Hacked Accounts

"
MonstaMunch wrote:
"
darkro90 wrote:
/snip

The thing is, this is pretty well covered in the OP. If people were brute forcing accounts, they would do Chris and Kripp. I do believe that the hijacking could be something that has nothing to do with end users doing anything wrong, but I think you're barking up the wrong tree with this one.


One thing I would like to brought on why people like kripps and chris aren't hacked while most of other does.

Misdirection.

IF they can figure out the exploits that PoE security system has, they would be also clever enough to know that hacking those accounts you're mentioned are basically suicide of their own methods.

Because once those accounts are hacked, GGG will starts to reflect on their own security system instead of blaming the users like usual, and will ultimately patched in the exploits. But with this method, the hacker instead creates a false sense of security within GGG, making them feel relieved that the mistakes weren't their own and starts their own usual routines of blaming their own users for it while half-assedly fixes the exploits like giving a nearly-useless features they call as "security measures."

That's why they're targeting mid to high level players that no one about, but also profitable to be targeted.
That's why they're avoiding big names like Kripps because it would draw GGG most serious attention, with 3k+ fans of Kripps cursing GGG at the sidelines.
That's why they're making it to be seems random, while in truth, it was all sequenced and perfectly planed.

That, is misdirection.

I might be look as a conspiracy nut by now, but believe me, this is, by far, the most possible hacking scenario PoE had right now.
Last edited by darkro90#1163 on Feb 20, 2013, 12:55:50 PM
"
MonstaMunch wrote:
"
darkro90 wrote:
Just tested and found that the PoE doesn't prevent re-entry of password should a user entered the wrong password 3 or mote times.

I guess we now know what's the exploit is. Brute-forcing is never been this easier before.


Just tested and confirmed. JtR would have a field day with this :|


We do lock out accounts for multiple incorrect password attempts! The threshold is higher than 3 though, because users often legitimately take quite a few attempts to get their password right. There's no way they can effectively brute-force passwords in an online manner, and we'd be able to see that in our access logs.

"
oBLACKIECHANo wrote:
Chris, did you not say before that you track every item? Would it not be very simple to delete all of the items removed from the account, from the system, then restore them on the original account? I don't see the logic in not doing that, as it would be very easy to automate it, even somebody who hadn't been hacked could use it and nothing would change, the economy would remain the same. Besides, it's permanent leagues, the economy gets fucked up with time no matter what.


The issue with this is that fake hack reports can scam people who traded with the person claiming they were hacked. We already have examples of people who perform trades that they regret so that they claim they were hacked after muling their items to another account they control.
Lead Developer. Follow us on: Twitter | YouTube | Facebook | Contact Support if you need help!
Last edited by Chris#0000 on Feb 20, 2013, 1:28:35 PM
"
Chris wrote:
The issue with this is that fake hack reports can scam people who traded with the person claiming they were hacked. We already have examples of people who perform trades that they regret so that they claim they were hacked after muling their items to another account they control.


i'm not saying that it wouldn't be abusable, but here you have a multitude of cases, all in the same day, all before additional security features. Plus in a trade you give something in exchange of something else, it's not the case of anyone here, and furthermore a trade wouldn't not have a login incompatible with the owner location, and the cases of mules, well, while they are a waste of time for you to check, even if you rollback both accounts and not duplicate items it wouldn't be an issue.
Last edited by Kurtosis#7266 on Feb 20, 2013, 1:43:27 PM
Hey Chris, I feel your original post didn't put enough emphasis on the whole "Ban for using hack software" issue. Is that a separate upcoming topic?
Computer specifications:
Windows 10 Pro x64 | AMD Ryzen 5800X3D | ASUS Crosshair VIII Hero (WiFi) Motherboard | 16GB 3600MHz RAM | MSI Geforce 1070Ti Gamer | Corsair AX 760watt PSU | Samsung 860 Pro 512GB SSD & WD Black FZEX HDD
"
Kurtosis wrote:
i'm not saying that it wouldn't be abusable, but here you have a multitude of cases, all in the same day, all before additional security features. Plus in a trade you give something in exchange of something else, it's not the case of anyone here, and furthermore a trade wouldn't not have a login incompatible with the owner location

You couldn't automate it, not unless you want people just specifying person XYZ stole from them then specifying some phat loots and getting that players phat loots.

There needs to be human intervention and the amount of human intervention required would be insane. Blizzard doesn't even do it.
Computer specifications:
Windows 10 Pro x64 | AMD Ryzen 5800X3D | ASUS Crosshair VIII Hero (WiFi) Motherboard | 16GB 3600MHz RAM | MSI Geforce 1070Ti Gamer | Corsair AX 760watt PSU | Samsung 860 Pro 512GB SSD & WD Black FZEX HDD
Last edited by Nicholas_Steel#0509 on Feb 20, 2013, 1:39:42 PM
"
Chris wrote:
We often have users write into support complaining about side effects of their maphacks, only to later report the same day that their items have been stolen. It is worth pointing out that these hack programs are bannable, and while we haven't yet done a banwave, the thousands of people who use them will lose their accounts due to it if they are still running them as we turn on our countermeasures.


As they should. Thank you for taking the time to add these measures.
Invited to Beta 2012-03-18 / Supporter since 2012-04-08
Last edited by VideoGeemer#0418 on Feb 20, 2013, 1:40:12 PM
"
darkro90 wrote:

IF they can figure out the exploits that PoE security system has, they would be also clever enough to know that hacking those accounts you're mentioned are basically suicide of their own methods.

[snip]

That's why they're targeting mid to high level players that no one about, but also profitable to be targeted.
That's why they're avoiding big names like Kripps because it would draw GGG most serious attention, with 3k+ fans of Kripps cursing GGG at the sidelines.
That's why they're making it to be seems random, while in truth, it was all sequenced and perfectly planed.


I'm not saying that I think this is what's happening, but it does seem perfectly plausible.
Invited to Beta 2012-03-18 / Supporter since 2012-04-08
"
Nicholas_Steel wrote:

You couldn't automate it, not unless you want people just specifying person XYZ stole from them then specifying some phat loots and getting that players phat loots.

There needs to be human intervention and the amount of human intervention required would be insane. Blizzard doesn't even do it.


Look I understand that, honestly I'm fine with the rules and general decisions, but those makes sense in a normal day to day stable situation. If you have a wave of hacked accounts you can't seriously say we can't consider giving items back because there might be a few scams, since you could check for them. Obviously something went wrong, regardless of the responsibilities, you should consider this as something special that require a special attention. To say it another way, you have this rule to prevent a minority of scammers to grief a majority of players, now though, it limits what you can do for a majority because of the minority of potential scammers. (when a say majority i don't mean that a majority of the player base was hacked, but that they are way more, in this case, than the number of potential trade scams)
Last edited by Kurtosis#7266 on Feb 20, 2013, 1:55:49 PM
double post
Last edited by Kurtosis#7266 on Feb 20, 2013, 1:55:03 PM
double post
Last edited by Kurtosis#7266 on Feb 20, 2013, 1:54:49 PM

Report Forum Post

Report Account:

Report Type

Additional Info