Diablo® III

Session Spoofing



YOUR MOVE BLIZZ


They have already addressed this.

http://us.battle.net/d3/en/forum/topic/5149181449

Battle.net®/Diablo III Security Concerns

Over the past couple of days, players have expressed concerns over the possibility of Battle.net® account compromises. First and foremost, we want to make it clear that the Battle.net and Diablo III servers have not been compromised. In addition, the number of Diablo III players who've contacted customer service to report a potential compromise of their personal account has been extremely small. In all of the individual Diablo III-related compromise cases we've investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account, and we have yet to find any situation where a Diablo III player's account was accessed outside of "traditional" compromise methods (i.e. someone logging using an account's login email and password).

To that end, we've also seen discussions regarding the possibility of account compromises occurring in ways that didn’t involve these "traditional" methods -- for example, by "session spoofing" a player’s identity after he or she joins a public game. Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible. However, you have our assurance that we’ll continue to investigate reports such as these and keep you informed of important updates.

The best defense against account theft still includes smart password management (e.g. using a unique password for every site/service and keeping your password to yourself) and scanning for malware and viruses regularly, as well as following additional preventative steps found here. In the end, while no security method is 100% foolproof, the physical Battle.net Authenticator and Battle.net Mobile Authenticator app are great ways to provide your account with an extra layer of protection.

We hope this update has addressed some of the concerns you've had. In the end, we simply want all of our players to be able to fully enjoy Diablo III, and we've been working around the clock to address issues as quickly and efficiently as possible. We appreciate your continued support and enthusiasm, and we hope you and your friends are having a blast slaying Sanctuary's demons.


What a surprise!! Blizzard denying that it's possible! What else would you expect them to do with literally BILLIONS of dollars at stake?
80 Dwarf Shaman
19405
Posts: 3,241
That's not proof. That's a blog. I could write a blog saying that cartoon characters really exist and that pink gym shorts are the latest in men's high fashion. I'd be wrong. Some idiots might actually believe me but I'd still be wrong.
80 Dwarf Shaman
19405
Posts: 3,241


They have already addressed this.

http://us.battle.net/d3/en/forum/topic/5149181449



What a surprise!! Blizzard denying that it's possible! What else would you expect them to do with literally BILLIONS of dollars at stake?


They stand to lose even more being caught in a lie. Are you completely idiotic, or just slightly moronic?
I have yet to see evidence that this is true. In the very article your using as evidence, it say's that they cannot confirm. If those of you are as technical expertise as you say, load up Wireshark or Kismet and prove it.

I am not saying it's impossible (though Blizzard is), but I have yet to see anything other then hear say about it, and I KNOW how difficult it would be to do.
100 Undead Rogue
16880
Posts: 3,298
Guys, I'm the CEO of importantsecuritycompany Inc and I have 50+ years of computing security experience and I have been hacked! I don't use an authenticator because I am just so damn good at Internet Security, I eat binary for breakfast, it's delicious.
I say blizzard is hacking the company from the inside because why not?

Now please believe me because I said words and there is no reason not to believe me.
Read all my TRUE hypothesis on my angelfire.com site angelfire.com/BiLlYsKomEdyKornEr
Posts: 7,046
Bump. The fact that only the most recently played character is stripped should be evidence alone that something is awry. If a player manually logged into your account, they would have stripped all your characters of their possessions as well.

I'm still paranoid to play public games.


I don't see how that proves anything, they are just trying to get through as many accounts as they can as quickly as they can, wasting time jumping around to your other characters doesn't do that, it slows them down and seeing as your stash and gold are shared, they just jump in vendor it all and take the gold. then move on to the next target.
I submit this:

http://xkcd.com/978/

Take it as you will.
80 Dwarf Shaman
19405
Posts: 3,241
06/04/2012 06:27 AMPosted by Blazur
I don't see how that proves anything, they are just trying to get through as many accounts as they can as quickly as they can, wasting time jumping around to your other characters doesn't do that, it slows them down and seeing as your stash and gold are shared, they just jump in vendor it all and take the gold. then move on to the next target.


It may not prove anything but does make this suspicious. I've read reports of people's low-level characters getting hacked while their level 50-60 char was left untouched. Also only the first page of their stash was drained. Maybe it's somebody rushing to clear it before they're caught, or maybe it's an automated process. Either way, if your account was manually broken into or the password compromised, it would seem the hackers would take the time to drain it completely.


This has already been explained 500 times if not more on these forums. The hackers are draining 1 character of all their belongings and their gold and going on to the next account, because everything is shared across the account, selling all of your alt's gear for an extra 2k per character isn't worth the time. Got it now?
Posts: 7,046
06/04/2012 06:27 AMPosted by Blazur
I don't see how that proves anything, they are just trying to get through as many accounts as they can as quickly as they can, wasting time jumping around to your other characters doesn't do that, it slows them down and seeing as your stash and gold are shared, they just jump in vendor it all and take the gold. then move on to the next target.


It may not prove anything but does make this suspicious. I've read reports of people's low-level characters getting hacked while their level 50-60 char was left untouched. Also only the first page of their stash was drained. Maybe it's somebody rushing to clear it before they're caught, or maybe it's an automated process. Either way, if your account was manually broken into or the password compromised, it would seem the hackers would take the time to drain it completely.


I wouldn't think so, if you put yourself in their shoes, and they've got a ton of account's to go through, would you go through each one as quickly as possible, just jumping on the first guy, vendoring his gear and the first couple tabs of his stash and trading off the gold to the other account and move on to the next guy asap, or would you take the time to jump around to every character and drain everything the account has before moving onto the next one?

Say you have 1 hour to do this, and you can do the drain option or the quick sell and move on option. the drain option takes you 5 minutes per account and the quick sell and move on option takes you 2 minutes per account. you could hack 30 accounts in 1 hours time, or you could hack 12 in an hour.

If you are trying to get the most gold you will be doing the quick sell and move on option, rather than spending the extra time to drain the account, you will hit more accounts in a shorter timeframe netting you much more gold in a shorter period of time.

You just gotta kinda get inside their head and stuff like this makes sense.
Posts: 7,046


What a surprise!! Blizzard denying that it's possible! What else would you expect them to do with literally BILLIONS of dollars at stake?


They stand to lose even more being caught in a lie. Are you completely idiotic, or just slightly moronic?


correct, there are serious legal ramifications not to mention the huge hit to their public relations, losing a lot of customers.

If they got caught lieing about this, the chances are the company would not recover, they would lose so much more than they stand to gain and they couldn't get away with it anyways.

Sony tried and now they are facing tons of fines and stuff, you can go read into that more if you want.
06/03/2012 09:49 PMPosted by islander1
Blizz is going to deny it but when !@#$ is published in Forbes, I mean...that's really, really not good.


Forbes magazine has been a joke for over a decade.
Posts: 7,046
06/04/2012 06:36 AMPosted by Blazur
This has already been explained 500 times if not more on these forums. The hackers are draining 1 character of all their belongings and their gold and going on to the next account, because everything is shared across the account, selling all of your alt's gear for an extra 2k per character isn't worth the time. Got it now?


Sorry...I'm not buying it. Just trying to think with the mind of the hackers. If you've hacked into an account are you really only going to drain just the money and not the other items? Some of this godly gear could sell for a ton more gold or even some decent $$ when the RMAH goes online. Somehow I doubt the hackers have a backlog of hundreds of accounts just waiting to be drained and thus need to be time efficient.

This almost sounds like an automated process.


ATM they are selling gold on their websites they keep spamming in General chat, and people are going there and buying the gold, and many of the people doing that do not have authenticators, and are being hacked. It's been a gold selling sites strategy for a long time, they sell to you, then just hack you later and steal all your gold, they don't actually farm the gold themselves, at least not very much. Most of the gold they sell was stolen from their own customers.

Right now they aren't interested in the RMAH, and who knows if they ever actually will be, they'll keep using their 3rd party sites and spamming us in game chat with them.
Posts: 7,046

2.) Because the hackers are singling out Diablo 3 accounts and trying to hack as many of them as they can, they aren't looking for your credit card info, or your other game account passwords, they are looking for your battle.net info.


So... why would they need to empty out as many D3 accounts as quickly as possible if they have access to the users' password...? They wouldn't, they could take their sweet time - there's absolutely no rush. In fact, it would be disadvantageous of them to do it quickly, as it would cause a panic that would result in many of their targets to change their passwords and remove the supposed keylogs (of which no victim has found). Conversely, it would make perfect sense for them to be in a rush if they're trying to empty as many accounts as possible before Blizzard fixes the exploit.

Also, what's the final purpose of stealing all this gold? It's of course to bank it at the RMAH for real cash. So are you saying that the hackers have no interest in a user's bank and paypal account when it probably has over a hundred times the potential profit? The fact that these hackers have only hacked their D3 account, but NOT any other account is absolutely TELLING. Revealing that their D3 account has been hacked will incite the victims to take action - most likely sweeping their computers for keylogs (which, let me remind you, that no victim has yet managed to find) and changing their passwords on their most critical sites - meaning that the hackers will lose their chance to steal from the victim's paypal/bank.

If there were keylogs involved, we would see victims losing their accounts everywhere, not just D3, plain and simple.


They have taken their time, in fact they struck at the perfect time for them to do so. They didn't do it immediately at launch and many of these users that were hacked theyve had their info for a very very long time and have been waiting. They waited for 2 weeks after launch, once everyone was finally far enough for them to have some actual gold on their accounts and for people to start working on inferno, that's when they hit, and before the RMAH so the only source of gold for a lot of people is to go to their websites and buy their gold, and then they just steal it back.

They hit at the perfect time, it's not about the items, it's about the gold. they aren't even taking items they are vendoring them.

I could go on but you don't think through many of your assumptions do you?

Also, its impossible for such a thing to happen because of the way that D3 was created. I'm not a ITT techy guy, but I've been told a rough version of how it works.
.


Please actually learn some things before posting. A rough idea? wow your going to defend off of that? I am an IT guy and this is entirely possible if they have not built the game correctly.
Then read the link I posted on page 1 of this article, completely debunking the lies in that cinemablend blog post.
Edited by moojerk#1213 on 6/4/2012 6:49 AM PDT
Posts: 7,046


They have taken their time, in fact they struck at the perfect time for them to do so. They didn't do it immediately at launch and many of these users that were hacked theyve had their info for a very very long time and have been waiting. They waited for 2 weeks after launch, once everyone was finally far enough for them to have some actual gold on their accounts and for people to start working on inferno, that's when they hit, and before the RMAH so the only source of gold for a lot of people is to go to their websites and buy their gold, and then they just steal it back.

They hit at the perfect time, it's not about the items, it's about the gold. they aren't even taking items they are vendoring them.

I could go on but you don't think through many of your assumptions do you?

I don't think you think things through, actually.

And you haven't answered my other question, why would the hackers steal their D3 gold when it's worth hundreds of times less than the money in their paypal and bank accounts?


Because they can get away with it obviously.

These are Gold Farmer's, not Bank Robbers, it's a much more serious crime.
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]