Posts with tag hacking

There are so many scams going around like the Catclysm Alpha invite and the WoW Armory phishing site, that people's accounts are getting stolen more than ever. With all of the work that Blizzard has to do to keep up with the problem, it's no wonder they are offering the fast solution of care packages. We've talked about how to avoid scams as well as how to protect yourself. Here is a guide as to what to do if your account gets stolen.

Important note: The following guide assumes that you have not put an Authenticator on your account. There are no confirmed cases of accounts being stolen if they are protected by an Authenticator.

According to The Associated Press, 23 year old Christopher H. Bouffard accepted $760 in 2008 from at least two people in exchange for WoW accounts. Bouffard then failed to turn over the agreed upon accounts, leading to a police investigation. He has now been charged with two counts of grand theft and one count of scheming to defraud. Bouffard is currently being held in jail until he is able to post a $20,000 bail.

While defrauding people and taking their money isn't anything new, getting busted over it while selling WoW accounts is. From what we understand, the arrest is not for the actual trading and selling of accounts, but for the fraud that went on in the process. The fraud in this case is a criminal matter with very real implications for Mr. Bouffard, whereas the buying and selling of WoW accounts is against the agreed upon Terms of Service, but not against any criminal code.

We've been hearing a lot about misbehaving WoWers lately, from the cougar who ran off with a fifteen year old boy, to Blizzard helping international authorities track fugitives online. This appears to be just the latest in a string of cases for Jack "Hang 'em High" McCoy to lay some law and order down on.

If you read WoW.com with any regularity, you probably saw and read our pieces on Friday discussing some rather curious policies Blizzard has recently instituted. There are two in particular that I'd like to discuss further: The care package for hacked accounts and the possibility of mandatory authenticators.

First, how many of you have had your accounts stolen, or know someone that had theirs stolen? Chances are good every single person that reads this post will raise their hand to that question. The problem is not a small one. I'm in a rather large guild, and every few weeks someone has their account stolen and the little bits of our guild bank they have access to go with them. My large guild is also just one guild in a larger guild alliance which suffers the same problems. Every two weeks or so, someone I see online on a regular basis gets their account stolen.

UK paper The Guardian has a look at what life is like at a Chinese goldselling company. It's interesting, but we've basically seen it before -- the small room of young people working almost 24/7 to make and deliver gold in-game, the concerns about worker livelihood and the supposedly large amounts of money going through these businesses (there's one figure quoted of £700m, which is about $980 million, but that's an estimate -- no one really knows how much these companies are making).

But what's really interesting about this piece is that it seems to treat goldselling as more of an "opportunity" than anything else. The people running the companies are making money, the employees are getting a roof over their head and a steady paycheck, and even the guy making the film talks about how governments should start taking a cut of this industry. Nowhere is it actually mentioned that Blizzard considers these companies to be against the terms of service, or that many times the gold obtained by these companies isn't earned through simple grinding, but by hacking, keylogging, and exploiting. Even if (emphasis on the if) these companies are making millions of dollars a year, they're stealing accounts and cheating in-game to do it.

Rowenna Davis also did interviews with both the gold farmer and a player in the UK buying money from him (bannz0red?), but again, there's no insight at all from the player whose account was hacked and bank was looted, or the player who is able to earn as much gold as they need and have a life outside the game (there are plenty of those to go around). Would have been nice to see the issue from players who aren't actually breaking the game's terms of service.

Thanks, Bryn!

We've received an interesting report on the WoW Insider Tip Line today. Two large World of Warcraft hacking and account trading websites, Markee Dragon and MMOwned, are offline.

Article Update: According to MMOwned, they are moving servers, which is the reason their site is offline for some.

Attempts to reach the sites prove unsuccessful.

This is a good thing for everyone that wants to have a more legitimate gameplay experience in WoW, as both of these sites actively encouraged people to exploit bugs, break the ToS, and do all other sorts of tom-foolery that destroyed the game for legitimate players.

Our tipster mentioned that these sites were taken down in part by action taken by Blizzard, however we don't have any proof of that.

I've selected the angry baby picture for this article, since that's how the exploiters and account traders are feeling right now. Buh-bye.

Is anyone still using Internet Explorer on a computer where they have control of the software? The browser is so targeted and so flawed, and there are so many worthwhile and free alternatives that it's almost silly to continue using Microsoft's monster of a browser. But if you still are, watch out -- the BBC says that Microsoft has announced another vulnerability, and this time it could be used to obtain "game passwords," like your account information for World of Warcraft.

The good news is that, like most virus scares (ever notice that all of the virus warnings come from companies that happen to make their money on antivirus software? In this case, it's Trend Micro, spreading as much FUD as they can), this warning is probably overblown -- even if you are using a browser full of holes like IE, you have to wander off your beaten path of trusted sites to get in trouble. So don't click random links or follow spambait on the forums or in your email, and you'll probably be fine. But again, installing and using another browser is so easy (and will help you so much in the long run) that you might as well give up IE anyway.

Thanks to everybody who sent this in! And yes, I used the old login screen for this post's picture. But don't you kind of miss it?

We created a lot of waves with this post about Blizzard's Authenticator key allegedly failing -- as you know if you've been listening to the podcast, lots of people have emailed us with their own input on the situation, alternately thanking us for making it known that the Authenticator wasn't 100% secure, and lambasting us for being "ignorant" about how Blizzard's security token works. At the base of the story, there are two things we know are true: that someone was using the Authenticator on their account, and then was subsequently hacked. For that reason, we've stood by the "Authenticator fails" story -- while having an Authenticator on your account is a helpful line of defense, it, like all other computer security measures, isn't a 100% guarantee against getting hacked.

Most people agree on that. Where opinions differ are in how the account was hacked -- originally, we and a few other sources speculated that the Authenticator had been somehow removed from the account in question. But now Belfaire has responded (we believe to the incident in question, though a link to our story was removed from the original post), and says that as far as he can tell, the Authenticator was not removed from the account. In fact, after the password was changed back, the Authenticator's serial key was asked for and given, so the Authenticator remained attached to the account the whole time.

Of course, that just leaves the most important question: how did the account get hacked? We've heard all kinds of various insights as to how the Authenticator works (it only lasts for 60 seconds, supposedly each key can only be used once, so there's no way a keylogger could nab the Authenticator code and reuse it), but the fact remains that the person we're talking about was using the key, and still got hacked. One hack out of all the Authenticators sold so far is a terrific record, and could prove that, statistically, an Authenticator is good as 100% security. But the fact remains that this person got hacked while using the key (however it was done), and if security can be broken once, it will be broken again.

In an era where clicking on the wrong link while browsing the web could mean your account will get hacked, and one of your guild members clicking on the wrong link means your guild bank could get emptied as well, it's always good to protect yourself and keep abreast of web security issues.

In that vein, it's worth checking out a new report released by McAfee called Mapping the Mal Web Report Revisited. It tested 9.9 Million websites in 265 domains to find out which ones had a higher risk of exposing visitors to malware, spam, and malicious attacks via a red, yellow, and green system.

Yesterday, I reported to you that Google (via Stopbadware.org) had marked wowui.incgamers.com (which redirects to wowui.worldofwar.net) as a bad site. Today, the site is reported as clean according to the same report (you can check it out here).

Rushter of Incgamers.com explained to us on the comments of the previous article that the problem was with a seperate attack on a different hosted site (which was quickly dealt with, and unrelated to worldofwar.net, says Rushster), but Google marked the whole site as bad. The worldofwar.net UI database was unaffected, he says, and after some back and forth, Google has now dropped the warning.

Of course, it's still always a good idea to check your computer for viruses, trojans, and keyloggers regularly, and realize that no website is completely safe (though having a good defense always helps). That said, at the moment it looks like wowui.incgamers.com, also known as wowui.worldofwar.net, is a safe spot to grab your addons from.

Here at WoW Insider, we've noticed an unusual and disturbing glut of people having trouble with being keylogged or otherwise hacked soon after installing new addons lately (which wouldn't be a surprise -- lots of people were grabbing addons after patch 2.4, so that makes them a likely route for attackers). While it's too early to make any definite connections, It seems like there's one new lead that's just popped up: popular addon site wowui.incgamers.com (not linked for obvious reasons) is apparently passing off bad files, according to reports from Stopbadware.org and other anonymous sources.

If you've been using the site for your addons, especially in the past week or so, it might be a good idea to exercise some caution and run your favorite anti-virus or anti-malware program. The site has already been in trouble recently with reports that their UICentral addon updater (now discontinued) was using copyrighted code, and now it looks like there's more trouble abrewing for them.

Update: Wowui.incgamers not infested with malware. Full story here.

Hackers are getting more and more brazen lately, hiding various trojans and keyloggers not only in random forum links, but in ad banners and even in electronic devices. Even common sense avoidance of suspicious links and websites doesn't always seem to work anymore. Luckily, there are other tools you can use, such as the Noscript extension for the Firefox browser. Lifehacker reported on a new one yesterday as well: Anti Keylogger Shield for Windows.

This freeware program purports to work not by blocking installation of keyloggers, but by preventing them from logging your keys once installed. Lifehacker tested it by loading a keylogger and reported that it seemed to work, at least in that case, as the keylogger's log file was completely empty.

Of course, you probably shouldn't just install this program and go off clicking strange links willy nilly, but it does look like it could be one more line of defense in the ever escalating battle to protect your computer and your account from those who would steal it. Plus, it's free, so that's even better.

[Thanks for the forward, DrDiesel!]

In Blizzard's attempts to get rid of gold farmers and hackers, one of their most annoyingly persistent enemies has been the WoWGlider bot, now known as MMOGlider. They've been throwing suits and countersuits at each other for a few years now, but the latest salvo seems to have gone against Blizzard, the Game Activist reports. Blizzard was trying to subpoena Joe Thaler, owner of Lavish Software LLC, maker of programs such as EQPlayNice. While Lavish Software's programs do not appear to be cheat programs on their own, they did make a deal with MDY Industries, maker of MMOGlider, to use the programs within MMOGlider.

According the judge's decision, Blizzard was hoping to obtain all documentation related to the deal, all communication between Thaler and Lavish and MDY and its owner, Michael Donnelly. They also wanted a list of all WoW accounts owned by Thaler and Lavish, as well as the contents of the WTF folders of every installation of WOW used by Thaler and Lavish Entertainment. Unfortunately, the Judge ruled that Blizzard was demanding information that could compromise Lavish's trade secrets and client confidentiality, and that the demand for the information within 9 days did not give Thaler and Lavish enough time to respond an gather information.

It's worth noting that the judge did specifically say that Blizzard could file another subpoena that would be more narrow in scope and allow more time for Lavish and Mr. Thaler to respond, so this is probably not a fatal blow to Blizzard by any means. I personally hope not. I've never had much patience for bots, or people who feel they have a civil right to cheat at games, so I'm rooting for the big bad corporation on this one. What about you?

Thanks for the link, Tyrsenus.

We all deal with them. Their annoying spam, their flooding of the general channels. Those gold sellers deserve the kiss of death. Wouldn't it be nice if their industry just went and slept with the fishes?

In a tactic that even Don Corleone himself would be angry at, gold sellers have sunken to a new low. John M. wrote in to tell us the tale of a fellow guild mate who fell under the gaze of a gold seller who took his account hostage, demanding payment from his guild. Sit back, open up a new window with this Godfather music, and read on after the break.

I'm gonna make you an offer you can't refuse.

In one of the most bizarre things I've seen happen to the World of Warcraft in my three years playing, the WoW Armory site today is pointing to a generic GoDaddy.com domain parking page. The screenshot above was taken at 1:08 p.m. CST on March 2nd, 2008. WoW Insider has received numerous reports of this. It seems to be a DNS related issue. The domain name wowarmory.com expires today, and it appears as if a registrant has grabbed the wowarmory.com domain name as soon as it expired.

DNS entries for blizzard.com and worldofwarcraft.com point to cerf.net, while the DNS servers for wowarmory.com are currently pointing to domaincontrol.com. While some of you might be seeing wowarmory.com work correctly, others are not. The ISPs of people who are seeing it work have not had their DNS records updated yet, however within the next 48 hours they will see wowarmoy.com go down as well; unless Blizzard fixes this before then (I am sure they are already aware, or becoming aware of it).

Stay tuned to WoW Insider for the latest on this story.

Thanks to Matthew Rossi and his wife for contributing to the technical sleuthing in this post.

Updated 2:34 p.m. EST: You can access the armory using a sub-domain of worldofwarcraft.com by going to http://armory.worldofwarcraft.com/

Updated 3:03 p.m. EST: http://www.wowarmory.com/ is now working again. It looks like Blizzard really jumped on the issue and fixed it.

Our Guild had been going downhill for a while now. At the beginning of the year, key officers and members, cornerstones of our raiding team, quit the game for one reason or another. Some of our members got hacked, just like WoW Insider's Amanda Dean. This took the wind out from under our sails, despite great success in Serpentshrine Cavern and Tempest Keep. As 2007 closed, I envisioned us taking down Vashj and Kael within the first quarter of 2008. I was stoked. There were good times when we'd take down two new bosses a week. Of course, Murphy's Law happens. While key team members quit the game, others took extended (sometimes unannounced) leaves of absence, and with diminishing raid attendance and obviously performance, other members looked elsewhere for better raiding opportunities. And when it rains, it pours.

A little over a week ago our Guild bank was robbed. It was cleaned out -- so empty I could almost imagine the sound of flies buzzing about -- well, okay, it wasn't that empty. On the third tab, the robber was kind enough to leave us ten stacks of Roasted Clefthooves. At first it struck me as odd because we had fixed our Guild permissions somewhat after our GM left the game to take a shot at a relationship and play with his Nintendo Wii. In what order exactly, I can't be sure. He passed the mantle off to one officer who passed it to another officer who later passed it on to me. So for a while, I was GM of a Guild that wasn't quite doing anything but waiting on people to come back to the game. So imagine my shock (more like anesthetized indifference, to be honest) when I was going to deposit items into the Guild bank only to find that it had nothing. Well, nothing but those clefthooves.