Diablo® III

Hacked with an authenticator

(Locked)

Posts: 2,553


The algorithm has never been cracked.

Even if it was, it's tied to the serial number of your unique authenticator. The hacker would need your authenticator to predict the next number.


Man in the middle can do this. No they don't need your authenticator. All they need is 2 guys and a time keeping mechanism very similar to, I don't know, a clock.


Man in the middle bypasses the authenticator, it doesn't hack it.

Edit: man in the middle is just malware that sends your login info and authenticator code to the hacker and gives you a fake error screen. There are no 2 guys and a clock.
Edited by bulreporting#1806 on 5/21/2012 9:18 AM PDT


The algorithm has never been cracked.

Even if it was, it's tied to the serial number of your unique authenticator. The hacker would need your authenticator to predict the next number.


Man in the middle can do this. No they don't need your authenticator. All they need is 2 guys and a time keeping mechanism very similar to, I don't know, a clock.


Man-in-the-middle attacks still don't crack the algorithm. They never have. And since banks use this stuff for their security, I'm going to go out on a limb and say that they never will.
05/21/2012 09:13 AMPosted by reiphil
[quote]
If they're smart enough to hack someone, they would probably delete you before logging out.


Why? It doesn't matter if they delete you or not.


true. doesn't matter but if I ever did I wouldn't want my name to still be on there account.
Hey guys just wonderin' if there were any Mac client item losses.
If there were, its 99% NOT a keylogger\trojan problem.
We're still failing to properly address a couple of issues in this thread, and I have a few ideas as to why; though I will keep them to myself. Cynicism never helps anyone. Instead, I will take an approach completely contrary to the general attitude of this forum and try to help out.

First, it does no good at all to blame the user. Not a one of you has any clue whether anyone has an authenticator. Claiming to know this, or insisting that it must be a fact, without literally seeing or having it proven by the user that he does not have one, is outright fantasy. It is the same as claiming to be psychic. You simply do not know. Stop acting like you do.

This extends to all the other bad attitudes I've seen. Absolutely the first response given to any thread asking for help has always been "Hah! Your fault, somehow. Sucks to be you." These people have allegedly been the victims of not only a computer security breach (whether on their end or on the Blizzard server), but they have also been the victims of theft. If you were to be held up on the way home from work, I'm sure you would not appreciate the police telling you it was your fault for being on that particular street, or for not taking a CCW course, etc, etc.

With that said, I know in my heart that at least some people are going to lie about the security measures they've taken. Nobody wants to admit that they dropped the ball; that's just human nature. It's embarrassing to know that some of the steps you could have taken might have resulted in the loss of your gear. It is far easier to stretch the truth and make your case stronger. This absolutely does not mean that every single person who has ever been hacked has lied about it, and it certainly does not give you the heavenly ability to somehow "know" which ones have. All you people are doing by claiming fault is stirring the pot and offending others. It's malicious, disrespectful, and rude. The only purpose behind it is to harm others.

Now to the subject at hand. If the original post is to be believed, then there is a problem somewhere in this system which is resulting in the loss of gold and items, but not characters. A mysterious player name is added to the victims' lists just after the attack. It is possible that this can be a computer bug somewhere in the database, but I do not believe that would account for the random friend add. In many of the cases I've seen, the player name is the same. This suggests to me that it is a person who is using an account of their own to drain others of their assets.

If this were a server rollback issue (which has happened to me) then I cast serious doubt on the idea that a character would lose all his assets without losing any levels. In my case, I kept all of my gear and items, but lost a full level and several waypoints. In other cases I've seen, some people have lost entire characters. Again, if this were the case, it would not account for the player add and it would not eliminate just the character's assets.

We also fail to address the logout issue. One of the responses to this thread claimed that he was disconnected with an all-too-familiar error message; that somebody else was logging in with his account. This is certainly not a database issue. I have received this error in Diablo II, but the error has always corrected itself after a time. I do not believe that anyone ever did log into my account, but that does not mean that it can't happen, and doesn't mean it didn't happen here.

This carrying on about "man in the middle" is also receiving far too much attention. It is as if people are assuming that this is the only way in which an authenticator can be breached. I'm not saying it would be easy, and the person cracking them would have to have a great deal of intimate knowledge of the system, but it could be possible. There are machines which can remotely read an RFID tag in your PayPass credit card, record the account number to a blank, and give the criminal complete access to all of your funds. I am certain that there are ways to defeat the security they have implemented. I think that focusing on one method and forsaking the possibility of others is a great way to be blindsided by a new technique.

On top of everything else, I've not yet seen Remote Assistance brought up. How do we know that a hacker hasn't gained access to your system itself, via Remote Assistance, and has simply declined to do anything with it until after you've finished your Diablo III session? A person with that ability would be able to see anything you type, possibly recording it with a video/external hard drive setup, and could certainly gain access to your password. This would not defeat the authenticator, but assuming that such a person has found a way around that, it's possible to remotely access a computer and use the connection to log in to your account. I do not know if this would keep the same IP on your computer, but it seems logical that, if it's still your computer that's logging in, it would be the same IP. If the authenticator only requires a new code when you log in through another IP, that could be the method they are using to defeat the authenticator.

That's a lot of "ifs", but we're all speculating right now. This is pretty scary stuff. We're no longer talking about "just a game". We're talking about hundreds of hours of work put into a game with the potential for some real profit in the long-term. Once the possibility of the loss of actual currency is involved, it becomes a much more serious problem. Some people in this world are going to stake all they've got on making a living by selling their gear, whether it's possible that they can or not. Losing an entire account would be devastating.

The security measures mentioned are good ideas. I would supplement them by suggesting that we close all open ports that we don't absolutely need, switch off file and printer sharing, disable Remote Assistance and incoming connections, and disable the default Work Group. If you are using a wireless internet connection, secure it with a password. Don't give out free access to your connection; it's a sure way to compromise your security. Install updates regularly and get the latest Service Packs for your operating system. Many times, security issues are addressed and solved in Service Packs. Anti-virus and malware programs are a good idea, but make sure you're getting one which will actually help; some of these companies are just a protection racket, and will virus you themselves when your free trial runs out.

I also disagree with the captcha idea. I think the authenticator was an excellent solution by Blizzard, and that it will be much more difficult to breach any one system with it in place. You certainly won't get hacked at random if you have one of these; it will take a directed, coordinated effort to get past it. Captcha, on the other hand, can be breached very easily by an image recognition program. Granted, the more complex the variations on the letters and numbers, the more difficult it will be, but there are programs which can match shapes within a certain degree of similarity and determine the proper codes. All Captcha does is annoy valid users; it does not present a significant barrier to bot programs.

That's all I can think of to help this discussion, except for reiterating my stance on attacking the victim. This is literally the same attitude as blaming the victim of a violent attack. You can't say "Well, of course it happened. Look at what you were wearing." There is no measure by which I can communicate how arrogant, selfish, malicious and childish this attitude is. It's right in the forum rules, people. Be respectful.
Hey guys just wonderin' if there were any Mac client item losses.
If there were, its 99% NOT a keylogger\trojan problem.


Um.

Explain?
Edited by OptiPRGMR#1871 on 5/21/2012 9:55 AM PDT
Hey guys just wonderin' if there were any Mac client item losses.
If there were, its 99% NOT a keylogger\trojan problem.


Um.

Explain? Cause if this is going where I think it is. I don't want to waste my time arguing with ignorance. Don't take that offensively, just saying.


It's going where you think it is, but it's not ignorance. He's trying to troll this argument into a different argument.
90 Tauren Druid
0
Posts: 120
I think this is an exploit and I think it has something to do with partying with someone.

A couple of days ago, I had someone that I do not know (Yarzor) send me a party invite. I do not know how this person found me, I never entered into any game chat channels and it wasn't an open game.

Not knowing him, I declined the invite. But he kept sending me invites. The next day, the same thing from the same person. Of course I declined him.

He still shows up in my recent players list.

Word to the wise....do not accept inventations from people you do not know or is not expecting.
I think this is an exploit and I think it has something to do with partying with someone.

A couple of days ago, I had someone that I do not know (Yarzor) send me a party invite. I do not know how this person found me, I never entered into any game chat channels and it wasn't an open game.

Not knowing him, I declined the invite. But he kept sending me invites. The next day, the same thing from the same person. Of course I declined him.

He still shows up in my recent players list.

Word to the wise....do not accept inventations from people you do not know or is not expecting.


Good point. This is an example of helpful information. We should have more of this.
05/21/2012 09:55 AMPosted by mitten
He's trying to troll this argument into a different argument.


i'm not trolling, just asking.

i dont think some hacker would make a keylogger for Mac, because Mac user percentage is low comparing to Win, and the task of making a Mac keylogger isnt easy.
so, if there are item losses on Mac user accounts, all this is some fishing\database\login server\joining open games exploit, and not some trojan horse and\or keylogger.
05/21/2012 09:51 AMPosted by BlessedWrath
We're still failing to properly address a couple of issues in this thread, and I have a few ideas as to why; though I will keep them to myself. Cynicism never helps anyone. Instead, I will take an approach completely contrary to the general attitude of this forum and try to help out.


Bravo. Such a well-written, thoughtful, insightful post is rare, especially in the cesspool that is the Battle.net forums.
Posts: 208
Scary stuff. Blizzard should be on top of this. Sad that they aren't. Hope all of you who lost everything gets it back (or a million gold to go on a Auction Hall shopping spree)
that the same guy that hack me too George Melchers he delete all my wizard gear and took all my good and add his name on my friend list. b.net need to do some thing about this.
05/21/2012 09:17 AMPosted by Bul
There are no 2 guys and a clock.


This made me laugh. I do feel for all you that got hacked though.
Posts: 2,553
05/21/2012 09:51 AMPosted by BlessedWrath
First, it does no good at all to blame the user.


The problem I have is that 99% of the time, it's the user's fault.

I've been active in some form or another on the WoW customer service forums for years and I've seen a lot. The only time that the user wasn't at fault is when an ad server was compromised and was displaying malicious adds that exploited browser vulnerabilities, and all people had to do was visit a trusted site....like the Blizzard forums. Yep, the Blizzard forum's ad server was compromised and that nailed a lot of people. But short of that, it's always been the user's fault.

Every other time it's something that the user did or didn't do. Like too much anti-virus, not enough, not keeping things updated, writing passwords down, and other misunderstandings of computer/internet security to name a few.

That being said, this issue sounds like it could be either a big hoax or a big vulnerability. There are three likely scenarios of hoaxes, if WoW was any indication.

First of all, is keyloggers. Look at WoW for example, when the current battle.net was implemented. There were a ton of people who were hacked in the days and weeks following battle.net's release. People freaked out and thought Blizzard was compromised, but the real reason? Just keyloggers. Lots of people had keyloggers on their computers, but they keyloggers couldn't steal login info because people saved their username in the login screen and never actually typed out their username so the malicious code just sat dormant. Once the new battle.net was released, *everyone* had to type in their battle.net email instead of just their password. Bam, keyloggers got all of the login information in one swoop and bam, tons of people were hacked. Maybe the same issue for Diablo 3?

That above issue would make a lot more sense if lots of the people being hacked were actually lying about having authenticators (my second point). From what I've seen on the WoW forums in the last year, that is very very very likely. There are lots of customer service forum posts where the guy is screaming that he did have an authenticator, he's not an idiot, Blizzard must be hacked. Only to have a Blue post that there either is/was no authenticator attached to the account or that it was removed prior to the account being hacked. So this is a very real possibility.

Third of all is the possibility of another man-in-the-middle attack. D3 is super new, there's a lot of people googling all sorts of information about it. It's not unlikely that some lesser websites are compromised and are handing out man-in-the-middle attacks.

Finally, how big is D3? Most pre-orders in history? Millions of people playing? If Blizzard was compromised or if there was a bug being exploited, this issue would almost certainly be a lot more than just a few dozen people posting about it on the forums.
Edited by bulreporting#1806 on 5/21/2012 10:33 AM PDT
Not hackers its lagg, http://www.youtube.com/watch?v=5phnec6AK-s&feature=relmfu
61 Undead Rogue
8060
Posts: 109
All I can tell you is that I saw the venom spewed at players on the Rift forums when this happened in Rift last year. As many of who were there know, it turned out TRION'S authenticating system DID have a hole in it allowing the hackers to bypass having a user name/password to log in. They simply were able to grab players session i.d.'s to log in to everyone's accounts due to an 'oopsie' on Trion's end when coding their servers.

It took Trion several days to make an official announcement that it had, in fact, happened after thousands had been stripped.

Was fun having to cancel my credit cards and put a fraud alert on mine and hubby's credit reports afterward. Needless to say, they lost us as customer's for life.

Wouldn't be a bit surprised if this came from the exact same bunch of people that breached Rift.
Edited by Mufflon531#1850 on 5/21/2012 10:34 AM PDT
05/21/2012 10:33 AMPosted by Absínthe
All I can tell you is that I saw the venom spewed at players on the Rift forums when this happened in Rift last year


Let me guess, was it something along the lines of "QQ more loser. L2security"? I also assume none of them came back to the forums to apologize for being so rude, either.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]