<p>Not sure this is the right form to put this in, if not then its ok to move it.</p><p>I personally know 4 folks on nektulos server who have had their accounts hacked in the past week.  I got toask anybody else seen an increase in acconts getting jacked.</p><p>Man kind of scarry,  I asked them you get any wierd emails,  go to a new web site that kind of thing, and they were all like I don't got to wierd website and use the same passwords and all.</p><p>Scarry stuff going on.</p>

<p>either they visited questionable website that may have hidden keylogger or sharing account when they weren't suppose to do.</p>

<p><cite>Tyrus@Butcherblock wrote:</cite></p><blockquote><p>either they visited questionable website that may have hidden keylogger or sharing account when they weren't suppose to do.</p></blockquote><p>Yes that's why i was asking them what websites they went too lately. I was thinking keyloger myself but one of them is a computer nut and should know better.</p>

<p><cite>isest wrote:</cite></p><blockquote><p><cite>Tyrus@Butcherblock wrote:</cite></p><blockquote><p>either they visited questionable website that may have hidden keylogger or sharing account when they weren't suppose to do.</p></blockquote><p>Yes that's why i was asking them what websites they went too lately. I was thinking keyloger myself but one of them is a computer nut and should know better.</p></blockquote><p>Have known "computer nuts" that do not pay much attention to security and had very little common sense when it comes to what they do on the computer, so that is not a valid comparision.</p><p> Even legitimate websites can inject a zero day rootkit, trojan or keylogger, especially if the web admins of the legitimate sites do not keep up on the current securoty patches and advisors on what is out there. Adobe's web addons have been recieving a lot of attention from the criminal portion of web users. refuse to call them hackers, it is a insult to the original meaning of the title.</p>

<p>Its happening on all the servers.  I have friends on Guk and Permafrost that both got hacked around the same time.  Interestingly enough, the one from Permafrost found a level 1 toon created on Guk that triggered her thoughts that something was wrong.  Gotta wonder if they are using hacked accounts to transfer stuff from other hacked accounts on other servers.</p>

<p><cite>isest wrote:</cite></p><blockquote><p>I personally know 4 folks on nektulos server who have had their accounts hacked in the past week.  I got to ask anybody else seen an increase in acconts getting jacked.</p><p>Scarry stuff going on.</p></blockquote><p>I had a long lost guildie show up last month.  He'd not played in nearly a year.   Failing to get a response out of him, some of us set off to search where he was.   Turns out he was gathering in SH, a fairly unusual circumstance for him.  </p><p>After attempting to contact him in game,  (guild chat, tells, says, and  face to face jumping up and down with characters he'd certainly recognize), we turned him into Customer Service, and I locked his guild accesses/permissions to nil as a precaution..  </p><p>From SOE we learned IP was chinese.   He lives in California.   SOE reset the password and notified him.</p><p>We were able to get in contact with him in real life.   The account had not been used in nearly a year.  He plays several MM0s regularly, (on a daily basis) and none but the SOE account was hacked.</p><p>Since the account had not been played in a long while, it was not a keylogger virus.   He does not keep his passwords in a file on his computer, so a searching virus could not get to them.    Additionally his computer has strong anti-virus protection.  </p><p>Best guess is an internal SOE issue.  The support software there is as buggy as the game itself and someone found a hole and is slowly mining it.  </p>

<p>People have a lot of accounts for games and forums and websites which means a lot of passwords and user names to remember.  I am willing to best most people use the same username for a lot of those accounts, and often times the same password.</p><p>What happens is that some tertiary gaming sites gets compromised and they acquire a mass amount of user names and password.  One article said that about 40 million usernames/passwords were taken this way in a certain stretch of time.</p><p>Then they have programs that correlate all this stuff and they try mass amounts of log ins on various gaming sites.  When the log in occurs, they will strip the character of every non visible, vendor sellable piece of loot as well as the bank account and they will just transfer the money to the Gold Sellers toons, then transder it again....sort of money laundering.</p><p>Of course, all of this stuff is traceable and usually the GMs have programs that monitor log ins, money transfers over a certain amount and other things that they deem sketchy.  Then the GMs will start mass banning these player accounts in an attempt to save the player. </p><p>Of course, they cannot reimburse items but they will often times reimburs gold.</p><p>The point is that these are not part time hackers, and more often than not the player is not "sharing accounts or visiting questionable web sites".  This is BIG business, especially in Asia where internet property/gamin is a massive money maker.  These people know what they are doing, they know how to get in and out quickly to get away with the gold, and they know that there is nothing that any company can do to stop them except an account ban, which is really nothing since they use game cards and can easily make another account.</p><p>They actively go out of their way to scour the internet for mass gaming accounts hoping that out of the tens of millions they acquire, a certain percentage will always work...which means they will always be in business.</p><p>Until game companies either start banning IPs or restricting access to certain areas of the world, they will always be possible victims of these relentless, stalking Asian gold-market businesses.  And yes, it is almost always located in East Asia because they have the populace that games the most, as well as laws that can work to their advantage (Korea) and you can do anything you want in China...just do not get caught.</p><p>$$$$$</p>

<p>We have had this happen to 3 Guild Members in the last 60 days.  Two were inactive accounts and 1 was a current player.  I know all three pretty well.</p><p>Interestingly, one of them was hacked and had the 3 day $5.00 service on his account - not with his credit card or address information.</p><p>I am not sure of the details to the other inactive account, and the current player did use his laptop in a "less than secure" environment. So there are a number of ways this can happen.</p><p>What concerns me most is the reactivation being done of inactive accounts and the obviously false credit card/address information being put into accounts to activate them (you mean that SoE has NO sort of verification process to match credit card numbers and addresses!??).</p><p>Maybe this sort of thing happened a lot in the past (I am well aware of hacked accounts being rampant in some games), but in my experience with EQ2 it has never seemed to be a problem on this scale.</p><p>It is easy to blame the customer and we should all, and can be, more diligent in how we watch our own security and where we visit on the net.  But I can only hope that SoE is working diligently to review their current billing methods (verify those account numbers and addresses before actvating an account..come on!) to help cut-off another method that seems to be more of an issue than in the past.</p>

<p><cite>isest wrote:</cite></p><blockquote><p>I personally know 4 folks on nektulos server who have had their accounts hacked in the past week.  I got toask anybody else seen an increase in acconts getting jacked.</p></blockquote><p>What probably happened is that they use the same password for the game as they use for one or more other Web sites. Then they visited a site that included malware (doesn't have to be a suspicious site, even very large legitimate sites like CNN have gotten malware on them coming from the advertisements they host on their pages) and got something in their browser that lifted passwords for sites they visited after that. It didn't even have to be a permanent infection, one browsing session's enough to lift useful amounts of information. The bad guys collect a large amount of information, then take the passwords they collected and try them all to see if they can find some that work on the games. These days all the tools are available in automated kits, it's minimal effort on their part so a 0.1% success rate's a win for them. In fact I'd bet it isn't even a primary aim. It's possible the group behind the actual attacks is aiming for bigger fish and selling the game-related lists to the group compromising game accounts to earn a little extra on the side.</p>

Things I found out at Fan Faire: <a href="http://eq2wire.com/2010/08/27/protecting-yourself-from-account-fraud/" target="_blank" rel="nofollow">http://eq2wire.com/2010/08/27/prote...-account-fraud/</a>

<p><cite>feldon30 wrote:</cite></p><blockquote>Things I found out at Fan Faire: <a rel="nofollow" href="http://eq2wire.com/2010/08/27/protecting-yourself-from-account-fraud/" target="_blank">http://eq2wire.com/2010/08/27/prote...-account-fraud/</a></blockquote><p>Good advice in that. One other one I add: write your passwords down. The hard part about maintaining different passwords for everything's the problem of remembering that many passwords. If they're written down you don't have such a problem remembering them, so you're more likely to actually pick different passwords. What I do is keep file with all my accounts and passwords in it, and use PGP to keep it encrypted when I'm not actively using it. For day-to-day use I print it out and put it in the drawer of the computer desk. When I update it and print it out again, the old print-out goes in the shredder so it's not a security risk when I throw it away. I figure there's a very limited number of people who've got unsupervised physical access to my computer desk, and none of them work for these account-cracking rings.</p><p>Just, if you keep passwords in a text file, make sure that a) it's encrypted most of the time with the decryption key not stored on the computer (I keep it in the encrypted file and depend on the print-out when I need it) and b) that you run your anti-virus software and make sure your computer's clean before you decrypt the file to update it.</p>

<p>I've been using computers since I bought my first one back in the 80's (A Timex Sinclair 1000, lol)  and I have been building my own since the early 90's.  I consider myself pretty savy about security and keeing myself safe from viruses etc.  However, one area I was blissfully ignorant about is how insecure wireless is.  Of course, I made my home network secure but for years I have been traveling around the world for my job and I frequently use the free wireless hotspots at many airports.  Then I read about what that guy did a little while ago with that firefox add on, firebug.  I went to his blog and read what he had to say about wireless networks are and I realized that I have been lucky I never had any of my accounts hacked in the last several years.  I would frequently access my email accounts, my bank and many of my forums from free hotspots.  Nowadays i only use free wireless to surf anonymously.  Unless i can get an https connection, i won;t log into any accounts unless I trust the network I am on.</p><p>It was pretty scary to see how easy it is to rip peoples login info out of the air.  I installed firebug on a laptop and drove around in my car and within 5 mins I found a half dozen unsecured wireless networks and grabbed 4 or 5 facebook accounts.  Imagine what you would see in a large mall or other public place with free hotspots?</p>

<p>I've known several people to get hacked. Interestingly enough, every single one of them used Profit UI. I don't know if that has anything to do with it or not, but it is an awfully strange coincidence.</p>

<p><cite>Calandriaa@Mistmoore wrote:</cite></p><blockquote><p>I've known several people to get hacked. Interestingly enough, every single one of them used Profit UI. I don't know if that has anything to do with it or not, but it is an awfully strange coincidence.</p></blockquote><p>Not really tbh, Profit is probably the most used custom ui. Did all the people you know also all use eq2maps?</p><p>Besides, the only thing in profit that could really be used to steal their login details is the auto updater, since the ui itself isn't executable.</p>

<p><cite>Calandriaa@Mistmoore wrote:</cite></p><blockquote><p>I've known several people to get hacked. Interestingly enough, every single one of them used Profit UI. I don't know if that has anything to do with it or not, but it is an awfully strange coincidence.</p></blockquote><p>All 4 of the folks I know use profitui, im wondering if they had the same log in credentials at wherever it was you download that at.</p><p>Still that would mean that site been compromised.</p><p>However from what I have heard all the ip's have been chinese or at least that's what I have heard, and I think the profitui guy is in the states,  so still weird.</p><p>I know its a painful or the folks it happened too, the guilds these folks were in and customer support had had to put in tons of hours trying to figure out where all the stolen stuff went and getting it back to the rightful owners.</p>

<p><cite>Jrral@Unrest wrote:</cite></p><blockquote><p><cite>feldon30 wrote:</cite></p><blockquote>Things I found out at Fan Faire: <a rel="nofollow" href="http://eq2wire.com/2010/08/27/protecting-yourself-from-account-fraud/" target="_blank">http://eq2wire.com/2010/08/27/prote...-account-fraud/</a></blockquote><p>Good advice in that. One other one I add: write your passwords down. The hard part about maintaining different passwords for everything's the problem of remembering that many passwords. If they're written down you don't have such a problem remembering them, so you're more likely to actually pick different passwords. What I do is keep file with all my accounts and passwords in it, and use PGP to keep it encrypted when I'm not actively using it. For day-to-day use I print it out and put it in the drawer of the computer desk. When I update it and print it out again, the old print-out goes in the shredder so it's not a security risk when I throw it away. I figure there's a very limited number of people who've got unsupervised physical access to my computer desk, and none of them work for these account-cracking rings.</p><p>Just, if you keep passwords in a text file, make sure that a) it's encrypted most of the time with the decryption key not stored on the computer (I keep it in the encrypted file and depend on the print-out when I need it) and b) that you run your anti-virus software and make sure your computer's clean before you decrypt the file to update it.</p></blockquote><p>sorry NEVER write your passwords down, this is one of the biggest security faults around. Better solution if to find a encrypted password vault application, such as those that come with trend micro, or a good donation only is keepass. Keepass makes you remember 1 password, it encrypts the file of your passwords utilizing Advanced Encryption Standards (AES, Rinjdel) and Twofish algorithems to encrypt the database. </p>

<p>Huh, I just saw a guildmate on last night who had been inactive for over a year. According to guild events she did a couple of writs on 2 different characters, paid the guild hall rent and was in Stormhold.  She didn't respond to guild chat so I just figured she was afk.  I wasn't on for long but now I wonder if I should log in and demote her characters until I can make sure its her.  Not that there is a lot in the guild hall to plunder but I would hate to lose some of the sentimental stuff.  I just hate the fact people keep these hackers in business by buying plat.</p>

<p><cite>Stormdove wrote:</cite></p><blockquote><p>Huh, I just saw a guildmate on last night who had been inactive for over a year. According to guild events she did a couple of writs on 2 different characters, paid the guild hall rent and was in Stormhold.  She didn't respond to guild chat so I just figured she was afk.  I wasn't on for long but now I wonder if I should log in and demote her characters until I can make sure its her.  Not that there is a lot in the guild hall to plunder but I would hate to lose some of the sentimental stuff.  I just hate the fact people keep these hackers in business by buying plat.</p></blockquote><p>Doing writs and paying the GH upkeep hardly sounds like the work of a hacker to me... lol.</p>

<p>One thing we have been seeing is an increase in gold farmer activity.</p><p>I have seen at least 3 bots in the rill.  All 3 of them using the green journeyman's cloak the boots and using totem of the cobra.  They all stack and give you something like 80% run speed.  All these toons are level 75 no trade skill at all no guild at all.  You can tell they are bot programs the way they move from node to node and in 2 of them cases using that warp hack we all hear about where they zoom across the zone, and don't interact. We need a copule of mobs added in the rill that agro that would stop all that botting, you could still be smart and not get agro for the tiny tradeskill guys. The tree's are not enough need a few more up near panda area and down where jin tu is.</p><p>The only reason why I know what to look for now is the one person who got hacked in our guild they deleted most of her stuff, but she was wearing the journeyman boots, the cloak and had a stack of 100 totems.  The even sold her cloak of the havestor<img src="/smilies/9d71f0541cff0a302a0309c5079e8dee.gif" border="0" alt="SMILEY" />.</p><p>What they do is run some kind of program to nail rares,  one guy that was up there had over 36 diamonds in his broker and 46 korborite.  They sell them on the broker then sell the plat to whoever is buying it.   I know diamonds are easy i got 10 in 3 days of harvesting, but beryllium in stacks of 20 like that you got to go wow.  There was even a level 12 with 22 ut diamonds a level 12 with no trade skill you know whats happening there they transferred them.</p><p>Seams to be a big business, and its no skin of the hackers nose as those accounts do get banned they just go hack another account and continue the process.</p>

<p>This isn't only found in one UI, but I believe Profit had the feature in it.</p><p>They have those nifty "Change Character" screens where you can fill in your character names and your account password so you can easily switch between your toons.The reason I haven't included this in my UI is because it stores your password in a very unsafe XML file on your computer, accessable by anyone. This is not good.</p><p>Don't save your password in a shortcut, in a text file, or anything like that. If you're gonna use a password manager, use a safe, encrypted one that has a high encryption type.</p><p>Mods that make things easier like changing characters quickly between account/accounts are not safe IMO. I'd personally recommend that you not use that feature anymore if you do currently.</p>

<p><cite>Wingrider01 wrote:</cite></p><blockquote><p>sorry NEVER write your passwords down, this is one of the biggest security faults around.</p></blockquote><p>As I said, I keep the password file itself encrypted using PGP except when I'm modifying it.</p><p>But riddle me this, which is safer: having my passwords on a print-out in a drawer where getting to it requires physical access to my computer desk (which requires a) knowing where I live and b) breaking into my place), or reusing passwords because I can't remember hundreds of different passwords (yes I've got that many on-line accounts)? I say the print-out's safer. Anyone who can get at it has physical access to my computer. They don't have to find a bug to get software loaded, they can boot off a USB drive or a CD and modify my system directly, bypassing almost all security (unless I use an encrypted filesystem). And honestly, who has both desire <em>and</em> ability to do this? I know lots of people who'd want to, but they're all black-hats who don't even know who I am, let alone my address, and even if they did they're half a world away from me and can get more results by going after a few hundred people who use shared passwords than by sending a burglar to my home. I know people who've got the access, but that's only half-a-dozen people and I know all of them and none of them have any desire to know my passwords. It'd be different if my computer desk was in an uncontrolled area where random strangers could get at it, but it's not. It's in my home, and I know who gets into that room unsupervised.</p>

<p><cite>Jrral@Unrest wrote:</cite></p><blockquote><p><cite>Wingrider01 wrote:</cite></p><blockquote><p>sorry NEVER write your passwords down, this is one of the biggest security faults around.</p></blockquote><p>As I said, I keep the password file itself encrypted using PGP except when I'm modifying it.</p><p>But riddle me this, which is safer: having my passwords on a print-out in a drawer where getting to it requires physical access to my computer desk (which requires a) knowing where I live and b) breaking into my place), or reusing passwords because I can't remember hundreds of different passwords (yes I've got that many on-line accounts)? I say the print-out's safer. Anyone who can get at it has physical access to my computer. They don't have to find a bug to get software loaded, they can boot off a USB drive or a CD and modify my system directly, bypassing almost all security (unless I use an encrypted filesystem). And honestly, who has both desire <em>and</em> ability to do this? I know lots of people who'd want to, but they're all black-hats who don't even know who I am, let alone my address, and even if they did they're half a world away from me and can get more results by going after a few hundred people who use shared passwords than by sending a burglar to my home. I know people who've got the access, but that's only half-a-dozen people and I know all of them and none of them have any desire to know my passwords. It'd be different if my computer desk was in an uncontrolled area where random strangers could get at it, but it's not. It's in my home, and I know who gets into that room unsupervised.</p></blockquote><p>c: neither of them. Corporate policy at my company - write the password on a piece of paper and get caught 7 days suspension with out pay.. second time termination.  as far as booting off a cd or usb three simple methods to prevent that - disable the drives unless they are needed, a bios master password and a power on password</p><p>I have the advantage for my hundreds of passwords, I utilize a portable password keeper that encrypts the entire database with two difference methods, only have to remember two 12 digit passwords, the first to decrypt the USB key the application is stored on and the second to launch and enter the password storage data application.</p><p>Bottom line, there is no 100 percent protection with zero day infections, only thing that is secure is a computer that has no external access outside of a keyboard and even then the user needs to monitored. Safe to say that if a breach would have come form the SOE side then there would be thousands of more posts on the subject and it would have been reported in the tech rags, especially the ones that deal with security of sensitive data.</p>

<p><cite>Wingrider01 wrote:</cite></p><blockquote><p>c: neither of them. Corporate policy at my company - write the password on a piece of paper and get caught 7 days suspension with out pay.. second time termination.  as far as booting off a cd or usb three simple methods to prevent that - disable the drives unless they are needed, a bios master password and a power on password</p></blockquote><p>Yep, but this isn't my work computer (where I won't write down passwords because it's in an open area and I can't control person-by-person who has physical access to my desk). This is my home computer, and I know exactly who's in my home and where they are at all times. And yes I could use BIOS passwords and the like, but what are those protecting against? They won't stop on-line or remote attacks, because those attacks happen after the passwords have been entered and everything's decrypted and/or enabled. They'll only protect against a local attack by someone who's already physically in my home, and I've better and more convenient ways of protecting against that (eg. keeping the doors locked). I don't bother with security measures that don't protect against the threats I'm facing.</p><p>And, if you're using a password keeper application on your computer? Congratulations, every piece of software running on your computer has access to your passwords. Encryption doesn't matter, because those passwords have already been decrypted. Any malware has them the moment you fire up that application. For me, nothing on my computer has access to the password list when I'm merely using it to enter passwords because I'm not using the list on the computer.</p>

<p><cite>Jrral@Unrest wrote:</cite></p><blockquote><p><cite>Wingrider01 wrote:</cite></p><blockquote><p>c: neither of them. Corporate policy at my company - write the password on a piece of paper and get caught 7 days suspension with out pay.. second time termination.  as far as booting off a cd or usb three simple methods to prevent that - disable the drives unless they are needed, a bios master password and a power on password</p></blockquote><p>Yep, but this isn't my work computer (where I won't write down passwords because it's in an open area and I can't control person-by-person who has physical access to my desk). This is my home computer, and I know exactly who's in my home and where they are at all times. And yes I could use BIOS passwords and the like, but what are those protecting against? They won't stop on-line or remote attacks, because those attacks happen after the passwords have been entered and everything's decrypted and/or enabled. They'll only protect against a local attack by someone who's already physically in my home, and I've better and more convenient ways of protecting against that (eg. keeping the doors locked). I don't bother with security measures that don't protect against the threats I'm facing.</p><p>And, if you're using a password keeper application on your computer? Congratulations, every piece of software running on your computer has access to your passwords. Encryption doesn't matter, because those passwords have already been decrypted. Any malware has them the moment you fire up that application. For me, nothing on my computer has access to the password list when I'm merely using it to enter passwords because I'm not using the list on the computer.</p></blockquote><p>/rofl try reading about the password keeper and the reviews, also how does "every other peice of software on my computer have access to the passwords? Since it is a stand alone application that sits on a hardened USB key.   the encryption techniques it uses is the twofish algorithm and AES, Rijndael, both of these are interesting reads if you are into security and encryption</p><p><a href="http://www.schneier.com/twofish-analysis-shiho.pdf">http://www.schneier.com/twofish-analysis-shiho.pdf</a></p><p><a href="http://csrc.nist.gov/archive/aes/round1/conf2/papers/mirza.pdf">http://csrc.nist.gov/archive/aes/ro...apers/mirza.pdf</a></p><p><a href="http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf">http://csrc.nist.gov/archive/aes/ri...el-ammended.pdf</a></p><p><a href="http://csrc.nist.gov/publications/nistir/ir6483.pdf">http://csrc.nist.gov/publications/n...stir/ir6483.pdf</a></p><p>as far as access to your home, that is a lot more simple then you think - unless you live alone and no one else ever visits you.</p><p>Not going to argue computer security with you, not worth it besides it is not the crux of this thread, still stand behind the simple fact that the total number of "hacks" is so small that it does not indicate a hole on SOE's end, nor do the various secuirty reporting firms indicate it, they are normally the first to "leak" the news of a hack of a secure database.</p>