Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Ramuurti
|
Posted - 2010.01.02 03:37:00 -
[1]
So after a grueling 6hr marathon trying to get enough ISK for a plex I take a rest and come back a few hours later. I see MacEVE api says that my wallet is 250million ISK thinner than it was before. WHAT?? So I log in and also notice I have no more Drake. and these are only the things I noticed. the 250mill ISK that was lost was thru a contract that I didnt issue.
My questions are: 1. Is it possible to hack eve within game? 2. Has this happened to anyone else? 3. Will I get my stuff back? 4. If I wasn't hacked in game that means someone somehow got my password which I haven't given out to anyone.
Thanks for your time.
Ramuurti
|
Lana Torrin
Minmatar Republic Military Skool
|
Posted - 2010.01.02 03:40:00 -
[2]
Petition and let the GMs sort it out. No need to post that here.
|
Lord Windu
Standards and Practices
|
Posted - 2010.01.02 03:47:00 -
[3]
Edited by: Lord Windu on 02/01/2010 03:47:59
Originally by: Ramuurti
1. Is it possible to hack eve within game? 2. Has this happened to anyone else? 3. Will I get my stuff back? 4. If I wasn't hacked in game that means someone somehow got my password which I haven't given out to anyone.
1. If you go to dodgey sites, downloads and such then you can get hacked. Also poor passwords are bad. 2. It's happened to lot's of people. 3. If CCP can see you are a victim, not of your own doing then yes. 4. If what you say is true then it is most likely from spyware, poor password e.t.c.
I suggest running a virus / spyware scan on your computer(s) and ensure your security software is up to date and effective.
EDIT: And yeah, like Lana said, petition it as nothing will happen by posting on the forums. ------
|
Epegi Givo
Amarr Araja clan
|
Posted - 2010.01.02 06:01:00 -
[4]
Also here is something i do.
I am not sure if this is actually possible but i am going to try it anyway if my account gets hacked.
In the notes, put in personal information. Doesn't have to be anythign serious, an old email or your name will do.
What this means is that if someone hacks your account, they are also stealing personal information, something that you can go to court for.
You can see where to go from there. __________________________
My other alt is A Ferrari |
Future Mutant
Republic Military School
|
Posted - 2010.01.02 06:12:00 -
[5]
Edited by: Future Mutant on 02/01/2010 06:12:54
Originally by: Epegi Givo Also here is something i do.
I am not sure if this is actually possible but i am going to try it anyway if my account gets hacked.
In the notes, put in personal information. Doesn't have to be anythign serious, an old email or your name will do.
What this means is that if someone hacks your account, they are also stealing personal information, something that you can go to court for.
You can see where to go from there.
I dont see where you are going actually. Say the hackers are from china- what exactly do you plan on legally doing then?
Lets say the hackers live right down the street from you- do you really think your local police has the manpower and resources to deal with this?
All the talk about the "brute force hacking" is utter nonsense. You want to avoid getting hacked? Its simple. 1. Dont download keyloggers 2. Choose a unique account name and password. These should in no way connect to you or other names/passwords you use else where. 3. Never ever ever give this info to anyone. 4. Something about underwear 5. Profit
|
Forranz
Malice. Tentative Nature
|
Posted - 2010.01.02 07:38:00 -
[6]
Originally by: Future Mutant
3. Never ever ever give this info to anyone.
I gave this information to my dog, but he's not telling anyone anytime soon.
|
Lana Torrin
Minmatar Republic Military Skool
|
Posted - 2010.01.02 07:46:00 -
[7]
Originally by: Future Mutant
All the talk about the "brute force hacking" is utter nonsense. You want to avoid getting hacked? Its simple. 1. Dont download keyloggers
I for one have to say.. well **** yeah that a ****ing great idea and why didn't i think of that.
Bruit forcing of accounts can and probably does happen. Don't set your account name as your character name (probably too late now). Don't set your password as a real word, and ESPECIALLY don't use the word 'password' or any variation there of.. ('P@55w0rd' may look secure but I can tell you, bruit force crackers will substitute numbers for letters and mix upper and lowercase quite easily)
Golden rule #1. Never use the same password twice.
|
Forranz
Malice. Tentative Nature
|
Posted - 2010.01.02 08:43:00 -
[8]
You can't use the same password twice in eve.
|
Jiro Rans
|
Posted - 2010.01.02 10:36:00 -
[9]
Originally by: Epegi Givo Also here is something i do.
I am not sure if this is actually possible but i am going to try it anyway if my account gets hacked.
In the notes, put in personal information. Doesn't have to be anythign serious, an old email or your name will do.
What this means is that if someone hacks your account, they are also stealing personal information, something that you can go to court for.
You can see where to go from there.
Jizas Christ, turn off the TV, this isn't a soap opera. I suggest you put personal information in your notes and links to pedophilia, this way you can go to court even easier. Hell, if we're gonna fantasize we might as well plan a **** and put all the information there so when he reads it and doesn't do anything he's your accomplice. THERE'S NO LIMIT TO WHAT WE CAN DO AMWHAHAHAHAHAH
|
Mocam
|
Posted - 2010.01.02 11:10:00 -
[10]
Originally by: Ramuurti So after a grueling 6hr marathon trying to get enough ISK for a plex I take a rest and come back a few hours later. I see MacEVE api says that my wallet is 250million ISK thinner than it was before. WHAT?? So I log in and also notice I have no more Drake. and these are only the things I noticed. the 250mill ISK that was lost was thru a contract that I didnt issue.
My questions are: 1. Is it possible to hack eve within game? 2. Has this happened to anyone else? 3. Will I get my stuff back? 4. If I wasn't hacked in game that means someone somehow got my password which I haven't given out to anyone.
Thanks for your time.
Ramuurti
It happened to me tonight too. The fun part: It happened while I was online. I got this "lost connection to server" message then it wouldn't recognize my password. I tried a few times then switched to the web site here, executed a "lost password" and reset it immediately.
The fun side is that my ingame wallet shows who did it and what they took. It took them 2 tries to get away with it. The first attempt didn't go through then they had to do it over but if they wished to remove the track, they failed.
I have faith that CCP will get it sorted out. I filed a petition here from the web and I've a hunch they'll be able to see what happened and the recipients name shows so no digging through tapes or the like to find it.
FYI -- you log on the website here. This site uses the same ID and password you use to get in the game. Anyone playing this game knows this, though they may not remember that fact. From here, you're no longer messing with a "game" nor "game server" but tracking and hacking for web based information and protections (which all the specs and info is available for reading up on vs how someone may have implemented an over-IP "propriety" communications/security schema).
In other words, check out your system. Get tools to check for keyloggers and the like. If you fine them, you'll know what happened. If you don't find anything, and you've check everything you can but still find nothing -- it is quite possible that someone got to your information anyway. There are a variety of ways to dig up such info with the right tools and/or skills.
|
|
AterraX
Caldari
|
Posted - 2010.01.02 12:43:00 -
[11]
Originally by: Lana Torrin
Originally by: Future Mutant
All the talk about the "brute force hacking" is utter nonsense. You want to avoid getting hacked? Its simple. 1. Dont download keyloggers
I for one have to say.. well **** yeah that a ****ing great idea and why didn't i think of that.
Bruit forcing of accounts can and probably does happen. Don't set your account name as your character name (probably too late now). Don't set your password as a real word, and ESPECIALLY don't use the word 'password' or any variation there of.. ('P@55w0rd' may look secure but I can tell you, bruit force crackers will substitute numbers for letters and mix upper and lowercase quite easily)
Golden rule #1. Never use the same password twice.
Anyone thinking you can "bruteforce" a MMO is clueless, I 100% agree. Fact of EVE forums: They will always come an anounomys alt-toon and question someones character...only fools buy into anything a forum alt says though... And yes I am an alt :) |
Ramuurti
|
Posted - 2010.01.02 18:17:00 -
[12]
Thanks for the response!
I also would like to bring forth more information in good faith so that others may not have the same thing happen to them.. The 250 million contract was issued to qq789 @ Isikemi is what the Wallet transaction said. This char was ~ 1 day old and was also still logged on and docked @ isikemi last time i logged in ~12 hours ago.
Remember: These words come from a networking/prog novice and if you see something obviously wrong you could quietly say moron in your head and move along(if you're that type), or you could correct for the benefit of the EVE community...
The three choices as has been mentioned in this thread are phishing, keylogging or hacking within the game itself. Lets examine these for the benefit of public discussion and openness.
Keylogging seems a unlikely possibility for me as I have Little Snitch block any requested connections and after checking my filters it doesntt appear any uknown programs have tried to request an outgoing connection. Would they not need to send my keylogs to an outside process/host?
Phishing - Perhaps from the EVE online site itself or other EVE related websites. Was it naive of me to think that SSL ensures my privacy then?
Hacking - This being the solution would be a serious issue and also suggest a person with detailed knowledge of the EVE infrastrucutre and not one that CCP or anyone else would want to discuss in a public manner due to the aforementioned implications.
Quote:
1. If you go to dodgey sites, downloads and such then you can get hacked. Also poor passwords are bad. 2. It's happened to lot's of people. 3. If CCP can see you are a victim, not of your own doing then yes. 4. If what you say is true then it is most likely from spyware, poor password e.t.c.
Thanks for the response, however I must reply # 3. If CCP can see I am a victim? I did file a petition detailing the character whom the contract was issued. Now, in my mind it would be simply a matter of checking the source ip address of each of the chars, wouldn't? I really feel it should be a cut and dry thing... 1. they see the wallet transaction to a new char (again whose ip address they know) and the mysterious loss of my drake (thanks for the ibis btw qq789)
2. I file a petition detailing what happened
3. They quickly give me my Isk back and I go back to being a productive member of the EVE universe.
Unfortunately 3 came from my imagination...and I also realize that previous bad apples may have already spoiled my chances of my issue being taken @ face value. Ah, how the dishonesty of one can ruin it for all others!
I have faith in CCP as well...I personally think that EVE is by far the most immersive, intelligent, well thought, and AWESOME game Ive played, and Ive played alot over the years! However, until I see my wallet go back to its previous balance I refuse to log on since time is real money, and I can't be ok with losing that much of my time with absolutely no recourse. I would really appreciate some kind of public response concerning this issue from CCP or at the least an email.
Regards, Ram
|
Lyris Nairn
Caldari Hashimoto Corporation
|
Posted - 2010.01.02 20:35:00 -
[13]
Originally by: Ramuurti Thanks for the response!
I also would like to bring forth more information in good faith so that others may not have the same thing happen to them.. The 250 million contract was issued to qq789 @ Isikemi is what the Wallet transaction said. This char was ~ 1 day old and was also still logged on and docked @ isikemi last time i logged in ~12 hours ago.
Remember: These words come from a networking/prog novice and if you see something obviously wrong you could quietly say moron in your head and move along(if you're that type), or you could correct for the benefit of the EVE community...
The three choices as has been mentioned in this thread are phishing, keylogging or hacking within the game itself. Lets examine these for the benefit of public discussion and openness.
Keylogging seems a unlikely possibility for me as I have Little Snitch block any requested connections and after checking my filters it doesntt appear any uknown programs have tried to request an outgoing connection. Would they not need to send my keylogs to an outside process/host?
Phishing - Perhaps from the EVE online site itself or other EVE related websites. Was it naive of me to think that SSL ensures my privacy then?
Hacking - This being the solution would be a serious issue and also suggest a person with detailed knowledge of the EVE infrastrucutre and not one that CCP or anyone else would want to discuss in a public manner due to the aforementioned implications.
Quote:
1. If you go to dodgey sites, downloads and such then you can get hacked. Also poor passwords are bad. 2. It's happened to lot's of people. 3. If CCP can see you are a victim, not of your own doing then yes. 4. If what you say is true then it is most likely from spyware, poor password e.t.c.
Thanks for the response, however I must reply # 3. If CCP can see I am a victim? I did file a petition detailing the character whom the contract was issued. Now, in my mind it would be simply a matter of checking the source ip address of each of the chars, wouldn't? I really feel it should be a cut and dry thing... 1. they see the wallet transaction to a new char (again whose ip address they know) and the mysterious loss of my drake (thanks for the ibis btw qq789)
2. I file a petition detailing what happened
3. They quickly give me my Isk back and I go back to being a productive member of the EVE universe.
Unfortunately 3 came from my imagination...and I also realize that previous bad apples may have already spoiled my chances of my issue being taken @ face value. Ah, how the dishonesty of one can ruin it for all others!
I have faith in CCP as well...I personally think that EVE is by far the most immersive, intelligent, well thought, and AWESOME game Ive played, and Ive played alot over the years! However, until I see my wallet go back to its previous balance I refuse to log on since time is real money, and I can't be ok with losing that much of my time with absolutely no recourse. I would really appreciate some kind of public response concerning this issue from CCP or at the least an email.
Regards, Ram
I logged in this afternoon to find that I, too, have an empty wallet and a contract to qq789. Lyris is minus 1.3 billions. :(
|
Skoot
Local Threat
|
Posted - 2010.01.02 21:25:00 -
[14]
Originally by: Forranz You can't use the same password twice in eve.
yes you can.
|
Mocam
|
Posted - 2010.01.02 22:43:00 -
[15]
I'll try and explain how this stuff works a bit without too much in the way of specifics.
Old rule of thumb about LIFE in general: No free lunch. If it costs to make and costs to maintain, someone is going to want something in return... Especially if its a business entity involved.
Simply put: The same way you have people on forums, and in games, that will use their anonymity to be jerks, you have those that will form up a company to do the same thing in real life and that's been going on a lot longer than the web has been around.
You download a "value add" abilities of some sort -- a navigation toolbar, etc... that helps you do some thing. Part of provides some advertising or "music listing" or the like. It has nothing really nasty about it so your system lets you install it. This clean app is now on your system and will show clean every last time it is checked.
As part of it's functioning it updates itself (like any other app) by bringing down other services, or just changing points to new adverts, etc... This is where some "nasty stuff" can get on your system.
The provider of the source tool may not know that they are dealing with someone who's doing this. They don't make much and are trying to provide "clean" tools for use to their community. They add a neat "valuable" tool, or an advertisement, that seems decent to the launcher and later on this "clean" stuff is extended to enable a malicious version. (I've seen a few "mywebsite" guys get nailed with this kind of stunt, not knowing they were becoming a "spring board" for such crap...)
There are a variety of ways to get such "updates" on a system. If a scanner can detect it (easy to find -- load and check -- tweak until it doesn't), you split it up in pieces and download the pieces that show "clean" -- think of it like you would a gun -- disassemble it, put it in different packages, reassemble it at the destination. The tools don't have to try and "smuggle" the whole thing past your systems security. It simply needs a destination that can/will assemble it.
So a scanner, checking an extension, can show clean but, effectively when your system isn't "watching so closely", bring down or assemble it. This is more like steganography for how it's hidden and runs -- "hide in plain sight" style so the tool provider can "try" and validate sources, yet there's a hidden bomb used later on.
That's why you have a "full system scan" option with many tools. "I thought it scanned all the time!" -- yup! Yet if you don't scan occasionally such "pieces to bombs" can get past your system and setup in ways your system won't notice (many plan on this) and you still have that "clean" app that will bring it down again.
Some still store the thing as a full "bomb" on your system but most are moving away from that. So scanners have to look for "the pieces" and the "foot prints" change over time... Welcome to "the fear zone"... and the industry known as "virus scanners"
|
Forranz
Malice. Tentative Nature
|
Posted - 2010.01.03 03:19:00 -
[16]
Originally by: Skoot
Originally by: Forranz You can't use the same password twice in eve.
yes you can.
They must've changed it because I couldn't set a password on my account to be one of my old passwords because "This password has been used before".
This was like 6 months ago though.
|
Lyris Nairn
Caldari Hashimoto Corporation
|
Posted - 2010.01.05 09:07:00 -
[17]
Anyone who got hit with this hear back from ccp yet?
|
Gaath'ra
|
Posted - 2010.01.06 04:17:00 -
[18]
This is Ramuurti... Lyris, nope not as of yet. Interestingly, I tried to login and it says account is banned, me wonders if this means the same thing as account is expired. I certainly hope so, otherwise something stinks.
|
Lyris Nairn
Caldari Hashimoto Corporation
|
Posted - 2010.01.06 06:52:00 -
[19]
Originally by: Gaath'ra This is Ramuurti... Lyris, nope not as of yet. Interestingly, I tried to login and it says account is banned, me wonders if this means the same thing as account is expired. I certainly hope so, otherwise something stinks.
Maybe they think you're part of the problem?? Maybe they put your account inactive to muck with it?? Oh dear.
|
Dex Timor
Forza Di Colpo
|
Posted - 2010.01.07 03:28:00 -
[20]
Originally by: Gaath'ra <snip> it says account is banned, me wonders if this means the same thing as account is expired. I certainly hope so, otherwise something stinks.
CCP uses temporary bans when they investigate an account. I've seen posts on other boards, where people complained that their account got "banned" out of the blue. Most of these people got access back including free days for the time they were banned. (from those posts: it can take 5 days or more)
It is imho unlikely that you will get a reply from CCP in this thread. I think so because the official way to contact CCP is to use the petition system. If you used the correct procedure, your problem will get the attention of the GM assigned to accounts/billing issues much faster then having to wait for a forum moderator to stumble over this post and notify a GM.
I hope you get your problems resolved and your computer cleaned off all malware (If that is the culprit).
|
|
Liang Nuren
The Lollypop Factory
|
Posted - 2010.01.07 05:09:00 -
[21]
I had a corpmate go through this, except he had director access. The culprit cleaned out the corp wallet, reprocessed the corp hanger, reprocessed his hanger, (including a whole warehouse full of deadspace loot) and send the ISK to some guy in Morsus Mihi. No, he didn't buy ISK or do anything stupid like that. He was broke and still is.
BUT, the moral of the story is that CCP gave back liquid assets and declined to give us back the items in our corp hanger - such quite a lot of deadspace mods.
-Liang -- Liang Nuren - Eve Forum ***** Extraordinaire www.kwikdeath.org |
Kakarotte
|
Posted - 2010.01.07 07:17:00 -
[22]
A friend of me got hacked as well a few days ago (same day the OP posted). And no, he isnt buying any ISK from strange sides or sharing his account data. And he has changed his password not to long ago.
This many hacks, at the start of the year, look like something else happend.
And his account is well banned now, most likly for investigation. We will see how long it takes.
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |