Saturday, April 10, 2010

Dealing with Hackers

There is nothing quite like the feeling of logging into your Wow account only to discover that while you were off line someone else has been playing with your account, emptying bank and deleting characters you have invested so much time and energy in. I experienced this personally early during the Burning Crusade just before authenticators were introduced. Thankfully I logged on before the hacker could completely finish the job and was able to remove him. However it took me almost a week to get my three level 70 characters somewhat restored and all my lower level characters (ranging in level from 60-40) never did make it back. As one guild mate put it I financed at least one months rent and a big screen TV when they emptied me out.

Times have changed, the tools we have to protect our selves from these types of things have gotten more sophisticated but at the same time so have the hackers. Originally all you could do was change your password regularly, (this meant a MINIMUM of every month). You could make sure that password contained a variety of different characters such as a mix of letters, numbers and symbols. Never share you account name and password with ANYONE. Always use the same computer to play on, and never use a public connection. Run a virus scan daily. (I was actually running two different ones when I was hacked.) Spurn all modifications to the game, (which for some players is like asking them to remove a limb). In addition to these if you ran on a Mac the majority of hackers had not yet entered this field because of the low amount of potential victims. Doing ALL of these things generally kept you about 90% protected.

There are still some, (always someone who has managed to be lucky) who feel that doing all of these things is enough and if you are ever the victim of a hack it must somehow be due to your OWN failures. I have never quite understood this "blame the victim" mentality. Yes, there are some things you can do which almost INVITE a hack such as sharing your account and password information, buying gold or power leveling services, as well as purchasing accounts from places like Ebay.  While my sympathy is not as strong for those types of victims not EVERYONE who gets hacked has made these types of errors. The case can be made that the MAJORITY of hacks that take place may fall into one of these categories but you need to be careful to assume that ALL do.

When my account was hacked the investigator shared with me that there are basically four common types of hacks, Keylogger, Trojans, Bombardment and Middleman that players should be aware of. (He theorized that I was the victim of a Bombardment attack as there were a great many hit at the same time, how they got our account names was never discovered or at least shared with me.)  In addition to this are what is called "Phishing" scams. This is where you get an Email or website that appears to be legitimate but in actually is nothing more than a front for a hacker attempting to get your personal account information.

Keyloggers are when a virus is placed on your computer to track key stroke information. This type is used not only to obtain MMO passwords but bank information, social security numbers, etc. To this day these are the most common hacks the average player will encounter and placing an authenticator on your account greatly diminishes the possibility of this type being successful.

Trojans are where you THINK you are getting one thing (like a game modification) but in fact are getting a keylogger. Sites such as attempt to do all in their power to keep these types off their data bases. It is this type of hacks that are most recently aimed at authenticators, the aim being to get victims to remove them or implement a Middleman hack which I will talk about in just a bit.

Bombardment hacks have become more prevalent with the introduction of This is where a hacker keeps hitting your account until they break in via a computer program. An easy way to deal with this is to make certain that your Email is unique to JUST your account.

Now the fourth type is one we are seeing more of in recent months, specifically because they are really the only way to get around the authenticators, the Middle Man hack. This is when the user THINKS they are logging in but in actuality are seeing a false screen which then records that information and allows the hacker to be the one actually controlling your account. The only weakness to this type of hack is that the hacker has to move fast before the victim realizes what is going on and can remove them.

Most hackers, once they have control of an account will do one or all of several different things. First they will empty out the character of all funds, vendor or destroy anything they can't market and then mail or trade all of that cash/items to ANOTHER character on the same realm.  Some will take the newly acquired character and use them to conduct FURTHER scams such as emptying guild banks, selling mount or pet codes, and discovering further victims to scam. Still others will IMMEDIATELY put the new account ON an authenticator to keep the victim from retrieving it. From there they can realm transfer, changing the name, race and even faction of the character allowing them to do even MORE destruction.

In the four years I have been an Officer and GM in a guild I have seen numerous guild mates fall victim to each of these types of hacks. We in fact implemented several policies PRECISELY to deal with the frequency of the attacks we saw.  These include requiring all officers to have an authenticator on their account, limits on withdrawals that can be made by guild members and officers. Even requesting specific codes before a character can be entered into the guild who claims to be member or officer alt. (I think one of the funniest ones of these I ever encountered was when a hacker attempted to impersonate ME while I was on vent conducting an officer meeting.) 

One of the most painful hacks I ever had to deal with was with one of our Military members. While he was serving in Afghanistan someone hacked his account and SOLD it. By the time he returned to the States and was able to attempt to try to recover it MONTHS had gone by. He endured SUCH a battle trying to get his account back only to have it hacked AGAIN while he was awaiting the delivery of his authenticator. In the end he just threw up his hands and gave up. Walking away from the game completely as a result of the overwhelm frustration.

Our guild for its size is VERY close knit. We can usually spot a hacker on an account quickly but you feel so impotent as you see them being victimized. You can report it to a Game Master if you happen to be fortunate enough to actually get a hold of one in a reasonable amount of time. You can also attempt to contact the victim to let them know they are being hacked. Beyond that you are pretty much limited to harassing the hacker and keep him from doing as much business as possible.

It can be difficult for your guild on a variety of levels when you have a member hacked as well. Not only do you have the loss of that player and any gear they may have acquired but if the hacker then uses the character to victimize OTHERS you may have to deal with the victims coming to YOU as a guild leader demanding restitution. We endured this with one of our younger guild members early in the Wrath expansion. In this case the hacker used our guild member's character to do the "mount and pet codes" scam. I spent about a week talking to various people who were cheated, informing them of our guild member's OWN victimization and encouraging them to prepare themselves for hacks on their OWN accounts. This despite having guild members proclaiming in trade chat that the character was under the control of a hacker and buyers should beware.

It is very easy to get over whelmed and become paranoid when discussing hacks. All it takes is for my computer's performance to go down to get me scouring my system for viruses. Blizzard works hard to promote account security and to make sure their players are aware of the various types of scams and attacks out there. However the best protection you have sits in your own chair. Be vigilant. Take precautions and if something sounds to good to be true it most likely is. Authenticators are the best $7 you can spend (the key fob ones are SLIGHTLY more secure than the phone app ones as the numbers are only good for about ten seconds verses a minute on the phone apps). Follow the other precautions mentioned such as the account name for your account. Be skeptical of ANY Email you get supposedly from Blizzard. If it doesn't come on the account email you can be CERTAIN it is NOT real. Like Blizzard says over and over NO ONE from Blizzard will ask for your account name and password.

Blizzard has greatly increased their ability to restore characters but it isn't easy. Sometimes they will just offer a "care package" in an attempt to speed the matter along. For those with nothing more than lower level characters this can be a viable option for recovery. Those of us with a large number of higher level characters decked out in full raid gear will usually opt out of this in favor of getting as much of our original stuff back. There are limits to what they can do however. I know for myself they were unable to restore the three bags full of enchanting mats and primals my priest had and some of my gear was missing enchants. However when the other option is starting over from scratch I learned to live with it. The preference is to just not have to experience at all.

The thing to remember is that technically Blizzard doesn't have to DO anything. They in reality OWN these characters we invest so much time and effort in. When they take the time to restore for us after an account compromise they are in fact doing us a FAVOR. They do everything in their power to educate their customers about the hazards of playing on line and what things we can do to protect ourselves. When it all comes down to it only WE can choose to take that advice or not. The control is COMPLETELY resting on OUR shoulders.

No comments:

Post a Comment