The Warlocks Den - WoW Warlock DiscussionsThe Warlocks Den - WoW Warlock Discussions

Forum Index Register Search Today's Posts Mark Forums Read Nav Item BG
Search:


Please Register to Remove these Ads

The Warlocks Den - WoW Warlock Discussions » Blogs » Need More DPS! » Guild Hacked

Rate this Entry

Guild Hacked

Submit "Guild Hacked" to Digg Submit "Guild Hacked" to Google Submit "Guild Hacked" to del.icio.us Submit "Guild Hacked" to StumbleUpon
Posted August 25, 2008 at 06:40 PM by Warpy
Updated August 27, 2008 at 08:02 PM by Warpy (More new posts!)
Tags guild, hacked


From 9 AM to about noon, Saturday, Aug. 16th, I and several guildies watched a hacker trash Amora's (our guildmaster) toons and the guild in an effort to quickly strip them of everything he could sell. Amora was out of town, as were most of the other officers. We fought tooth and nail to slow the hacker down, and he shut down the Phoenix to stop us. The guy appeared to be a professional and a foreigner.

Fighting Back

This is from a post I made to the Kul Tiras realm forums about how we'd tried to delay the hacker. I should stress that most of these ideas came from Taymar, a mage, who led their execution that morning.

To cost him (the hacker) time: Get a bunch of toons to surround the hacked toon and the toons he wants to trade to (often obvious gold-seller toons) and keep opening trade windows with it. Spam it with whispers and party invites. Have your toons cover any mailbox it gets near to make it hard to open. He'll /ignore the first toons to do this, so bring in more and switch to alts if you are on the ignore list.

To cost him gold: letting people in the same zone or city know in /trade, /general, /localdefense, /yell: "X is a hacker, do not trade with him/her/it." They'll have to vendor stuff for less than they can get in trade, transfer it to another server (which costs real money), or have another, unknown character on the server that they can mail stuff to (takes an hour, and Blizz may be able to intercept it).

However, those strategies only work if you know where the hacked toon(s) are, which gets a little crazy if the hacked account contains multiple toons. But we knew Amora's toons, added 'em to our friends lists as they logged on, and reported their locations in guild chat, along with a running commentary of what each one was doing or trying to do. We couldn't stop the hacker(s) but we made his job frustrating and more time-consuming than he expected.

And if you do any of the above to legitimate players, you would be in a world of trouble (deservedly). It's against the TOC, which we've all signed, to do this to _players_. We made _absolutely_ sure (through the player's family) that Amora had been hacked before we started any of this. A number of people were frustrated with us when we'd spam "Don't trade with Amora/Amorabank/etc.", perhaps because they didn't know it was real, and I think a lot of people were a bit alarmed when they saw Amora get mobbed by other toons. As long as we wore the same guild tag, it probably looked harmless, but once that tag went away, we just looked like random trouble-makers. An officer logged on, started re-inviting us, and at that point the hacker got serious and just cleaned out the guild roster as fast as he could.

I hope none of you guys ever end up in this situtation, but it's happened to guilds on other servers recently, authenticators are still sold out. And with a limit of 25 dailies, people are still buying WoW gold for some reason…



Recovery

By noon, the hacker had done his worst and finally logged out of Amora's account. I set up a temporary guild, Ashes to Ashes, with a tabard and a bank. Viyokidd, Jive, Cellwyndra (who'd come up with our name), Kathite, Adlib, Jorey, all kinds of guildies who were not full officers in the Phoenix became temporary officers in A2A and got organized reinviting folks, explaining what had happened on the Kul Tiras forums, and filling our little 3-slot bank with consumables for Monday's Black Temple Raid. People from other guilds on the server bombarded us with donations. We raided 4 nights that week as we would have if we were not hacked.

Blizzard's GM's moved as quickly as they could, but their own access is generally limited, and it takes a while to get the specialists on a case. They were able to retrieve all of Amora's gear and most of the contents of the bank, and, most important of all, the bank and the guild itself. We got the Phoenix back yesterday. The hacker hadn't unlearned Amora's professions or deleted any PvP gear.

The GM is older than I am, shared his password only with his wife, and had been running virus-protection, using Firefox, taking every precaution that has been recommended. While we were happily raiding, he was offline formatting his system and re-installing all of his drivers and software and setting up his UI. And he'd better remember to take Taymar off of his ignore list.



Other Versions

The Kul Tiras Realm Forum Thread on the Phoenix Hack

Guildwatch on WoWInsider covered the story too.

Jivethelle's Blog on the Phoenix Hack: Part I, Part II, and Part III.

Bigredkitty about hacks that Aetherial Circle has suffered: accounts of Fighting Back and Guild Bank I and II.

Posted in Ramblings
Views 1293 Comments 4
« Prev     Main     Next »
Total Comments 4

Comments

  1. Old Comment
    That must be an awful thing to have to watch happening :( Well done on the quick thinking to make the hacker's life as difficult as possible :D

    One tip I read is to use the parental controls, with a different email account and password, to restrict access to your account when on holiday. I've got a three-week holiday coming up, and I'm definately using the parental control feature to lock down my account and hope for the best.

    If people would only stop taking the easy way out and actually work for what they need, the gold sellers wouldn't have a job ... oh to live in a perfect world.

    There is an article on the BBC website about a research paper done by Manchester University on goldselllers, and how big the market is. There is a link on the WoW-Europe forums to it. Scary how many people work in the gold selling and power-levelling industry.
    permalink
    Posted August 26, 2008 at 12:20 PM by Royn Royn is offline
  2. Old Comment
    Warpy's Avatar
    It was really creepy. We'd just been doing PvP, which is pretend-war and then we got to face real hostility. I'll let the guild know about the parental control idea. We don't even know what part of the world the hacker was from: just that his connection was bad and that he didn't understand English. That leaves a lot of places!
    permalink
    Posted September 01, 2008 at 11:55 PM by Warpy Warpy is offline
  3. Old Comment
    yea good job on picking up the peaces good luck with ashes too :D
    permalink
    Posted September 18, 2008 at 05:04 PM by Netheriol Netheriol is offline
    Updated September 18, 2008 at 05:14 PM by Netheriol
  4. Old Comment
    Warpy's Avatar
    Thanks for the good wishes! Blizzard was able to rescue our guild and Ashes to Ashes is now its backup bank with almost no members (but a much cooler tabard!).
    permalink
    Posted September 20, 2008 at 12:20 AM by Warpy Warpy is offline
 
All times are GMT -4. The time now is 01:53 AM.
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0

Register Members List Search Today's Posts Mark Forums Read Nav Item BG
Copyright ©2004 - 2004, The Warlocks Den. All Rights Reserved.
The Warlocks Den is a research and information site, of which the information has been gathered and submitted by members and the site owner. All information, articles and guides used on this site are copyright © of The Warlocks Den or their respective owners and may not be copied or redistributed without written approval. The Warlocks Den is in no way affiliated with Blizzard or World of Warcraft ™