Pages: 1 [2] 3 4 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 2 post(s) |
Jacuro
|
Posted - 2006.01.07 19:26:00 -
[31]
Originally by: Embattle
Originally by: Righteous Fury Edited by: Righteous Fury on 07/01/2006 16:36:10 Just figured I'd make a public thread about it, because I'm sure we're not the only ones.
I had 250 million ISK transferred from my alt to a character known as Thom Merrilin (Setenta Corp) at 7:00 this morning. In addition, Arkanis had 405 million ISK sent to the same character, two hours later. Oddly enough, both characters were directors in our corp, yet our corp wallet hasn't been emptied.
The odd thing about this is that neither of us were logged in when this happened, and both of us had apparently been undocked even though we logged off in station. As per the CCP emails, both of us had changed our passwords early yesterday.
As you can see in these screenshots, wallet history tells all - whoever did it wasn't really too sneaky about where they were sending the ISK. Ignore the 60 million left in my wallet, apparently my Dark Blood PDU sold this morning .
My wallet screen: Linkage
Arkanis' wallet: Linkage
Anything going to be done?
1. Thanks for sharing but there is already another thread on this area. 2. Yeah something will be done about it, although you'll have to petition it and wait.
Who cares if there are thereats excisting i should be worried about my own account aswell. seems that there a serious problems ATM which i¦m sure off is being investigated by CCP. but still being a bit more aware of this matter is a good thing.
The pettition system is on it¦s ass to many pettitions to little people answering them. Patch, Password problem, bugfixes.
Pettition, wait and write threats on these board to warn people about "possible " problems.
Just make sure you keep em possitiv enough *gg* as I KNOW that they will be removed or changed if yo ;0)
-:= -V- Fleet Command =:-
|
Cmdr Sy
|
Posted - 2006.01.07 19:27:00 -
[32]
I have a feeling the ISK they're stealing will end up on an auction site. This isn't the sort of thing a player does, if they're planning to hang around.
Hegemonising Swarm Objects / von Neumann Probes |
Ilmonstre
|
Posted - 2006.01.07 19:30:00 -
[33]
Originally by: Malken
Originally by: Basileus They probabely hide in some 3rd world country, just like all the spammers do. The blessings of the internet.
actually some of the biggest spammers in the world lives in the US.
dont lie they live in holland
|
|
Eris Discordia
|
Posted - 2006.01.07 19:31:00 -
[34]
Originally by: Ilmonstre
dont lie they live in holland
*looks guilty*
You might be on to something
My broken heart leaves my mind in pieces, temptation wins in the end |
|
EzTarget II
|
Posted - 2006.01.07 19:35:00 -
[35]
Originally by: Cmdr Sy I have a feeling the ISK they're stealing will end up on an auction site. This isn't the sort of thing a player does, if they're planning to hang around.
Or it is if they are using total trial accounts...
This sort of thing is not what I wanted to happen to this great game, macro miners, selling ISK I can live with, but hacking character accounts is a bit much. I just hope it does not stop people using third party apps to monitor their accounts, like what ECM / EMS does....
BTW my main account was snatched, and I'm hoping that whoever nabbed the cash has a really serious accident happen to them so that they can not do this sort of thing again... smashing the hands is not good enough in my opionion.
|
Malsim
|
Posted - 2006.01.07 19:46:00 -
[36]
I heard that some character was giving away hundreds of millions in isk and all sorts of ships for free in Jita today. They were claiming to be leaving Eve. Could this have been an attempt to spread the ill-gotten money around by the hacker? |
Steven Dynahir
|
Posted - 2006.01.07 19:59:00 -
[37]
Just a mention of that spammer, while I wait my WF to get ready for the bar --- Home, sweet home. |
qrac
|
Posted - 2006.01.07 20:24:00 -
[38]
the funny thing is that the idiots buying the isk/stuff are getting scammed and will lose it when the gm's revert the actions carried out by the hacker. this basically means that the idiot no longer will buy isk/stuff from ebay or do ebay reimburse buyers that get scammed? ------------------------------------------- Insanes numquam moriuntur! |
Lustralis
|
Posted - 2006.01.07 20:29:00 -
[39]
It seems to me, that someone has either *****ed the server (VERY bad), or worked out how to get a brute force engine working against Eve; either that or some people have been phished somehow. This is very bad if people are being hacked after the password changes.
CCP will be able to easily see a brute force attack anyway (and stop one), so this is either an exploit, which makes me feel very uneasy, or some players have been careless with their computers.
|
Foomanshoe
|
Posted - 2006.01.07 20:31:00 -
[40]
If we have been hacked are we going to be reimbursed for what the hacker stole? _______________________________________________ Deadspace For Dead space!
Originally by: Oveur
To the nerfmobile!
|
|
Espen
|
Posted - 2006.01.07 20:39:00 -
[41]
Originally by: Foomanshoe If we have been hacked are we going to be reimbursed for what the hacker stole?
Guess so.
|
Snake Jankins
|
Posted - 2006.01.07 20:53:00 -
[42]
Edited by: Snake Jankins on 07/01/2006 20:56:27 I still wonder, how CCP knew, which accounts are in danger and need a new password and which not. Maybe some strange login attempts from the same machine ? I mean if someone hacked CCP, all accounts would have been in danger.
But afaik some accounts have been robbed, many got a new password to prevent this and many accounts aren't affected at all, like my 4 accounts: Afaik nothing stolen, no new passwort set, no mail from CCP.
edit: Ok, maybe CCP wants to keep that secret in case of new hacking attempts. ___________ 'Only ships can be assembled, this is a Frigate.' |
Espen
|
Posted - 2006.01.07 20:58:00 -
[43]
Originally by: Snake Jankins Edited by: Snake Jankins on 07/01/2006 20:56:27 I still wonder, how CCP knew, which accounts are in danger and need a new password and which not. Maybe some strange login attempts from the same machine ? I mean if someone hacked CCP, all accounts would have been in danger.
But afaik some accounts have been robbed, many got a new password to prevent this and many accounts aren't affected at all, like my 4 accounts: Afaik nothing stolen, no new passwort set, no mail from CCP.
edit: Ok, maybe CCP wants to keep that secret in case of new hacking attempts.
yah, Only one of my 4 accounts got it's password changed, seems like its only the old accounts that get their PW changed.
|
Takehasi
|
Posted - 2006.01.07 21:05:00 -
[44]
I love that CCP has asked me to send partial creditcard info with expiration date in an e-mail as well as my date of birth to help them get my password for me. Before they had been hacked wouldnt have done it since the hack Hell No. Getting A wee bit peved as i havent been able to log my main on since this all started. I would be curious to know how many accounts get canceled because of this.
And no you cant have my stuff.
|
Conner Aeolus
|
Posted - 2006.01.07 21:06:00 -
[45]
Leave the ****in servers down if you didn't fix your **** CCP, since i got robbed AFTER i ****in changed my pass
|
qrac
|
Posted - 2006.01.07 21:09:00 -
[46]
i think it has to do with if the account has been used from only one ip-address or several. ------------------------------------------- Insanes numquam moriuntur! |
nahtoh
|
Posted - 2006.01.07 21:14:00 -
[47]
What I don't get is how they thought they could gain from this...CPs internal records should be able to track every transaction on the accounts.
Might take a while but unless they can hide their tracks every transaction should be trackable and reverseable... ========= "I am not saying there should be capital punishment for stupidity, but why can`t we just take the safety labels off everything and let the problem fix its self |
Archbishop
|
Posted - 2006.01.07 21:19:00 -
[48]
Quote: "Legal action will be taken against those responsible for these problems btw."
Back after beta when I was a TTI Director we had someone spam the Directors with virus emails. Caused quite a bit of havoc with us and some serious computer damage to a couple people.
Anyway I notified the FBI who have an office dealing with this sort of thing. After being transferred around a bit they actually did locate the person who did this. Apparently he wasn't as "slick" a hacker as he thought and they were finally able to get a valid IP address from the hosting company he spoofed.
He spent 18 months in a Sweedish prison.
I posted about this after it happend back in 2003 and it did get a bit of discussion here on the forums (I wasn't Archbishop then). The authorities in Sweeden did go after him though and he was prosecuted.
Rest assured I'm sure CCP has already notified law enforcement in Iceland and soon the dragnet will go out. We can speculate this was macrominers from China or something but when it all comes down to the end it'll probably be someone in the US or EU. Both entities have strict hacking laws and this stuff is NOT fun and games to them.
Good luck CCP prosecuting these hackers. They did commit a crime and they should pay the price. This isn't "in game" at all.
Archie
VISIT THE PIE HOMEPAGE & FORUMS PIE INFORMATION CENTER |
Slaveabuser
|
Posted - 2006.01.07 21:20:00 -
[49]
This is sad
Evil ****s!
Quote: Originally by: Eris Discordia:As a minmatar I have to say I'm Amarr property. |
Selim
|
Posted - 2006.01.07 21:23:00 -
[50]
So basically someone is trying to frame Thom Merrilin as a devious thief?
|
|
Syrec
|
Posted - 2006.01.07 21:24:00 -
[51]
Originally by: Malken
actually some of the biggest spammers in the world lives in the US.
They used to. The CAN-SPAM act of 2005 has motivated authorities to ***** down on them. Many stopped and went into legit marketting/advertising or into a whole new profession. The new act was too hard to follow and I heard very dangerous to privacy, so many left before it went into effect and many more afterwards. It was the most effective hit on US based spammers ever.
I wouldn't be surprised if most of the big spammers reside outside of the US now. Even before the act the traffic was coming from outside the US because US spammers used overseas servers, because they could get lots of IPs to avoid blocking and the server admins didn't care about spamming like most US ISPs do.
You do mean spamming right? Sometimes people get spamming mixed up with scamming. Scams can be spammed, but not all spam is scams. I think most scams are probably outside and were before the act was passed also. US spammers liked spamming viagra and stuff like that.
|
Weco
|
Posted - 2006.01.07 21:30:00 -
[52]
Hey Archbishop, you got a link to a online newspaper or something with articles about that guy gettin 18 months in sweden? Never heard about it and it would be really interesting to read in on some details.
____________________________________________ My sig? |
Jaleean Atheria
|
Posted - 2006.01.07 21:31:00 -
[53]
Originally by: Takehasi I love that CCP has asked me to send partial creditcard info with expiration date in an e-mail as well as my date of birth to help them get my password for me. Before they had been hacked wouldnt have done it since the hack Hell No.
Well, I wouldn't worry about it since you can't do jack with the last 6 digits of a credit card number and its experation date. The date of birth is a little iffy, but I cant think of anything that you could do. He'll if you're really worried about it, send them them info, then call your CC Company and say you lost the card, cut it up into tiny little pieces and they'll send you a new one. Its extreme but if it gives you piece of mind, go for it.
Orignal Mr. Floppyknickers signature |
qrac
|
Posted - 2006.01.07 21:36:00 -
[54]
Originally by: nahtoh What I don't get is how they thought they could gain from this...CPs internal records should be able to track every transaction on the accounts.
Might take a while but unless they can hide their tracks every transaction should be trackable and reverseable...
easy.. they don't keep the isk, they sell it to idiots buying it on sites like ebay. when ccp returns the isk to the original account the hacker has already gotten his rl money. ------------------------------------------- Insanes numquam moriuntur! |
Maya Rkell
|
Posted - 2006.01.07 21:43:00 -
[55]
Originally by: M3ta7h3ad They should have asked you to change the password from the one given to you as soon as possible anyhows (negating the minimal security risk in sending plain text emails even further), having not had my account reset I havent recieved an email. Perhaps you could confirm or deny this for me?
Um, it's NOT a minimal risk. I KNOW that my emails are logged on 2 servers and this is far from unusual. It's an extremely HIGH risk from my PoV.
If someone gets hold of the temporary PW, they will be able to change it to a "permermant" one, hence it IS the accounts password.
Warning: above post may contain traces of sarcasm. "Corpse cannot be fitted onto ship. Only hardware modules can be fitted." |
Archbishop
|
Posted - 2006.01.07 21:48:00 -
[56]
Quote: "Hey Archbishop, you got a link to a online newspaper or something with articles about that guy gettin 18 months in sweden? Never heard about it and it would be really interesting to read in on some details."
I'll see what I can find. I posted it with my original character (Calladen) and was back in 2003 fairly soon after beta. There was a thread about the incident here and most agreed using OOG viruses to attack a corp was cheap. I never read about the prosecution online was only emailed the details from the agent who handled the case he told me how it ended up. The original "spam" of viruses was back in beta (right at end) so this was very early in Eve history when TTI was the biggest corp in game.
I wish there was a decent search function for the forum.
Archie
VISIT THE PIE HOMEPAGE & FORUMS PIE INFORMATION CENTER |
ElCoCo
|
Posted - 2006.01.07 21:53:00 -
[57]
Originally by: Jaleean Atheria Well, I wouldn't worry about it since you can't do jack with the last 6 digits of a credit card number and its experation date.
Lol don't put ppls worries down like that.
I don't want to start a panic, but the first 8 digits are not hard to get since you already include bank details in the mail....
A bank's classic visa for example would be something like 4000 0000 XXXX XXXX (with the 8th digit changing to 1,2,3... etc )... if that bank doesn't issue many types of cards (for example IPCA Visa or whatever) it's realy easy to get...
So you also got the 6 last digits... and the exp date...
Only 2 digits to guess (and not many sites ask for the 3-4 security No on the back of the card for transactions)
Oh umm... did I make anyone panic?
|
Chaimera
|
Posted - 2006.01.07 22:02:00 -
[58]
Edited by: Chaimera on 07/01/2006 22:02:58
Originally by: Righteous Fury Edited by: Righteous Fury on 07/01/2006 16:36:10 Just figured I'd make a public thread about it, because I'm sure we're not the only ones.
I had 250 million ISK transferred from my alt to a character known as Thom Merrilin (Setenta Corp) at 7:00 this morning. In addition, Arkanis had 405 million ISK sent to the same character, two hours later. Oddly enough, both characters were directors in our corp, yet our corp wallet hasn't been emptied.
The odd thing about this is that neither of us were logged in when this happened, and both of us had apparently been undocked even though we logged off in station. As per the CCP emails, both of us had changed our passwords early yesterday.
As you can see in these screenshots, wallet history tells all - whoever did it wasn't really too sneaky about where they were sending the ISK. Ignore the 60 million left in my wallet, apparently my Dark Blood PDU sold this morning .
My wallet screen: Linkage
Arkanis' wallet: Linkage
Anything going to be done?
This is possible to do if you had the same password for EVE and your email account.
If they could access your eve account, they could get your email address from Account Details on the eve web site. If you had the same password set for your email as you did in eve, they would have still been able to get into your email and retrieved your new password for eve.
Guess everyone should change their email account passwords also if they happened to use the sameone as eve. ============================== Beware of the killer grumpies! |
Righteous Fury
|
Posted - 2006.01.07 22:11:00 -
[59]
Edited by: Righteous Fury on 07/01/2006 22:13:31
Originally by: Chaimera This is possible to do if you had the same password for EVE and your email account.
If they could access your eve account, they could get your email address from Account Details on the eve web site. If you had the same password set for your email as you did in eve, they would have still been able to get into your email and retrieved your new password for eve.
Guess everyone should change their email account passwords also if they happened to use the sameone as eve.
A fair point indeed (although in my case, the passwords were different) - why is CCP storing unencrypted passwords? Thats what your idea would require.
I program a lot of web-based applications that require logins and passwords, and I know whenever I need a quick method of storing passwords in a database I use an MD5 hash of the string - which makes in near impossible to revert the hash back into its original form. That way, even if that database is hacked, all an intruder can get is a list of logins and some jibberish strings as the passwords. When the user logs in, all one has to do is compare the hash of the input string to the string on file to determine authenticity.
I would assume (read: hope) that CCP use a similar, if not more advanced form of encryption for passwords, instead of just storing them unencrypted in am SQL database.
|
nahtoh
|
Posted - 2006.01.07 22:18:00 -
[60]
Originally by: qrac
Originally by: nahtoh What I don't get is how they thought they could gain from this...CPs internal records should be able to track every transaction on the accounts.
Might take a while but unless they can hide their tracks every transaction should be trackable and reverseable...
easy.. they don't keep the isk, they sell it to idiots buying it on sites like ebay. when ccp returns the isk to the original account the hacker has already gotten his rl money.
Thought of that and on larger games with slower response times it might work but unless they could have everything for the sales setup and ready to go already or very short notice wouldit be worth the work and risk? ========= "I am not saying there should be capital punishment for stupidity, but why can`t we just take the safety labels off everything and let the problem fix its self |
|
|
|
|
Pages: 1 [2] 3 4 :: one page |
First page | Previous page | Next page | Last page |