Filed under: Account Security
Posts with tag Hacker
Hacked! It is not fun, and it happens more than anyone would like to admit. Gear, gold and pride, all pilfered by some stranger.
It starts with a simple email from Blizzard. Hmmm, it's my first-ever email from Blizzard that causes immediate concern. It says that my account has been "banned and deleted" for buying or selling in-game gold for profit. I am stare at it in shock for a minute ... Is this a joke? My heart starts racing. I run back to my office computer to figure out what to do, and my head starts spinning in confusion. My immediate emotional response catches me off guard ... My head starts to pound. All that work, all that time, all the friends ... just gone ...
And then the high-level anger sets in, as logic begins to prevail. Wait, I never bought gold. I never even considered it! What is going on? I jump online and write an appeal with blazing speed, fueled by my troll rage. In retrospect, this was not exactly the smartest move and probably served to delay my account restoration. I recall that it read something like this ...
- Prices that would make Zimbabwe look like a model of inflationary restraint, and:
- What happens when money -- in this case, gold -- loses meaning.
Let's dissect the above whisper:
- It's one whisper made to look like two. This will work if your chat settings match the scammer's chat settings, but if you've fiddled with your font or chat window, then the formatting will be off and the scam will be more obvious.
- The whisper is from a garbage name. All "players" I've seen with random characters have been scammers or gold selling barkers. So anything after such a name should be considered highly suspect.
- It says [Game Master]GM. The scammers aren't even trying here. Blizzard GMs have names and have <GM> before their names.
- It sends you to a non-Blizzard site. Don't go to any website you get in tells or in-game mail as a general rule. If you have received a ban of any kind, you will receive an email to the account you have on file with your subscription info.
When this happened to a guildie, I must admit I was skeptical. Blizzard scans for viruses? And then sends an email that sounds suspiciously similar to the various phishing emails out there? But my friend sent me a copy of the email and described the whole process to me and I am a believer. Blizzard has some issues it needs to resolve with how it is handling this, however.
I recently got an Authenticator in the mail and I noticed something while I was inspecting it: there appears to be no way to open it short of cracking it open with large objects. Is there a battery life on these? If it stops giving me my magic codes, will I have to get a new one?
I got an authenticator for my own use recently and have to admit I hadn't thought to look into the battery life, which is a very good question indeed. A dead authenticator means you have no way of getting into the game (or even into your online account) without official help from Blizzard.
Turns out the little security doodads are manufactured by a company named Vasco, and after poking around their website, I'm reasonably certain that Blizzard authenticators are a variant of Vasco's DIGIPASS GO 6 model. What makes me so sure? The GO 6 model page is the only one accompanied by an article on fraud and hacking in online gaming. They don't come right out and say that Blizzard is a customer, but unless Hello Kitty Online is a bigger hive of scum and villainy than even we gave it credit for, you don't have to be a genius to figure out that World of Warcraft figures prominently in MMORPG account theft.
What is social engineering? Social engineering is manipulating victims to volunteer personal information about themselves in order to perpetrate a con, scam, fraud, etc. If you have seen the movie Groundhog Day, then you have seen a very good example of it. Phil, a television weatherman, is living the same day over and over. One iteration of his morning, he asks an attractive woman her name, where she went to highschool and her English teacher. The next iteration of his morning, he "accidentally" runs into her and pretends to know her from highschool, resulting in her going to bed with him.
What is the Authenticator?
The Authenticator is a small device (pictured right) or an iPhone/iPod Touch app that can be tied to your account and provide an extra layer of security. The application is free, but the physical Authenticator costs $6.50 with free shipping in the U.S. They are also available in other countries.
How does it work?
The Authenticator generates a code that you must enter after entering your username and password when logging into WoW or when accessing your account management screens. This code is a one use code that is valid only for a limited time. But it is valid for longer than it lasts on the Authenticator. A new code is generated every few seconds, but an unused code is valid for longer than that (I'm not sure how long). For more details about how the Authenticator works, please read our interview with Blizzard.
Bubbles, a level 78 Blood Elf Mage, seemed legitimate. For one thing, he was not a throwaway low level character. Also, he didn't want to take the cash then, but just see it in a trade window to make sure Cobra was in possession of it. So Cobra gave Bubbles his email address only and waited for the email that included the code and a link to where to input the information.
It looks like Blizzard actually agrees in this case. If they don't agree, at least they were feeling a little sympathy and wanted to calm some nerves. The Wealth category has been removed completely, and while you can still check up on other achievements and stats, you don't get a free look into someone's money bags anymore. I don't know that how much gold you have on display actually had an effect on who scammers target or not, but it's not like it was important information anyway and you might as well be more safe than sorry. Some stats are fun to see and compare, but I don't know that gold is one of those stats.
At the time we published that first story (which was later disputed by a customer support representative), Blizzard contacted us here at WoW Insider, offering to clear up players' concerns about the new keys. We quickly submitted to them a few questions pulled from our own writers and a few submitted by readers, and they've now returned the answers to us -- you can find Blizzard's answers to our questions about the Authenticator after the break. Thanks to Blizzard for answering our questions about how these keys work, and clarifying some of the issues around their security.
For many reasons I've never felt compelled to buy gold or pay for leveling on World of Warcraft. So I had no idea how the process worked. We got a tip from Kyron of Andorhal about a friend whose account was hacked. In addition to having all of his gear and gold stripped from his characters, he had 2 emails in the inbox for cheap items that he'd purchased off the auction house that the hacker had purchased for 500 gold a piece.
They recorded the name of the seller from the auction house and confronted him when he next came online. It turns out that person wasn't a gold seller but a gold buyer. He'd been told to put Coarse Thread on the AH at the 500 gold rate and would receive his gold when the hacker purchased the ridiculously priced item.
I didn't know how gold-buying worked, but this sounds like a way to exchange gold easily. This is something that blizzard could check into pretty easily. While sometimes players make strange prices in order to dupe would-be buyers, something like Coarse Thread would go unnoticed because most players wouldn't look for such items on the auction house.
Recently we've had several posts about being hacked, guild banks assaulted, and Blizzard's typical response. The Customer Service Forum is filled with threads started by desperate World of Warcraft players seeking the return of their accounts and belongings as a gesture of goodwill. It is our responsibility to keep our accounts safe from hackers.
I speak from experience when I say that being hacked is just dreadful. Although it is usually possible to have your account returned, there is usually significant damage done in the process. In the past, even Blizzard employees have had their accounts compromised. This post is designed to help you do the best you can to protect your World of Warcraft investment.
The worst part of the keylogging episode was that my Shaman was transferred from a PvP to PvE server. After about a week in limbo my beloved Tauren was returned to her proper place. I was extremely relieved. Unfortunately that's the only thing on my account that Blizzard was kind enough to restore. They refused to return any of my gear or gold and did nothing about the items ninjaed from the guild bank. I appealed their decision with several emails. Those appeals were ubiquitously denied despite logical arguments and heart-filled plights. I thought it was all over, for better or for worse.
I got more bad news in my email box the other day:
A lot of geeks found a digital photo frame under the tree this year. Seems like a good idea, I'm sure a lot of us have a pretty large collection of digital photographs stored on memory cards and flash drives that we just haven't quite gotten around to printing for display.
Unfortunately, certain frames sold at Best Buy, Target, Costco and Sam's Club come with an extra undocumented feature, in that they have a nasty little bug that's being dubbed Mocmex. The bug can burrow its way into your computer, latch itself in, and sniff out account information. It doesn't seem to affect Linux or Macs, at least not in its current form, but right now there doesn't seem to be a single manufacturer or frame type that's infected, so the origin of the bug hasn't been nailed down.
If you think you've got one of the infected picture frames, Massively recommends contacting the SANS institute and calling the store where the frame was purchased. You can check their story for the contact information.
The upside of this, I suppose, is that if the farmers are starting to branch into using peripherals to steal our accounts, they may be getting pretty desperate. The downside is, when we have people who practice safe web browsing and keep a clean computer getting bitten, like our Amanda Dean for example, we could be in some trouble. With any luck, all the major virus programs will have a cure for Mocmex and programs like it soon. In the meantime, it looks like we'll have to be extra careful about what we install on our computers, and make sure our anti-virus programs and firewalls are up to date.