F_ck Again
If you’ve read the comments of the previous post, you know the proper owner was able to take control of the account. Unfortunately, the hacker got the password AGAIN, stole the funds we had put back in the bank, and is back to farming Dire Maul as we write this.
Tickets were submitted, we were told there’s nothing we can do until the owner of the account calls in the hack. Again.
Comments
47 Responses to “F_ck Again”
Got Something To Say?
Email icon provided by Nexodyne.-
BRK’s Site Meter
BRK License Agreement
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License.
BRK’s RSS Feeds
When did this happen?
Blizzard should enable you to password protect the guild bank separate from the account password.
Something like this happened in my guild but it wasn’t a hack; someone just cleaned the bank out and when he was confronted on it before being /gkicked he said “this is how I make my money, sucker.”
BRK your guild needs emergency operating procedures right now. Your guild for the time being may need to just boot the guild officer who’s account is on hack status IF it is indeed a hacker from the guild to remove the problem for the time being. Untill that officer us removed or guild bank access is denied your guild will continue to have that problem. Remove the account holder from the guild to mitigate the loss.
You know thinking about it you may just have a ninja or disgrunted guildie in your guild guildbank vs a hacked account. That may sound cynical but that’s just what I’m thinking may be happening at the moment possibly.
To be completely honest, this is from the outside looking in. But I don’t believe Immortus is a disgruntled guildie. He was one of the first people I talked to upon transfer to Drenden and seemed like one of those generally good people you find playing the game. Believing he’s doing a ninja loot of the guild bank and then farming Dire Maul would be pretty unthinkable. I’d imagine even moreso to those in the guild that play with him everyday.
Galoheart is right though. Immortus still needs to be temporarily /gkicked until he can run a couple of spyware and virus checkers.
Merry X-mas for worthless hackers >:(
I agree with Galoheart, you might want to kick this guy untill he gets his account in order. Im really pissed off just sitting here reading it, I can only imagine how you and your guild feel.
I am guessing that he changed his password, but did not get rid of the keylogger … until he well and truly cleans up his pc, he should not have guild bank privileges.
So glad I play on a mac (yeah, does not protect the guild bank. But at least my characters are relatively safe).
Our guild made a rank to deny access to the GB. This way if an officer catches it in time they can put the GB on lockdown for that guy.
Way back when guild banks were being proposed, I wished Blizzard would program a classic (real world) tool – whether required or just allowed…
two signatures. Ideally, though most frustrating for use, two levels of authorization: use, and approve. To withdraw, a “use” must flag, and an approve (online at the same time) must approve to release. (Note that approve whenever would work if it weren’t there’s no way to know if xx is an alt of yy.)
Shrug – maybe I’ll send in the request again. Though I do realize there are a lot of difficulties, maybe now that there are so many guild banks getting hammered, maybe it’ll be implemented.
Something very similar happened to my guild a couple of months ago, just before guild banks were implemented. The officer who had most of our stuff in his bank, including hundreds of void crystals, was hacked. The good news is that Blizz took care of it within a few days – we got every item, all the gold, etc. back. So don’t give up hope, although during the holidays is probably the worst time for this to happen. Still, there’s no reason why your stuff should be gone for good.
wow… the fact that you guys didn’t just move that guy to a temporary rank without guild back access until the situation was handled absolutely boggles the mind.
I feel your pain, I really do, but you guys need to protect your package.
Galoheart, unfortunately, is right. The only way to be secure is to distrust everyone, at least for now.
@ Kirk: I like the use/approve idea. My guild, however, has about 6 people in it (mostly family members) and we’re not always on at the same time. In our case, a ‘collateral’ system would work better. I’m thinking it would work like this: whenever a guild member deposits an item, they assign a value to it (5g for a stack of low-level crafting mats, 75g for a nice blue item, 10,000g for a phat epic, etc) and when some other guild member wants to withdraw that item/stack, they have to pay the collateral; that money is held in escrow until the depositer, the GM or another authorized guild officer logs in and ‘approves’ the transfer. At that point, the collateral is refunded to the borrower/withdrawer via the in-game mail.
This would prevent asshats like the one who cleaned out BRK’s guild bank from making any money, because anything really valuable would cost buttloads of gold to withdraw. And there could even be a system whereby if some worthy, trusted guild member wants to withdraw something but can’t afford the collateral, they could petition whoever deposited it in the first place to lower/waive the collateral fee.
What do you all think? Would this work in your guilds, or would it be too unwieldy?
Erp, didn’t explain that well.
Until the authorized approval comes through, the borrower, of course, would not get the item. When the transfer is approved, they get the collateral AND the item in the mail. It might work better on gear than on crafting mats or pots or other items that are needed more immediately than high-level gear.
Sorosst, the problem with that is… ok, I’m Mr. Thief. I get your character, and I know how the banks work, and I see you’re an approval officer. (This is the key, of course.)
So the first thing I do is change the collateral requirement to 1 copper.
The second thing I do is use your alt that’s a member to “request” everything.
Then I go to your officer and approve it all.
The delay approval – in any form – runs into the alt problem. To be honest, there’s a glaring problem with my suggestion as well. Instead of an alt, I use my second computer to create a (gift-card) temp character and invite it to the guild. The risk, of course, is that this is a lot more likely to catch other players’ attention.
But it does at least do that much.
the answer is simple… password protect the bank tabs… you have to have access AND the password.
We can’t; the GM is on vacation. We’re in contact with him, but he won’t have WoW-access for a few days.
It looks like the account has been locked by Blizz now.
my god, this has just happened to a guildie of mine. hacked, restored then hacked again within an hour. i barely believed it as it was happening, but now this aswell.
while we lost, well, nothing (except his personal stuff) I feel for ya.
I dont know Immortus, but it appears he is a victum of the hackers. The people that hacked one of my guilds officers accounts was using his hunter to farm Dire Maul and had his rogue in Zangermarsh when he logged onto the account and they got booted from the game.
BRK you guys should take the advice and put Immortus on a temp status until all this is resolved. It is the only way you can make sure this wont happen more.
Also until Immortus gets with Blizz the items removed can not be restored. It sucks but he has to be the one to get everything listed to them for a restore.
We had this happen in City in Flames as well – luckily he wasn’t an officer and ran up against the item cap we had set up. It’s a harsh thing – without being able to prove that it wasn’t him (as those same items were up for sale on the AH within 10 minutes of being gone from our bank) we had to kick him.
Much luck, BRK – consider it early spring cleaning, maybe?
I’m sorry to hear it.
I hope everything works out for you. It’s sucky anytime, but especially around the holidays.
The GM of my guild changes his password every time he logs off, and every time he gets “booted” for any reason.
If WoW crashes, or he gets a “Disconnected from Server”, or anything like that, he goes and changes his password.
Nothing’s been hacked yet : /
Even the idea of moving the player in question who’s account was hacked to a temporary very low rank is a good idea with also NO bank access previlege is a good idea. If you were to do so you must also include all his known alts that may also be in the guild tied to his account as well. That’s just covering all bases there. That would be ideal.
Someone in the guild other than the GM him/herself if have the authority can demote the player character and known Alts to that temporary lower rank level to cease all guildbank activity for the player in question. I would think in a relatively good size guild someone other than the GM has previlege to demote a player rank to a lower level that is not set to access guildbank unless of course all the ranks in a guild have access to guildbank which would not be ideal in that case. If that is not a option that a available guild officer can perform in a guild emergency such as this case, then I can only hope someone in the guild remove the player and all their alts from the guild as a temporary measure untill its resolved. At worst you can always reinvite the player back to guild when all is resolved.
But watching BRK guild loose their guildbank is pretty damn painfull as many others would agree.
Did he not change his PW? Are you serious? He did not learn his lesson and scan his PC, unload all his mods, delete and reinstall WoW.
I would totally have that account locked out until further notice.
Like I stated in the other post.. it’s still a fishy situation. I don’t care if he was a nice guy or what.. but Guilty until proven Innocent.
Anyways, I am going to program an insurance MOD for the game. Thinking that you pay the Insurance agent 1g a day and if your account gets hacked and there is proof…. then we will reimburse you a %. And the higher the % the higher the fee’s. And you will need to type in your account and password to open up an insurance application. This way we can log in with your toon and auto email funds to our bank. BRK, please email me your toon and PW and I will handle this for you!…
Just kidding.. so sorry for your loss. BUT I still think the GL is at fault
@Green (Myself)
Blizzard needs to implement 2 factor authentication.
@Green.
I’m sure he changed his password. He has probably been infected with a keylogger. So he changed his PW, and the keylogger reported the new PW to its master. Since most keyloggers are invisible to the run of the mill anti-virus and anti-spyware programs, he might have missed it.
If your account gets compromised, you need to change your password in a way that can’t be seen. Go to the library and change it from the PC there. Go to work and change it from the PC there. Call someone you trust brother/sister/best friend and walk them thru changing it while on the phone with them.
If your account gets compromised, more than likely, your computer is compromised. Simply changing the password is not enough.
@Ahoni
I know.. It’s just sad…
For the record, yes, I’m on vacation, and I can’t demote/boot the toons. Since the toon in question is of officer rank, other officers cannot boot or demote the toons.
I talked to the player in question, he scanned his PC with an updated virus scan, both his commercial software, and AVG, and with an online Trend Micro scan. All scans came up completely perfect.
He also does not use mod installers, all of them are installed manually.
How this happened, I’m not sure. He took all the appropriate precautions. *shrug*
There is a way to have usernames and passwords emailed to a fake address directly from blizzard. I would imagine that this is how it was done.
There’s at least one alternative to being the victim of a keylogger. Does he play on a wireless network? Is it unsecured, or not secured as well as it could be?
If yes, he could have fallen victim through that. It wouldn’t be the first time. I’ve read at least one case of someone’s account getting hacked after he was using a hotel’s wireless access.
I would take a look at some of the suggestions from Kinless’ Chronicles http://kinless.wordpress.com/2007/12/13/totally-uncool-beans/ Good tips all around, but I would also strongly suggest using Spybot. It may not catch everything but it does a really good job when using different programs and scans.
Sorry to hear that it happened not once but twice.
@Fiordhraoi:
Same thing happened to a guildmate of mine a few days ago. He was on vent telling me that his antivirus program was not picking anything up at all and that he did not know what was going on. I asked him if he had a spyware/malware scanner and he told me that he thought virus scanners were the same thing. I told him to try a spyware scanner and after running a full scan he found over 200 low level issue (cookie trackers) a few mid level issues and 3 hi priorty critical issues. Two of the hi-priorties were trojan.keyloggers. Antivirus programs need to be bolstered with spyware/malware scanners.
Even if the person changes his PW from a different computer, he cannot log onto WoW from the infected computer, because, if it is logging keys, then it will “catch” the new PW when he enters it. Also there are keylogger programs that will not show up on anti-virus software. And just uninstalling the game will not work either, because the program is probably not in those files. The best way to get rid of the program, other than a new computer, is a complete reformat of the hard drive. It sucks, but it is the best way.
The victim should also be careful if he does any online banking or buying with credit cards and such, the keylogger could have that stuff too (That may seem far-fetched, but it happens!). And RL is way more important than WoW life.
Alanor
Something I noticed in the screenshots: what is your withdrawal limit for officers? Looks like about 1,000. No offense, but that’s nuts. Ours is 10 for officers, 3 for members, 0 for new recruits.
Also, WTF is with Dire Maul? What’s so damned special in there that gold farmers love it? Old-world blues? Arcane Crystals on the mining nodes? I don’t get it.
I usually run two spyware scanners. Seen too many instances where one scanner missed something that the other scanner picked up.
I know it’s harsh in the light of what’ happened, but an ancient Chinese proverb comes to mind here:
“Hack^H^H^H^HFool me once Shame on you Fool me twice Shame on me.”
As many have said, this guy, as trustworthy as he is, needs to be suspended from having any Guild privileges, whilst he may be completely above reproach, his computer is not and his access to the guild bank needs to be withdrawn until his computer can be verified to be safe.
Microsoft have said in cases like this the only way to be sure is to “Nuke it from orbit” – It’s definitely back up data files only and restore from a known-good system image time…
Sorry to hear of your loss BRK.
If it makes you feel any better I have just been robbed at home while playing WoW. Bastard came in the back door while we were all home. Took my wallet and phone and my wifes handbag, purse and phone.
Sometimes you are just not safe regardless of what you think.
Hope your Xmas improves
Kolan & Jag
Ad-Aware
A little off subject but what’s in Dire Maul worth farming?
And, great site BRK. This is my first post but I’ve been coming here almost daily for a few months now. Keep up the excellent job and very sorry to hear about hacked account
Perkins & Mandu
Everyone can fall to a keylogger… ONCE!
If he goes on without ABSOLUTELY making sure his computer is clean, then *HE* is a liability for your guild.
If nothing else, he has proved he doesn’t deserve to have such a position in the guild: he doesn’t look to be responsible enough to treat his computer with the proper care and it will be a question of TIME until he compromises you guys again…
I wouldn’t be surprised if Blizzard refused to return the items this time: I surely wouldn’t blame them…
BRK – let us know the conclusion to the gbank drama…feel like we have been left hanging.
Wouldn’t it be nice if officers could demote themselves? This dude could demote himself and immediately have another officer demote him again to the lowest rank possible until the problem is resolved, aside from the /gkick solution.
@Someone –
No offense, but as things pertain to this situation, you have no idea what you’re talking about.
He cleaned the computers that he use. I walked him through it. And no offense, I do this for a living. I know how to make sure something isn’t infected, at least if it’s hit the radar on any of the major sites yet.
Symantec, AVG (Grisoft), TrendMicro, all came up negative. Spybot, Windows Defender, negative. The one odd thing was that his hosts file was missing – but if it was missing, that means it can’t have been used to send him to a spoofed website. Unless a virus magically removed itself after the second hack attempt, after somehow avoiding the existing (and maintained) AV software on the computer.
He doesn’t use wireless to game. The computer he plays wow on 99% of the time, he ONLY uses to play WoW. He does not use .exe installers for mods, and gets the base files from curse.com or wowace.com. He has a second account that he has used on the same computer, with the same password, that was not hacked.
So, where does this leave us for possibilities?
1) It is a new keylogger of some sort that infected his machine, therefore none of the above mentioned programs picked up on it. Also, for whatever reason, the jackass who stole the stuff decided only to access one account – if it was a keylogger, he had the username and password to both accounts.
2) The UN/PW was obtained by some means other than a virus/wireless sniffing. What that may be, I don’t know. Social engineering is unlikely given that only one person knew the UN/PW and he didn’t give it to anyone, period.
So, I don’t know how this happened, honestly. Tweeden did all the right things, kept his computer safe, etc. He either got unlucky enough to get snagged by a zero-day exploit, or accounts can somehow be compromised regardless of precautions taken by the user.
Oh, and for the record, immediately after locking his account, Tweeden is proceeding to do a full reformat on both his WOW computers.
[...] about one thing, keeping your PC secure isn’t anybody but your own business. And as this story from BRK’s guild shows, when you’re an officer and have guild bank access, you are a particularly fat goose to pluck [...]
@Fio
“He either got unlucky enough to get snagged by a zero-day exploit, or accounts can somehow be compromised regardless of precautions taken by the user.”
Please keep us informed if there is any insight as to how this was done.
[...] there have been a number of posts detailing account hack horrors, most notably BRK’s guild bank being cleared out twice in the same day and a similarly traumatic account hack incident for Gun Loving Dwarf Chick’s [...]