New Hacker Found...

Lakderd just recently hacked my Account on Lakshmi an removed all my gear. Sad he sells everything I lost right after he took my account.... talk about painting a sign on your head i'm a dumbsh** Avoid this person at all cost. GM Prob won't do anything even with this kind of evidence but bleh...

how did he hack your account o.O were you stupid enough to tell him your PW?

Security token.

Just got it last week... seriously guys, how come a person with 8 jobs at 75 do not have a token? You were like the perfect target. I have only two 75s and I should have done it earlier..

Now, how are you so sure that's the person who did it?

Not 100%, I've known a few people with token hacked.

Holman: did they deactivate the token so they don't have to use it to log in? (which is a dumb-as hell idea) i know ppl who do that and only got the token for the statchel.

Nope, the token code stays registered for 15 Min's I think. If a hacker has that trojan that records real time + key strokes, then yea it's possible for them to get in.


Edit: This Se token isn't like the corporate one many folks have. The old code stays registered on the sytem for a while.

the key # changes every 30 seconds. so they have 30 seconds to time it until they epicly fail and have to wait the next day.
also how the hell do they give you the trojan in the first place? (i never understand this part. do they really transfer it via POL?)

Key may change, but the code for the old one stays on the system. I forgot where I read that, but others confirmed.

If the person with the security token has a key logger that captures the key and redirects their POL so it never contacts the server then yes. In that case the "few people" you know are morons for getting a keylogger on their system in the first place.

A generated code is actually valid for over 30 minutes. There was a discussion about it on BG when the security tokens first came out. Once you use the newest code all of the previous "valid" ones are now invalidated.

What does it matter? FFXI has been going for 7 years without token, it's a little silly to look down on people now because they didn't feel like being subjected to more paid services.

the new ones aren't. i actually typed one out too late and POL said "wrong token #" and i had to redo it.

The world’s savviest hackers are on to the “real-time Web” and using it to devilish effect. The real-time Web is the fire hose of information coming from services like Twitter. The latest generation of Trojans — nasty little programs that hacking gangs use to burrow onto your computer — sends a Twitter-like stream of updates about everything you do back to their controllers, many of whom, researchers say, are in Eastern Europe. Trojans used to just accumulate secret diaries of your Web surfing and periodically sent the results on to the hacker.

The security world first spotted these new attacks last year. I ran into it again while reporting an article in Thursday’s Times about a lawsuit meant to help track down the perpetrators of these attacks.

By going real time, hackers now can get around some of the roadblocks that companies have put in their way. Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA’s SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula.

If you computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account. Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can’t see.

“What everybody thought was a very secure identification method, these guys found a low-tech means to get around it,” said Joe Stewart, the director of malware research for SecureWorks, a software company. “They don’t break the encryption; they just log in at the same time you do.”

Mr. Stewart recently decoded a particularly nasty Trojan that uses a real-time technique called Clampi, which is used to attack people who have access to corporate bank accounts with large balances.

When people visit Web sites that have been taken over by the hackers, the software is surreptitiously downloaded onto their machines. Clampi has an unusual feature that can take advantage of a vulnerability in Windows and spread itself to all of the computers on a corporate network. Mr. Stewart found that each of those machines, in turn, was programmed to notice when their users visited any of 4,600 specified Web pages, including banks, brokerages and other sorts of sites.

Then Clampi starts sending a real-time stream of the user’s actions using a modified version of standard instant messaging software. The hackers log into the user’s bank account, quickly copying the one-time password if one is used. They start initiating wire transfers to accomplices (mules is the term of art) who send the funds on to the crooks. Sometimes they have even set up “mules” or fake employees who earn fat salaries by direct deposit.

One victim of Clampi was Slack Auto Parts in Gainesville, Ga., which lost $75,000 to the scam, according to a post in the Washington Post’s Security Fix blog.

Clampi appears to be operated by a single gang, Mr. Stewart said. He infers that the hackers speak Russian because that language is used in the computer code. Other similar Trojans, including ZeuS and Silentbanker, are being sold to many different groups of cybercrooks. (Here is an article from USA Today about the hacker behind ZeuS.)

Does this all mean that all those password gizmos are a waste of money? Not exactly. They still protect against less sophisticated forms of password phishing, not to mention people just looking over your shoulder as you log onto your computer. Moreover, if you can keep your computer clean of malware by avoiding suspicious e-mail attachments and Internet downloads, you are safer.

But there is nonetheless a race to find an even more secure way to keep the big bucks safe. One way is what is called two-channel authentication, using something other than the computer — most likely a cellphone — as part of the log-on procedure. That’s a good idea, but you know the hackers are already working out how they will attack those phones as well.


This is an atricle, but I doubt they are interested in Se accounts. I forget the name of the trojan

Because people get hacked. Its not new. A single password isn't secure obviously and there was an outcry for better protection. A security token was released. Stop living in the past and protect your ***. Its a one time $10 purchase to ensure you won't get hacked.

Unless you run IE6, on XP with no virus protection visiting RMT websites etc and get a keylogger installed.

It's a MMO If people are hard pressed for my ***you can have it. I'm not taking anymore extra steps for fake ***.

So, what? You think they can't hack people with tokens?

Just don't go to fake websites or don't give out your password to "friends", and that's enough security right there.

If you do get hacked, however, just realize it's still only a game account, no matter how much time you've spent on it. Just see what SE can do for your account and in the last case scenario make a new character and start over.

Big *** deal.

Coming from someone who has only one 75, one nation 10, no completed expansions and 6 locked advanced jobs. To get back where you are takes no time at all.

For someone who has 9 75s, all missions completed, maat's cap, a 100 craft (even if it is lolcooking) it would take an unreasonable amount of time to "start over" and get back to where I am.

No. I have 9 75s and 6 66s. Clicking my profile is hard. I actually obtained the cap when I had 4 75s.

Nothing in this game is hard. Maat's cap is easy if you don't have any merits.


edit: Yes, I don't have a token.

In most cases it would probably and effectively end one's MMORPG career. Funny ***.

Lol @ people thinking having the token makes you unhackable.

I know a friend who had his token disabled by someone ringing SE under his name.

If someone wants to hack your account, a silly token isn't going to make a difference.

Where there is a will there is a way . A security token is like putting those wheel locks on your $3000 Dubz (that you for some reason feel your 97 Caravan needs ) . It makes them HARDER to steal , not unstealable . A token works on an Algerythm or w/e it called . i am sure if a hacker bough one they could probly figure it out and screw alot of ppl . or like that article sez , they come up with other great ways to steal your *** .
Its the world we live in . And yea i read something about Europe is the sourse ofr most of the nastiest Malware . those Teenagers must be really really bored .
Hyp makes a good point . I would hate to start over . I been workin on my charater(s) for over 6 years , and i like this Game alot , but if i had to start over after i was done crying , i would just quit . Starting over with only 1 job @ 75 , not being done with CoP , not being Done With Sky , not having a full set of relic , ect then starting over = not so bad .

lol all of you guys with tokens crack me up. I've been playing since Feb of 2002 only been hacked once since I gave my account info away to a friend that I taught was a friend. They took all my sellables, gils, and threw away all my rare/ex. After that deleted my account. It took SE 2 weeks to restore my account and I was able to start over again with few friends helping me out with donations. I knew who hacked my account just like the OP here all evidence was in their bazaar. But GM's wouldn't do anything about it.

Any who ever since then I just saved all my PW on POL so I don't have to type anything ever, made it alphanumeric and never gave my PW to anyone again. Never been hacked since, never had issues with key loggers. Token is just another way for SE to make money for themselves. It's just a way for you not to able to sell your account as easy as before since you have to de-activate the changing security code lol.

god how ignorant ppl are. it NOT hacking when you give your info away lol.

if you give 5$ to a friend, you think you can accuse him/her for robbery afterwards?

/sigh

Taking something that's not yours is stealing. If I left my door open and you came in and took my tv; You think the cops would say "Well your door was open". Having passwords does not give you a reason to steal.