How you got "****"

SylenThunder - Twilight Temple · October 2011

As most of you know, there's been a rise in the number of people claiming to have been "****" over the past several months.

Now the primary reason people get their accounts compromised is because of poor security. It's that simple.

Here's a list of the most popular methods.
1. You've shared your account information with someone. They got greedy/pissed at you/whatever and stole your stuff.
2. Someone knows you well enough to have figured out your information.
3. Someone you know has access to your computer, was able to discover the login/password that you use everywhere and use it against you.
4. You have poor system security, acquired a virus/keylogger, and it's been used against you.
5. Someone on your network is sniffing your packets and was able to get the login/password that you use everywhere and use it against you.
6. Someone near you is sniffing your wireless packets, ect. ect. you get the idea. ('Near' is a relative term. Given the right conditions and technology, 'near' could be almost a mile away.)

I'm thinking that the latter is becoming more prevalent, but the majority of the time it's options 1-3.
Just to show you how easy it is to sniff data packets, here's a guide. Yes, it's that easy.

How to protect yourself from getting "****"
1. Don't use the same login ID and password for everything.
2. Use complex passwords. Rather than something easy like "thunder14", use "^UR2kewl4M3!"
3. Have a GOOD anti-virus program and keep it properly updated. You wouldn't believe how many times I see systems that just have the 30/90-day trial software that came with their computer 5 years ago. I personally recommend Avira and Avast as both are free and often rate better than some paid software like McAffee and Norton.
4. If you're using wireless or any semi-public network, heighten your security. The article I linked above gives you a good idea of what you're up against.
5. Secure your home network. Use the highest level on encryption that is available on your devices. With BT4 on my laptop I can crack a WEP network in about 10 minutes if there's decent traffic. WPA within an hour if the key is easy enough.

"Now you know... and knowing is half the battle!"
-G.I. Joe
b:victory

Hope this helps. Ran across some stuff I did recently and thought I would share.

_Nerox_ - Dreamweaver · October 2011

your pass?
^UR2kewl4M3!

Roseary - Sanctuary · October 2011

_Nerox_ - Dreamweaver wrote: »

your pass?
^UR2kewl4M3!

Of all that SOLID GOLD information he provided you, that's what you retained?

Longknife - Harshlands · October 2011

Roseary - Sanctuary wrote: »

Of all that SOLID GOLD information he provided you, that's what you retained?

Hey for all you know OP has 20 Ocean orbs on his account and Nerox just cleaned them all out. That's pretty useful info imo.

laloner · October 2011

I think the best way to make a password easy to remember and hard to guess is to put the numbers in the middle of the word. Thun14der is easy to remember and hard to guess, hard for a puter to come up with through brute force.

Wqljarlc2434alkj might be a safer password but the difference isn't worth the trouble of remembering it.

Zanryu - Dreamweaver · October 2011

Longknife - Harshlands wrote: »

Hey for all you know OP has 20 Ocean orbs on his account and Nerox just cleaned them all out. That's pretty useful info imo.

Nah, he only had like 12m. I checked. b:surrender

Deceptistar - Sanctuary · October 2011

_Nerox_ - Dreamweaver wrote: »

your pass?
^UR2kewl4M3!

i LOLed

But back to the OPs thread. This is assuming that the hacker is not a program correct?

WarrenWolfy - Sanctuary · October 2011

SylenThunder - Sanctuary wrote: »

1. Don't use the same login ID and password for everything.
2. Use complex passwords. Rather than something easy like "thunder14", use "^UR2kewl4M3!"

Personally, I think these 2 points are exactly why so many people get **** nowadays.

Virtually every security "expert" out there says things like, "Use a different password for everything, and make sure it's a complicated assortment of letters, numbers, and symbols."

Yet these "experts" then seem dumbfounded if you point out to them that those two points are mutually exclusive. Our brains don't work that way, so if we try to take the advice, we forget our passwords (Unless we write them down, but the security "experts" will blow a gasket if they find out you've done that).

So of course at that point people have to fend for themselves, and thus they make mistakes because the "experts" do nothing but repeat their useless advice and judge those who cannot adhere to it (ie. everybody) and say, "I told you so!"

The good news, though, is that as with many things in life, XKCD has a comic that perfectly summarizes the absurdity of the issue, and also reveals the common-sense solution: http://xkcd.com/936/

Bubbles - Morai · October 2011

3. Someone you know has access to your computer, was able to discover the login/password that you use everywhere and use it against you.

Not impossible, but not very likely. If someone managed to get inside of your computer, the last thing they would steal is the game login for a f2p mmo.

4. You have poor system security, acquired a virus/keylogger, and it's been used against you.

Again, not likely, but not impossible.

5. Someone on your network is sniffing your packets and was able to get the login/password that you use everywhere and use it against you.
6. Someone near you is sniffing your wireless packets, ect. ect. you get the idea. ('Near' is a relative term. Given the right conditions and technology, 'near' could be almost a mile away.)

That only happens if you are on a unsecured/unencrypted connection (aka the internet you are using does not have a password to it).

I'm thinking that the latter is becoming more prevalent, but the majority of the time it's options 1-3.
Just to show you how easy it is to sniff data packets, here's a guide. Yes, it's that easy.

Firesheep is really only a concern if you are on a unprotected internet connection. That's usually at areas with free wifi, and most people using it would rather steal your facebook account.

2. Use complex passwords. Rather than something easy like "thunder14", use "^UR2kewl4M3!

A good way of knowing if you have a good password is this.

3. Have a GOOD anti-virus program and keep it properly updated. You wouldn't believe how many times I see systems that just have the 30/90-day trial software that came with their computer 5 years ago. I personally recommend Avira and Avast as both are free and often rate better than some paid software like McAffee and Norton.

Microsoft Security Essentials is also good for those who prefer stuff from Microsoft.

5. Secure your home network. Use the highest level on encryption that is available on your devices. With BT4 on my laptop I can crack a WEP network in about 10 minutes if there's decent traffic. WPA within an hour if the key is easy enough.

Even though you pointed this out, I wanted to reaffirm other points in your post so it's a bit more clear.

Ikarium - Dreamweaver · October 2011

Bubbles - Lothranis wrote: »

Not impossible, but not very likely. If someone managed to get inside of your computer, the last thing they would steal is the game login for a f2p mmo.

This^^ lol

I have argued this before too......people think that they get legitimately **** and all the hacker takes is a login for a f2p MMO, lol. Like anyone actually cares about PWI pixelated goodies that much.

Deceptistar - Sanctuary · October 2011

Bubbles - Lothranis wrote: »

A good way of knowing if you have a good password is this.

It would take a desktop PC
About 690 trillion years
to **** your password

I think i might be ok!

Alasen - Heavens Tear · October 2011

343 sextillion years LMAO

mcfreakie · October 2011

You mean using the same password I use for my luggage of 12345 wont work?

Deceptistar - Sanctuary · October 2011

the more random letters numbers i add, the more it shows me some unknown counting vocabulary word...

Deteriorate - Harshlands · October 2011

Deceptistar - Sanctuary wrote: »

It would take a desktop PC
About 690 trillion years
to **** your password

I think i might be ok!

I like how willing you were to put your password into that site.

****ing lawl. b:chuckle

SylenThunder - Twilight Temple · October 2011

#3 is more commonly a sibling or room mate. It's a lot more common than you may think. They will typically dig into your other MMO's and e-mail as well.

#4 is something that you see mostly with people that are trying to download cheats for the games and the cheats contain keyloggers.

#5 and 6 can happen on an encrypted network, especially with low encryption standards. FireSheep is not something I'm familiar with. I've been using BackTrack and WireShark for years. Yes, people using it are more likely to get your facebook or e-mail info. But going from there, they read your email, see your purchases from the MMO's, if they have a similar interest, there goes your stuff. Also, open college networks and dorms are very common for this type of attack.

As for Microsoft Security Essentials, It's good if you're running on Vista or higher. From what I've seen of it in Windows 8 it's pretty slick. On XP it's not a good choice though, and on Vista it will slow your system down more than the others. It also has a habit of not completely removing threats when it says it does.

P.S. I used Bubbles link on my easy password and it came back with a year. The examples I provided varied from 4 days to 5 million years.

Alasen - Heavens Tear · October 2011

Ikarium - Dreamweaver wrote: »

This^^ lol

I have argued this before too......people think that they get legitimately **** and all the hacker takes is a login for a f2p MMO, lol. Like anyone actually cares about PWI pixelated goodies that much.

If u knew ANYTHING about RMT, which you obviously don't, you'd know there's people out there (most of the RMT are in china and Korea actually) that ALL THEY DO is try to steal people's MMO ACCOUNTS to get more coins to sell on their sites (u kno.... sites that sell coins for games like this **** popping up on here?).

**** happened to me on another game, long story short..... the NIGHT i bought a ton of stuff off the AH on FFXI, i got targeted and they snuck a dataminer on my system. And no it wasnt' there b4 then. Next mornign a rmt was trading all my **** to a new toon named somthingl like "fdsdhjlg". This was b4 Square Enix started using those keychain random code things (that u physical have at home once they send u one) that give u a EXTRA random code to log on with once it's linked to your account. WoW uses the same thing. My friend got a GM to lock my accoutn down while i was in the process of calling SE myself and runnign a virus scan (remember i had run one the NIGHT b4 all this ****), and bingo... dataminer that wasnt' there before.

So yes not only do these RMT (real money traders) coin selllers **** people's pc's JSUT for the game items u have, but they CAN target somone within 12 hours.... Christ one point in FFXI they were literally gettign in the backdoors on people's pc's, and kicking them off their freaking PC (or off the game), without actually logging the toon off. All everyone else saw was this person (who was just "spoofed") just ups and warps outta whatever dungeon we were in. Then goes to sell all their items.

You have no idea what these people are capable of...... Thought PWI had found ways to make this **** not worth doing here, one HUGE reason i like this game, dont' have to see their ****........ but now they're here...... RMT may be illegal in the US but it isnt' in china... or Korea. In fact Korea has a section of governemt dedicated to gaming and promoting f'ing RMT..... so........ ya..........

Tsukyini - Raging Tide · October 2011

Alasen - Heavens Tear wrote: »

**** happened to me on another game, long story short..... the NIGHT i bought a ton of stuff off the AH on FFXI, i got targeted and they snuck a dataminer on my system. And no it wasnt' there b4 then. Next mornign a rmt was trading all my **** to a new toon named somthingl like "fdsdhjlg". This was b4 Square Enix started using those keychain random code things (that u physical have at home once they send u one) that give u a EXTRA random code to log on with once it's linked to your account.

SE's support for the **** people was really quite horrible also. b:angry It would be nice if PWE would take a lesson from SE and sell security tokens, but I can't imagine them actually doing it.

VenusArmani - Dreamweaver · October 2011

Is it really that hard to figure out that the reason for increased hacking coincides with another website with PWI data getting **** and the subsequent gold sellers? I imagine the reason so many of em have unique names is because some of them are hacking people's accounts and then liquidating the coin to sell.

Yamiino - Heavens Tear · October 2011

How you got haked? simple, KARMA KICKED YOU IN THE ****.

b:bye

There there.

Alasen - Heavens Tear · October 2011

Tsukyini - Raging Tide wrote: »

SE's support for the **** people was really quite horrible also. b:angry It would be nice if PWE would take a lesson from SE and sell security tokens, but I can't imagine them actually doing it.

actually, SE rolled my toon back to the night before right after i bought everything, i got everything back. Too bad they made the game easier to lvl then Wow and other stuff.... and other **** i wont' get into now, or i'd still be on there.

breeeezy87 · October 2011

Poor guide, but i suppose it's a start for pwi which hasn't had many hacking related issues. PWI isn't a hackers first choice of MMO due to the mass amounts of bound end game gear as well as it's in game gold for coin system along with strict account sale regulations. The game just isn't all that profitable for hackers compared to other MMO's out there. Another thing to point out for the doubters who say there's no such thing as real hackers in MMO's, there are. What you don't realise is not everyone lives in North America, not every country has a minimum wage. Their lack of wages don't discredit their knowledge in programming and ingenuity. Basically what i'm saying is hacking even 20 USD a day can actually be a very viable use of time to a person depending on their living conditions. The reason they target MMO's is that there are generally no repurcusions as opposed to credit card info. It's not so easy to prosecute MMO account theft over international borders. xD

So basically there's 7 methods of having your account logged/stolen.

1. Sharing your info. (not hacking, just misplaced trust.)
-not a lot you can do other than not share info.

2. Sharing too much info in forums, (core connect for pwi), 3rd party sites, using same email for your account as you do for every thing else. (also not hacking, more of a common sense thing.
-Don't use same forum names as your char ID's
-Make an email only for your account and dont subscribe to anything else MMO related with it. Emails are very easy to gain access to.

3. Logging into 3rd party (fake PWI sites) with your account info.
-always make sure a site is linked to perfectworld.com before entering any account info.

4. Keyloggers: usually downloaded from 3rd party MMO related sites with ties to PWI. Small and simple programs that are very hard to detect even with a good, updated anti-viruses program. Keyloggers log all your keystrokes and email them back to the person who setup keylogger. They then search the keylogs for consistency and patterns (ID+PW).(Simple hacking tool)
-Preventing keyloggers is more about awareness, sure anti-virus may help the rare instance (i personally don't use one).
-Don't download files from 3rd party PWI related sites. ie. patches, .pck edits, bots and the MMO notorious "stealth ****".
-You can use a keystroke encryptor that works at driver level, not 100% reliable.
-Onscreen keyboards i've seen recommended but unreliable in my opinion.

6. More advanced tools that can gain access to your entire pc, control anything on your pc from anywhere in the world. These are most dangerous, these kind of tools are often used by people not only interested in the items on the account, but the account itself, they'll have access to your entire pc and be able to change all your account info, email, secret answer, password etc. The tool is nearly impossible for any anti-virus to get rid of on it's own once on your pc, and can lay dormant on your pc for months before ever used. Used by more advanced, ruthless hackers. (I'd post a youtube link of a tool like this i've seen used on MMO's before but not sure it's allowed)
-Like the keylogger more of a preventative thing, careful what you download.

7. Hacking the PWI site/database itself, harder to do, but no where near impossible. Deals with site encription and secret answers etc. Every account/character created has it's own ID, pro hacker could gain access to all info, but won't get into this seeing as there's no preventative measure for the players.

I'd sticky this guide, good luck, be safe.

StormHydra - Sanctuary · October 2011

Bubbles - Lothranis wrote: »

A good way of knowing if you have a good password isthis.

That is literally the most ironic website I have ever seen.

Sdrassa - Sanctuary · October 2011

Does PWI **** us over at every turn also count as a ****?b:chuckle

Sheswes - Heavens Tear · October 2011

avira... McAffee....b:sweat

what about AVG and Kaspersky?b:scorn

Sukinee - Heavens Tear · October 2011

McAfee and Norton *shudder*

I personally use Malware Bytes and Spybot, they have always been pretty reliable to me.

Also, people don't forget your most important weapon against malware you get online...common sense. b:lipcurl

Lady_Sam - Lost City · October 2011

Sukinee - Heavens Tear wrote: »

McAfee and Norton *shudder*

I personally use Malware Bytes and Spybot, they have always been pretty reliable to me.

Also, people don't forget your most important weapon against malware you get online...common sense. b:lipcurl

+1 to this!

Oh and this ought to be stickied. b:pleased

How you got "****"

Comments

Categories