This last weekend, it was revealed that account hackers have successfully bypassed Authenticator security using “man in the middle” attacks; interposing themselves between player and server, and taking the player’s input for themselves, telling the player they failed to login, and then using the info themselves to get in and change things to suit themselves.

Today, I received an email from Intravax, who had a harrowing story to tell;

We had 3 of our members’ accounts stolen within the last month. No major damage as there are caps to what ppl are allowed to withdraw from the vault.

Then one of our officers got hit and that did a bit more damage, although it wasn’t anything that couldn’t be replaced in a week or 2.

Then, this Monday on 3/1/2010 it was like our WoW version of Sept 11th. All our officers got hit, including our GL (each of us have authenticators) and 6 other guildies.

The hackers were like a virus and multiplied by immediately inviting several dozen other characters and promoting them all to the highest rank possible, and we were cleaned out and all our toons were deleted (most of us had at least 3-4 Lvl 80’s all geared in T9 or above). As an added twist to the gut, before the toons were deleted the hackers used them to spam in /trade and /general for their gold selling companies, thereby getting our accounts suspended our reputation tarnished.

All 6 tabs of our vault were filled to the brink with top level flasks, gems, enchants, crafting mats, buff food, etc.  Additionally, we had over 75k gold which was donated by the officers and guild members to offset the costs of all the crafting materials that were donated.

Is it a claim made by a reader, impossible for me to confirm? Yes.

Do I believe the writer? Yes. Yes, I do. The entire email was very well written, it wasn’t asking for any kind of action or publicity on my part. Intravax was just letting me know what had happened to him, his friends and their casual guild, and giving me a heads up to be careful with my own casual guild bank settings, so that the chances of the same thing happening to Sidhe Devils might be reduced.

Thank you, Intravox. I can assure you, having been the victim of account hacking years ago myself, before Burning Crusade was released, I know at least a little of how it feels to come in and find that your character or account is trashed.

In my case, the hacking happened in mid-session, Christmas Eve several years ago, while I was on vent with friends in Undead Strat doing, as I recall, a timed Baron run. So, I got to hear, live and in person, the play-by-play details as my friends followed my character, still all in party together, through hearthing from Eastern Plaguelands/Strat Undead to Ironforge, watched me strip naked, and then, still in party with my main, watched as party chat showed my character D/E’ing all my stuff , mailed the mats off… and then followed my character as it ran back and forth from the bank to the mailbox, sending off all my stuff to someone else.

At least my character wasn’t deleted.

Merry Christmas, Windshadow!

Talk about wanting to just quit the game in disgust. That right there is a feeling of violation that is difficult to overcome. The emotional aspect, quite apart from the inconvenience of lost items, characters or gold that might be returned after an investigation, is hard to describe.

What is it? Why does this keep happening, despite the best efforts of Blizzard to prevent it?

Sophisticated methods for hacking player accounts are designed, developed, tested and implemented.

This represents a significant investment in time and resources on someone’s part.

What would be the incentive to cause folks to go to such extended lengths to get access to your account?

Here is my assumption; real world money is the incentive.

It is my assumption, my theory, that the majority of hacked accounts are performed by gold sellers looking for inventory to sell to a willing market, and not malicious punk kids with too much time on their hands.

A market of consumers that will seek them out and offer them real world currency in exchange for virtual world gold.

I don’t buy gold, and you don’t buy gold, and nobody you have ever known has ever bought gold… and yet, somehow… people still make money selling gold.

Funny, isn’t it?

It’s my understanding that there are several ways gold sellers acquire the gold they offer to fulfill orders.

First, there are people that work directly for gold sellers, that go out and farm and play the auction house to develop gold.

Second, there are people who may be regular players like anyone else, but they work as affiliates, independant ‘stringers’, and when they have gold available to sell, they contact the gold sellers directly and offer it to them… for less than the gold seller will flip it for to the buyer. The gold seller has the website contacts to sell, the stringer has someone they know to sell to when they have some extra.

Methods one and two, as I described them, are fairly safe for the gold seller, but they represent an investment, an expenditure. They have to either pay someone to play to harvest the gold directly, or pay a stringer to get their supply.

The third method is to hack a stranger’s account, loot all their stuff, ship it off to a third party to clearance it, and then delete the account.

This is fast, and aside from developing the hacking method and identifying the target, inexpensive on the part of the gold seller. Either the account is hacked or not, and with guild banks, the potential score goes beyond access to one player’s account.

This business all revolves around the fact that players have something that has a real world monetary value, and there are those out there that have the means and the desire to take from others to enrich themselves. And even better… where are the cops to prosecute them for the stolen goods?

“Excuse me officer, but I had $1500 in property stolen last night.”
“Oh, really? Tell me, where did the crime take place?”
“On Kael’thas, Alliance side. They got everything. Wiped me clean out. They got away with over 25,000 gold, enchanting mats, Frozen Orbs and epics with a street value of $1500. And they defaced my property by deleting my characters!” 
“Uh…. huh. Get the hell out of my sight, nutball.”

In almost all cases, I would be willing to bet that it is not a vindictive or malicious act; I really believe it is the real world monetary benefit that keeps them doing this.

So long as you have something they want, something that is valuable to them, and there is no actual risk involved to them in taking it, then they will continue to plot means of stealing you blind.

I would like to propose a possible solution.

Blizzard, please, open an official micro-transaction store and just sell the gold yourself.

Do it.

No limits on how much, make it legal, and price it so low that it’s undercutting the gold sellers.

Players are somehow able to find gold sellers online, so I’ve got to imagine, since you’ve got computers and the internet yourselves, that you could figure out where they are and how much they charge.

Give the player, the person that seems unable to tear themselves away from buying gold, a legitimate, safe and dependable location to get it from.

Remove any reason someone may have to visit a gold seller outside of Blizzard.

Tell the players, if they really cannot stand to farm gold for epic flying or that awesome epic hammer on the AH themselves, you will give them a place to go where they know they’re getting the best deal, the transaction will be safe, they will not be subject to viruses or hacking, and they will not be risking an account ban.

On the flip side, make it clear that if you DO catch anyone buying gold or selling gold outside their own store, you WILL still ban their account.

I didn’t want to make the obvious analogy with prohibition and alcohol… but seriously. If players, regardless of what the consequences may be to them, continue to go give the gold sellers money, then the gold sellers will continue to find ways of getting it to give.

Remove the incentive. Take away their payday. Reduce their market to nothing.

Make them go find someone else to rip off.

Now, I’m not naive. I know that the WoW economy is very involved, and Blizzard does a lot to try and balance the availability of gold through play with the number of things that you can spend it on. Blizzard is a world economy in scope, and they have to do a lot of work behind the scenes to battle inflation.

That being said… I think, purely my own opinion but what the heck, on a blog that’s what you get, pure opinion, but I think I can safely say people are sick and tired of wondering if today is the day some thief has hacked their account.

Just do it. Cut out the middle man, sell the gold yourself, and call it a day.

I won’t buy it, but someone out there sure as heck will, and you’d be performing a valuable service for the community if you can finally find some way of cutting the gold sellers off at the knees.

69 Responses to “A Call to End Prohibition – Sell Gold Now!”
  1. Phelps says:

    Sell it, and make it useless. End the prohibitively high utility item costs (like the giant epic mount costs) and make it so that you have to earn utility items, and can spend gold on all the cosmetics and fluff you want.
    .-= Phelps´s last blog ..Wave of violence by political extremists =-.

  2. Iceveiled says:

    Blizzard selling gold will not ease the problem at all. If anything it’ll just make the hackers/gold sellers more brazen in their attacks.

    The solution is NOT to have blizzard sell gold, officially. If blizzard thought that was the solution they would’ve done it years ago. If the hackers are motivated by currency (which obviously they are), how would blizzard selling gold STOP THEM from still trying to hack people to sell gold to turn a profit? That makes no sense. The only thing they could do is buy money from blizzard and then somehow try to get people to purchase it for more than they could through blizzard. Not happening.

    Unfortunately the real solution is there is no solution. Shit happens. WoW will never be 100% secure (nothing on the web is).

  3. Svantovit says:

    You should check out EVE-Online’s solution to the problem.

    Basically, players are allowed to by game time cards, and sell them in-game for virtual money. There are several safe-guards in place that makes sure the player to player transactions are all above board and secure.

    It’s a win win. People capable at making gold in game play for free, people with jobs can sell the GTC so they can buy their mats, blizzard gets their $15 for each person playing, and there is very little use for gold sellers.

  4. Adlib says:

    I have a couple horror stories. My account was hacked a couple years ago, but that was before they required ID documents faxed to them before restoration. I got an authenticator and thought I was safe. Now, it appears not so much maybe.

    Anyway, a year or so ago, our GM’s account was hacked and started booting members when we were onto him. We actually had to reform as a different guild until Blizzard could stop the guy. That was pretty scary too. The hacker was using the toon to sell stuff in /trade also so we had to run interference in trade chat to try to protect our GM’s reputation.

    I agree that it would be hard for Blizzard to balance selling gold and protecting the in game economy, but yeah, these people cause all kinds of grief and heartache. I mean, losing a toon that you worked YEARS for? That’s a big feeling of helplessness and anger.

  5. Moonstalker says:

    I’m sure there are some pitfalls with this idea but what about making the gold like heirlooms. Lock it to your account so you can trade between your own toons but only able to use as currency with official WoW NPC’s/systems such as vendors or the AH. No trading to other toons. Economy stays basically the same and the only downside is not being able to give your wife the 5k she needs for epic flight. (Granted – that’s a large downside on the homefront but…)

  6. Kevin says:

    The only thing Blizzard selling gold itself accomplishes is hyper-inflation. The hackers will just always undercut Blizzard. They have virtually no cost to producing the gold they are stealing. Even though hacking is a crime and they could go to jail, the risk is incredibly remote, particularly for those who are not in the US to begin with.

    The only way to stop the hackers from having an incentive to steal and sell gold is to make gold worthless in the game, either by removing it or giving us unlimited access at no cost.

  7. Wavemancali says:

    There is a better alternative than Blizzard selling it themselves.

    Blizzard could act as a middleman between valid players wishing to sell gold for playtime.

    According to the 8 gazillion web sites advertising for WoW gold the current rate is about $4-6 for 1000 gold. If Blizzard set up an in game system to allow users to do Blizzard approved transactions, say 4000g for a 1 month game card, you’d have a system where people who want to buy gold can do it, and people that either like farming or find the monthly fee a burden could get a benefit as well.

    No Chinese farmer is going to farm for playtime.

    It’s a win, win, win situation.

    I already know a few people that have done it with people they know in real life.

    To those that say, “Well then the farmers will just sell game cards.”

    System works like this:

    Player A wants gold
    Player B wants to sell gold

    Player B goes to blizzard and gets a “Seller ID number”
    He farms 4000g and deposits it into the system under his seller ID.

    Player A wants to buy gold and announces this in trade
    Player B sends him a whisper with his Seller ID.
    Player A goes to the Blizzard store and pays $15 for the 4000g that is linked to Player B’s seller ID. Player A gets his gold, Player B gets a free month.

    No login information is exchanged, no scamming occurs because the gold is prefarmed, Blizzard loses no money because the playtime is paid for by Player A. The economy is not screwed by the influx of more money because it is still a closed system.
    .-= Wavemancali´s last blog ..Need Some Input Here =-.

  8. Siobhann says:

    Blizzard has been very consistent about cash and trading card items only being cosmetic. At this point, they have made most of the high end crafting mats like Crusader Orbs and Primordial Saronite tradeable. Do you really want a situation where players are expected to either grind gold or spend cash in order to get crafted epics or consumables to raid? “We had a 1% wipe. DPS, I want to see all epic gems, full enchants and primodial saronite crafted items next week. All it takes is a little cash.”

    It’s even a problem with regular profession items. “I ran out of flasks!” “Well, why didn’t you buy some gold before the raid and get some off the AH?” “I can’t afford $20 on top of the subscription fee to raid.”

  9. Saniel says:

    Phelps is on the right track, I think. The ideal solution is to find something other than gold that can be worked for and accumulated (but not traded between accounts) to trade for the high-cost items/skills. That way they’re not just handing it out for cash, but it reduces the value of gold.

    I think there’s a lot of people out there (whether they be time pressed or lazy) that don’t resort to buying gold specifically because of the risks and/or ethics involved. If Blizz were to actually sanction it, I could see the number of people who do buy gold jumping through the roof.

    Plus, what would that do to the AH? What would stop someone from tossing up something Bladeborn Leggings for 50K Gold? If someone wants it bad enough, they can just go give Blizz more money, get the gold, and it’s theirs. It would push market prices way out of reach for those of us who are content to make what money we can with the in-game systems that exist.
    .-= Saniel´s last blog ..New PTR build = Feral wags =-.

  10. Minos says:

    My understanding is that there’s a lot of overlap between methods 2 and 3. Many of the account hackers are “independent contractors” who then turn around and sell their ill-gotten loot to the gold sellers.

  11. Myownfault says:

    Doesn’t matter, remove all the incentive you want the main fault lies in our selves.

    I would bet, and if someone has some stats showing otherwise post them, that 99% of all hacked accounts are from some sort of key logger or fishing scam.

    I cringe every time I get the “Invalid login info” message, I am sure most of you do too.

    But I would put ALOT of money on the line that a clean WoW install on a clean PC with up to date anti virus and a user that isn’t visiting unsafe websites and downloading unsafe links NEVER gets hacked.

  12. Jambnine says:

    I understand your concern BBB, but Blizzard getting into the gold-selling business will never work. This idea has been thrown around hundreds if not thousands of times before and the inevitable conclusion is always the same. If Blizzard undercuts the gold sellers, they’ll just undercut Blizzard in return and that cycle will continue until gold loses all value. Once that happens, the gold-sellers will move on to primordial saronite then flasks, then orbs, then herbs and the list goes on. As long as *anything at all* in the game can be traded between characters and has a perceived value, gold-sellers will hack accounts to get it and sell it for real-world money. There are only two possible solutions to this problem:

    1) Have Blizzard sell absolutely everything for so cheap that it is not economically viable to pay even a single hacker or order-fulfillment employee to run a non-Blizzard commodities market. This will destroy the WoW economy, obsolete all in-game professions and trivialize items that are supposed to be rare or valuable rewards.

    2) Make all items in the game bind-on-pickup or bind-on-account. Again, this will only serve to destroy the WoW economy (no more auction house) and obsolete all in-game professions.

    Neither of these options would make WoW better than it is today.

    As for Wavemancali’s idea of allowing players to sell gold to each other in exchange for free months. Sure, Blizzard could do this, but it wouldn’t stop the gold-sellers from just undercutting them. If people have the option to buy 4,000g for $15 from another player or 10,000g for $10 from a gold-seller, they’ll choose the gold-seller. If players then undercut the gold-sellers that whole undercutting cycle will spiral out of control until gold is worthless and no players will bother selling it any more.

  13. Arkaneena says:

    Or they could get rid of tradeable gold entirely. You can’t give your friends money except through the AH. Like how it works with getting you opposite faction toons money. Gold is essentially BoP or even BoA. You either earn it, or you trade items for it through the AH. This isn’t a perfect solution either I am sure. There is no magic bullet here.

    Blizz selling gold means people like me who can afford such things, but won’t give scammers the time of day, will buy from them and become uselessly rich. I am only cash poor now, because my lowbie alts are rich. Isn’t that already a problem. So many rich alts. Have you seen the prices of low level mats in the AH lately. Those prices are insane. People pay them because they can. God forbid a new player actually wants a Big Black Mace, because the price of Black Pearls is redonkulous.

    They can’t control inflation in the economy and still allow us to have nice things. Teams of people who should have known better and with more on the line dropped the ball in real life. See Enron, Worldcom, Tyco, Mortgage Bubble, etc., etc. How can WoW keep up? They can’t, stop trying to keep up. Just let it go wild. It’s a game.
    .-= Arkaneena´s last blog ..Before Others Do Unto You =-.

  14. Fricassee says:

    @Iceveiled
    By having Blizzard sell gold, the gold supply goes up and a price ceiling is put on the game. In addition, goldsellers have to sell harder in order to out-advertise Blizzard, who just needs to put a tip on the loading screen- “Need more gold? Buy it legally at http://www.blizzard.com!”

    @Kevin
    I think you’d be surprised how many people would pay a few extra bucks for gold, knowing it was completely legal and that their account security isn’t at risk. If Blizzard sold gold, it would be almost impossible to sell it illegally unless they sold it at a huge discount. The hacker cost isn’t in the hacking part of the equation, it’s in the time to move the goods and the advertising.

    It would cause ridiculous inflation in the game and ruin the whole idea of GDKP runs and playing the AH. You’d basically be trading one evil (account hacks) for another (inflation.)

    That being said, I’m sure Blizzard has done the business case of how many players they’d lose to how much money they’d make from selling gold.
    .-= Fricassee´s last blog ..ICC-10 Fo’ Mages: Festergut and Rotface =-.

  15. bloodbane says:

    Blizz can’t sell gold. It will destroy the economy as you said. One possible solution is that Blizz may have to make a keylogger/virus removal software that target wow players and have it run during the initial screen.

    Since that won’t happen. people just have to stop visiting the suspected sites. For the most part, the sites that can get you infected are common misspellings to sites that a wow player would check, i.e. adding one extra letter to deadlybossmods.com and you are stuck with it.

    Get an authenticator, watch your spelling and don’t click on links.

  16. Intravax says:

    @Myownfault: For almost 3 years my account has had no problems. I don’t go to random websites. I have 3 anti virus programs as well as multiple Spyware, Adware, personal firewall, website filters and antiphishing programs. Our GL was hacked as well and they have even more security than I do and run their system on Linux. Blizz confirmed that our authenticators are no longer valid and we have to get new ones. What do you do when you take every precaution possible and still get hacked?

  17. Tom says:

    I think Blizzard actually selling gold is just going to shift the problem. Hyper-inflation will result that will create two classes of players, those who buy gold and can afford to buy good stuff and those who don’t and can’t buy stuff on the Auction House at all. I think the idea of sanctioning gold trading for game time is very interesting but I think it would still cause hyper-inflation far worse than we have it now because more people would buy gold as it would be legitimate.

    One way to curb gold buying and selling would be to give every character a ‘twink rating’. This rating is visible to everyone and reflects the difference between the value of the gold and items the character has received and the value of what they have given away. You could even scale it by level so to offset being given 1,000 gold at level 1 you would have to give away 80,000 gold at level 80 to return your twink level to neutral. Thus if you want to be a gold buyer you cannot do it anonymously.

    It would also make gold farmers/sellers very obvious because their twink rating would be massively negative. Aside from being entertaining to other players this would tell Blizzard who to watch.

  18. Intravax says:

    The scary part about this was that there were a group of toons waiting to be invited to the guild from the hacked accounts so they could start their pillaging. These people knew what times the majority of us are online and coordinated their “raid” in the same way that people get robbed while they are normally at work.

  19. Savvy-Savvage says:

    A few years ago after learning of this thing called “Second Life” a U.S. congressman thought to himself “Eureka! If people are willing to buy stuff in this virtual game for real money then anytime somebody playing that game gets an item they owe us a capital gains tax.” Blizzard was mortified and that is why they want no crossover between the in game and real life economy. Imagine our Senate, yeah that Senate, deciding that the IRS, yeah that IRS, needed to keep track of your armory page to see if you had any epix they needed to rofltaxpwn. If it something you own has value and that value goes up, that’s income. They got your ass. This is also why they don’t want you selling your accounts. It’s to protect you from Uncle Sam.

  20. graylo says:

    While your solution makes sense on the surface, it fails to grasp the complexity of the issue.

    First you have to deal with the unintended consequences. The most commonly sited are inflation and such that would really hurt the wow economy, but there is a bigger problem that largely goes ignored. If Blizzard sold gold themselves, they would be saying it is ok to buy gold. Tons of players that currently don’t buy gold because it’s against the rules would start. Plus, most buyers would think, does it really matter if I buy gold Blizzard or a 3rd party?

    If Blizzard started to sell gold they wouldn’t be taking the market away from 3rd party gold sellers, they would be expanding the market for everyone, and probably not really hurting the profitability of gold sellers.

    You may argue that blizzard can sell it for such a low price that 3rd parties can’t complete. I disagree. First of all, Gold Sellers already have large amounts of gold. They could easily dump it for less then blizzard is selling. Second, their hacking operations are already set up. There would be little extra cost to let them continue. Third, inflation would make all their gold gaining activities gain more gold. Therefore they could keep up with Blizzard on price reductions, because every time they reduce the price they increase the supply. It will be a never ending spiral downward. In the end, the only way to get rid of gold sellers is to get rid of gold, and I don’t think that would be good for the game either.

    Personally, I think Blizzard has handled this in the best way possible. The best offense is a good defense. Some may look at the recent authenticator hack as a failure, but it is really just a step along the cat and mouse game that blizzard plays with hackers. Blizzard will learn from this and make the game more secure. Unfortunately Hackers will learn as well, and find a loop hole. I know it sucks, but the alternative you are proposing is just as bad if not extremely worse

  21. Firecroch says:

    I realize that there are probably so many accounts and toons that are owned by these people that you will never be able to root them out. On the other hand, why can’t Blizz stop doing trial accounts and start tracing the in game mails that all this gold is sent to? If they can restore a deleted character, they should be able to pull logs and find out where that gold is going to. Even if the gold sellers spread it all out between a bunch of accounts, they still have to pull it all together to send to the person that is buying it. You start tracing the money and banning every toon/account that the gold/items are sent to and they won’t have anywhere to store the gold to keep it until it is sold off.

    These gold sellers are idiots as well. They don’t know that the more they do this the more they influence people leaving the game. The more people leave the game, the less accounts they can steal from and sell to. They are essentially putting themselves out of business.

  22. kaozz says:

    Well this is a tough subject. I have spoken about it before, what could be done to prevent problems. It’s not only the selling of gold, selling accounts and characters. Even if they (Blizzard) do sell gold people will ALWAYS buy and sell accounts.

    There are things that could be done, should have been changed in the past. Prices of mounts ect.. However Blizzard is slow getting around to things.
    .-= kaozz´s last blog ..Facepalm (MMO) =-.

  23. Metaphoria says:

    I completely agree with you BBB. I have been there where I thought about buying gold, but the thought of getting banned was too much, so I decided against it, and I ended up getting it legitimately, (borrowing it from a guildie one time) and then another discovering that you could get a huge discount for your fast flying mount if you bought it in Outlands.

    At anyrate, I think Blizzard would be very smart to have their own Gold Store, and they could balance it out by putting restrictions (you can only buy a max of so much gold per month, etc) and they could put a cap on it. You can’t go over 5k gold. I’m sorry, I don’t think it should be that easy to buy that special mammoth that has the vendors. Or, depending on your characters. If you’re a first time player, Blizzard could start you off with a certain amount of gold. Heck, you purchased one edition of the game you could start out with 500 gold on the first 3 characters spendable only on NPCs. They could put an account binding status on the gold that you purchase from the store (if you have 300g and you purchase 400 g, that 400 g cannot be used in the AH, or cannot be traded). There are ways to encourage good play tactics. Well, I’m ranting a little, but I have to say I think you have hit the solution on the head, and I hope Blizzard pays attention to it. I bet money that the ones who are using those sites are players who don’t know any better. Don’t know how to make gold and just know that they are behind. Naivety exists, especially for new comers, or those who get frustrated with the game mechanics and just don’t quite understand. Best solution is to offer a solution–one that doesn’t threaten being banned from the game. One that makes it very clear to new players the consequence of buying gold on the black market, etc.
    .-= Metaphoria´s last blog ..Returning to the Blog =-.

  24. bigbearbutt says:

    I’d really like to thank all of you for the wonderful, and thought provoking, comments to this post. You’ve given me, as aways, a great deal to think about, and i’m enjoying every second.

    Awesome!

  25. Locktite says:

    I just find it hard to believe. I understand that the authenticator can be hacked now with a “man in the middle attack” but I just find it strange that your guild was targetted in such a way. This was no random attack. They had access to your guilds officers and GM and knew they had authenticators. Sorry, but its hard for me to believe all of you didn’t have another connection in some way. Maybe a gold buying site someone in guild used and passed along saying it was legit and all of you used once before I dunno. Could be anything. However multiple people from the same guild all attacked and hacked with this much precision. Those hackers could spend their time doing something more heinous instead with that level of precision.
    I just think something is being left out here.

  26. Dechion says:

    One thing I sincerely wish is that GM’s had the ability to individualy password protect guild bank tabs, even from themselves.

    It would make life more annoying, but it would put yet another layer of security in place.
    .-= Dechion´s last blog ..Through new eyes. =-.

  27. Kirk says:

    Back when BBB got hacked I made a suggestion for Blizzard to implement. The suggestion was that guild banks by default require two officers to authorize release of things from the bank. This could be changed to allow single officer release, but it requires two officers to authorize that change. A step too far is also requiring the double release for gkicking.

    I also recommended to Blizzard that they send a “please confirm” email for each deleted toon.

    Neither have been implemented, but I still recommend them.

    I note that the former would not have helped in this case — the guild was well and truly screwed by somebodies who covered all the steps. However, I have a separate suspicion here. Intravax has a website. I suspect the avenue of attack came from something on the website. After all, all officers must log on sooner or later, the website discusses when they’re going to be online (and if like most such guild blogs there are several “can’t make it” posts — similar to telling someone your house will be empty this weekend while the two of you are standing in a crowded restaurant where people know who you are.)

  28. lissanna says:

    What about power leveling services, account buying, etc? Should we just have all characters start out at level 80 with a full set of end-tier epics if people are willing to pay enough money for them? What about botting & automating your character & account sharing? I guess it would be easier to not have so many people break the rules if we just didn’t have rules at all. Where do you draw the line? Who is to stop the gold sellers from just selling hacked WOW accounts while the owner of the account is away on vacation?

    At what point to do you cave and let greed win?
    .-= lissanna´s last blog ..Cataclysm Gear changes for druids =-.

  29. Ammayet says:

    I am steadfastly against Blizzard selling gold. Not only would the market inflation of the AH go to extreme numbers, players with the money would be able to buy whatever they wanted (be it cosmetic items, or slots in raids), thus flipping WoW on its end in many unforeseeable ways. Part of the blissful ideals in WoW is that people’s outside circumstances have no bearing on what they are able to achieve in WoW. Alienating players in game because they are unable to buy gold is going down the wrong path, BBB.

    I know that many accounts get hacked by goldfarmers, and the gold spam is awful, but it is much better nowadays than in TBC (14 gold spam tells per hour on my old server) and Blizzard is working hard to eliminate them. The authenticator bypass requires more work than the keylog and forget method, too, so not all gold hackers are using it.

  30. Miriam says:

    I don’t think making gold buying legal would do any good, as it would only increase the amount of gold on the market, thus making hacking even more profitable and allowing gold farmers to undercut Blizzard. Blizzard would have to undercut the gold farmers again and the circle would continue until gold is pretty much worthless, which would put people who prefer playing the game without spending more than their monthly subscription fee in a very awkward position. The real problem are the people who buy gold. If no one bought it, then there wouldn’t be any gold farmers. If Blizzard got more effective at tracking down people who bought gold and banned their accounts in a fairly public manner, I think a lot less people would be tempted.

  31. Kirk says:

    On the other hand I could be wrong. This brief blog article discusses one way the attacks are being executed, and includes links to several places including a forum discussion. For reference, the evil program currently has the name “emcor.dll”. Search for it, and if you find it you’ve got a man-in-the-middle infection.

  32. lissanna says:

    For bypassing the authenticators, you actually have to visit a scam website and download the program. It’s harder to get infected with if you have proper internet practices.
    .-= lissanna´s last blog ..Cataclysm Gear changes for druids =-.

  33. Arrowrest says:

    Sorry, big guy but this wouldn’t change a thing for the gold sellers. They’d undercut Blizzard’s pricing and continue to hack, farm, and bot their way to more gold sales. In addition, this would add inflation to the economy making mats and items more and more expensive. Players that didn’t want to purchase gold or couldn’t for financial reasons would be put in a tough spot.

    Client-side security is the only thing that can really solve this but that again is an almost impossible situation. Blizzard has no control over security on the client side and it’s essentially going to be an arms race between Blizzard and the hackers for the foreseeable future. Things are hampered by the fact that so much of this malware appears in advertisements and sponsored links that are not screened adequately by the ad providers or search engine sites. There’s no easy solution here.
    .-= Arrowrest´s last blog ..How Wrath Could Have Been Improved =-.

  34. shelly says:

    If anyone here ever played neopets before they started heavily using microtransactions, it was a much happier place. Now, the ONLY way to get anywhere in the game is to buy things with real money to sell to others. The game itself is dead. I have seen many other online games like that via down tue drqibln because the only way to yet anywhere is to buy items/gold. I don’t want that to happen to wow. once the other places started selling game ghqnging items, it became a who can buy their place and not who could earn it.

  35. fiad says:

    its intreasting that you bring this up just the other day me and my housemate where talking about this very subject, he plays eve online and in the eairly days of eve it was very easy to hack a players account, to remove the problem of people selling eves in game money they made it purchesable as a result there hacking what slashed to only malishouse innsodent but due to thenature of the hackings it made it possible for the staff to trace it as there was normly a reason for it, but long story short eve did that you are suggesting and it worked also eve still has a incredably strong and balanced econommy

  36. Stabs says:

    Regardless of what Blizzard does there are a few things that individuals can do.

    - first off don’t buy gold. It’s very likely to have been ripped off from other players. Don’t be the reason people do this.

    - try to minimise internet traffic on your PC you play WoW on. Don’t look at dodgy sites, particularly gold-selling sites or WoW sites with gold-seller ads on using the same PC. Here in the UK anyone can use the internet for free in a public library. Use such free services to browse third party WoW internet sites.

    - use a different browser than Internet Explorer. I use Mozilla Firefox with NoScript. Ideally you should use an obscure browser so it’s not worth writing a virus for (although not so obscure that the browser is itself a scam).

    - also use antivirus software. AVG has a free version that is pretty good. None of them. not even the most expensive is perfect.

    - consider setting up a second PC at home. I’m playing Eve on my other PC as I read blogs and it’s very convenient.

    - minimise the amount of addons you use and use mainstream versions of those addons. So use Auctioneer rather than an obscure custom auction mod, use Grid, Clique, Decursive rather than obscure addons that do similar jobs. Also wait a week after a patch before you download and google search for keylogger issues before you install updated versions.

  37. Voice of raisins says:

    This last suggestion at least keeps a static amount of gold in the realm economy. Blizzard selling gold is a very bad idea, I think Blizzard see that which is why, I think, we will never see it happen.

    If Blizzard were to start selling gold officially then it would not only become legal but also a necessity. This would mean that the people who are rich in real life would become the rich in game as well.

    Prices in the auction house would sky rocket as the perceived value of gold goes down which would price new players and players who did not want to, or could not afford to, buy gold completely out of the market.

    This would mean that every player would be outlaying their monthly subscription and then paying for again for the gold required to buy things. This would completely ruin the game and turn it into an expensive version of Runes of Magic.

    I have been following this blog for a while because it always had good observations about the game, I especially liked the series comparing pally tanking versus bear tanking, but this is among the most monumentally stupid suggestions I have every heard. Try visiting the suggestions forums and searching for “Blizzard sell gold” to get a feel for how the community feels about this sort of thing.

  38. Carus says:

    I reckon Blizzard should go undercover; Make their own gold selling website, maybe chuck some cash at Google to make sure it’s the first link that pops up when you Google “WoW gold”, and underprice the other gold selling websites. Eventually they’re getting the majority of the gold selling business, but the economy hasn’t been completely trashed, as buying golds was still illegal, so the amount buying has stayed roughly the same.

    Plus, they have a nice handy list of everyone who bought gold, and how much, ready to suspend and/or take the gold away from :P

  39. Morebear says:

    Or, this is part of black PR campaign aiming at people not to trust authenticators. Less authenticators = more hacks.
    Thus posting this would just help the hackers.

  40. Ulv says:

    Bliz selling gold would be awesome for some but bad for the game.

    I’m fortunate enough to have enough disposable income that I could buy gold if it were available from a reliable source. I’d buy enough to have my 25 Primordial Saronite and be on my way to my first Orange item!

    If this were the case we’d see inflation on certain key items taking them out of reach for players who don’t have the spare cash. I guess Gevlon would just write them off with the accusation that only the lazy or stupid can’t make enough gold in game to buy whatever they want BUT some of us like actually playing the game as well ;p
    .-= Ulv´s last blog ..Content..? =-.

  41. Trazer says:

    Like others have mentioned, I am afraid this will only leave to undercutting – and welfare epics will get a brand new dimension.

    However, I am far from any wiz on databases and data in general, hence I simply can’t get into my head why this is impossible to stop?
    The gold may go over several accounts – but it does end somewhere?! Why is it not possible to do anything about this …?
    Account gets hacked, gold get sold, ticket is made – gold is traced and every link in that chain gets banned ..
    I must be missing something obvious …
    The Ah most likely, even though I fail to see the big issue in that either..
    We do not want them to set a restriction on AH prices, that would completely ruin my Rune of teleportation business …

    I am sure that Blizz have invested quite some time in resolving this .. We just have to live with it I guess.

  42. Ozzard says:

    There’s no fix that will your account being hacked, but there’s a very obvious approach that would reduce the effect of the problem. Many people can see that their account has been stolen within a few seconds or tens of seconds; fast enough that an attacker can’t do very much in-game in that time.

    So, here’s a thought experiment: assign a second, single-use password to each Battle.Net account. You *cannot* reset this by gaining access with the main “game” password, whether or not you have an authenticator. It’s given to you when you create the account, and you can get a reminder of it at any time by logging in to your account. It serves one purpose: if you log in to your Battle.Net account with this password, it immediately red-flags the account for a reasonable period (say 3 days), contacts any game servers that you’re logged onto and dumps you off that server. You then have time to contact Blizzard with ID documents to get your account re-enabled… and hopefully the scammers haven’t managed to clean out all your toons and the guild bank too.

    Known issues:

    1) Malware preventing connection to battle.net to press the red button. Mitigation: many, though not all, people have a second computer or a smartphone with Internet access. The service should be simple enough that it can be accessed from simple, small devices such as phones.

    2) Some idiot getting hold of the emergency password and locking you out of your account. Mitigation: This is down to password security. Don’t share your account, don’t leave your machine logged into the admin site when you’re not around, and make sure people aren’t looking over your shoulder when you find out your password.

    3) It requires Activision Blizzard to implement this – which, in turn, requires them to acknowledge the scale of the problem, which is bad publicity. Mitigation: Hacks of this nature are possibly even worse publicity!

    Comments very welcome!

  43. Ferrel says:

    I’m certain that Blizzard will somehow pass this off as a “player error.” Two months ago my inactive WoW account was hacked. I had not logged in for over two years and someone I know happened to notice Ferrel running around. She texted me about it and that tipped me off. I tried to log in but someone had added an authenticator. I called support and they fixed the issue for me with no trouble. They were great.

    I did get the speech, however, about key loggers, malware, sharing my password and all that. I had not touched the account in two years and nobody had the password. At some point I had even updated it to a battle.net account so the login name had changed to my email. There was no key logger, no malware and no sharing, but it was my fault. I was even told to buy an authenticator to be 100% sure. It didn’t do much good to explain how those things aren’t 100% sure and how to hack them.

    At any rate, I think you make a great point. I say go for it. I also say take a little responsibility instead of just blaming the customer. Who is to say that someone internal didn’t swipe a bunch of account info and sell it so that it could be brute forced (in non-authenticator cases)?

  44. Kattrinsaa says:

    I dabble with many little games that use microtransactions, and find all of them annoying. mafia wars, farmville, wizard101, empirecraft.. all of them are technically free games, but to access certain areas of the game, or to get special items you have to spend real world money frequently.

    I do not want to see wow turn into that. I have 2 characters with epic flight, and had to make all that money the hard way both times. I’m no good at playing the AH market, I simply don’t have the time available to do it. (one reason many would buy gold, no time to farm it up) Tho I do listen to the call to auction podcast, and have tried a few of their suggestions.

    I have had my account hacked once, I got back most everything. I couldn’t play for 2 days and was mad as a hornet about it. I was using wowmatrix at the time to update my addons, and found me a new one. it was supposed to be a sphere like addon for mages. It didn’t do jack, but apparently was enough to keylog my password. I got an authenticator after that, and have had no trouble since. (maybe blizz should upgrade the authenticators to do fingerprint ID’s as well.. lol)

    I do agree with the suggestion that the expensive things like fast flight should be a quest driven reward instead of money sinks. If blizzard wants a money sink, they should give us player houses or some other fluff that serves no major functional purpose, a paid re-skin of items (convert your grey dagger to look like one of the twin warglaives for an ungodly amount of money. no change to stats, or do something with the fugly leather helm you get from heroic UK..)..

    For the really epic things, (fast flight, the vendormobile, ect) they should have a really good questline. not a simple little quest and viola` a new ability/item..
    I think they really regressed when they made the pally/warlock/druid class mount/form quests obsolete, granted the content they were based in was now ez mode. but those questlines really made you appreciate what you got from them.

    CALL TO ACTION – come up with some plausable questline ideas for the fast flight training, and for the vendormobile (the travellers tundra mammoth)
    .-= Kattrinsaa´s last blog ..A case of the mondays =-.

  45. Elegantdeath says:

    Still upsetting is that they will/can do nothing about accounts where people know it is “currently being hacked”. One weekend a guildmate’s wife came on to say her husbands account was hacked… Strange, I just saw him… Well, not him. I tried to make b.s. conversation to confirm (hey, is your dog okay) with no reply. I put a ticket in an miraculously talked to a gm in about 30 minutes… told them the story and got the “sorry, we can’t do anything” reply. The only advice they could provide is where the user should go online to file a report. That’s just wrong.

  46. Jack says:

    Do you really want . . . “We had a 1% wipe. DPS, I want to see all epic gems, full enchants and primodial saronite crafted items next week. All it takes is a little cash.”

    QFT

  47. Holly says:

    I have ranted about the authenticator before, usually to deaf ears. People telling me it made their game unhackable or near unhackable, while I argued it just made it ‘more secure’. They argued encryption, etc. . . and I continued to warn. My old network security teacher used to use the phrase ‘safe enough.’ If you put a lock on the door, it will keep -most- people away, but the man that really wants in -will- get in. You can add a security system, and guards with guns, and it will keep most people away, but the man that really wants what’s inside -will- get in. In the end you just have to make security hard enough that 99.9% of people won’t bother getting into it. The issue with something like this where there are so many open spots for people to attack along the process, and the fact you have to make it so that the security methods aren’t completely annoying to the player. For example the player could log into a proxy with a secure name/password that follows a random encryption protocol much like the authenticator, they could then type in a password, blizzard could take the password, send the information through their private network to a different server on another side of the country so that the traceroute is completely different, send it to the proxy and back to the player as a response, that htey have to type another password/phrase/word too, and -that’s- the login process. It’s more secure than the authenticator, but it would make for like a 30 second login, and if you get d/c’d….

    So while I don’t doubt the authenticator helps, most security measures are limited by not being in blizzard headquarters autonymous from the internet. The best thing blizzard can do, honestly is make restores more painless, and play the cat and mouse game that will always exist trying to make the encryption on the client and the server side as secure as they can. “Good enough” security is good enough for a game, as long as they make recovery easy. Since, being digital content, it’s not difficult to remagnetize the plates to put back what was taken. Character deleted? no problem, here’s a back-up, guild bank stoeled? no problem, it was backed up. What you don’t own a fax machine? just some phone confirmation is good -enuff-.

    …I won’t comment either way on the blizzard selling gold solution, as I have to agree that as long as something can be used as currency in the game, be it gold, materials, etc. . . somebody will try to find a way to make a profit.

  48. Savvy-Savvage says:

    I expect Blizzard to remain anti-micro transaction as well as anti gold seller and anti account seller. Ok, let me try again to remove any doubt from your mind about what Blizzard’s concern is with the selling of in game property like your gold and even your character for real money is. http://www.neowin.net/news/main/09/01/14/irs-to-tax-second-lifeworld-of-warcraft-earnings-3 You don’t own your characters either. You rent them from blizzard like bowling shoes. They want it to be a closed system with no overlap with any real economy. The temporary loss of control of an account or any virtual property is secondary to them imo. They control the in game world and can undo any wrongs there. They can’t fight the tax man for you however.

  49. Lifeforce says:

    I am no economist. That being said, I like the idea of gold being BoA. It would mean no help for my sons’ mount funds, etc., and no tips for enchanting things (like this is a big money maker, right?). My question is, does this really put hacking out of business? I can’t think of a way to get gold TO another account if gold were BoA. Gold being a non tradeable and non mailable item should do this, from what I can see.

    The only thing I can think of is that Blizz has some reason to allow this to continue. Gevlon spoke to this a week or two ago, on his blog, and I have to think that there is a piece the WoW population is missing. The above posts have stated multiple potential ideas for account protection, yet nothing changes? Why?
    What are we, the players, missing?

    Chadder

  50. Jayle says:

    Here is an option: Make it against the policy to give or receive more than 3k per quarter outside of the AH. Any account that gives or receives more than that amount either through trade or mail will be automatically banned immediately. It could trigger a code that would instantly log the character out and lock it down. This will make it harder for people to purchase gold and make it harder to clean out characters. At that small amount, why would anyone bother to buy gold? You could make that much through a solid day of questing/farming.

    Few problems: Will hurt husband/wife teams, will destroy selling of any high priced item outside of AH, crafting trades could be hurt, etc. People will be forced to sell their enchants or other crafted goods on the AH.

    But the biggest thing is that there needs to be a serious prosecution of gold purchasers. If you buy gold, you are gone. Period. If sellers don’t have people to sell to, then they won’t stay in business and they will move onto another aspect of life to ruin.

  51.  

World of Warcraft™ and Blizzard Entertainment® are all trademarks or registered trademarks of Blizzard Entertainment in the United States and/or other countries. These terms and all related materials, logos, and images are copyright © Blizzard Entertainment. This site is in no way associated with Blizzard Entertainment®