Monday, April 21, 2008

HACKED!

I got quite a shock when I logged into my account last night to find my bank mule, Maersk no longer on my account. Also missing in action, was my Druid alt, Honorsclaw.

I logged into Honorshammer. He was just outside of the Shadow Labs in some weird assortment of gear. ZA DPS Plate Chest, Season 2 Gloves, Teir 4 Helm and Shoulders, 2.3 Badge Pants and Boots.

He had 16g to his name. In his bags were his Epic Engineering Helicopter, a Hearthstone, and 2 Super Mana Pots. I hearthed him back to Shattrah, and found an empty bank. Well not completely empty. Whoever had been in my account had left his some Obisidan Warbeads, Oshu'gun Crystal Powder, his Holy Mightstone, all of his PVP tokens (WSG, AV, AB, EotS), the Singed Page I kept from the first time I main tanked Prince into the ground, and all 201 Badges of Justice that I had been saving up. They had also abandoned everyone of Honorshammer's quests.

My Hunter was out of gold, he had all his regular gear on. His bags were emptied. Some of my lower level alts were basically untouched. Why they chose to delete my poor 23 Druid, but left my 65 Hunter alone is beyond me. And what in blue blazes were they doing with me in Shadow Labs?

Somehow, someway, someone had gotten into my account. I was very upset.

I logged into the Account Management screen and changed my password. Then I changed it again about an hour later. Then right before I went to bed I changed it again using the onscreen keyboard that comes with Windows.

I started scanning my hard drive with everything I could think of. I tried McAfee Virus Scan, Lavasoft's AdAware and Safer Networking's Spybot Search and Destroy. All these wonderful tools could find were some ordinary tracking cookies. I've been told that the keylogger may have deleted itself once it delivered its sensitive payload. If it's still there it's hiding itself well.

I contacted a GM and they are beginning an investigation.

My guild has been really cool. Several people in my guild have offered gems and gold to help get ole Honorshammer back on his feet. We can remake the Frost Gear for Hydross. Whether or not I get my gear back is up to Blizzard. I know I can make the gold back eventually, I'm not worried about it.

The hardest part of last night was reading GChat as they struggled with a Gruul's/Mag run. If I had had my stuff, I know I could have helped them. But there I sat in Shattrah.

Crittable. Crushable. Useless.

I felt like Popeye without his spinach, Superman without his cape, Batman without his gizmos, Spidey without his webs.

Everything was right as rain 1am on Sunday Morning, after I logged out following our Mt Hyjal trash party. By 8pm Sunday night, not even 24 hours later,the deed was done.

I'm left with the very perplexing question of how these crooks got my account information.

I consider myself pretty computer savvy. Most people in my circle of friends would come to me in a time like this, but here I am without any ideas. My computer is not safe anymore. That's a very uncomfortable feeling.

One person on this earth knew my password, my buddy, AoesRus. I trust him implicitly. I would have given him anything on that account, and I have access to his account as well. It's possible the thieves got my information off his computer, but his own character was untouched, so that kind of downgrades that as a possible explanation in my mind.

Others have pointed to Wowhead.com, a site that I use quite a bit as a possible culprit. I'm not sure how a website could get my log in credentials.

I've been advised by other players to use a copy/paste method of inputting my password, but I've been told by others that the keyloggers can figure that out.

What I have to do is find out how they got me so I can stop it from happening again. Right now, I don't have any good ideas. Otherwise it won't matter if Blizzard restores my epics or not, it'll just be a matter of time before they hit me again.

18 comments:

Raydz said...

UGGG Oh man...
Dude i am so sorry to hear that about your acct!

Do you remember Oakensledge? He had the same thing happen to him, they took less than a week to get his gold/gear back so hopefully you have the same luck.

I wish i knew something helpfull to say about key loggers, i have heard that most people get them installed by clicking on flash banners, but i dont even know how true that is.

Good luck with your account bro.

bobpally said...

It hurts my heart to read that some useless piece of garbage would do that to you. I'm sorry this happened to such a great player. It certainly makes me think about the security I currently employ. I personally never give my password to anyone period. I also change it once a week. Other than that, and the normal security setups such as virus/spam/spyware protection, along with the best firewall you can find, there isn't much else you can do. Maybe not download anything, ever? These people obviously did this spefically to get the gold. They had to send it somewhere, right? Hopefully blizzard can track down where it was sent and what exactly happened. I hope they find the guys that did it, and put them in jail.....I'm sure blizzard will do what they can for you, and hopefully restore as much as they can.....

Oakensledge said...

Man, sorry to hear about this. If you remember, that same thing happened with my rogue Talonfist, back before I rolled Oak. I can totally sympathize man.

Blizz got my gear back for me but told me that the modifiers on it they coudln't restore ... so the "of the bear", "of the eagle" parts they may not put back but you'll get your base items I bet and your gold.

It's a sad day man and I know how you feel. If I can help you out, please let know.

And before your gear gets back ... let's duel :P

Galoheart said...

I stopped by to get my daily read fix in here and saw those six letters words up top "HACKED" and immediately got the chills. Man so sorry to hear your account got compromised and that you lost your stuff as well as a toon or two. Sucks. Hopefully Blizzard restore your stuff soon. So can only hope you get most if not all your stuff back.

Same thing happened to "Ulushnar" another T5 Tankadin over at http://www.wulfsblood.net/ on his blog last week and he still hasn't gotten his stuff back yet or hear a word as yet and he's about at the same point of progression as you are also. Sucks for both of you.

Getting Hacked seem to be a weekly thing and its getting to the point we all have to be security experts to play a game for fun with all our computers. Even that sucks. I play on a Mac and haven't had any problems but thats no guarantee of what may happen at any point in the future on my account also.

For the most part I do change my Password every few days constantly. Biggest thing is trying to remember what i change it to all the time. I've played WoW for over a year with various stuff addon and vigilant on my own PC also. Its been over a year though since I dumped my drive wipe it clean irregardless. I may do that this week in lite of things since so many people getting hit with a Hack lately. Hope you get your stuff back soon though. Blizzard must be working over time to just work on restoring peoples account when they get hacked alone.

What buggs me though is why people are always left in "Shadow Labs"?

Ataris said...

Dude, I am sorry about those bastards hacking your account.

I've heard the WoWHead.com being the source of hacks, and I believe it's not the site itself, rather than that, the adds that come with it. I have set the noscript addon on Firefox up to allow wowhead.com but not the advertisement sites, but I guess you can't be too sure either.

I really hope you get your stuff restored.

Galoheart said...

On another note when I change my Password every few days Its never from the same PC that i play on also.

Gwaendar said...

Sorry for your loss.

computersherpa said...

Wow, that sucks, man. I, too, have heard that Blizzard is generally good about restoring lost gear. With any luck, all this will really cost you is a couple days of worrying.

*goes to change his password, just in case*

Gwaendar said...

for changing your password, there's no safer way than downloading a linux live CD, booting it from CD-ROM drive then changing the password using the browser which comes from that thing. There's simply no way to sneak any malware in a CD-ROM.

Lazenby said...

Fracking Hell

This is getting me worried, Ulushnar and now YOU. 2 guys i feel i almost know from reading your blogs daily.

Very very sorry Honor's, hope that blizz can sort this mess out quickly for you. Will be interesting to see if the US gm's are any quicker than Ulu's euro counterparts.

Anonymous said...

you know same thing happened to a buddy of mine, and they left him in shadow labs, i, like galoheart, wonder what the hell they take the toon to shadow labs for, sorry to hear about your loss Honor, they gave him a full account restore, so hopefully same will happen to you

Anonymous said...

dude, that's harsh. could have been worse. i had me a "hack" scare the other day. a prankster was guild chatting using my name and a message from me in his guild chat statements. with the proper spacing it looks damn real.

Brigin said...

honor i feel your pain. I did get hacked several months ago. But I did get my stuff back (not all, but mostly).

I hope everything works out well for you. I had to completely reformat my computer because I could never feel safe anymore after what had happened.

I also started choosing what website I go to and used firefox with no script.

Anonymous said...

How does it help to change your password from a Linux CD or a separate computer? You still have to type it into your WoW client every time you log on, right?

Thanks!

Fedaykin98

Lakini said...

Sorry Honors. You can borrow my tank if needed, though I hear leather tank gear is poorly itemized for paladins.

Gwaendar said...

How does it help to change your password from a Linux CD or a separate computer? You still have to type it into your WoW client every time you log on, right?

Right, but assuming you have made it a regular practice to change your password, keep in mind that stripping an account is a manual process which takes time. Working under the assumption that a keylogging account thief has to select targets manually, log on while the owner is offline, then check all the toons available to go after the juicier parts first, I tend to assume that a password garnered from the blizzard website has a higher value than one from the game (because you protect valuable stuff), something which he would look at sooner in a large list of accounts to check out.

It also prevents you from running into situation like Birgin or one of his guildies (don't remember which one had this particular problem) who got re-hacked right after getting stuff restored by the GM.

In short, I believe it can buy you time and make you look stand out less in a list of potential targets.

Jonathan said...

Happened to me too yesterday ... got to work and checked my email, saw that my password had been changed and I looked up all my toons on the armory ... the 2 that weren't deleted were stripped naked, and my 'lock was dead, naked, in shadow labs. In a bathtub full of ice, missing a kidney.

I've also been unable to find anything keylogger related - Mcafee, Ad-aware, spybot, process explorer, AVG, nothing.

I'd be interested to know if you also have the Curse client, and what addons you use? That's the only thing I can think of.

Honors Code said...

@Jonathan

I used a bunch of mods. Omen, CTRaid, Fubar, Xperl, etc.

I had WoWAceUpdater. Which I don't use anymore. If I'm going to download something, I'll do it manually.

I had an interesting experience with the Curse Client. Downloaded it, installed it but never could get it to work, so I uninstalled it. I had gotten about 2 weeks prior to getting hacked.