out and he acted that way before, he's likely just to take it to extremes.
Sticky mess you've got yourself in their pal, good luck!
Agerath Jun 25th 2010 6:28PM
"illegal acts."
Yeah, it's not like you want to overdo the hyperbole or anything...
Ozzard Jun 25th 2010 7:19PM
Depends on the legal framework. In England, the Computer Misuse Act 1990 would deem both the email and the WoW accesses as Unauthorised Access - so, yes, both are illegal under English law. I can't comment on other jurisdictions.
Pyromelter Jun 25th 2010 8:20PM
admitting everything is the worst possible thing someone can do, from a legal standpoint anyway. E-fraud is very hard to prosecute, and by admitting it to the person or to anyone, you are just asking for yourself to get massive fines/criminal proceedings against you.
Yes, it's the morally right thing to do. But legally, after doing such acts, the absolute worst thing you can do is just admit it. Before doing ANY of the stuff the ladies wrote up there, I would consult with a lawyer.
Lisa, I hope you read this: Your words up there can be construed as legal advice, and since you don't practice law, if this person takes your advice and gets in trouble... well, I don't even want to think of the liability involved.
If you want my advice, I would post a retraction to this statement immediately:
"Time to man up. Give him a call on the phone or in person. (Don't email; your online shenanigans have caused enough trouble already, don't you think?) You need to come face to face with your friend and this situation before it blows up any worse than it already has."
...and next time you tackle an issue like this, put out a ton of disclaimers, and always always always advise that a person in this situation get a lawyer. I would actually advice that you get the AOL lawyers on this asap, because I'm actually kind of frightened at what might happens should this person get into more hot water because of this advice.
Killik Jun 25th 2010 9:50PM
Are you a lawyer, Pyromelter?
Helston Jun 26th 2010 12:52AM
Apologies for hijacking this reply, but you missed an important security issue in the drama buster for the week. You need to tell people to NOT make their answers Y3RM0M and/or B1T3M3, specifically because you mentioned them in this article, making them completely insecure passwords
Killik Jun 26th 2010 9:08AM
..or deliberately use them in a daring double-bluff. It's the last thing the hackers would expect!
Dameblanche Jun 26th 2010 10:30AM
I am not so sure about all this lawyer talk. Yes, at my age I could consider it (40 year old here) but I get the feeling that the writer of the email is a bit on the young side. (esp. the loliwinnoob alts of his friend give me the feeling that we are dealing with somebody who has just discovered the joy of pimple ointments)
He is probably not even old enough to get a lawyer without the help of his parents, so comments like this are not really helpful as a starting point, you'll only arouse more of the natural tendency of teenagers to blow things totally out of proportion.
I have two kids in my guild, friends in real life, who were willing to give up a 5 year old friendship because of a row over a bloody blossoming branch. You know, the thingy that transforms party members into a rabbit.
Exhibit A had eaten a Savory Deviate Delight, exhibit B transformed him into a rabbit, which apparently removes the pirate costume. Exhibit A was not amused, and after three more "eat fish-change into rabbit" incidents he was so furious that he refused to talk to his friend for a week. Things got so out of hand that both of them left the guild 3 times and had to use other people to communicate to one another through the barrier of /ignore and refused phone calls.
Being sort of the granny in the guild, I was initially mildly amused by them and both kids used me as a confessor to straighten things out. Until I got fed up. I my case it was enough to threaten them that I'd treat them like whining toddlers for the rest of their lives if they would continue to behave like girls blouses and that my own ignore button was itching like hell.
"You, mister, are going to say: "sorry", and you, my friend, are going to say: "thank you, apology accepted."
"But..."
"Shut up. You want me to treat you like an adult? Fine. Start behaving like one. End of story."
My advice: Get over yourself. And grow up.
You both are acting like babies and you've made something trivial into the Third World War, with bullying alts and account hacking.
All of this probably about something as stupid as a blossoming branch.
I can imagine your friend knows it was you, so there is no need to try and hide it. Call him up, say you are sorry, give him his stuff back and talk with him about the original argument. Be the first one to apologize, even when the original argument was his fault. At this point you should not be interested anymore in proof that you are right; you should be interested in getting peace of mind.
If he doesn't want to accept your apologies, then he is the tit, not you.
And if he threatens to get you banned, then use your parents. Be honest with them, allow them to punish you with a ban on playing wow for a short while, because you have been doing something bad and should own up to it. But they will help you, and chances are high that also the parents of your ex-friend will be sensible enough to stop him from trying any legal action, since they will recognize this whole affair for what it is: a fight in the sandbox about who can use the plastic toy shovel first.
Mevima Jun 26th 2010 4:22PM
Killik: It's actually not the last thing the hackers would expect... "password" is one of the most common passwords used.
Killik Jun 26th 2010 5:09PM
@Mevima Yeah, I was bantering with Helston up there. "password" is one of the common ones, along with "monkey" and the names of sports teams. :)
damienpotts Jun 25th 2010 5:14PM
Ohh! I love the song! lol
Wolftech Jun 25th 2010 6:24PM
I'm glad I graduated well before that crappy song came out (12 years! holy crap, I am old) that I am sure got played like 10 billion times in high school...
BB Crisp Jun 26th 2010 2:19PM
Having an easily guessed password or security question is irresponsible, if not stupid, but it in no way lessens the guilt of the hacker. It's akin to blaming somebody for getting their car stolen when they forgot to lock the door. Sure, they made it easier for the thief through their own neglect, but it doesn't make it any less of a crime.
People shouldn't expose themselves to unnecessary dangers, but don't forget that a crime is still a crime.
Beldoro Jun 25th 2010 5:14PM
Although wrong and petty, I don't see why Anonymous would be in trouble from Blizzard? If anything it's the friend that is in trouble for sharing account details.
It's not like they will ban Anonymous' account.
Succulent Jun 25th 2010 5:17PM
You read it wrong, he didn't share details, the guy knows him in real life so was able to guess or just simply knew his details.
Secret questions aren't hard to work out, people usually pick the mothers maiden name one etc.
Delerius Jun 25th 2010 5:21PM
No. The friend did not share the account details, Anonymous guessed them. By your logic, hackers are free and clear while everyone who is hacked is at fault.
You do *not* blame the victim for the crime!
rhorle Jun 25th 2010 6:27PM
If you pick answers for secret questions that others know or can easily guess then you are not doing what you are supposed. If you make it easy then yes you are at fault just as much as the hacker is for hacking.
Security questions are supposed to be things that no one knows, not things someone can guess if they know anything about you.
theRaptor Jun 25th 2010 6:52PM
You are wrong rhorle. Security questions are basically worthless. Either they are way too easy for even acquaintances to guess or the chance of you remembering them in 5-10 years is basically nil.
I need to access a government site that started requiring the answering of security questions in every login. Unfortunately for me I had set "clever" ones up a few years earlier and couldn't remember them. I lost my Yahoo account because after 10 years I couldn't remember what my favourite sport was (I am not a sports fan so I thought I had put "nothing" or similar in, but that wasn't right) and couldn't do a password recovery one day.
TheSipe Jun 25th 2010 7:58PM
@ Succulent
So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
rhorle Jun 25th 2010 8:12PM
How am I wrong? If you pick an answer that is easily found out then you share some of the blame. If you leave yourself open to being hacked you share some of the blame, because account security is all about your choices and not those of the hackers.
Common passwords, easy security questions, writing down passwords etc are all things that will give you some blame if your account gets compromised. Not being able to remember something after 5-10 years is not an excuse for leaving yourself open to being hacked because you pick an easy one.