Guild Hacked

*Akasha* · August 25, 2008, 10:30 PM

Guild Hacked
Author: Warpy
Posted: August 25, 2008 02:40 PM

From 9 AM to about noon, Saturday, Aug. 16th, I and several guildies watched a hacker trash Amora's (our guildmaster) toons and the guild in an effort to quickly strip them of everything he could sell. Amora was out of town, as were most of the other officers. We fought tooth and nail to slow the hacker down, and he shut down the Phoenix to stop us. The guy appeared to be a professional and a foreigner.

Fighting Back

This is from a post I made to the Kul Tiras realm forums about how we'd tried to delay the hacker. I should stress that most of these ideas came from Taymar, a mage, who led their execution that morning.

To cost him (the hacker) time: Get a bunch of toons to surround the hacked toon and the toons he wants to trade to (often obvious gold-seller toons) and keep opening trade windows with it. Spam it with whispers and party invites. Have your toons cover any mailbox it gets near to make it hard to open. He'll /ignore the first toons to do this, so bring in more and switch to alts if you are on the ignore list.

To cost him gold: letting people in the same zone or city know in /trade, /general, /localdefense, /yell: "X is a hacker, do not trade with him/her/it." They'll have to vendor stuff for less than they can get in trade, transfer it to another server (which costs real money), or have another, unknown character on the server that they can mail stuff to (takes an hour, and Blizz may be able to intercept it).

However, those strategies only work if you know where the hacked toon(s) are, which gets a little crazy if the hacked account contains multiple toons. But we knew Amora's toons, added 'em to our friends lists as they logged on, and reported their locations in guild chat, along with a running commentary of what each one was doing or trying to do. We couldn't stop the hacker(s) but we made his job frustrating and more time-consuming than he expected.

And if you do any of the above to legitimate players, you would be in a world of trouble (deservedly). It's against the TOC, which we've all signed, to do this to _players_. We made _absolutely_ sure (through the player's family) that Amora had been hacked before we started any of this. A number of people were frustrated with us when we'd spam "Don't trade with Amora/Amorabank/etc.", perhaps because they didn't know it was real, and I think a lot of people were a bit alarmed when they saw Amora get mobbed by other toons. As long as we wore the same guild tag, it probably looked harmless, but once that tag went away, we just looked like random trouble-makers. An officer logged on, started re-inviting us, and at that point the hacker got serious and just cleaned out the guild roster as fast as he could.

I hope none of you guys ever end up in this situtation, but it's happened to guilds on other servers recently, authenticators are still sold out.

And with a limit of 25 dailies, people are still buying WoW gold for some reason…

Recovery

By noon, the hacker had done his worst and finally logged out of Amora's account. I set up a temporary guild, Ashes to Ashes, with a tabard and a bank. Viyokidd, Jive, Cellwyndra (who'd come up with our name), Kathite, Adlib, Jorey, all kinds of guildies who were not full officers in the Phoenix became temporary officers in A2A and got organized reinviting folks, explaining what had happened on the Kul Tiras forums, and filling our little 3-slot bank with consumables for Monday's Black Temple Raid. People from other guilds on the server bombarded us with donations. We raided 4 nights that week as we would have if we were not hacked.

Blizzard's GM's moved as quickly as they could, but their own access is generally limited, and it takes a while to get the specialists on a case. They were able to retrieve all of Amora's gear and most of the contents of the bank, and, most important of all, the bank and the guild itself. We got the Phoenix back yesterday. The hacker hadn't unlearned Amora's professions or deleted any PvP gear.

The GM is older than I am, shared his password only with his wife, and had been running virus-protection, using Firefox, taking every precaution that has been recommended. While we were happily raiding, he was offline formatting his system and re-installing all of his drivers and software and setting up his UI. And he'd better remember to take Taymar off of his ignore list.

Other Versions

The Kul Tiras Realm Forum Thread on the Phoenix Hack

Jivethelle's Blog on the Phoenix Hack: Part I and Part II

Bigredkitty about hacks that Aetherial Circle has suffered: accounts of Fighting Back and Guild Bank I and II:

Post a comment...

August 25, 2008, 10:30 PM	#1 (permalink)
Akasha	Guild Hacked Guild Hacked *Author:* Warpy *Posted:* August 25, 2008 02:40 PM From 9 AM to about noon, Saturday, Aug. 16th, I and several guildies watched a hacker trash Amora's (our guildmaster) toons and the guild in an effort to quickly strip them of everything he could sell. Amora was out of town, as were most of the other officers. We fought tooth and nail to slow the hacker down, and he shut down the Phoenix to stop us. The guy appeared to be a professional and a foreigner. Fighting Back This is from a post I made to the Kul Tiras realm forums about how we'd tried to delay the hacker. I should stress that most of these ideas came from Taymar, a mage, who led their execution that morning. To cost him (the hacker) time: Get a bunch of toons to surround the hacked toon and the toons he wants to trade to (often obvious gold-seller toons) and keep opening trade windows with it. Spam it with whispers and party invites. Have your toons cover any mailbox it gets near to make it hard to open. He'll /ignore the first toons to do this, so bring in more and switch to alts if you are on the ignore list. To cost him gold: letting people in the same zone or city know in /trade, /general, /localdefense, /yell: "X is a hacker, do not trade with him/her/it." They'll have to vendor stuff for less than they can get in trade, transfer it to another server (which costs real money), or have another, unknown character on the server that they can mail stuff to (takes an hour, and Blizz may be able to intercept it). However, those strategies only work if you know where the hacked toon(s) are, which gets a little crazy if the hacked account contains multiple toons. But we knew Amora's toons, added 'em to our friends lists as they logged on, and reported their locations in guild chat, along with a running commentary of what each one was doing or trying to do. We couldn't stop the hacker(s) but we made his job frustrating and more time-consuming than he expected. And if you do any of the above to legitimate players, you would be in a world of trouble (deservedly). It's against the TOC, which we've all signed, to do this to _players_. We made _absolutely_ sure (through the player's family) that Amora had been hacked before we started any of this. A number of people were frustrated with us when we'd spam "Don't trade with Amora/Amorabank/etc.", perhaps because they didn't know it was real, and I think a lot of people were a bit alarmed when they saw Amora get mobbed by other toons. As long as we wore the same guild tag, it probably looked harmless, but once that tag went away, we just looked like random trouble-makers. An officer logged on, started re-inviting us, and at that point the hacker got serious and just cleaned out the guild roster as fast as he could. I hope none of you guys ever end up in this situtation, but it's happened to guilds on other servers recently, authenticators are still sold out. And with a limit of 25 dailies, people are still buying WoW gold for some reason… Recovery By noon, the hacker had done his worst and finally logged out of Amora's account. I set up a temporary guild, Ashes to Ashes, with a tabard and a bank. Viyokidd, Jive, Cellwyndra (who'd come up with our name), Kathite, Adlib, Jorey, all kinds of guildies who were not full officers in the Phoenix became temporary officers in A2A and got organized reinviting folks, explaining what had happened on the Kul Tiras forums, and filling our little 3-slot bank with consumables for Monday's Black Temple Raid. People from other guilds on the server bombarded us with donations. We raided 4 nights that week as we would have if we were not hacked. Blizzard's GM's moved as quickly as they could, but their own access is generally limited, and it takes a while to get the specialists on a case. They were able to retrieve all of Amora's gear and most of the contents of the bank, and, most important of all, the bank and the guild itself. We got the Phoenix back yesterday. The hacker hadn't unlearned Amora's professions or deleted any PvP gear. The GM is older than I am, shared his password only with his wife, and had been running virus-protection, using Firefox, taking every precaution that has been recommended. While we were happily raiding, he was offline formatting his system and re-installing all of his drivers and software and setting up his UI. And he'd better remember to take Taymar off of his ignore list. Other Versions The Kul Tiras Realm Forum Thread on the Phoenix Hack Jivethelle's Blog on the Phoenix Hack: Part I and Part II Bigredkitty about hacks that Aetherial Circle has suffered: accounts of Fighting Back and Guild Bank I and II: Post a comment...