Diablo® III

Session Spoofing

06/04/2012 07:49 AMPosted by Ewing
It could considered fraud in a lot of counties, just not in the countries they operate out of. What you don't realize is; Most of the areas they operate out of are fairly impoverish. As I said: "Never underestimate the power of a industry that provide gainful employment to a large number of the local community." Nor of a well placed bribe for that matter.


I do know that in Australia, it would be considered fraud. All it would take is some leaning on Interpol's shoulder from the Australian Federal Police, with Blizzard's help, and they could force the Chinese government to shut gold farmers down. While it would not get rid of all the gold farmers, it would break the business badly enough that it may not be able to recuperate.
80 Dwarf Shaman
15650
Because WoW accounts ARE getting hit. There's still forum posts about it. It's an epidemic on D3 forums because a lot of the people playing D3 haven't played WoW before and don't realize how secure an authenticator makes their account, so they don't have one. Most WoW players are either smart, or have been hacked at least once, and most have authenticators at this point.

WoW gold is almost dirt cheap now because it's so easy to make by the player base, and most older players have everything they need. WoW's an old game and most gold sellers have a huge stockpile that they can barely sell for any money. Have you seen WoW gold prices lately? It's so low. D3 is a prime target with a fresh market and a bunch of dumb users who won't protect their account.
90 Undead Rogue
14900
06/04/2012 07:14 AMPosted by Blargenflarg


I remember those days.

Ah Sex Leg, why won't you come back?


Hai, am from foreign country am want to show you the sex girl.

www.google.com

click link see the sex girl for free.


It's not the same!
IT'S JUST NOT THE SA-A-A-A-AME

*sob*
85 Tauren Druid
7620
I expected the link to have code analysis. That would be proof. This isn't proof, it's just more conjecture.


I have argued with logic. Logic has been put in front of you time and again and you seem to continue to ignore it or outright deny its existence. You wouldn't know logic if it hit you across the face, grabbed your mouth, and sh!t down your throat.

Let me just ask you about my last point, why would these hackers not touch the victimized D3 players' WoW accounts? Why not, if they truly have access to the victim's username and password, and are only in this to steal "pixels" and not risk stealing actual cash (even though it's still a crime in the US/UK, but assuming these hackers are in another country, unfamiliar with the law, stupid, etc).


Maybe because a lot of D3 players don't play WoW. There are millions of people that bought D3, Because it is sequel of the original, or of D2 which were not really on line games. A lot of them have never or very infrequently play on line games; or if they do, they are relatively minor games, that hackers don't really bother with. Because of this, they are not as savvy about online security as your average WoW player, that are use to this type of thing. Those people don't know they should not use the same email and password for everything. They don't know how to be weary of phishing email. The use the same SQ&A for everything; and they do not know that they should be careful about what they post on face book, so as not give hints on their SQ&A. All of this make a prime target for those that steal accounts.
The cat's finally out of the bag.


Because since there is an expansion that is coming out soon the market for WoW accounts and gold isn't going to be doing that good.

D3 gold right now is especially valueable because D3 is both new and the RMAH isn't out yet.

Is that just your assumption? The gold economies are doing absolutely fine in WoW. And I would wager that an average WoW account is probably worth several hundreds (due to the many years of effort in acquiring items) while a typical D3 account is probably worth the vicinity of $10-15.

Also, no one has a counter for my arguement yet: D3 and WoW accounts SHARE THE SAME USERNAME/PASSWORD. So why aren't the D3 victims with WoW accounts having their WoW accounts hacked too?


You can't sell those items on WoW accounts or the accounts they are on, it takes way to much time.

The only thing of value you can really get from both D3 and WoW accounts are gold.

WoW gold isn't selling to high compared to D3 gold.
technically impossible? really?

any people who's a bit aware of computer networking and security would tell you that nothing's impossible.

the probability might be low, and i believe that whats currently happening might be something different than this spoofing described here.

BUT, whoever stated in a previous post that, in a spoofing case, the IP has to be spoofed too is right, but the point is that it is perfecly possible to spoof this IP without even doing anything on tgt IP, so no way the victim can be somehow responsible / infected / whatever.

it is not easy, but it is possible.

also, regarding the facts (and only the facts).

- lotta ppl getting hacked (several hundreds, maybe more)
- only D3 account "stolen"
- seems only the last played character is targeted (to be confirmed)

this let the keylogger probability go to........0.0000000000001%

reason is easy, all those ppl would have had ALL their char wiped out AND probably would have also suffered of different sides effect, such as a paypal account stolen / bank acount / steam acount etc.., you know, something more sensitive that would, with no doubt, interest ppl driven by money.

so the logical conclusion is that,maybe some users are somehow infected, ut the majority of the hacked ppl had nothing to get blamed about, and the issue is somewhere server-side.

strange fact: the hack begun just after the mysterious server crash that happened the first sunday, and don't make me believe it was a planned maintenance from Blizzard, on a sunday afternoon.

so what would be great for Blizzard to do, is to keep investigating clearly this issue (and i believe this is their top priority when i write those lines)
OFFER the rollback for the hacked ppl, not fair for them to be punished a 2nd time

stop blaming the player, while it is a great thing (and necessary) to make them change pwd and check their systems are sane, it is really rude to just respond them "this is all your fault" while obviously, this is not, and more the time goes, more obvious it is.
06/04/2012 08:01 AMPosted by Vadoff
Even if the percentage of D3 players who play WoW as well is only 1% (it's probably more like 20%), we would have seen someone complain that they've gotten both hacked by now. But we haven't.


I suspect that Blizzard has ways to track and subsequently ban people who hack wow accounts, but not Diablo accounts. This would account for the lack of WoW hack complaints - they are making a beeline for Diablo, because there will be no reselling - they grab the gold, stash it, then use the RMAH (when implemented) to profit off it. Takes a whole factor out of the equation for them. The average gold farmer gets paid $15-20 per month, and they are cutting a lot of gold farmers out.

It just takes a look from a business perspective.
06/04/2012 07:53 AMPosted by Óðinn
I do know that in Australia, it would be considered fraud. All it would take is some leaning on Interpol's shoulder from the Australian Federal Police, with Blizzard's help, and they could force the Chinese government to shut gold farmers down. While it would not get rid of all the gold farmers, it would break the business badly enough that it may not be able to recuperate.


Except that Interpol and Australian Federal Police have a lot bigger things to worry about than Diablo gold farming. That's why it's considered "safe" to hack online game accounts.
Maybe because a lot of D3 players don't play WoW. There are millions of people that bought D3, Because it is sequel of the original, or of D2 which were not really on line games. A lot of them have never or very infrequently play on line games; or if they do, they are relatively minor games, that hackers don't really bother with. Because of this, they are not as savvy about online security as your average WoW player, that are use to this type of thing. Those people don't know they should not use the same email and password for everything. They don't know how to be weary of phishing email. The use the same SQ&A for everything; and they do not know that they should be careful about what they post on face book, so as not give hints on their SQ&A. All of this make a prime target for those that steal accounts.

Even if the percentage of D3 players who play WoW as well is only 1% (it's probably more like 20%), we would have seen someone complain that they've gotten both hacked by now. But we haven't.


In D3 they can access just one toon, and strip the account of all of it's gold and empty out most of their stash(bank). However in WoW they have to access each and every toon to do the same thing.
Except that Interpol and Australian Federal Police have a lot bigger things to worry about than Diablo gold farming. That's why it's considered "safe" to hack online game accounts.


The AFP have a huge cybercrime division, its the AFP with Interpol that busts most of the international cybercrime and !@#$%^-*! rings. I know 300 people, just friends of mine within my city, who play Diablo 3. That's a lot of people, the number of Australian players are huge, and if the number gets high enough, and fraud through the RMAH is being committed, the AFP will step in and take action.
it encrypted bank account #. If you can do that I'll give you all of my money. See you in a couple of thousand years.


there is the issue:

on diablo, nothing but the loggin is encrypted

oh and btw, SSL has been broken in sept 2011 fyi.

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

u mad?
Here is the link, it contains everything you need to know, read before it is taken down.

http://www.cinemablend.com/games/Diablo-3-Session-Spoofing-Real-Do-Join-Public-Games-43162.html


YOUR MOVE BLIZZ

How about they just point out how crazy you guys are acting and mail you some complimentory tin foil?
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]