Keylog Attack ~How My Story Ended~Follow

...

Edited, May 16th 2007 8:24am by Pixela

Wrong as another poster mentioned.

I 2 boxed for some time and had no problems kicking myself off and signing on with my other gaming box.

If anything at all this is SE's fault for not being able to look up account history for billing info, just the current history.

It would have solved all of their problems except the people looking to cheat account buyers who have their own means of recourse. SE's customer management system is just simply lacking if it's really so limited that they cannot look at something like that.

Ok few thoughts. First as was said you cannot be logged in on two computers silmultaneously. You will get kicked.

Second



I too would like confirmation of this. I haave heard that even auto login feature cannot protect you because a password is still relayed to the server every time you log in, it is simply stored somewhere and exectuted automatically. But I'm not a computer geek in that regards so I don't know what they meant. If someone could answer this I'd be thankful.


Third. I got the tell on Unicorn too. We all did. I guess RMT are hurting so badly they have to resort to drastic measures. On unicorn I forget the name of the guy but the message was like

"I'm quitting the game here is a link to my somethin or other: ~enjoy!!!

followed by said link. I was like... oooook that's not obvious or anything and promptly forgot about it entirely. That sucks you got your account stolen. I can only wonder how many people fell victim and what is going to happen. Its very sad that people will backstab so badly to get something.


On S-E: Their policy is if you don't know the current credit card info and password on the account your boned. I do NOT agree with this. Even if you know the previous info they require the current info.... well *** how am I supposed to know what the info is if I got hacked. If I did I'd just change it back myself. There have been instances where S-E reps have confirmed the card was the same for years and was reecently changed and still cannot offer assistance. This is my one and truly only grievance with S-E customer support, and its a huge one.

As such I take extreme precaution with my account information. I run spysweeper daily and I heed the advice to not click or download ANYTHING FFXI related from the internet. Especially if it's posted and says "we can help make your game better". People who use keyloggers 90% of the time present them in a manner that is hard to resist. They offer free services, or something that will otherwise make your game better by a lot with no cost. But it's almost always booby trapped. The saying "if it sounds too good to be true, it probably is" is always accurate. Someone in the tradeskill forms a few days ago posted a link to a crafting software designed for recording your crafting history, and admitted it had built in hacks to bypass the wait time between synths. I reported the post to the admins and it was removed. Seeing this I'm glad I did because I'm betting it too was part of this large scale attack.

I'm very sorry this happened to you. It sucks. I do hope you get your account back, and I wonder....... just how many people fell victim that day. I prray this has been a learning lesson for many, both affected and unaffected. That being, be careful.

You can still get your account back if you have the original CD key (not the expansion pack key, the original one) that the account was created with. From my understanding, the CD key trumps the credit card info.

I reported the guy that sent me the /t on Ragnarok about a week ago. I've gotten at least 3 /t while standing around in whitegate. I supplied the name of the person, the message, and he wanted to know the time and which zone I was in when I received the /t. I also got the "gil selling secrets" version of the /t.

They should put a warning on the site that's more specific than "don't use 3rd party programs" because some people just don't put 2 and 2 together. It should be pretty much common sense to not go download a program off the internet that a random person you've never spoken with before sent you. (No offense intended to the OP)

I wouldn't stop til I got my account back. If they won't give it back to you the next time, ask for a manager and be stern. Tell him about the recent events and what took place, and tell him that you will get your account back before you get off the phone.

I'm shocked at the number of people blaming the OP in this thread. There is a difference between responsibility and absolute responsibility. The OP consciously avoided running the program after he unzipped it, knowing full well the risk. One cannot blame the user's lack of expertise in the matter every single time, and the company (SE) shares some liability in this scenario for making it a) so easy to take over someone's account and b) so hard to get it back.

I have half a mind to report this business practice of "We need your CURRENT cc info to reverse the changes" to the local news media to see what kind of public response this gets. I think each and every one of you bashing the OP knows SE's policy is just as much to blame, but won't admit it for fear of not stroking SE's proverbial cock long enough.

I think it is still completely blame it is SE responsibility to recover your account. I think I can see why it is not easy to claim to ownership of account on registration code or whatever, and one thing is that you really do not want inconsistent action among Customer and Technical Support.

Instead of pointing fingers screaming demanding instant remedy of proven-beyond-doubt identity theft, people like OP should serve as a further warning to computer security. You really do not want to be one of them. Stop downloading unknown junk from internet, and stop giving out passwords to other regardless of reason, and stop hitting random weblinks; that is the best way you can defend against yourself from identity theft over the internet.

I would have complained to the local police department or local lawmakers for that. No police officer under all circumstances should behave improperly to other people... and that includes to criminal suspects.

Spend one day less in gaming and meet with your local government officials if you have a serious concern :P It makes your own and other life better, and is your right and responsibility of a citizen.

Edited, May 16th 2007 11:52am by scchan

Ahh the joys of being a PS2 player. ;)

Hey, it sucks, but I can't feel one bit sorry for you. It wasn't just ONE bad judgement call you made, but many.

1. Getting a /tell from someone in-game you're NEVER heard of before regarding doing something outside of vana diel? The user should automatically be ignored, and I would even go so far as to mention it to a GM.

2. Assuming you believed the /tell to be legit, did you even try to have a conversation with this person? Even THAT would help determine whether or not this person was real.

3. You go to a site recommended by someone you've never even heard of before, and it asks you to download something. That's a big one right there! Now we're rapidly approaching the speed of stupid.

4. You actually DOWNLOAD it! Speed of stupid reached, and still climbing...

5. After you download it, while even saying you were suspicious, you proceed to unzip it, even though the keylogger could already be installed from just visiting the site.

6. Now here's where it gets good... You say you had a feeling it was a keylogger or something, so you didn't run it. OK, if you felt it was a KEYlogger, WHY, OH GOD WHY, did you log onto FFXI???????????? Even if I was dumb enough to get to this point, I would unplug my internet connection, run every kind of anti-keylogger software I could get my hands on to make damned sure there wasn't a keylogger installed before I ever logged back in to Vana Diel.

I do apologize for making an example out of you, and I know that MANY other people have had their accounts stolen the same way. Just trying to point out that this is a result of many dumb mistakes after another. I honestly wouldn't even say your account was "hacked", but "handed over", as there really was no "hacking" involved. They just logged in using the information you provided them with when you downloaded and unzipped their program.

Also, someone mentioned that the gillsellers must be getting desperate to go to these measures. Well I personally don't think it's an act of desperation. I think it's more like they figured out how to do it, so they are. Whether SE has been banning RMT's or not, if they have the option, they're gonna utilize it. I mean if you're gonna dig a hole in the ground and have been using a spoon to do so, you're going to switch to using a shovel if you get the option.

I was the person who said SE says tough **** when your account gets hacked.

Anyone who has known me long enough knows I was offered a GM position in the game, and honestly considered taking it for a 2nd job until I got my current fulltime job.

Their policy on account information and lose of accounts is set up in such a way that you can't take an account from someone, even if it was taken from you in nefarious ways. I have reviewed their policys and have a very strong grasp of their policy. If this is a large enough issue, which it looks like it could be, I think SE would reconsider their policy for a short while on a case by case scenerio. It makes sense to do so, and to review each account on it's own, such as if your information was changed say Monday after 9pm up until wedensday at midnight and you call in to report your account stolen.

What SE needs to do is start blocking ISP addresses (I think that is what they are called) from accessing the game of previously banned accounts. Most people have static ISP addresses if my memory serves correctly. They are banning based on CC info, and adding more to that would make sense. Making it tougher for gilsellers, griefers (Mpkers and generally unsavory people who have been banned), and any such person who has been banned from reentering the game.

Yes Hiro screwed up by DLing the zip file, and he admitted so, he isn;t looking for sympathy, but for advice on how to regain control of his account and to give a fair warning to other players. I now pose a question to many of you, why must you bash a man who has admitted where his fault lies? Must you kick a man while he is down and try and make him feel worst? This is what sickens me about our community, and makes many of us angry at each other, a good honest guy has a rough go and you feel the need to tell him something rude. Please if you have any more rude or negative comments for him keep them to yourselves. If you can offer some advice please do so.

Hiro I suggest you call them every hour or two til the call center closes, log as many complaints on your old account as possible and fill their logs in the center so they see you mean business. Immediately ask to speak to a supervisor and refuse to be put on hold. Tell the same story 100 times if you have to, tell it to the same supervisor 100 times if you must, but make sure you waste their time til they make you happy. AS the questions you want to know, eventually they will do one of few things, return your account to you, tell you stop calling, or continue to give you the run around. I doubt they will give you the run around if you are extremely persistent. Good luck Hiro, and I guess we are doing Dyn Sandy without you tonight...

PS I need on the Dyn currency list...

I'm pretty tech oriented. My understanding is that software key loggers only pick up input from the keyboard, so having your password auto-entered would probably bypass this. However, its possible that this isn't a traditional key logger but a snippet of code that targets specifically the initial outgoing datastream after POL is started up. In that case, its quite possible that it would log that data or even duplicate the outgoing stream it to a receiving host (the hacker's) as it goes out. In that case, storing the password would provide no protection.

Several people have said it's critical to have antivirus software in order to avoid these kinds of attacks. However, antivirus programs differ quite a bit in their approaches and even the best antivirus (the ones with heuristic analysis) have only limited defense against an entirely novel virus.

Things you can do to prevent this types of attack...
1) Don't go to strange websites
2) Use Firefox instead of IE
3) Don't open strange files, especially not ones with .exe, .zip, .js, .jse, .hlp, .ins, .bat file extensions unless they're from a trusted source. Many people think .zip files are OK because that's how AOL used to bundle picture attachments, but they are actually executable files that can install programs if written to do so.

Just repeating the jerk on Ragnarok was named Fios. This led me to think of something else that I don't know was touched on yet.

How did this guy/girl send a tell to an entire server? Did he hack into SE's system messages or something? I find that to be damn near as disturbing as being keylogged.

And yes, I'll insert the obligatory "don't open application files unless you know exactly what it is" line here.