Plat-Stealing Hacks

There seems to have been an outbreak of account hacking recently in EQ2. Here’s a typical story, told to me by Chuman, a leader of the guild Lineage on Butcherblock. A good friend and former guildie.

“Our friend was on Vent with us when he gets booted out of the game for no apparent reason. No suspicions yet, since that happens sometimes. Soon the other players see him logging back in. There’s just one problem: our friend says on Vent that he can’t log back in, the game won’t let him. Yet there he is.

Meanwhile, the in-game (hacked) toon says nothing and immediately starts casting Call of the Overlord. Being clued in, we asked our friend, “hey, where’s your bind point?” The hacked toon is followed. It arrives in Freeport and heads for the nearest bank. Fortunately, the toon is then immediately deguilded. However, it goes to a vendor, and armor begins disappearing. Finally, with a wave to the watcher, the toon logs out.

This happened after-hours for SOE Customer Service. When all is said and done, the account password, which had been changed, had been restored. Perhaps, after investigation, the account assets will be restored.”

The most noteworthy thing about this account, which I’ve seen more or less mirrored in several other similar stories, is the fact that it begins while someone is online. This strikes me as both difficult to do, and an odd strategy. Why not do the theft in the middle of the night?

Ok, let’s review some basics. Lots of account damage is done by someone who was trusted, and who violated that trust. Friends, lovers, spouses, and exes. We’ve all heard the story of the jealous boyfriend who deleted all the toons. That’s not what this is. It’s theft. Organized theft. Get in, get as much as you can, then get out, and on to the next victim.

I can think of two ways in which you might bump someone off their account. First, if you can find out their IP address, you can send a denial-of-service (DOS) attack their way. Basically, this means sending so much data at your computer that the real data from and to SOE’s servers can’t make it through, and the result is linkdeath.

The second way involves hacking into your email. If you have a web-based email account, such as Yahoo mail, Gmail, or Hotmail, and your password to it can be captured, or easily guessed, then all the bad guys need to do is go to the Station website and tell them you’ve forgotten your password. Sony will then send you an email with a link that will reset your password, and force-logout anyone who happens to be online.

I think it is plausible that email adresses and toon names might have been gathered by plat sellers. And I can imagine that those who have been hacked might not be up-front about their purchase of plat from said sites.

Another major suspect, beyond email hacking, is some form of keylogging software, maliciously downloaded via some website. This Yahoo article mentions Lord of the Rings online. LotR can’t be the only game of interest to thieves.

I’m planning another post where I talk about security measures. In the meantime, use common sense.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>