March 25, 2010

Hacked Accounts

Last night one of our corpmates tried to login into his jump freighter alt.

He couldn't. Password incorrect.

We checked corp bar... the toon was logged in.


Uh Oh. Hacked account.

Recently the Maverick Navy Killboard hosting company had had an issue where the site was re routing people to a phishing/keyloggin scheme of some sort. Our only guess was this gave the whoever it was access to his account. Quickly reported to the server admins the problem had been corrected but the info was out. Our corpmate was already screwed.

Backtracing it appears the Rhea (jumpfreighter) gate jumped from Delve to Fountain via 5-C to ZXB to Y-2ANO. From there he jumped to our jump beacon in U-S in Fountain. Using director tracking capabilities we saw him in the Rhea in the U-S station. Shortly after he was in a Mammoth in U-S station.

At this point petitions had been filed with CCP but there was no response. Our guess was that after the jump to U-S he needed to buy more fuel (hence the Mammoth). The assumption immediately was hacking/isk farming people from Asia (stereotypical I know) until he actually responded in Corp Chat, in English. With no characters that are indicative of an Asian keyboard. With luck that may have been a good thing.

For those who aren't familiar with how hacked accounts usually end up, you have to think like a criminal. The hacker knows the clock is ticking. As slow as CCP is, they respond eventually. This usually results in a temp ban on the account (and possibly other accounts related to the same user). So the hacker needs to liquidate and move the cash as quickly as possible. If there are no buy orders immediately available (which happens often in 0.0) then they will refine the ships and sell the minerals. Painful, I know, to refine a Rhea and sell it for only a portion of its real worth. Thats what they do, however, and they do it quickly. This guy, well, may not have been as intelligent (cruel?) as the traditional isk farming hacker.

How do we know? Well our corpmate (the legitimate one) scooted up to U-S in a different toon on a different account (some 20j away from our home system) in a dictor and sat out of station (we knew the culprit was docked up still in station thanks to director roles). The fool undocked in a Buzzard, was promtly bubbled and shot into low armor before re docking. After an hour and a half or so, the toon finally logged off in station. *clapping*

Shortly thereafter the petition response came in, informing of temporary ban on account. *more clapping*

Hopefully we hear back soon what transpired, and what CCP will (won't) do to rectify it. With luck the Rhea is still intact, along with the other assets his toon has. But there is no way to tell. Historically speaking, in situations where the assets are liquidated, the user is generally hosed. You MAY get the isk value back, but never the items It astounds me that your online login at is the same as your ingame login. If this was not the case, the hacker would have been unable to change his password. CCP has been made known of this issue time and time again, yet nothing has changed. Regardless of the outcome, it could have been worse. This toon had limited assets, jf being the only real big asset. Had his capitol toon been hacked... ouch. A couple dreads, carrier, tons of PVP ships... so I guess hes feeling lucky.

Change your passwords every so often. Have anti virus of some sort. Be aware that even though this shouldn't happen, it does and can happen to you. I never had anti virus on my gaming pc (no financials, no sensitive info, always reinstalled if I got virus). But if I can have my precious EVE account hacked, I would be depressed for weeks. I don't care if you are red to me neut to me or blue to me. You don't deserve to have some jackass hack your account and steal your assets. So, be proactive, because reactive usually means you have just been screwed.

That is all.

No comments: