The hacking business
Hacking is big business. Professional crimminal organizations make millions of dollars from selling gold and power leveling services to gamers. They are not the good guys. They do not wear white hats. The gold they sell you doesn’t come from the little farming bot who fishes in the lake in Goldshire, runs to the vendor sells his fish, then runs back again to his pond. It is much more aggressively fished – and the poor sap on the end of the hook gasping for breath and trying to save his shiny scales – it is some other player whose account has been hacked, like our friend Abruzzi the orc hunter.
Blizzard have posted the following statement on the European official forums, explaining the consequences of buying gold:
Basically what it says is this:
1. If you buy gold you are supporting spamming, botting and key logging activities.
2. A significant amount of the gold you buy comes directly from gold stolen from other players (people like poor Abruzzi, your friends, guildmates, etc) through hacked account.
3. Because there are people who will buy the gold, other people are going to be put through the misery of having their accounts hacked and their possessions stolen.
4. You could be next. If you give your personal details to a gold seller and/or power leveling service, you may be targeted either by an in game hack or credit card fraud in future.
5. It is also against Blizzards Terms of Service – if you are caught, you will be banned.
6. What the article doesn’t say, is that lots of people who send their real money and credit card details never actually receive their in game gold.
How you get hacked
You get hacked after a malicious piece of software is installed on your computer, which steals your account information, sending it to the hacker. The hacker logs on, changes your password and thereby hijacks the account. You can no longer access it, and the hacker can do what he likes with it. The malicious software we are talking about can be in the form of a:
- A keylogger – a very small program that keeps track on all your logins, and then steals your login data. Usually it comes with a tracking cookie that keeps track of your key strokes and sends you unwanted spam, which may contain viruses/keyloggers.
- Spyware – A firewall blocks all incoming data exept programs that it trusts. The firewall trusts Internet explorer, however 95 % of website’s contain tracking cookies designed to give you advertisements based on your needs. Spyware often comes as a cookie. Once on your computer if can infect it with unwanted programs including keyloggers.
- Rootkits – The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. So basically, a rootkit is a litte program that attempts to hide from the security on your pc.
Often you are the person who has installed this malicious piece of software, without realizing it. You might have visited a website that was infected with spyware, downloaded something that was not safe, or clicked on a link or email attachment that had a little keylogger that was just waiting to hop onto your computer.
What you can do to minimized the chance of it happening to you
- Don’t buy gold or power leveling services. If there were no customers for these services, they would have no business, and would not be hacking people’s accounts… into your account.
- Don’t buy gold or power leveling services. Many people who give their information to these services often become victims of the hackers themselves at a later date. There are also instances of your credit card information being misused outside of the game.
- Keep your password and account safe and secure from others. Never give out your password.
- Check the box on the log in screen that remembers your username so that you don’t have to type that each time.
- Some people say that keeping your password in a text file, and then copying and pasting your password into the log in screen each time, rather than typing it is safe from keyloggers, others say keyloggers can pick up copied and pasted text too. I am not sure on the answer here. It’s probably safer than typing it but not completely safe. (If you do keep you password in a text file, make sure that file is safe from others too, if someone else has access to your computer you will need to password protect the file.)
- Think about buying a Blizzard authenticator. They cost $6.50 and you can get one from the Blizzard Store here. The authenticator is simple and easy to use and adds an extra layer of security to your account. Each time you log on, it allows you to provide a unique one-time-only additional password to the account. Only someone with the authenticator linked to that account in their hand can log on to that account. After you have put in your regular user name and password, the account asks you for your authenticator number. You press the button on the authenticator and get a random 6 digit code, which stays for about 5 secs before fading. You type it in and you are all set.
- Be careful about playing on other people’s machines, they may not have the same security measures you do. Randy Jordan from The Instance podcast had his account hacked. As an officer of a huge guild, he also had the horror of having his guild bank emptied. He said on the podcast that he thought the hack happened, because he logged onto WOW from a friends PC.
- Make sure you have up-to-date virus checking software on your computer and that you run scans regularly. (The further information links below will suggest some if you don’t have one.)
- Make sure you have a anti-spyware program in addition to your virus checking software, that its up-to-date and scanning regularly. (The further information links below will suggest some if you don’t have one.)
- Make sure you have a firewall on your computer that prevents others accessing it. (The further information links below will suggest some if you don’t have one.)
- Make sure your computer is up-to-date – i.e. run any software updates for your web browsers, operating system and other software. Sometimes security loop holes may have been found and these software updates close these loopholes.
- Most people in the know, suggest that currently Firefox is a more secure web browser than Internet Explorer. On my PC I did move to Firefox and I had a few problems with it (deleting bookmarks every time it updated, something a friend also experienced), this may now be fixed, but I am not going to tell you it’s a must have. I am also a Mac user and love the Safari web brower on the Mac, which you can also use on a PC. I am no sure how the security of Safari run on a PC compares to Internet Explorer or Firefox? Anyone know?
- Mac users aren’t invulnerable, but they are safer generally than PC users, there tend to be less trojans and keyloggers aimed at Macs. I’m not telling you to go out and get a Mac (though I love mine), and I am not telling Mac users not to follow all the advice above. But I do feel a little bit safer on a Mac.
- If you have the luxury of more than one computer, think about using one to play games on and the other to surf the internet on and download files.
- Be very careful downloading files and clicking on email attachments. Be very wary of files ending with .exe .com .bat or .scr extensions. Obviously, these can be programs you want and mean to download, but they can also be keyloggers and trojans.
- I know someone who got hacked after he downloaded shared files from a less than legal music sharing website. Be careful with less reputable sites.
- Addons can be targeted by keyloggers. Be careful when downloading addons. Addons are safe as long as you are careful. Just download them from a reputable site, stick to the popular ones with lots of downloads, and be wary of any that come as .exe files.
What do do if you are hacked
People usually find out that they are hacked, either when they try to log onto the game and find their password will not work, or when they receive an automatically generated email from Blizzard to say that they have changed their password.
- Use Blizzard’s automated password recovery here – get the password back, change it quickly to minimize any damage.
- Install/update/run virus checking/spyware/firewall and other security measures suggested above to try locate and remove the malicious software that compromised the account in the first place.
- Change the password again, having removed the malicious software.
- Check other realms to ensure that no characters have been created on other realms. Delete any new characters you find there. (I heard of a case where someone was banned, because the hackers were running characters on another realm, they had not changed his password, so he was continuing to play, oblivious to the misuse of his account.)
- Contact Blizzard as soon as possible to tell them what happened, see whether you can get any of your stolen items back, and ensure they know that any use to which the account was put during the period of the hack, was not you. Don’t delay contacting them, they are more likely to be able to do something if you do so immediately. Also be polite and professional and give them as much information as you can. Reports are variable as to how helpful Blizzard are. I am not sure if this is luck of the draw, in who deals with your case, the details of your case, or how you approach it with Blizzard.
Blizzard contact details:
- Website: http://us.blizzard.com/support/webform-us.xml?gameId=11
- E-mail Form: Billing@Blizzard.com
- By phone: 1 (800) 592 5499 (1-800-59-BLIZZARD) (Automated 24 hours – Live Representative Mon-Fri, 8AM-8PM (PST))
Another good friend got hacked recently. He discovered the hack within 24hours, changed his password with the password recovery and was able to resecure his account. His bank had been emptied, his two low level toons stripped. His raiding toon was being used to farm instances, so was at least still in his raiding gear, so he was able to salvage something. It was an upsetting experience. He ended up deleting one of his leveling alts, and lost a lot of what he had had worked for to get prepared from Wrath.
I hope this never happens to you. And I hope Abruzzi and others like him are able to get their WOW items and gold back. No one can ever be 100% safe (not without unplugging your computer and never logging on to the internet or WOW, but what sane person would do that?) But follow some of this advice, and that in the further information below, and hopefully you can minimize the risks.
Thanks to Eldariel on the Eu Forums for this excellent post on how to keep your computer safe here.
WowInsider summary of Eldariel advice and similar advice here.
Blizzard Support info on account security here.