It’s no fun being hacked :(

Luckily this hasn’t happened to me but to a guildie this week. While never a cool thing at all, I thought I would use this issue (and my experience with attempted hacking)  to illustrate a few points regarding Blizzard and hackers.

Firstly a bit of background
The guildie in question uses an authenticator and knows plenty about pc security. This means regular pw changes and checking of computer for spyware, maintaining a good AV and firewall (that are kept updated) and not visiting any suspect websites (e.g. goldsellers and such).

So what happened?
Well, the authenticator was temporarily removed from the account. Then, a couple of days later my guildie logged in and noticed that on the character selection screen a few toons were wearing the wrong gear, upon logging in they discovered that all gear had been sold, banks and bags emptied, all VP etc spent on BoE stuff and so on. Obviously this is a rather distressing thing to happen, so Blizz was ticketed and within an hour a reply was received and they returned the gear via in-game mail. Unfortunately this was followed within an hour by an email stating that the account had been locked due to illegal activities (it would appear that the hacker had been trying to sell gold/gear for real money).

This however was resolved by a call to Blizzard and the ban was removed and the account sorted and handed back to the rightful owner with no trouble.

This raises a couple of points regarding account security, Blizzard etc

Firstly, despite all the usual whining that goes on in forums about Blizzard customer support, this issue was resolved swiftly even when there was a mistake made (probably automated) that was also fixed quickly. The support staff were sympathetic to the issue and wished to resolve it as soon as possible. This is the complete opposite of what many people would have you believe – namely that Blizzard CS is a bunch of  gits who positively delight is randomly banning accounts and then making it as difficult as humanly possible to retrieve and unlock. If this ever happens to me I sincerely hope I get the same kind of response to my issues.

Secondly, and this is definitely a worrying point, how the hell did the hackers get the details in the first place? Due to the barrage of regularly updated security software (and regular scans) a keylogger or similar would seem almost impossible. The details were not given out to websites and such. It is worrying that this is still possible despite taking as many precautions as possible.

The brief lack of authenticator isn’t really the problem as that simply removed the last layer of security that allowed them in, but in order to get in you still need an email address and password. As I said before this is the potentially very worrying part – that somehow people can get your details even when using unique emails, passwords and so on.  It paints a picture of a poor little lone WoW player on an island surrounded by hungry sharks with nothing more than an authenticator between them and being nommed by a bunch of hackers.

That is certainly not to say that the authenticator is totally secure, nothing is absolutely guaranteed 100% unbreakable but something based on an algorithm that changes the codes every 30 seconds or so is obviously more secure than only having  something static or that changes more infrequently (e.g. your email and pw).

So how can you protect yourself?  

  • Paranoia – As Blizzard is fond of saying NEVER share your email and password with anyone, I know that a lot of us don’t necessarily stick to that and share details with spouses, friends etc, but it is still true that the smaller the number of people that know you details the less chance there is of it screwing your account. I don’t just mean them messing with you or telling someone else your details (though it can happen) , how about the scenario where you give a friend your details because he is going to do your dailies for you while you’re on holiday? Maybe they are not as strict with regular scans as you and have a keylogger on their system, even with total trust and no funny business you can still potentially lose  your details.
  • Regular sweeps – Again, a common blizzard saying but again its true. Keep your anit-virus, firewall and anti-spyware software up to date and use it. Run scans at least once a week (or more often if your machine is regularly on without being used). Even without paying for stuff there are plenty of good free programs out there. Personally I use AVG (Anti-virus), Zonealarm (firewall) and Spybot SD (anti-spyware) and (touch wood) can say I have never had a single trojan, worm, virus or anything else (and thats running 3+ computers over more than 5 years)
  • Blizzard Authenticator – Yh they cost £5 or something, and maybe you don’t want to give Blizzard anymore of your hard earned cash, but you pay £9 a month to play so look at it as 2 weeks play time to secure your account that little bit more. As I said above, an algorithm that changes the codes every 30 seconds or so adds so much security to your account that it is probably priceless if you have multiple characters and have invested a lot of time in them over the years. Remember though, it is just another layer, it is not totally unbreakable, don’t allow other measures to lapse because you have an authenticator.
  • Don’t cheat or cut corners – It’s simple human nature to try and take the easy way out, after look at some of the earliest human inventions such as the wheel and fire – they make life more comfortable and easier. Alas, the temptation is there in WoW as well and its easy to think “hmm, I work 8 hours a day, I wonder how much ore and herbs my toon can gather with 8 solid hours of farming? I could just download this bot and have my farmer spend 40 hours a week gathering while I work.” The same applies to buying gold instead of grinding dailies and such, or deciding you want a high level alt for enchanting but really cba to do it yourself when you could easily pay someone to do it quite cheaply. These services, programs etc carry two problems; 1: they are banned by Blizzard and therefore could get you a perma ban if you use them and 2: a lot of them will be rife with various spyware and such and by downloading, installing etc you are opening yourself to a multitude of potential problems.  Be strong, resist temptation and just say NO! 😀 Anyway, you enjoy playing this game? Don’t you?
  • Have unique details – Having a totally unique email address and password that you only use for your battle.net is a very good idea. It’s easy enough to go and make a yahoo or gmail address or such that is simple to remember and use it for nothing except logging in. Likewise with your password, make it easy to remember but hard to break. use words that are not “real” i.e. not found in dictionarys and such and therefore to a computer will appear to be a string of random letters, try throwing some numbers and the odd symbol in there and suddenly you have an easy to remember to hard to break password. For example, use an old character name or such combined with a phone number and a random symbol, such as “kentari#290789”, if the words and numbers mean something to you then you shouldn’t have difficulty remembering them, but they won’t be easily broken by a program.

There are other ways of protecting yourself from trouble, but following the points above should shield you from the worst of the potential security leaks. The key thing to always remember is not to make breaking into your account impossible, as that itself is impossible, as given enough time anything is breakable, but to make it so damned difficult that the hackers go look for someone with a keylogger and the password “1234”.

99% of ensuring security on your system is about prevention and giving people as little opportunity as possible to break in.

Stay safe out there 🙂

Kat

Advertisements

Posted on May 24, 2011, in General. Bookmark the permalink. 5 Comments.

  1. What? A couple of days does not equal temporarily removed 😉 Unless Blizzard removed the authenticator .. Besides, the authenticators are free from blizzard. You can download the IOS or Android version. And you can run the android version directly from an android emulator on your computer.

    If you use google, you can use your same google account but sufix a .@gmail.com or whatever to the end. When emails go to that address, it goes to your normal gmail account but with that prefix so you know exactly where it came from 🙂

    • It was temporarily removed in so far as it was only going to be for a few days before being put back 🙂

      I mentioned the paid for ones as everyone can easily get and use one without either having a compatible phone or fiddling with emulators 🙂

  2. In the topic of beeing hacked, i thought i had been hacked the other day! 😮

    My hubby called me up and asked me why i had left the guild and deleted my main character (for info, the guild i belong to, is my “2nd home” which i´m an officer in. I have been there since the guild was borned and i am even one of the creators).

    Woooot?!!? I didn´t understand a thing.
    Then he said:
    I talked to [name of another officer] who said you left the guild without a word and when he tried to search you up, he didn´t even find your char anymore! There had been a hot discussion in the guildchat about that situation…..

    Hmmmm…I said that there must have been a mistake…but ofc understood that something must have happened to my account. I feared the worst…that my account had been hacked (gosh, such a nightmare) …. but calmed my senses and immideately went to check it out.

    Ofc my lovely druid was gone…almost looked spookey on the list!!! 😦
    But then i started to think backwards in time…hmmmm….my son was just on my char to show his friend my new mount. Ohhh, could it been him?
    I checked the alts and found a new lvl 1 worgen, named with his friends name…..haha, awwwwwww….ofc they had deleted my char and created a new one for his friend!!! Lol. I found the little rascal and his friend and asked him if he knew what happened….and ofc it wasn´t by purpose he did it…just a small kids mistake. So nNO hard feelings 🙂

    However. I called Blizz support and got my char back in 5 min (just as i left her). So everything was in order quite quick. *sigh of relief* 🙂

    BUT i sort of know how such a feeling must feel like – to become hacked…..absolutely NOT a good feeling! But fortunately Blizz will help out as much as they can (at least for the friends of mine that have been hacked).
    The game is´n´t the worst…the worst is when they hack the pc in general and get into maillists and stuffs 😦

    /over and out

  3. It’s possible for them to have Passwords & login info stored in a database – and then periodically check the accounts that have authenticators on them. It’s possible for them to compromise e-mail accounts. They’re almost like evil santaclaus, they just steal your stuff and it’s almost impossible to find the cause.

    • very true, unfortunately people will go to amazing lengths to try and break into peoples accounts 😦

      lol at the evil santa idea 😛

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: