How does a specific toon get targeted for hacking?

Most of the claims of being hacked and losing a toon seem to happen to raid characters. That makes sense they have the best gear that will sell for the most on FV.

Without the person sharing their account name and password with others how does this thieft target a toon to be hacked?

They look up magelo and find a vicitm. Does magelo give the person's email address as a start on targeting them? If it does give their email then would not displaying your email protect them? And if they don't get the email from magelo to even start the attact how does it all start?

Do these people then receive fake emails from Daybreak/SOE and click on them and give their account and password info away?

Or do they get some special offer from website click on it and install a trojan?

Now would taking reasonable precautions with antivirus software, not clicking on strange emails, using unique acct and passwords help prevent all this?

Hopefully this isn't against forum rules.. Don't recall one about discussing this topic. I am sincerely interested.

I'm right there with you Cor. And I usually don't agree with you. Unfortunately, any information that Daybreak discloses will also be available (and most likely used) by the hackers / phishers / total pfhuck wads that would strip a character like that. I would not like to be Daybreak right now.

For an attack on a specific person or small group, do some research on spear phishing, try some google terms like 'anatomy of a phishing attack'. That should get you into the infosec blog and article area of the web.

But you know what? No one is throwing thousands of PW attempts at a single account. Or dozens of attempts at thousands of accounts (that's how to get the most accounts if you have a list of usernames). Elaborate spear-phishing and keylogging operations aren't happening.

EQ has a very fundamental disconnect in its security model and its actual use by players. EQ assumes that login + password should mean permission to anything to that account. The problem is that account sharing to use characters is very common among players. It's been a part of the culture in every guild I've been in since 2000. Players WANT to be able to share characters with semi-trusted parties without allowing those parties to do things like transfer characters to FV and delete them forever.

EQ's security model needs to factor in the prevalence of account sharing within the MMO/EQ community. Potentially harmful, irriversable, or costly actions should have an opt-in lockout method. Something like a time lock that requires 5-7 days for the action to complete, with notification. Or authorization through another channel, like a phone text message or email.

Continuing to stick their head in the sand while pointing at the EULA's account sharing clause is a huge failure in matching their product to how its being used.

Some possibilities would be malicious programs including keyloggers obtained unknown to you when clicking on that cool video or going to that website when looking for information about an everquest item, event etc. I have gotten bogus emails from some games with cool offers, just click here and sign in. I knew they were bogus because it was sent to an email address not associated with the game. Scammer/hackers are often one step ahead of your security program.

A lot of people shared account info during PoP because the flagging was such a pain. Some of those people are still with the game and maybe they are no longer trustworthy.

I vaguely recall Alla merging at some point with a very successful website that sold plat and characters. It has always made me leery of registering there. I know people's credit cards and debit cards are often compromised by plat selling websites, so stealing a character to generate cash is probably done as well.

How or why I don't care except to help anyone prevent it. It is still theft and I wish DBG would assist in making it right. Just because we have heard from only 2 high-profile players that lost their characters, doesn't mean it isn't happening much more often. DBG didn't stop helping with this issue because only a couple of customers asked for assistance. Most players never read the forums. Even fewer ever post. There have probably been many that simply walked away angrily and silently except to the small circle they played with.

Adding the service to restore with a high enough price tag to discourage scammers would help ease our community's concerns, so would adding an authenticator.

I can understand your interest. I would however, STRONGLY discourage anyone from discussing specific strategies on how to hijack users accounts.

Join a guild, do things with them for a few months, then ask to use some characters.

Exactly. The number one way accounts get "Hacked" has nothing to do with hacking. That goes for EQ accounts, bank accounts, etc.

Instead of actively discussing how to remedy this situation for the future (FV opt-outs, et cetera), they just completely shut down the thread where we wanted answers. Worst of all, RadarX for some reason implied that I was not a victim in this situation when he locked it down. That and his sarcastic comment, I can safely say he contributed in absolutely no way. When I asked in my petition what happened, I.e., was my character stripped? I suspected so because of the SC purchases, they said 'you pretty much know what happened.'

I'm sick and tired of trying to tell them that whatever became of my character, it was done to me maliciously. All I wanted to do was play my character and hand them fist-fulls of money to keep playing a game I love. Take it easy guys. I hope you push them hard to give an opt-out option. Stripping characters for Kronos on FV is going to continue, and threads like this pop up, until they actually attempt to solve the cause of their problem (FV transfers, refusal to recover, etc.)

Its obvious they just want me to go away. Keep up the fight. I'm screwed because they say so - make sure you aren't in the future.

I am more interested in how they find out enough info to actually target someone. It just seems to me that without someone sharing acct info it must be pretty hard to do unless people hack Daybreak get everyone's emails and do mass phishing attacks. I mean either we all should be hit with phishing attacks and most of us avoid them or people are sharing account info.

Clearly that's how Daybreak operates now. Tyrant like... "You're in our world, now!"

In the case of the people I know who got hacked, they didn't share info but are less tech savy than I. I would suspect keyloggers or visiting infected sites. I was fooled once by an infected botanical site that asked if I gave permission for them to track me with cookies. I now run malwarebytes.

(No, they were not uber toons. It can happen to anyone.)

the main issue with soe which now exists mostly as remnants like forum badges was a complete lack of business sense

dbg seems to possess some, the lon prizes are a good start, but they have to work against the entrenched mentality of employees who worked for soe for a long time

lockjaw transfers will take place "When/If it becomes necessary" as opposed to because once it's a 5 week and 6 week old server and all progression targets have been defeated once on both servers if someone wants to give you 2250 in virtual currency with a retail value of $22.50 you shouldn't be thinking about if it's necessary to allow transfers from ragefire to vulak anymore than you should think if it's necessary to allow transfers from bertox to cazic

it's about the customer wanting to give you money and assuming the soe stink can be washed out, a company that desires income as opposed to holding staff meetings for years deciding if vulak and fippy needed server transfer options

one day someone with enough business sense and authority will realize that a paid surcharge that prevents characters from being deleted, moved to fv or sex changed will recognize the demand and tell jchan to implement it and the service will generate more revenue than the expense to create and maintain in, this is known in non-soe companies as a desirable result, income exceeds expenses

for now all front facing employees have a lot of soe stink, when/if they get an employee who grasps concepts like turning a profit instead of "we always did it that way" you will have a company that reacts to concerns and potentially uses it as an opportunity to pass along the costs of implementing the solution to the customer and even having the customers pay more than the actual expense of the service

I don't see why you can't simply log into you account info and click a box that says "lock down account and never allow transfer".

With this you could go back later and flag your account saying you wish to xfer servers, but still have " no firiona vie" selected.

And to re-flag you have a 10 day wait and and in game and out of game confermation email you must respond to.

In short...be able to click a button to disable transfers.

They would have had to visit Everquested related suspicious sites. I don't think the run of the mill hackers are interested in EQ accounts. Most people have far more lucrative information they could lose from a keylogger. EQ would be small potatoes. Not saying hackers wouldnt sell eq acct info on the black market but if that happened the people concerned would end up with a lore more problems then their eq account being hacked.

And I suspect most people are not going to admit they shared their account info when they say they have been hacked. Only exceptions I have seen are where they believe it's one person and want that person punished. I know account sharing happens a lot in raid guilds especially in the old days. I happens in casual guilds too though I discourage it when I hear about it. I have refused to take someones account info a few times. So I know account info sharing happens a LOT in EQ.

Since account sharing seems to be going on regardless of the risks a no transfer to FV flag and no delete flags would be great. Heck if Daybreak believes account sharing is the main problem feel free to charge extra to put on the no transfer to FV flags or No delete flags. If that is the only way we can get them do it I say. Yeah in a perfect world it should just be part of what we pay for because lets face it some people are going to share account info.

My suggestion is everyone start a campaign on their servers to send /feedback for no transfers to FV or a no transfer flag. You won't get it done here on the forums but if enough people on the servers do /feedback it will get some attention. Just be aware that unless they find a way to make money off it any work they do will come out of what was going to be spend on new campaign/expansion stuff.

I am going to guess but I suspect the Daybreak doesn't think the volume of actual hacking issues makes precautions necessary. Still be nice to have them though.

But back to the main thread..... how are these people getting targeted without giving out some sort of account info?

And maybe I shouldn't have started this particular thread and maybe it should be shut down. I am definiltey not asking for hacking techniques or the exact way to hack an account. I just want to know how these people are getting targeted.

Your lines of thinking are way too linear to be real attack vectors. You're thinking about what are the most complete and direct lines on targets.

Instead the vectors are going to be the easiest ones with some kind of payout for a low amount of effort. 3rd party forums sometimes show email addresses of registered users, or are running server or forums software with unpatched vulnerabilities. Exploit one of those to get emails matched with names used on that forum, and you've probably got a list of main character names + emails.

Remember that going after EQ accounts is small time. Anyone wanting to do something large scale is going to use a crytolocker or lesser malware payload to profit. Any EQ centric phishing attacks would be limited to the scale of a guild forum, or a forum like EQTraders. The market for selling stripped gear on FV is a lot shallower than the number of people/businesses willing to pay to recover access to their files after being hit by a cryptolocker.

Yes and I am deifinltey not asking for specific strategies on how to hijack accounts. I am asking how someone gets targeted because if this was happening to the eq population at large people would be talking about suspicious Daybreak emails etc but these cases seem to only target specific individuals so they must be doing something the rest of the EQ population is not doing.

Honestly I think it's people sharing accounts ( maybe 2 or 3 years ago if you dont change passwords ) a suit of tier 1 cotf raid visables is worth 8 krono.

The reason why their stance is the way it is, during VOA when there was free transfer to FV people were transferring their characters to FV, claiming hack after their stuff was sold and getting their fully geared character back on their original server. A couple people on FV got banned because they were involved in this.

I still can't figure out though why it only hits such a small population of people. And like you say it is small time. I dont see elaborate phishing attempts for 1 acct and if its tried on dozens of accounts people are going to start talking about it at some point.

Which comes back to what you said earlier I believe.. a lot of sharing of account info happens in eq.