Guild Wars 2

lozerette.2153:

mcl.9240:

If you were educated on the subject, you’d realize that worrying about packet sniffers in this context is foolish. Which has been my entire point all along, and you seem to have missed it repeatedly.

If you were paying attention, you would realize that he wasn’t saying “worry about packet sniffers,” only that it is a tool available to people today. If you re-read the initial post, you’ll see that he was agreeing with you.

Everyone, calm down. Take a deep breath. Walk outside for a bit. (Unless it’s eleventy-billion degrees, then just look out a window or something.)

I swear, you techno-geeks and your pride… (said the techno-geek.)

And if you were paying attention, you would see that there are any number of tools available to people today, many of which you and others are completely unaware. And yes, he WAS saying he was worried about packet sniffers.

Look, this has nothing to do with pride. It has to do with accurately communicating the appropriate level of concern to a largely tech-ignorant userbase. And having someone on here telling people that packet sniffers should be of concern is useless, irresponsible and inflammatory, because — and let me be quite clear about it this time, since a few of you seem determined to not hear this — packet sniffers are not of use in this scenario to obtain your game account information. Not unless you also assume that those using packet sniffers also have a means to move the extremely large amount of data collected by packet sniffers off of the target network undetected (highly unlikely) and then use sophisticated crypto cracking hardware after reassembling the packet flows for a single customer to expose the account name and password, which are not sent in plaintext (also highly unlikely). And all of this presupposes the attacker has administrative access to a switch between the customer and ArenaNet’s servers, and physical access to connect the necessary hardware to collect the data. Or that the attacker has installed a packet sniffer on the individual customer’s machine, which still has all the problems just listed above to be overcome, not to mention the completely obvious and constant disk access caused by running a packet sniffer in that manner, and the very large amount of space necessary to store the resulting files.

I can formulate any number of attack scenarios that are possible, using off-the-shelf software and hardware and publicly-available techniques. the vast majority of these scenarios also have likelihoods so close to zero as to be pointless to bring up. The use of a packet sniffer to collect an individual’s videogame account information falls squarely into that category.

Seems that you goal here is just to contradict by exploiting opinion and then clouding your opinionated argument with technical details…
I am here to help, you look like your looking for an argument. From the beginning your responses on this thread you have been extravagant to the point of narcissistic, can we please remember this thread was to further encourage the guild wars 2 community to use different and secure passwords for all their online accounts… or are you going to continue throwing your tech security manual around? I am not writing essays to combat your points not because I am not capable, but simply because it is not relevant to this topic. If you wish to continue this theme of discussion I would implore you to create another thread. Thank you

You seem to misunderstand how positions are put forth in discourse: they are, by definition, positions backed by fact (your “technical details” which you claim are “clouding my opinionated argument”).

If you have fault to find with what I’ve said, please do so.

But don’t sit there and act like you’re trying to “help” and “encourage the guild wars 2 community” by trying to make GW2 users afraid that packet sniffers may be used to obtain their account information. That’s the very height of FUD, and anyone with an once of technical expertise would know that.

Which is, I believe, the difference here. I actually possess extensive security experience and can speak authoritatively on the matter. You, unable to counter my position, act as though I’m being argumentative because you dislike someone pointing out that your assertion is not only inappropriate, but borders on scare-mongering.

Who’s helping more, the person who’s attempting to instill an appropriate level of caution in the average user by pointing out appropriate and inappropriate areas of concern (me), or the person who’s trying to make them afraid of all sorts of things (like packet sniffers) that they have no need to fear with respect to compromise of their account details (you)?

If you have something relevant to contribute, by all means do so. Start by explaining how and why your obsession with packet sniffers is a credible threat in the specific scenarios of 1) GW2 account information being stolen by casual hackers, and 2) GW2 account information being stolen by organized groups who use the information to further their interested in illegally monetizing in-game items and currency.

I’ve already explained why that particular attack vector is not one to be concerned with. You seem to have a contrary opinion, though you seem to lack any sort of factual basis for it. Since you claim to be capable of writing at length on this issue, by all means do so.

Or kindly retract your position.

Thanks for proving my point

Alexixiv.4582:

mcl.9240:

You seem to misunderstand how positions are put forth in discourse: they are, by definition, positions backed by fact (your “technical details” which you claim are “clouding my opinionated argument”).

If you have fault to find with what I’ve said, please do so.

But don’t sit there and act like you’re trying to “help” and “encourage the guild wars 2 community” by trying to make GW2 users afraid that packet sniffers may be used to obtain their account information. That’s the very height of FUD, and anyone with an once of technical expertise would know that.

Which is, I believe, the difference here. I actually possess extensive security experience and can speak authoritatively on the matter. You, unable to counter my position, act as though I’m being argumentative because you dislike someone pointing out that your assertion is not only inappropriate, but borders on scare-mongering.

Who’s helping more, the person who’s attempting to instill an appropriate level of caution in the average user by pointing out appropriate and inappropriate areas of concern (me), or the person who’s trying to make them afraid of all sorts of things (like packet sniffers) that they have no need to fear with respect to compromise of their account details (you)?

If you have something relevant to contribute, by all means do so. Start by explaining how and why your obsession with packet sniffers is a credible threat in the specific scenarios of 1) GW2 account information being stolen by casual hackers, and 2) GW2 account information being stolen by organized groups who use the information to further their interested in illegally monetizing in-game items and currency.

I’ve already explained why that particular attack vector is not one to be concerned with. You seem to have a contrary opinion, though you seem to lack any sort of factual basis for it. Since you claim to be capable of writing at length on this issue, by all means do so.

Or kindly retract your position.

Thanks for proving my point

So you have no means to actually back up your claim that packet sniffers are a legitimate threat to GW2 account details?

I thought as much.

You need to realize that there are people out there with a great deal more knowledge on certain subjects than you, and every now and then you might get caught out by one of them if you happen to make an incorrect statement about their area of expertise. The correct response in such situations is to thank them, not to act indignant and insult them, or act like you’re somehow superior in your ignorance.

Like you’re doing now.

Making baseless assertions about potential security threats in a subforum full of people who are currently quite concerned about their account security distracts them from more meaningful, appropriate areas they should focus on and also wastes the time of the support personnel, who start fielding tickets about things like packet sniffers. GW2 users need to be concerned about using unique email addresses, and unique, strong passwords (“strong” being defined by me on the previous page; length alone is not adequate). They do not need to worry about packet sniffers, as the cost:benefit ratio for the attacker is too high.

Please consider the ramifications of making such statements in the future.

The disturbing thing to me is how easily most people dismiss security threats on this scale as random customer faulted attacks.

- It must be your unsecured wireless and someone hacked you
- It must be that you reused a UID/PW
- It must be that you have a key logger
- It must be that someone is using a packet sniffer and got your credentials
- It must be that you have multiple AVs running
- It must be that you dont use an AV
- It must be that…..

So if any of these are true please explain how the attacks are resulting in French IPs, Chineese IPs, Korean IPs, US IPs, and so on…..

The vector is an unknown from where I’m sitting and the dispersion is wide. Logic doesn’t direct this as script kiddies and organizaed attacks are not likely this broad. It’s more likely that an ArenaNet vulnerability was posted on several foriegn hacker sites and it’s being exploited. It’s also plausible that the hackers have an email list but not everyone being hacked is using old reused emails or passwords.

I don’t claim to know what’s going on but I sure have a lot of free time to speculate since my primary account (this is a 2nd one I purchased) has been taken twice and I’ve had no access for 8 days.

@mcl I can google just as you can, your ignorance is showing through your insecurity of your knowledge compared to a random forum person. I have nothing to prove, you seem to have a lot. I choose to use my powers for good, not trolling

Widowmaker.5812:

The disturbing thing to me is how easily most people dismiss security threats on this scale as random customer faulted attacks.

- It must be your unsecured wireless and someone hacked you
- It must be that you reused a UID/PW
- It must be that you have a key logger
- It must be that someone is using a packet sniffer and got your credentials
- It must be that you have multiple AVs running
- It must be that you dont use an AV
- It must be that…..

So if any of these are true please explain how the attacks are resulting in French IPs, Chineese IPs, Korean IPs, US IPs, and so on…..

The vector is an unknown from where I’m sitting and the dispersion is wide. Logic doesn’t direct this as script kiddies and organizaed attacks are not likely this broad. It’s more likely that an ArenaNet vulnerability was posted on several foriegn hacker sites and it’s being exploited. It’s also plausible that the hackers have an email list but not everyone being hacked is using old reused passwords.

I don’t claim to know what’s going on but I sure have a lot of free time to speculate since my primary account (this is a 2nd one I purchased) has been taken twice and I’ve had no access for 8 days.

It’s also possible that attackers are simply brute-forcing email addresses. You have no information on the number of failed attempts at account access based on account name rather than password.

It’s entirely possible that attackers are using email addresses harvested from the recent compromise of battle.net. Or the recent compromise of Bioware (and, by extension, EA). Or any of the various gaming forums and websites.

You also have to realize that email addresses are extremely easy to guess. The number of domains used for email (the string on the right hand side of the “@”) is quite limited (not counting people who buy and manage their own domains for email and other purposes). With that in mind, guessing at the left-hand-side — the username for the email account — is relatively easy since most people use some variant of their name, and/or a common set of word variants. The same dictionary attacks that may be applied to passwords may also be applied to finding valid email addresses. Researchers in the spam community have done numerous studies on this, since that’s one way in which spammers find valid email addresses.

The attacks originate primarily from China because that’s one of the major locations for gold-selling operations. You have to understand that these things are run like a business there, with a payroll and employees. It’s an organized, concerted effort. Their livelihood depends on being able to obtain fresh accounts on a regular basis.

Just as it doesn’t have to always fall to the fault of the user, it doesn’t necessarily point to some sort of security breach at ArenaNet, either.

Alexixiv.4582:

@mcl I can google just as you can, your ignorance is showing through your insecurity of your knowledge compared to a random forum person. I have nothing to prove, you seem to have a lot. I choose to use my powers for good, not trolling

You can claim I’m wrong all you want. Your claims are meaningless without some factual basis for them. You’ve yet to make anything but unwarranted and unsupported assertions that are nothing more than fear-mongering.

mcl – your idea is plausible but it’s unlikely here. While we don’t have data I can tell you this as fact,

When my account was taken the first time, I blamed myself. I ran Avast boot-time scans, Microsft Security Esstentials scans, installed a keylog scanner, ran it and monitored for activity. I found nothing during the 5 days my account was lost. After I got my account back, I created a brand new email, used a trusted security site for generating random ASCII passwords and created a 32 character password. I updated my account with the new information and validated my email.

24 hours later my account was taken again.

This time while I’m waiting, I’ve deleted my C drive, formatted my drive and have only reinstalled Avast!, Office, and Guild Wars 2. I’ve been logging and watching my network and there’s been no local access attempts. The only conclusion I can come to is that ArenaNet’s compromised not me. Anything else is pure speculation as there’s nothing more a customer could or should have to do to use their product….

@mcl
If you need instructions for how to open a new thread I would be more than happy to oblige

Widowmaker.5812:

mcl – your idea is plausible but it’s unlikely here. While we don’t have data I can tell you this as fact,

When my account was taken the first time, I blamed myself. I ran Avast boot-time scans, Microsft Security Esstentials scans, installed a keylog scanner, ran it and monitored for activity. I found nothing during the 5 days my account was lost. After I got my account back, I created a brand new email, used a trusted security site for generating random ASCII passwords and created a 32 character password. I updated my account with the new information and validated my email.

24 hours later my account was taken again.

This time while I’m waiting, I’ve deleted my C drive, formatted my drive and have only reinstalled Avast!, Office, and Guild Wars 2. I’ve been logging and watching my network and there’s been no local access attempts. The only conclusion I can come to is that ArenaNet’s compromised not me. Anything else is pure speculation as there’s nothing more a customer could or should have to do to use their product….

If that were the case, all ArenaNet accounts would be hacked. But they haven’t been. Since the attackers exhibit a pattern of compromising an account and then immediately using the account, it would appear that the attackers are using the accounts as they obtain them. This is not the behavior of an individual or group that has access to every account on ArenaNet.

mcl.9240:

Widowmaker.5812:

mcl – your idea is plausible but it’s unlikely here. While we don’t have data I can tell you this as fact,

When my account was taken the first time, I blamed myself. I ran Avast boot-time scans, Microsft Security Esstentials scans, installed a keylog scanner, ran it and monitored for activity. I found nothing during the 5 days my account was lost. After I got my account back, I created a brand new email, used a trusted security site for generating random ASCII passwords and created a 32 character password. I updated my account with the new information and validated my email.

24 hours later my account was taken again.

This time while I’m waiting, I’ve deleted my C drive, formatted my drive and have only reinstalled Avast!, Office, and Guild Wars 2. I’ve been logging and watching my network and there’s been no local access attempts. The only conclusion I can come to is that ArenaNet’s compromised not me. Anything else is pure speculation as there’s nothing more a customer could or should have to do to use their product….

If that were the case, all ArenaNet accounts would be hacked. But they haven’t been. Since the attackers exhibit a pattern of compromising an account and then immediately using the account, it would appear that the attackers are using the accounts as they obtain them. This is not the behavior of an individual or group that has access to every account on ArenaNet.

I’m not sure I agree. A week ago it was 11,000 reported accounts. We don’t know how much this has grown to but we do know that the stream of support threads on hacked accounts hasn’t stopped.

We also know that pattern or not, most people aren’t getting “rehacked” like has happened to me so that in itself is a pattern and indicates a path of least resistance.

You can’t tell just because there are no rehacks that the attack vector is client side.

Angelkitten.3674:

No its a fake email, they mask who it’s from.

You even said your self you haven’t got a Diablo III account, it’s for stupid people who click the link that links to a really random mix of us. someword here blizzards website.

It’s fake, it’s not real, just another misinformed person claiming security breaches…
I get it to my email address that isn’t even a battle account

Actually, common practice for hackers is to manually change the e-mail address associated with the new game’s account, to an e-mail from a large database of accounts that they have collected (either through stupid mistakes, keyloggers, or even actually hacking a company’s servers). If the e-mail change goes through, then that e-mail does not have an account with that game. If it doesn’t go through, they’ve got your number, and know you have an account with that game.

Obviously, these game developers need to start putting in proper verification responses where you have to actually verify the change from your e-mail address.

DrakeWurrum.6049:

Angelkitten.3674:

No its a fake email, they mask who it’s from.

You even said your self you haven’t got a Diablo III account, it’s for stupid people who click the link that links to a really random mix of us. someword here blizzards website.

It’s fake, it’s not real, just another misinformed person claiming security breaches…
I get it to my email address that isn’t even a battle account

Actually, common practice for hackers is to manually change the e-mail address associated with the new game’s account, to an e-mail from a large database of accounts that they have collected (either through stupid mistakes, keyloggers, or even actually hacking a company’s servers). If the e-mail change goes through, then that e-mail does not have an account with that game. If it doesn’t go through, they’ve got your number, and know you have an account with that game.

Obviously, these game developers need to start putting in proper verification responses where you have to actually verify the change from your e-mail address.

I agree. It may also be time to start using a console approach to entering your credentials. If ArenaNet posted a webbased keyboard for entering in credentials to the site and the same for the client, there would be no keys to log except a mouse click… if that truly is the attack vector.

They should change the name of this forum to the “Misinformation and Conspiracy Theories” forum seriously.

A while back hackers released a list of 400,000+ passwords taken from a popular blogging site. The most popular password was “54321” the second most popular “12345” the third most popular (and my personal favorite) was “password”….

Nearly half of the passwords were only numbers or only letters, of those that were mixed the most common practice was a series of letters followed by a a number. Most of these numbers were either XX or 19XX with XX being a 2 digit number greater then 70 meaning a year since 1970. More then 70% of passwords contained no spaces and were 8 characters or less, and more then 90% contained no symbols (I.E. #,%,&,?) and were 10 characters or less. Trends like these make brute force attacks very simple and effective.

IPs from all over the world are used because A) There are hackers all over the world and because it isn’t all that hard to make it look like you are in any country in the world when in fact you aren’t.

Games like this are common targets because their is money to be made and their are no consequences for doing it. Hack a bank… you could got to jailf or decades. Hack an MMO no one gives a crap… So in many ways you should treat MMO account safety more seriously then almost any other account you have because it is the most likely to be tested.