Posts with tag hacking

Given the recent hacking of major companies, could WoW be hacked? In an article posted today at Digital Spy, Lead Game Designer Tom Chilton replies that attempts have been made recently, but Blizzard came through unharmed.

While the question and answer doesn't specifically say LulzSec or Anonymous, I think it's safe to assume LulzSec is the group in question, given the recent high-profile attacks on U.S. government sites and other MMOs, like EVE Online.

Most of LulzSec's work has been focused on DDoS attacks and breaking into servers to create "lulz." During their most recent spree, rumors abounded that WoW was a target; however, nothing came of it. It would now appear nothing came of it thanks to Blizzard's security measures.

Tom Chilton

Several major gaming studios have fallen victim to hackers of late. What measure are Blizzard taking to ensure that WoW is not hit?

We have always tried to be as diligent as we possibly can when it comes to security. Certainly when hacking was going on with other companies recently there were numerous attempts against ourselves also. Fortunately, our security was good enough, so we didn't lose data or anything like that.

We always put a high priority on security, but that's not to say you can ever be impregnable. We're not resting on our laurels saying 'they can't get us'. It's always a possibility, and we take it very serious, but so far, so good.

source

---

This Breakfast Topic has been brought to you by Seed, the AOL guest writer program that brings your words to WoW Insider's pages.

Account security is a serious matter in Azeroth. If a player's account is ever compromised, it can be a devastating blow. You work hard to reach the level cap, run the dungeons and raids for the gear your character needs and level your chosen professions. Chances are, you also have a fair amount of gold from questing, dailies, and your professions. If hackers gain access to your account, they wreak havoc while inside, stripping your characters of everything they have, taking all your gold, and selling anything of value.

My account has only been hacked into once, but it was more than enough for me to doublecheck my security settings, wipe my hard drive, and buy an authenticator. When my account was hacked, I was beyond devastated. All of the hard work I put into my characters was gone in an instant. Hackers move a lot like a fire.

This Breakfast Topic has been brought to you by Seed, the Aol guest writer program that brings your words to WoW Insider's pages.

Once again, Blizzard is encouraging its players to use authenticators to protect their Battle.net accounts. In addition to the incentive of a lovable Core Hound Pup pet provided to all World of Warcraft characters on an account that has an authenticator attached, there is now a contest going on to win an iPad for your best Core Hound Pup screenshot, and we've even received reports that free authenticators are being offered to owners of accounts that have previously been compromised. Still, incentives alone aren't enough for some players. Sometimes it takes an incident to drive the point home.

For me, it was a hacking scare involving my girlfriend's account. We had just resubbed to WoW in preparation for Cataclysm and were having a blast when she got a notification from Blizzard that her account had been locked due to an unauthorized break-in. Nothing was gone, no items destroyed, no gibberish-named level 1s created, but she did have to change her password and verify to Blizzard that she was still herself. She was playing on a Mac, used Adblock and had disabled Flash on her browser, and she only visited a handful of websites on a daily basis, all very innocuous places like Gmail and WoW Insider. We figured it was an isolated incident, but just to make sure, she wiped her hard drive and reinstalled WoW. Then, a week later, it happened again. I couldn't believe it, and I still don't know how or why she was targeted, but I ordered our authenticators the very next day. We haven't had a problem since.

What convinced you to get an authenticator? Was it a contest, a promotion by Blizzard, or a hacking scare? If you don't have an authenticator yet, what's holding you back?

---

World of Warcraft accounts have been under siege for years, with hackers and gold-selling outlets stealing passwords, items and more to fill their coffers, selling that gold to unwitting buyers. Blizzard has fought back incessantly over the years to stem the tide of gold farming and account hacking, and as you can imagine, the scale at which this happens is very tasking on its customer support department.

Blizzard has just announced a new, speedier way to get help and answered about your hacked account, stolen items, authenticator issues and more! Now, under the new system, you will not have to email or call Blizzard to get these matters into its queue -- simply use the Account Recovery Form.

This Breakfast Topic has been brought to you by Seed, the Aol guest writer program that brings your words to WoW.com.

Hacked! It is not fun, and it happens more than anyone would like to admit. Gear, gold and pride, all pilfered by some stranger.

It starts with a simple email from Blizzard. Hmmm, it's my first-ever email from Blizzard that causes immediate concern. It says that my account has been "banned and deleted" for buying or selling in-game gold for profit. I am stare at it in shock for a minute ... Is this a joke? My heart starts racing. I run back to my office computer to figure out what to do, and my head starts spinning in confusion. My immediate emotional response catches me off guard ... My head starts to pound. All that work, all that time, all the friends ... just gone ...

And then the high-level anger sets in, as logic begins to prevail. Wait, I never bought gold. I never even considered it! What is going on? I jump online and write an appeal with blazing speed, fueled by my troll rage. In retrospect, this was not exactly the smartest move and probably served to delay my account restoration. I recall that it read something like this ...

One of the sadder parts of this job is reporting on the numerous scams that sweep across the World of Warcraft landscape. It's no secret that your WoW account is valuable to thieves -- the entire gold-selling industry is built on a foundation of hacked accounts and stolen items.

Their latest scam vehicle? Our inherent desire for sparkle ponies. Let's get two things straight off the bat:

1. You did not just win a free Celestial Steed mount. That in-game tell is an attempt to steal your account.
2. No one just bought you a Celestial Steed mount. That email you got is an attempt to steal your account

If it sneaks by your spam filter, the latest scam email can be quite convincing. The message, which appears to be from sales@mail.blizzard.com, masquerades as a receipt for the purchase of the $25 Celestial Steed mount. Of course, the email is not actually from Blizzard (the "from" email is spoofed), and the links to Battle.net and Worldofwarcraft.com inside send you to a phishing website designed to steal your password or infect your computer with a keylogger.

Attempt to collect your sparkle pony, and within a few short hours, your entire account will be under someone else's control. If you haven't put an authenticator on your account, the scammers will do it for you, locking you out of your own account and severely hampering your ability to get it back.

More information on the latest scam, what you can do to protect yourself and what to do if you're a victim, all after the break.

Drama Mamas Lisa Poisso and Robin Torres are experienced gamers and real-life mamas -- and just as we don't want our precious babies to be the ones kicking and wailing on the floor of checkout lane next to the candy, neither do we want you to become known as That Guy on your server.

It was really hard to choose from the many dramalicious emails we got this week. So much drama, so little time. I'm happy we have so many topics to choose from, but sad that so many of you have to go through so many dramafied situations. This one really did stick out as pretty dramarific, however. Dramarily! Drama-lama ding dong! Dramastified. OK, I'm drama-done. Turn the page for all the dramaness.

Recently, Polar over at Securing WoW wrote about the latest phishing email being sent out by scammers. Account thieves are using the 2010 Arena Tournament as a way to lure you to their site to steal your login info. (Registration for the tournament ended on the 27th continues until June 7.) This is typical behavior by these crooks. Every time a Blizzard event is announced or even rumored, from the Cataclysm alpha to the StarCraft II beta, scammers take advantage it with legitimate looking emails. With the Cataclysm beta almost upon us, the expansion related phishing is going to get even worse.

But there are also the tried and true emails that are being sent out daily, regardless of upcoming events. They spoof their email so that it looks like it is coming from Blizzard and fill the email with legitimate links, making their info-stealing site link look real. Also, the links have misspellings which are hard to catch at a quick glance, (like "starcratf2" or "worldotwarcraft") and lead to sites that look very much like the official ones.

Blizzard has an excellent resource for protecting yourself from phishing attacks. In general, if you get an email that looks legitimate, type battle.net in your browser's address bar (spell it correctly). This will take you to the correct site for your region and there you can see the status of your account yourself. Some examples of phishing emails are after the break.

Blizzard appears to be cleaning house in preparation for its StarCraft II release as well as its Battle.net revamp. In a recent announcement on the service's forums, Blizzard rep Bashiok revealed that over 300,000 accounts were punished for violations of the terms of service for Warcraft III and Diablo II for using hacks and illegal third-party tools (which are essentially hacks).

For those of you who have had past experience with Battle.net, these numbers probably don't surprise you. The network has had a long reputation of being fairly easy on people using hacks as Blizzard tends to save up over a long period of time in order to do a massive batch of bans at once. This means that those who are using hacks have a long period of time to abuse the system before anything is done about it. The hacks for some games were rampant enough that other players began using hacks that detect other hacks. Regardless of the reason behind using a hack, it is still against the terms of service and means if you get caught, you're out.

In any discussion concerning botting, farming, hacking, or gold-buying, someone inevitably makes the argument that Blizzard should cut out the middlemen and sell gold to players themselves. I wanted to use this article to explain why this would not necessarily be a good idea. We don't need to get into the legal situation, or examine why assigning a real-world price to in-game currency edges us closer to a world where in-game property can be taxed. All I have to do is tell you a story from the not-too-distant past that involves:

1. Prices that would make Zimbabwe look like a model of inflationary restraint, and:
2. What happens when money -- in this case, gold -- loses meaning.

One of our readers, Bill, sent us a tip about a WoW account issue on The Consumerist. It seems that the ownership of Anonymous's friend's account is under dispute and Blizzard won't let him use it in the meantime. The ownership became disputed after the account was allegedly hacked, even though there was allegedly a mobile authenticator on the account. His friend has given up on the account, complete with Val'anyr, and has created a new one.

We can't confirm any of the facts in this case. I am willing to believe that Anonymous is truly upset and believes the story he tells to be true, even though he is posting anonymously. There are some serious red flags, however, that seem to point to Anonymous not having all of the facts:

There are so many scams going around like the Catclysm Alpha invite and the WoW Armory phishing site, that people's accounts are getting stolen more than ever. With all of the work that Blizzard has to do to keep up with the problem, it's no wonder they are offering the fast solution of care packages. We've talked about how to avoid scams as well as how to protect yourself. Here is a guide as to what to do if your account gets stolen.

Important note: The following guide assumes that you have not put an Authenticator on your account. There are no confirmed cases of accounts being stolen if they are protected by an Authenticator.

According to The Associated Press, 23 year old Christopher H. Bouffard accepted $760 in 2008 from at least two people in exchange for WoW accounts. Bouffard then failed to turn over the agreed upon accounts, leading to a police investigation. He has now been charged with two counts of grand theft and one count of scheming to defraud. Bouffard is currently being held in jail until he is able to post a $20,000 bail.

While defrauding people and taking their money isn't anything new, getting busted over it while selling WoW accounts is. From what we understand, the arrest is not for the actual trading and selling of accounts, but for the fraud that went on in the process. The fraud in this case is a criminal matter with very real implications for Mr. Bouffard, whereas the buying and selling of WoW accounts is against the agreed upon Terms of Service, but not against any criminal code.

We've been hearing a lot about misbehaving WoWers lately, from the cougar who ran off with a fifteen year old boy, to Blizzard helping international authorities track fugitives online. This appears to be just the latest in a string of cases for Jack "Hang 'em High" McCoy to lay some law and order down on.

If you read WoW.com with any regularity, you probably saw and read our pieces on Friday discussing some rather curious policies Blizzard has recently instituted. There are two in particular that I'd like to discuss further: The care package for hacked accounts and the possibility of mandatory authenticators.

First, how many of you have had your accounts stolen, or know someone that had theirs stolen? Chances are good every single person that reads this post will raise their hand to that question. The problem is not a small one. I'm in a rather large guild, and every few weeks someone has their account stolen and the little bits of our guild bank they have access to go with them. My large guild is also just one guild in a larger guild alliance which suffers the same problems. Every two weeks or so, someone I see online on a regular basis gets their account stolen.

UK paper The Guardian has a look at what life is like at a Chinese goldselling company. It's interesting, but we've basically seen it before -- the small room of young people working almost 24/7 to make and deliver gold in-game, the concerns about worker livelihood and the supposedly large amounts of money going through these businesses (there's one figure quoted of £700m, which is about $980 million, but that's an estimate -- no one really knows how much these companies are making).

But what's really interesting about this piece is that it seems to treat goldselling as more of an "opportunity" than anything else. The people running the companies are making money, the employees are getting a roof over their head and a steady paycheck, and even the guy making the film talks about how governments should start taking a cut of this industry. Nowhere is it actually mentioned that Blizzard considers these companies to be against the terms of service, or that many times the gold obtained by these companies isn't earned through simple grinding, but by hacking, keylogging, and exploiting. Even if (emphasis on the if) these companies are making millions of dollars a year, they're stealing accounts and cheating in-game to do it.

Rowenna Davis also did interviews with both the gold farmer and a player in the UK buying money from him (bannz0red?), but again, there's no insight at all from the player whose account was hacked and bank was looted, or the player who is able to earn as much gold as they need and have a life outside the game (there are plenty of those to go around). Would have been nice to see the issue from players who aren't actually breaking the game's terms of service.

Thanks, Bryn!