It looks like you're new here. If you want to get involved, click one of these buttons!
MMORPG.com's Jaime Skelton, after getting hit by a hacker through a keylogger, writes this column warning people that they may not be as immune as they think they are.
In the ten years I've been playing MMOs, there has been one thing I've never done. I knew of its existence, but I generally made a point to avoid it. Friends talked about it, and some even tried it themselves. So last week, I finally gave up my inhibitions, took the plunge, and did what so many others before me had done.
I got hacked.
This was, of course, unintentional on my part. It also contained not just one, but two delicious twists of irony. The first twist was that I had ordered an authenticator at the beginning of the week "just in case." Naturally, I got hacked the day before it arrived in the mail. The second twist? A while back, someone suggested that I write a column to raise awareness about keylogging and other forms of account hacking, and I thought to myself, "Why? It's pretty cut and dry. Don't be stupid, and you'll be just fine."
The joke's on me, now. I believed a lot of the common myths about getting hacked, and had deluded myself into believing that I was shielded by a protective bubble. A few weeks ago, I even teased a few of my friends who got hacked because they fell for a fake StarCraft II beta invite. Luckily, they didn't tease me back - too much.
Cheers,
Jon Wood
Managing Editor
MMORPG.com
Comments
Sucks that you got hacked, but glad you wrote up something on it and were big enough to admit it rather than blame someone else.
Yes hacking is some major problem. None of my gameaccounts got hacked, but yesterday my paypal account got hacked;)
Well i am smarter now and get an instant message on my cellphone whenever i do a transaction with paypal, i hope something like this get's introduced for MMOs i play as well.
Sorry for my english
Wow, sorry to hear about what happened. I've had friends get hacked, but I can only imagine how I'd feel if it happened to me. I think I'll tread even more carefully from now on.
This is especially helpful for when you take an extended break from the game, since it is common for people who don't know they were compromised to discover it only when they come back to the game months later.
My wow account was recently hacked and i havent been playing for 8 months. They attached the authenticator to it which kept me out, so i changed my password which kept them out. I found that so useful i bought one for the wife and myself.
I've been 20 years on networks/internet.
# of viruses: 1. This due not to me, but to a housemate who happened to be on the same network and we had shared drives (lesson learned, read only is a good thing now...), back in the late 1990's.
Some of the usual adware/spyware crap you get from browsing, but nothing that was pure "evil" (mostly cookies).
No keyloggers, never had an account hacked (had 5 EQ1 accounts, 1 WoW, 1 EQ2, 1 L2, 1 Aion, 1 LOTRO, 2 Eve, 1 WW2 Online, 1 of many others).
Of course, I don't like add-ons from 3rd parties either, and I would NEVER download one in any kind of executable form.
And I don't even run Anti-virus.. (I do have firewalls of course).
Sadly, I have to FIX other people's computers that have viruses or bad spyware (hate you Virtumonde!). They have stuff to "protect" them, but the only protection that REALLY works is DON'T CLICK ON CRAP YOU DON'T KNOW. If a window pops up that wants you to click on it, go to task manager and kill the process... if you run Firefox, use no-script (an add on lol...). But basically, DON'T CLICK
Yikes, it really can happen to anyone.
I'm starting to think Blizzard should really (as many have suggested) pop an authenticator into every box when Cata comes out.
Sorry you got hit Jaime, and sorry it took so long to sort out.
There's a really big tendency to assume that being keylogged/hacked = being an idiot when it comes to computing.
It's not always the case, evidently.
I've never been hacked/logged myself, but as you pointed out, it's a constant evolution so my clean slate may not remain unmuddied for too much longer.
I had a keylogger once.
Firewall caught it the minute it tried to dial home, so I was able to block it and hunt it down on my system. I even found the log file the little bugger had stored all my key strokes in. Luckily, there wasn't anything sensitive there since I had only been playing the.. ehm... "free" game it came with, so even if it had managed to dial home at that point, it wouldn't have been a disaster. It would certainly have caught something sensitive at some point though, so that firewall was a godsend.
Lesson learned.
Thankfully, that's as close as I've come to being hacked so far, but I always get this nagging feeling that it's just a matter of time. So many of my guildies have been hacked throughout the time I've spent in WoW that it's not even funny. When is it going to be my turn, despite being extra careful these days?
I'm a big ol' fluffy carewolf. Be afraid. Be very afraid.
Not to be offensive but I still think you have to be stupid to have it happen. Clearly they didn't breach your firewall and maliciously go after you, you went to a bad site and downloaded a file from there, that is stupid.
First off I don't use third part apps for any MMO I play, never have, never will. I feel they are ridiculous and are basically cheating (in the fact that often times they give you advantages over those who don't use them). Also MMOs are easy and do not require extra assistance. But if I was going to use third party add ons, I would bookmark the sites I trust to be malware free so I didn't accidentally type something in wrong.
It truly is easy to avoid getting hacked.
It bugs me when I watch a show about how a guy got scammed into giving some Nigerian his bank account info and got robbed and he says "It can happen to anyone". No it can't because you have to be dumb to fall for one of those e-mails.
It's one thing if someone hacks into your bank and gets account information, or deliberatly picks a person and actually hacks into their computer to get the information they are looking for. Or a waiter at a restaurant steals your credit card information. Those are things that are essentially impossible to avoid and could result in a stolen identity. I can easily take pity on someone that happens to, but not someone who willing gives out the information. The same is for someone who willingly goes to a site and downloads a bad file.
@ the appropriately named SnarlingWolf: Calling someone stupid for making a mistake when tired and then having the intestinal fortitude to admit that mistake - publicly - to people like, well, um, like you, is more than a little rude. If whatever deity you worship made you so perfect that you have never made a mistake in your life, I commend that deity and wonder if you are in fact the second coming and the world really is headed for Armageddon.
Otherwise, I commend Jamie on coming forward and admitting that she made a common mistake that we all have made at one time or another and being fairly clear and concise in telling people how to repair the mistake should they make it as well. I have personally never been hacked ( *knocks on wood* ), but I have gotten a virus or two over the years due to being tired and doing something I never would have done had I not been tired. Fortunately, like Jamie and many others, my computer know how (and/or a bit of good Google-fu) was able to clear the virus right up, but it still amazes me how many people play MMOs and haven't a clue how to tell their hard drive from their DvD-ROM.
Firebrand Art
"You are obviously confusing a mature rating with actual maturity." -Asherman
Maybe MMO is not your genre, go play Modern Warfare...or something you can be all twitchy...and rank up all night. This is seriously getting tired. -Ranyr
You don't have to have a keylogger to get hacked.
My gf's account in WoW got hacked by a gold farmer 6 months after we had stopped playing it. I only found out because the morons didn't change my email so I was alerted when it was reactivated. I logged into it and saw that it was a bunch of gold farming characters.
I changed the password to lock them out and then bliz disabled the account entirely. Nice timing morons.
It seems quite plausible that there's more to WoW account hacking than user-error. They have some sort of security holes or they have insiders willing to hand out inactive accounts.
There's no way to find out of course, bliz would never let anyone know if either had occured as it would be too damaging.
BTW, I am a hijackthis user for several years. However I fear it's been around long enough that viruses will start finding ways to hide from it.
IMO the greatest misconception of keyloggers and being hacked is that only stupid people or stupid actions gets hacked, no buts. =/ Sorry to hear about your situation. I have a constant fear of being hacked so I use a ton of programs (net limiter, eset smart security [ not just asingle anti virus but also firewall and watchers], search and destroy spybot, and Your Uninstaller! [uninstalls programs that have been installed on your computer]). Which I suggest many people should use - not specifically those that inamed but at least to cover everything).
And even with all those I accidently installed what had claim to be a "Windows Update" (I swear it looked exactly like the windows update popup that normally comes up and everything) Only to realize after i hit the "Update" that the program was a malicious maleware.
Also to be honest, the first four protection are pretty basic and doesn't really apply as protection :P
Like you said, there is no garuentee protection All you can do is be paranoid xD
Good luck to you, hope you dont get hacked anymore xD
Remember, its not the stupid people who goes downloading malicious software that gets hacked, its those malicious software coming to get you >.~
I've got to say... using Firefox with NoScript has probably stopped me from being hacked numerous times. Pretty much this and no clicking on anything that looks shady (reading the url carefully is a must).
Sorry to hear she got hacked but...
Did you read a different article?
She:
1. was tired and trying to do computer stuff. This alone raises the chance of bad stuff happening, from perma-deleting files to sending love notes to the wrong Bob...
2. went to wrong website. I rarely if ever type an address into a browser. There are a few trusted sites with links to the add-ons, if they don't put the links in the add ons ( or associated files ) themselves. If they do tell you the address, copy & paste....
3. used an executeable to install. One of the most reported/repeated things you'll see on how NOT to get hacked while installing add-ons.
4. Teased friends about getting hacked. Karma's a b-i-t-c-h! Was it "Awww, look who got hacked!" Gentle ribbing kind of teasing or was it full on gloat-mode teasing, "Only idiots get hacked and I've never been hacked!" ?
There are still "passive" ways to get hacked. Out of the 3 viruses I've had, only one was a passive virus. I managed to get a new variant before the virus protection programs knew about it from an infected ad on a trusted site. I spent the rest of the night getting it off my system. Thank you Malwarebytes!
The other 2 I stupidly added to my system. One was a .scr file I found in my e-mail attachment directory, it was late at night (tired) and I clicked it assuming it was from a friend.
The other was an .exe that came in a .ZIP file with a video file. The video didn't play so I ASSUMED the .exe was the codecs. WRONG!
I think I was tired then too. ( Am I doing this right? Being tired means I wasn't being an idiot, right? RIGHT?)
Two mistakes I'll never do again, tired or not. Sometimes you just have to learn the hard way.
Ouch! I just barked my shin on the coffee table. I guess I should have wrapped myself in bubble wrap this morning! or maybe I could save money and NOT DO IT AGAIN!
Maybe I should get the Gary Busey Helmet Potector Protector...
I'm testing my Karma with this post, for sure.
------- END TRANSMISSION
Gosh I hate the new editor....
To the person who's GF got "hacked":
The simplest solution is usually the correct one, and in this case she probably gave her info out to someone else at some point, or she had a keylogger and the culprits didn't act on the info right away.
I sincerely doubt Blizzard stores passwords directly. Anyone with half a brain stores a hash of the password (and usually it's combined with something unique to the account, such as the account name, or an internal ID unique to that account). That way no one can "give out" the password even if they have the password master database. Since these "hackers" had her password (unchanged), it was somewhere outside of Blizzard where the "hack" occured.
That exact thing happened to me too, and so I also changed the password to try and keep them out of my account. But after I'd gone through the process of writing two e-mails to Blizzard, firstly being sent a password reset link, and then a notification that they had removed the Authenticator, I logged on and found to my horror that all of my toons had been stripped of their gear and cash. But, as ever Blizzard stepped in and had already sent me replacements for everything that had gone missing, also it seems I was hacked by a gold farmer seeing as my level 80 Death Knight was in the Storm Peaks, deep in a cave system surrounded by wisp type mobs and a bag full of Eternals. Needless to say, I got my compensation.
Playing: LoL x3
Played: RS, WoW, SWG, TR, Aion, AoC, EVE, SWTOR
Watching: FireFall, GW2
You can also be hit with hacked Ads on legitimate sites, that spawn pop-ups or pop-unders. You may think you are clicking on them to close them, but they are a disguise. Clicking anywhere on them just gave them permission to install themselves on your system.
Malware writers can go die in manners too horrible to imagine.
Notice: The views expressed in this post are solely those of the author and do not necessarily reflect the views of MMORPG.com or its management.
This was the prevailing, arrogant attitude I encountered as well when I was hacked for the first time, this past January. The immediate assumption that that you're a fool or are needlessly reckless to have this happen to you in the first place, is quite common. Also, that you've been buying gold and you're getting what you deserve is another charge that is happily trotted out by the digital moral minority of the WoW community. Strangely enough, most of the harping also seems to eminate from those who proudly proclaim how they are addon-free, as if it were some form of chastity that makes them purer of body and soul than the rest of the heathens.
If you honestly believe that you are immune to being hacked because you're just so much more on your toes than the rest of us, you're a fool. All it takes is one small lapse in your protective bubble of paranoia to get tagged yourself. The only way to assure your protection is abstinence -- stay off the internet. You can run as much protective software as you want to minimize the chance that you'll be compromised, priding yourself on your vigilence, but you will never eliminate it.
Not to be offensive...
Sad to say the joke was on you. I am willing to bet that you had a sleeper of a creepy crawly on your hard drive that did not wake up until you went to the proper address and ordered your authenticator. then the creepy crawly found its way to the low life, no life, scum of the earth and I would tell that to there face after I bang there head into the wall. As you can tell I despise Hackers.
Well thank you for your honest colume it just may wake up a few WoWheads. lol
Oh side note be very cautious as to what MODS you use from curse.com heck play WoW with out the MODS and you never get hacked.
Famous last words.
And thank you for the sugestion I will give Malwarebytes a try.
The truth is somewhere in the middle. Being careful and being in the "know" are very important when dealing with PC security. You may download something thinking its safe because its linked on a site like MMORPG.com or a friend tells you about it, but you can never truly be sure when you wander around blindly online.
Though I've never been hacked I'm not immune to it. My chances however are greatly decreased because of my job, my current network protection, and mostly because I know the signs and what to watch out for. If you simply don't know about phishing scams, then its very likely you could fall for one. If you don't know that there are keyloggers out there or there are specific places and programs you should stay away from, then you could easily fall into a trap.
There is an attitude between those that know what to look for and those that don't. If you purposely go looking for game-specific add ons that could be questionable, then you are more at risk then the person who doesn't. Its not about one person being instantly smarter.. its more of a statistical intelligence, that you have much less of a chance to contract a keylogger by doing these simple steps.
As a network administrator I try and protect my place of work as best as I can with gateway and client side protection... but even that isn't 100% perfect when you have a high risk on your network browsing the internet to purposely find ways around security. Chances are much greater that those that are wanting to bypass security and see the sites they want to see and the content they are looking for, that they will be the ones to pick up a virus and spread it.
Yes Yes I know everyone takes it personally when they were foolish enough to fall for a key logging program.
No, nobody is immune to being hacked. Willingly downloading a file is not being hacked, it's being stupid. And everyone has the potential to be immune to stupidity.
And yes being addon free does give you a feeling of being above people who use add-ons, at least I'm honest about it. It also definetly decreases the chances of slipping up and downloading a key/account logger since most people get attacked through such means.
Sorry to tell you, but you can 100% avoid willingly letting a key/account logger onto your machine.
No you can not be immune to someone who directly decides to hack into your machine/ip, but that is NEVER the case when it comes to MMO accounts. That is what happens to corporations/banks etc for information. Not a single game player with little to gain by hacking them.
Malewarebytes and cc cleaner should be in every knowledgable PC users aresonal. Both are very effective and useful programs.
Sorry to hear about your bad luck. I can relate to doing something you regret, because you weren't paying attention. Had plenty of those "blonde" moments.
While I've never been hacked(kinda hard when I don't play the most popular game in the universe), I can understand your pain. It seems like everyone will, at some point, be a victim of this. Either through, a "blonde moment", being stupid and downloading everything you see, or one's child or partner downloads it.
I hate seeing banks pushing everyone into online banking for this very reason. Computer security isn't safe enough. You can't even use your atm cards at gas stations anymore, because of these damn hackers.