This last weekend, it was revealed that account hackers have successfully bypassed Authenticator security using “man in the middle” attacks; interposing themselves between player and server, and taking the player’s input for themselves, telling the player they failed to login, and then using the info themselves to get in and change things to suit themselves.
Today, I received an email from Intravax, who had a harrowing story to tell;
We had 3 of our members’ accounts stolen within the last month. No major damage as there are caps to what ppl are allowed to withdraw from the vault.
Then one of our officers got hit and that did a bit more damage, although it wasn’t anything that couldn’t be replaced in a week or 2.
Then, this Monday on 3/1/2010 it was like our WoW version of Sept 11th. All our officers got hit, including our GL (each of us have authenticators) and 6 other guildies.
The hackers were like a virus and multiplied by immediately inviting several dozen other characters and promoting them all to the highest rank possible, and we were cleaned out and all our toons were deleted (most of us had at least 3-4 Lvl 80’s all geared in T9 or above). As an added twist to the gut, before the toons were deleted the hackers used them to spam in /trade and /general for their gold selling companies, thereby getting our accounts suspended our reputation tarnished.
All 6 tabs of our vault were filled to the brink with top level flasks, gems, enchants, crafting mats, buff food, etc. Additionally, we had over 75k gold which was donated by the officers and guild members to offset the costs of all the crafting materials that were donated.
Is it a claim made by a reader, impossible for me to confirm? Yes.
Do I believe the writer? Yes. Yes, I do. The entire email was very well written, it wasn’t asking for any kind of action or publicity on my part. Intravax was just letting me know what had happened to him, his friends and their casual guild, and giving me a heads up to be careful with my own casual guild bank settings, so that the chances of the same thing happening to Sidhe Devils might be reduced.
Thank you, Intravox. I can assure you, having been the victim of account hacking years ago myself, before Burning Crusade was released, I know at least a little of how it feels to come in and find that your character or account is trashed.
In my case, the hacking happened in mid-session, Christmas Eve several years ago, while I was on vent with friends in Undead Strat doing, as I recall, a timed Baron run. So, I got to hear, live and in person, the play-by-play details as my friends followed my character, still all in party together, through hearthing from Eastern Plaguelands/Strat Undead to Ironforge, watched me strip naked, and then, still in party with my main, watched as party chat showed my character D/E’ing all my stuff , mailed the mats off… and then followed my character as it ran back and forth from the bank to the mailbox, sending off all my stuff to someone else.
At least my character wasn’t deleted.
Merry Christmas, Windshadow!
Talk about wanting to just quit the game in disgust. That right there is a feeling of violation that is difficult to overcome. The emotional aspect, quite apart from the inconvenience of lost items, characters or gold that might be returned after an investigation, is hard to describe.
What is it? Why does this keep happening, despite the best efforts of Blizzard to prevent it?
Sophisticated methods for hacking player accounts are designed, developed, tested and implemented.
This represents a significant investment in time and resources on someone’s part.
What would be the incentive to cause folks to go to such extended lengths to get access to your account?
Here is my assumption; real world money is the incentive.
It is my assumption, my theory, that the majority of hacked accounts are performed by gold sellers looking for inventory to sell to a willing market, and not malicious punk kids with too much time on their hands.
A market of consumers that will seek them out and offer them real world currency in exchange for virtual world gold.
I don’t buy gold, and you don’t buy gold, and nobody you have ever known has ever bought gold… and yet, somehow… people still make money selling gold.
Funny, isn’t it?
It’s my understanding that there are several ways gold sellers acquire the gold they offer to fulfill orders.
First, there are people that work directly for gold sellers, that go out and farm and play the auction house to develop gold.
Second, there are people who may be regular players like anyone else, but they work as affiliates, independant ‘stringers’, and when they have gold available to sell, they contact the gold sellers directly and offer it to them… for less than the gold seller will flip it for to the buyer. The gold seller has the website contacts to sell, the stringer has someone they know to sell to when they have some extra.
Methods one and two, as I described them, are fairly safe for the gold seller, but they represent an investment, an expenditure. They have to either pay someone to play to harvest the gold directly, or pay a stringer to get their supply.
The third method is to hack a stranger’s account, loot all their stuff, ship it off to a third party to clearance it, and then delete the account.
This is fast, and aside from developing the hacking method and identifying the target, inexpensive on the part of the gold seller. Either the account is hacked or not, and with guild banks, the potential score goes beyond access to one player’s account.
This business all revolves around the fact that players have something that has a real world monetary value, and there are those out there that have the means and the desire to take from others to enrich themselves. And even better… where are the cops to prosecute them for the stolen goods?
“Excuse me officer, but I had $1500 in property stolen last night.”
“Oh, really? Tell me, where did the crime take place?”
“On Kael’thas, Alliance side. They got everything. Wiped me clean out. They got away with over 25,000 gold, enchanting mats, Frozen Orbs and epics with a street value of $1500. And they defaced my property by deleting my characters!”
“Uh…. huh. Get the hell out of my sight, nutball.”
In almost all cases, I would be willing to bet that it is not a vindictive or malicious act; I really believe it is the real world monetary benefit that keeps them doing this.
So long as you have something they want, something that is valuable to them, and there is no actual risk involved to them in taking it, then they will continue to plot means of stealing you blind.
I would like to propose a possible solution.
Blizzard, please, open an official micro-transaction store and just sell the gold yourself.
No limits on how much, make it legal, and price it so low that it’s undercutting the gold sellers.
Players are somehow able to find gold sellers online, so I’ve got to imagine, since you’ve got computers and the internet yourselves, that you could figure out where they are and how much they charge.
Give the player, the person that seems unable to tear themselves away from buying gold, a legitimate, safe and dependable location to get it from.
Remove any reason someone may have to visit a gold seller outside of Blizzard.
Tell the players, if they really cannot stand to farm gold for epic flying or that awesome epic hammer on the AH themselves, you will give them a place to go where they know they’re getting the best deal, the transaction will be safe, they will not be subject to viruses or hacking, and they will not be risking an account ban.
On the flip side, make it clear that if you DO catch anyone buying gold or selling gold outside their own store, you WILL still ban their account.
I didn’t want to make the obvious analogy with prohibition and alcohol… but seriously. If players, regardless of what the consequences may be to them, continue to go give the gold sellers money, then the gold sellers will continue to find ways of getting it to give.
Remove the incentive. Take away their payday. Reduce their market to nothing.
Make them go find someone else to rip off.
Now, I’m not naive. I know that the WoW economy is very involved, and Blizzard does a lot to try and balance the availability of gold through play with the number of things that you can spend it on. Blizzard is a world economy in scope, and they have to do a lot of work behind the scenes to battle inflation.
That being said… I think, purely my own opinion but what the heck, on a blog that’s what you get, pure opinion, but I think I can safely say people are sick and tired of wondering if today is the day some thief has hacked their account.
Just do it. Cut out the middle man, sell the gold yourself, and call it a day.
I won’t buy it, but someone out there sure as heck will, and you’d be performing a valuable service for the community if you can finally find some way of cutting the gold sellers off at the knees.