Diablo® III

Battle.net® Account Security & Diablo® III

(Locked)

Posts: 1,127


Don't be retarded. They would still need to match it to the range that the user normally logs in from. You would have more luck winning the lotto 50x over than guessing what range of IPs I am normally assigned to by my ISP.

The only way you're going to get my IP is if you have access of my machine or there's a vulnerability in Blizzard's system that allows you to get an IP from someone's battle tag.


You have nothing to back up your claim so you resort to attacking me instead of actual facts. Nice!


Everything I just wrote can be confirmed by Google and reading up on how the internet works.

An ISP will buy a large block of IPs and then allocate them around the regions they serve.

If I have a nation wide ISP and my house is located in Timbuktu California then my ISP's hub that controls internet access for Timbuktu California is going to have a pool of pre-assigned IPs to choose from. Those IPs will never be the same pool from LolLearnToNetwork Texax.

You would need a pretty precise range and it's basically impossible to guess.

Here's some reading material to get started you clown:
https://www.arin.net/resources/request/ipv4_add_alloc.html

You can do the rest of the research yourself.
Edited by viscrom#1983 on 5/22/2012 1:33 PM PDT
85 Worgen Warrior
12375
Posts: 12

What are you going to proxy, the end user's machine? Most ISPs block all http(s) ports from being accessed. There's no getting around something that's blocked at a level beyond what's compromised.

Just because you can Google for "proxy server" and find sites to proxy through doesn't mean it's easy to spoof an end user's IP. Most of the proxy sites have extremely limited support too (no javascript, cookies, etc.).


They aren't spoofing the end user's exact machine. All they need is some IP range in the greater US.


How do you figure? I normally play from Philly, where I live. When I try to log on at my grandparents' shorehouse on the coast of NJ all of 50 miles away, I get an authenticator prompt regardless of when I last logged in.

And if what you're saying is true, it would be more troubling than the alternative. Just going to a slightly different area of the same state should in most cases change your IP significantly. Why would Blizzard not consider it out of the ordinary for someone who plays from, say, California to suddenly try and log on from Colorado for the first time ever?
Posts: 221
So according to a blue all cases they have seen have been traditional hacking via stealing password and Logging in.

Even if every single person who claimed they were using an authenticator lied, what about all the people who submitted tickets and were told no compromise on their account took place. That alone 100% contradicts the blue's claim.

"Duh they stole your password and logged in but we have no record of anyone else logging in so... Uh... Read our security articles guys!"

Both hilarious and tragic at the same time
Posts: 70


You have nothing to back up your claim so you resort to attacking me instead of actual facts. Nice!


Everything I just wrote can be confirmed by Google and reading up on how the internet works.

An ISP will buy a large block of IPs and then allocate them around the regions they serve.

If I have a nation wide ISP and my house is located in Timbuktu California then my ISP's hub that controls internet access for Timbuktu California is going to have a pool of pre-assigned IPs to choose from. Those IPs will never be the same pool from LolLearnToNetwork Texax.

You would need a pretty precise range and it's basically impossible to guess.

Here's some reading material to get started you clown:
https://www.arin.net/resources/request/ipv4_add_alloc.html

You can do the rest of the research yourself.


Actually it's not hard at all to find a range if you know how to make subnet mask ( I know that's not right terminology it's not coming to me atm but you know what I mean) all the person needs is your dfg, subnet mask which neither are very hard to obtain these days then finding out the ip range isn't hard at all assuming you can remember the math behind it.
Edited by ZestyCorpse#1524 on 5/22/2012 1:40 PM PDT
If it really is completely done by logging passwords they should introduce a system like it is used in some MMO's, you know, make it able to type the pass via mouse... of course with a trojan doing screen capture this wouldn't work, but at least a lil safer...
Posts: 207
05/22/2012 12:32 PMPosted by TheJackal
This works regardless if you have an authenticator or not. Until Blizzard patches the exploit, you need to take precautions for yourself.


The OP has NOT ONE IDEA of what he's talking about. In order to 'hijack' your session, the perpetrator would have to already have control over the routing to your source IP address. That means they're either on your network (You already got owned) or they're your network provider (Your ISP is operated by criminals). Don't post security exploits unless you can duplicate them yourself. If you can, post a link showing your method so others can check your work. If you can't, SHUT THE F*CK UP.

1.)Anything coming from Blizzard towards you, puts your IP as the destination not the source.
2.)Any Man in the Middle of Attack is capable of intercepting the destination and redirecting even potentially resigning any certifications as they decrypt then encrypt the traffic to make it appear that they are not there. Session Hjacking via man in the middle is not unheard of especially in a public game where traffic is broadcasted to all players.


You have nothing to back up your claim so you resort to attacking me instead of actual facts. Nice!


Everything I just wrote can be confirmed by Google and reading up on how the internet works.

An ISP will buy a large block of IPs and then allocate them around the regions they serve.

If I have a nation wide ISP and my house is located in Timbuktu California then my ISP's hub that controls internet access for Timbuktu California is going to have a pool of pre-assigned IPs to choose from. Those IPs will never be the same pool from LolLearnToNetwork Texax.

You would need a pretty precise range and it's basically impossible to guess.

Here's some reading material to get started you clown:
https://www.arin.net/resources/request/ipv4_add_alloc.html

You can do the rest the research yourself.


Reading up on how the internet works...perhaps you should find better sources if this is the info that you are learning.

Considering keyloggers, mitm attacks and "spoofed" webpages all report your IP address, getting anywhere close to what you've used before would be easy. However as I've said before, anything in the greater US will work. If it didn't, no one would be able to buy and sell battle.net accounts. Tell me, what do you think happens when someone in CA buys an account from someone in NY and one person logs in right after the other. Does the account get locked out? Hell no.
So according to a blue all cases they have seen have been traditional hacking via stealing password and Logging in.

Even if every single person who claimed they were using an authenticator lied, what about all the people who submitted tickets and were told no compromise on their account took place. That alone 100% contradicts the blue's claim.

"Duh they stole your password and logged in but we have no record of anyone else logging in so... Uh... Read our security articles guys!"

Both hilarious and tragic at the same time


I'd like to see that addressed as well. Their response was simply "We don't see any suspicious activity ... move along" and based on that they can claim that almost no one is getting hacked.
Simply having a security program is only part of the equation. As others have pointed out in this thread, if you have Anti-virus but never update the definitions, that Anti-virus gives little to no actual security. In this case, it is clear that most if not all hacked accounts did not have an authenticator. A few people claimed they were hacked with an authenticator but more than one of these people admitted that their authenticator was setup to only require infrequent login verifications.

My authenticator requires use for each and every login attempt for Battle.net account management, forums, D3 etc. If we are dealing with a keylogger and you only have to input your authenticator code once a week (or some other infrequent input timing), then your authenticator is only providing minimal protection at best.

I would be very interested to know if anyone has been hacked that has indeed followed security measures to the letter of the law. That is:

1. Have an active Authenticator required for each and every login.
2. Have a unique alpha-numeric password that is NOT used for any other sites/games.
3. Have up-to-date virus/mal-ware programs.
4. Have not given out their password to anyone, including friends/family.
5. Have a secure E-mail address tied to Battle.net account.

I, myself, am following all of those and if my account gets hacked, I will be the first to come back here and tell everyone about it. If your account can be compromised while following those 5 things, then clearly there is a serious vulnerability that is beyond our control.


so i had 4 out of the 5 going on(i have admitted to not having an authenticator,but do now) my password consisted of letters,numbers and special characters,i have a constantly updating anti virus program that updates its definitions every couple of hours along with a pro malware program that constantly runs and updates.My own husband doesnt know my login info for b.net much less anyone else and the email tied to my account is secure and is only used for certain things and has a password different from the b.net one.I did get hacked and they have admitted something happened to my account.I am not on here to yell and whine and call names i am just warning people to be careful.The only thing i did before this happened was visit the AH.the attack happened within just a few minutes after doing so.loaded up my game after going to the AH got a notice that my game had become public when i hadnt set it that way then i got booted off because another computer had logged into my account.Tried to get back in and in just a few moments they had changed my password for b.net and had stripped my toon.Nothing else of mine has been affected,no other accounts or anything just the D3 toons.To be honest i think there is an exploit in the AH and public games allowing this to happen.It makes sense since all these attacks happened just when they were doing the release for the RMAH.That may have been the true intention and this may just be a practice run for whatever they are planning.and here is the response i got from blizzard admitting my account was messed with..:
Hiya,Thank you for contacting us about your account. I know how upsetting these situations can be so we'll do our best to get this resolved as quickly as we can! :)After looking over your account we were able to verify that there was some exploitive third party access to the account. We are able to assist in recovering the lost goods for the character on the account, however restorations for Diablo 3 are limited at this time. A few things to consider:1) There may be items still missing after the restoration.2) Any progress gained after the date of the compromise will be lost. So we suggest not progressing any further until a restoration is made which should not take long at all.3) It may affect whether we are able to assist with account compromises in the future.With all that considered, if you would like to proceed with the restoration for the account please respond to this letting us know clearly that you would like to use one of your limited restorations.Account security is critically important. To help protect your account, we recommend following the Security Checklist (<http://www.battle.net/security/checklist>). =)Regards,Game Master LythmaerzCustomer ServicesBlizzard Entertainment
Posts: 1,127
05/22/2012 01:36 PMPosted by Legion
Not hard at all to find a range if you know how to make subnet mask ( I know that's not right terminology it's not coming to me atm but you know what I mean) and if a person gets a hold of your dfg, subnet mask then finding out the ip range isn't hard at all assuming you can remember the math behind it.


You sound like someone who just watched the movie Hackers for the first time, but now it's 50 years in the future and you're trying to remember the buzzwords they used.

How does "make subnet mask" translate to "get precise IP range from a person who could be using 1 of thousands of ISPs and can be living anywhere in the 'Americas'".
Edited by viscrom#1983 on 5/22/2012 1:40 PM PDT
It's my theory that these scammers/hackers stole passwords via fake emails/etc...and patiently waited for the day before the D3 real money AH was supposed to open.
85 Worgen Warrior
12375
Posts: 12
Simply having a security program is only part of the equation. As others have pointed out in this thread, if you have Anti-virus but never update the definitions, that Anti-virus gives little to no actual security. In this case, it is clear that most if not all hacked accounts did not have an authenticator. A few people claimed they were hacked with an authenticator but more than one of these people admitted that their authenticator was setup to only require infrequent login verifications.

My authenticator requires use for each and every login attempt for Battle.net account management, forums, D3 etc. If we are dealing with a keylogger and you only have to input your authenticator code once a week (or some other infrequent input timing), then your authenticator is only providing minimal protection at best.

.........

If your account can be compromised while following those 5 things, then clearly there is a serious vulnerability that is beyond our control.


Am I the only one who finds it troubling that they hacked ANYONE with an authenticator? And not using a man in the middle attack whereby they transmit the real code and switch the user's real code to a fake so they get rejected (as far as I can tell) either. Some of these people were already logged in when they were kicked off, or had not been logged in for hours and the hack occurred while they were asleep or at work or what have you. I don't care if they have their authenticator to ask for a code once every eighteen thousand years; authenticators are supposed to work so that if someone with a different IP (IE, location) from your normal area of play tries to login, it will ask for a code. Every. Single. Time.

The fact that it is either not doing this or else they are bypassing/spoofing that is extremely disconcerting. Whether you can 100% avoid this by checking to authenticate every time or not is irrelevant to the fact that it is extremely troubling that people are apparently bypassing a supposed major security feature of the authenticators.
Edited by Tanis#1509 on 5/22/2012 1:43 PM PDT
Posts: 42
Here is the latest response I received from Blizzard related to a different issue. To all those defending Blizzard please read and respond to my questions afterwords.

The status of your Customer Support ticket #2637xxx has changed to “Resolved.”

You can view your ticket details or check its status by clicking the link below:
<http://us.battle.net/support/ticket/thread/2637xxx>

If you can’t click the link above, copy and paste the entire URL into your browser.

This is the latest response from Customer Support:
Hello Z,

Thanks for contacting us! Unfortunately, I didn't have the opportunity to speak with you, but I certainly hope everything is going well!

At the time we have a system implemented called Battle.net secure that does what was mentioned on your petition. When an IP changes dramatically the account will be locked, preventing access from exploitative login. The authenticator, which can be downloaded for free, will add extra protection.

Should you require further assistance with this issue, please do not hesitate to resend your petition and we will be happy to review it just as soon as we are able.


Best Regards,

Game Master Korromari
Blizzard Entertainment

This leads me to believe that if my account credentials were garnered either through hack or crack or keylogger, they would still notice the IP address change and lock the account. Also, every time I have ever gone through a password change process it involves receiving an email to confirm you are the owner before allowing the change.

Question 1: How do they gain access to an account when the above mentioned IP address change should protect it?


Because it's easy enough to use a proxy to change your IP

If they come in using a different IP then the security is supposed to lock the account. If they spoof my exact address, then you assume they can complete the change with one packet send because every return packet is going to my machine. Your answer to quesiton 1 still fails to explain why Blizzard would allow from different IP. And spoofing my exact IP is only valid if they can receive return packets.

Question 2: How do they change the password when we know they don't also have access to the email?


They don't need access to your email to change the password.

But users are reporting that after their account has been hacked/cracked that the password was also changed to prevent them from getting back in.

Question 3: How do they do it when someone is already logged on?


It kicks you out.

Another obvious mistake it shouldn't do. Why would they allow someone to clobber my existing conn that has already been validated?

Question 4: Why is it every one of the threads except this one end up getting deleted or locked? Which also makes me wonder how long before this one is locked.


Because the people complaining are irrational.

I somehow think you or any of us would be as boistrous if our accounts were hacked. The "security measures" are supposedly in place to prevent it.

Question 5: To assume your credentials were garnered client side and were used from another computer would imply #1 above doesn't work (still a Blizzard issue then). Explain how this could be true?


Again, anyone can spoof their IP.

You keep mentioning this but I don't believe it to be that easy. Can you provide a link to such evidence of how easy it is to spoof my personal IP address that is NOT static and is handled by my cable company using a very large range for DHCP?

Question 6: Which is more likely given the facts as we know them today: That all of the above preventions don't work and that all of your account info was gathered (including answers to secret questions) or that they are somehow gaining session ids that are already currently authenticated (post authenticator) and using/hijacking that connection to change passwords and add friends and steal items/gold?


They don't need access to your secret questions. All they need is a username and password. No one that was "hacked" had an authenticator attached, so there's no need think an absurd notion such as session id spoofing is happening. Not to mention that people have been having account issues since day one and Blizzard has never had an issue on their end, the only logical conclusion is that it's all on the end users side.


Blizzard has publicly stated that when logging in from a different IP address you will be asked a security question. So yes, they do need that too.
Posts: 498
I just find it interesting the apologists don't take the ridiculous amount of players compromised as something more than just being unwise button pushers resulting in a virus.

After reviewing this forum the last few days, I am inclined to say it's a problem on Blizzards end than the players.

What's interesting is that I have proof right next to me that Blizzard has had an account compromised with authenticator attached.

I have a well documented, over the weekend case of an account being compromised, the person is sitting right next to me and used the same network to connect.

5/18, custom computer I built for him.
5/18, installed Panda Cloud, Spybot Search & Destroy, Windows firewall enabled
5/19, Steam installed, Crysis 2, Torchlight, Magicka, Battlefield 2, HL2 EP1 EP2, ME, ME2,L4D,L4D2, TF2, Spore, Witcher 2, SC2, WoW and finally Diablo 3 installed over a day.
5/19, Log into Diablo 3, friend already an authenticator from WoW, play shortly.
5/20, played all day, DH and WD to level 30 and beat normal, shut down for day.
5/21, worked all day
5/21, evening, we attempt A1 NM, 7:42PM he is kicked off I am still on, authentication fails several times for several minutes. by almost 8PM he logged in to a naked level 30 DH and no gold.

This computer has been built BY mean with a clean Windows installation and entirely supervised by me for the past 5 days. It hasn't even been used to browse the web aside from this very website and Facebook, an account with an attached authenticator and being compromised.

Whether you all believe me or not is your own issue, but I have proof that Blizzard Entertainment is lying about having no breaches of secure of accounts with attached authenticators.
Edited by Chifte#1637 on 5/22/2012 1:44 PM PDT


They aren't spoofing the end user's exact machine. All they need is some IP range in the greater US.


How do you figure? I normally play from Philly, where I live. When I try to log on at my grandparents' shorehouse on the coast of NJ all of 50 miles away, I get an authenticator prompt regardless of when I last logged in.


Yeah, because you have an authenticator attached to your account. That's what it's supposed to do. These folks with issues do not have one.

And if what you're saying is true, it would be more troubling than the alternative. Just going to a slightly different area of the same state should in most cases change your IP significantly. Why would Blizzard not consider it out of the ordinary for someone who plays from, say, California to suddenly try and log on from Colorado for the first time ever?


It does change your IP, but not enough to flag the account, which was my point. The buying/selling of battle.net accounts is clear enough evidence of that. Now if you logged in from the US one moment then from China/Russia/India/Europe the next....
Can i just have my account rolled back please ??

Blizz, i don't care if you admit or not any responsibility... just roll back my account like it was...

can't find an answer here since everybody talk like security expert...Please just roll back my account...

Thanks
Posts: 1,127


Everything I just wrote can be confirmed by Google and reading up on how the internet works.

An ISP will buy a large block of IPs and then allocate them around the regions they serve.

If I have a nation wide ISP and my house is located in Timbuktu California then my ISP's hub that controls internet access for Timbuktu California is going to have a pool of pre-assigned IPs to choose from. Those IPs will never be the same pool from LolLearnToNetwork Texax.

You would need a pretty precise range and it's basically impossible to guess.

Here's some reading material to get started you clown:
https://www.arin.net/resources/request/ipv4_add_alloc.html

You can do the rest the research yourself.


Reading up on how the internet works...perhaps you should find better sources if this is the info that you are learning.

Considering keyloggers, mitm attacks and "spoofed" webpages all report your IP address, getting anywhere close to what you've used before would be easy. However as I've said before, anything in the greater US will work. If it didn't, no one would be able to buy and sell battle.net accounts. Tell me, what do you think happens when someone in CA buys an account from someone in NY and one person logs in right after the other. Does the account get locked out? Hell no.


I'm not "learning". I'm providing something to give people like you a reference because they wouldn't even know to Google for something like "ISP IP allocation". Are you really questioning what ARIN is? Do you even know what it is or does?


The American Registry for Internet Numbers (ARIN) is a nonprofit corporation that serves users of Internet number resources, such as Internet Service Providers, governments, and end-users in its region. ARIN's service region includes Canada, the United States, and several islands in the Caribbean Sea and North Atlantic Ocean.

ARIN is one of five Regional Internet Registries (RIRs) worldwide that provide Internet number resource services to all regions of the globe.


Surely the organization controlling IP allocation to the entire United States, Canada and other regions has accurate information.
Edited by viscrom#1983 on 5/22/2012 1:45 PM PDT
All they need is a proxy setup that routes game traffic through your compromised PC to bypass all IP address restrictions. If anyone with an authenticator was hacked, the most likely reason is that they have 'don't authenticate every login' feature enabled. This does seem to be a default option as I've had an authenticator since WoW first started using them, and when I started playing Diablo 3, I noticed that it didn't ask for my authenticator on a re-login from the same machine (something i immediately fixed).
Edited by EKLynx#1739 on 5/22/2012 1:46 PM PDT
Blizzard has publicly stated that when logging in from a different IP address you will be asked a security question. So yes, they do need that too.


No, not ANY different IP address, it has to be wildly different. I can change my IP right now and log in just fine. Simple usage of an American VPN would have made bypassing this system possible in most cases, but still, why speculate about speculation?

This conversation is worthless, there is no way to get to the bottom of something that doesn't have a bottom.

Tons of people have reported Blizzard's system catching suspicious activity on their account, so it has worked to some extent.

05/22/2012 01:45 PMPosted by EKLynx
If anyone with an authenticator was hacked


No one with an authenticator has come forward and stayed to prove it as of yet.
Edited by Sammich#1797 on 5/22/2012 1:50 PM PDT
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]