The sky is falling: player with token hacked? (lolIE)

[dejet]

You dont put your normal password in anymore its saved right? how do they steal that?
then they need the SE password(this can be gained with keyloggers ok. then they need your token.

the thing that bugs me is you do not input that 1st password at all. So it cant be just a basic log steal thing. just does not fully add up to me. the password that is saved i would think is safe? i guess not LOL FF or fail as always.

why do i get the feeling someone said "lol ID password on key is 666483 lulz!" and a co player that has other info took the accounts?

aren't these tokens the same type that is used by the Defense Dept, some banks, and stock/trade companies, for users to have secure, online access?

please tell me that fucking RMT haven't figured out how to hack these, while others who would want to steal your real money, get defense secrets, etc have failed.

china/Korea are rumored to of hacked many of the bank systems/pentagon systems in the last few months no? or was that all just bull shit?

[Snprphnx]

china/Korea are rumored to of hacked many of the bank systems/pentagon systems in the last few months no? or was that all just bull shit?

slanty-eyed devils

[Yugl]

You dont put your normal password in anymore its saved right? how do they steal that?
then they need the SE password(this can be gained with keyloggers ok. then they need your token.

The PS2 version requires (Or lets?) you to type in your first PW.

[Aselin]

Does anyone remember an old post here on BG before it was called "The New Standard"?

In that post, the player found out that the security token generated number can stay active up to 30 minutes. That means if you happened to get a keylogger auto-downloaded onto your computer through a banner ad with a malicious script, and not using any protection on your PC for these sort of things, yes, you can still get your account compromised with a security token in place.

It's why never, never, ever have a false sense of security when it comes to these things. Never tell yourself that it won't happen to you. Live with a little paranoia in your life, but not so much that it'll take over it but just enough to protect you.

So, in a way, I'm not too surprised this has happened, but I am also both worried and concerned that more events like this are going to happen soon. RMT are getting quite sophisticated now. They can pretend to be GMs by taking advantage of the line breaking space in tells to placing malicious code in banner ads.

If you are using Internet Explorer and don't want to use Firefox for whatever reason you religiously follow to a "T", then I highly recommend you install this: IE7 Pro.

It does what Ad Block and NoScript does for Firefox. It doesn't work for any version of IE that's version 6 or lower. It only works for IE7 and higher, including 8.

If you use Opera, you have to manually block the ads and HTML (or other code) per website or per page. It isn't done automatically for you, unless you blacklist the items in question first before you visit a website.

I'm sorry this happened, but it's better to be over-prepared and protect your computer.

Keep up-to-date anti-virus, anti-spyware, and anti-malware software on your computer. Install a software firewall like Comodo Internet Suite or ZoneAlarm.

Another good thing to have is this: KeyScrambler. It encrypts your keystrokes at the kernel level. You can get it here: QFX Download. Free version encrypts your keystrokes in IE and Firefox. Paid versions can encrypt your keystrokes in other programs.

[Snprphnx]

thanks for the info Ase. you are always the poster of logic, reason, and great information.

also,
i know on PC, the SE acct password automatically pops up a virtual keyboard and you have the option of typing out the password on either your real keyboard, which can be keylogged, or using the mouse to input the PW on the virtual keyboard.

Again, sorry that accounts were hacked, it really sucks. But honestly, you can't really blame SE for your personal fuck ups or false securities

[Yugl]

Another good thing to have is this: KeyScrambler. It encrypts your keystrokes at the kernel level. You can get it here: QFX Download. Free version encrypts your keystrokes in IE and Firefox. Paid versions can encrypt your keystrokes in other programs.

What's the "Kernel level"? Actually, what exactly does this do (Simply man!)? Make you immune to PW thieves? I wonder what the hell the Kernel would be doing stealing PWs anyways. He has his own secrets to worry about.

[TummieGaruda]

Probably Cross Site Scripting where malicious code was run on the client machine and then when the player connected to FFXi, the session was hijacked forcing traffic to flow through a 3rd party machine. I would guess at this point, the 3rd party machine would be able to see whatever the player is seeing and then send a false DC to the client machine. The player sees that they are dcing, and then when they try to restart POL, the hack prevents them from logging in allowing more time for the theft to occur. The hacker gains control without needing your information and then takes the account and strips it.

[Aselin]

Yeah, even with a software keyboard, you still have to be weary.

Those keys, if PlayOnline Viewer doesn't encrypt them as they are entered, have to be stored in your system's RAM regardless. As soon as one figures out where the value of the variable or string is stored for that before it's sent to the server, any program can read it and interpret it. It's most likely why it's safer to play on a console than a PC. I have yet to find a keylogger, virus, malware, or spyware programmed for a PS2, PS3 or 360 that would steal account information and monitor your keystrokes.

[TummieGaruda]

Does anyone remember an old post here on BG before it was called "The New Standard"?

In that post, the player found out that the security token generated number can stay active up to 30 minutes. That means if you happened to get a keylogger auto-downloaded onto your computer through a banner ad with a malicious script, and not using any protection on your PC for these sort of things, yes, you can still get your account compromised with a security token in place.

It's why never, never, ever have a false sense of security when it comes to these things. Never tell yourself that it won't happen to you. Live with a little paranoia in your life, but not so much that it'll take over it but just enough to protect you.

So, in a way, I'm not too surprised this has happened, but I am also both worried and concerned that more events like this are going to happen soon. RMT are getting quite sophisticated now. They can pretend to be GMs by taking advantage of the line breaking space in tells to placing malicious code in banner ads.

If you are using Internet Explorer and don't want to use Firefox for whatever reason you religiously follow to a "T", then I highly recommend you install this: IE7 Pro.

It does what Ad Block and NoScript does for Firefox. It doesn't work for any version of IE that's version 6 or lower. It only works for IE7 and higher, including 8.

If you use Opera, you have to manually block the ads and HTML (or other code) per website or per page. It isn't done automatically for you, unless you blacklist the items in question first before you visit a website.

I'm sorry this happened, but it's better to be over-prepared and protect your computer.

Keep up-to-date anti-virus, anti-spyware, and anti-malware software on your computer. Install a software firewall like Comodo Internet Suite or ZoneAlarm.

Another good thing to have is this: KeyScrambler. It encrypts your keystrokes at the kernel level. You can get it here: QFX Download. Free version encrypts your keystrokes in IE and Firefox. Paid versions can encrypt your keystrokes in other programs.

I do remember that, however, these new "hackings" that are taking place are happening seamlessly. Even though the tokens keys are good for 30 min, if you are online and someone tries to enter the information in, it should kick you off and say you were logged in from another location. But this is not the case in these new events because players are online, getting DC'd, but everyone else around them notices that they Red Dot, but come back without fully Dc'ing. It sounds more like the session is being hijacked and the player is being sent a false DC or the packets stop flowing to the client and they red dot/dc, when in reality, the session is still open but from another location.

There is no such thing as 100%. You can enhance your security which lessens the chance that data can be taken, but there will always be a way. All those things you described are the correct step in protecting yourself, but it's also good to practice safe browsing habits including not clicking on links that look suspicious, or opening attachments from people you don't know.

[Eanae]

Does anyone remember an old post here on BG before it was called "The New Standard"?

In that post, the player found out that the security token generated number can stay active up to 30 minutes. That means if you happened to get a keylogger auto-downloaded onto your computer through a banner ad with a malicious script, and not using any protection on your PC for these sort of things, yes, you can still get your account compromised with a security token in place.

Once a code is used, it, and all codes before it's generation become unusable.

[Liminality]

Also, I think yall fail to notice the back of your tokens...

"Made in China"

RMT central, how convenient. Probably passing a couple of free tokens their way to experiment with :D

[Gere]

^Don't make posts like that, people might take you seriously.

[Nattack]

SHUT. DOWN.

... uh

kinda scary, dont browse without condoms kids

[S N K]

Well I knew it was only a matter of time. I change all my passwords once a month and after reading this, Maybe every 2 weeks might be a better idea.

[TMG]

.... This happened to somebody in my linkshell Thursday night as well.

He was up in Sky farming Diorite, crashed, had problems logging back in. Was finally able to log back in after numerous attempts and he was naked in Sandy, stripped of gil and items. Has a security token, some people thought he was making it up because it wasn't supposed to be possible.

This was on Seraph by the way, was sometime around 1 AM EDT. He is getting the account rolled back thankfully. Not sure if he uses IE or what, but does play on PC.

[Flarega]

Yeah my former account that I was using for a couple weeks was hacked today. I use firefox only, but with no adblock or noscript, and only have visited FFXI sites in the last few weeks from the website compilation on this site. So I'm not quite sure how it happened, but yeah there you go.

I don't use security token, but it still feels kind of odd to me.

[Snprphnx]

seems that everyone who has gotten hacked has been visiting FFXI sites. OH SHITZ, A SOLUTION!!!

don't visit ffxi sites and your account will be safe!!!

[test123]

possible fix would be to enter a 2nd code when you hit "Play".

[Madeline]

seems that everyone who has gotten hacked has been visiting FFXI sites. OH SHITZ, A SOLUTION!!!

don't visit ffxi sites and your account will be safe!!!

BUT THEN WE CAN'T USE BG..! All hope is lost. ='(

[DAKPluto]

token number is good for 30 minutes, rest is keylogging. It's pathetically easy to still hack an account if person is dumb enough to use IE and get a keylogger.