Archive for the 'security' Category

Hacked


Luckily, the time of year is almost over again. The winter season seems to be a great time for the good old hackers to cuddle up in basements and try to collectively steal all kinds of accounts for whatever evil world domination plot they have. I’m one of the people that fell victim to being hacked before. No harm done luckily, except to my pride. I was always under the impression that I had a well protected machine and that only gold buyers and other scum got their accounts ripped. Guess it’s wasn’t that simple.

It’s been a year ago that it happened. I had taken a long break from wow since the begin of December, and somewhere at the end of February I suddenly got an email from my Paypal account stating that I bought some Warcraft pre-pay cards. Not having used that account in ages I immediately froze my creditcard to be safe. The next thing was more or less instinctively to check my armory too: there I noticed my last logins where from the day before. Red Alert! Tried to login, failed. In my spambox I found a message (in german) from Blizzard where they asked me to confirm my email change. So, at least the hadn’t been able to change that. I reset my password, checked everything, and all was fine. Not a single piece of gear or gold gone. Phew!

I can tell you it’s a strange realization when this happens to you. Especially when you haven’t been using either of those accounts in months. Now I’m not the one to get scared away to easily from this. So, they apparently had been able to get this information from me, my first question was: how? ..I had a fairly well protected machine, latest virus checker which did weekly scans, hardware firewall, I hardly ever downloaded dubious stuff (well, being a programmer, I sometimes do get some “free” utility, but I do tend to check around if it has known issues), and if I had to use something that I didn’t trust, I always ran it under a protected user account (the Run As.. option). And every so often I use Hijackthis or Autoruns to check if there’s stuff I don’t want (usually for performance reasons, but as a sideeffect it helps me find malware). In stead of the regular taskmanager, I have Process Explorer, which is far more informative and shows every task and subtask that’s running (Note: all the tools from sysinternals, which is now property of Microsoft, are great, check them out). So, besides pissed off, this actually made me curious.

The safe bet in such a situation is to format everything and reinstall, but I chose to do anything in my power to hunt the thing down that compromised my system. First step was to contact Blizzard about it and ask for their advice. Yes, I realized that would most likely be very simple, straightforward “duh” kind of stuff, but I figured that would be the logical place to start.

I can tell you, it felt a bit worse than “duh”. Their reaction came pretty close to denial and ignorance in my opinion (In their defense: it seems to have become a lot better lately I’ve heard).  The website recommended me to open an in game ticked. When I finally got contacted by the game master, their first question was if I was missing anything. When my answer was no, it was more or less done for them: “Change password, run a virus scan, and you shouldn’t have to worry anymore. Enjoy your time in Azeroth”. Eek! That’s it? I ran weekly virus scans since the start of time, it always came up clean as a my conscience….. ehm.. wait, that might be a bad example 🙂

So, I got more virus scanners. My default virusscanner is McAfee, which comes free with my internet subscription, but I also used Malwarebytes, Comodo, Trojan HunterAvira Linux based Boot CD, RootKitRevealer and of course I gave it a full manual check with the previous mentioned tools. I found NOTHING. System is clean sir! We can’t find anything!

I figured that they were probably right. It seemed so hard to believe that I got infected in the first place, let alone by something so devious all the latest virus scanners could be fooled by it.

My remaining theory is that both accounts on my machine at work place, because I checked the forums there once. But that was also ages ago too. I also thought about the fact that blizzard themselves could have been compromised (I found enough info on that theory too back then), which is of course not unlogical. If you’re a hacker interesting in accounts, what the best place to find them? Right! I got a little support in this theory (but it still remains a theory) from a blog post I found back then from a mac user.

But because of this all I did increase the protection on my machine even more. I had a password tool lying around which I rarely used, called Keepass. Now I use that for all my passwords. Not so much the storing part, but it has an in build password generator, and I let it make passwords for me for every site I subscribe too. I let it generate, and I don’t even see it myself, I just make it copy the password to my clipboard and I paste it into the site. It backs up my encrypted password database onto a memory stick and an external HD, so I’m quite safe from losing them.

For things like wow, and that tool I use an extra security trick. Tip:

Don’t type your password from begin to end. Start with the end, then CLICK at the beginning and type the begin of the word. This way, even if you’re infected, keyloggers could never get the right password, but a reversed (“cut up”) version.

So, I’m still running the same machine, same windows install since then. I’ve recently bought a security token, just to be extra safe. Of course, a week later the news came out that even those can be hacked. While searching, I found an even older post about it.

Now, if this all happened a year ago, what made me go and write that all up now?

Well, because my @#$@%@ youtube acount was hijacked yesterday!

It was literally the only account I hadn’t changed since that time I got hacked, and suddenly I couldn’t login anymore, and I saw some strange new favorites added in my list on my page. What on earth do people want with a bloody youtube account for? Did they like my favorites that much? 🙂 Perhaps using logic isn’t always a good thing. I just never figured that it could be an interesting thing to steal.

Anyway, I’m in the process of getting it back. I’m not really that fussed about it actually. I used it for favorites and an occasional comment. I never post video’s or anything. I’m going to miss those favorites and playlists perhaps, but right now I can still reach them from my personal page anyway, they haven’t closed it yet, they only put some Counterstrike movies on my favorite list. Which I don’t even mind because I also play that game every so often.

Still, it sucks.

The lesson of this all is: You’re never really safe from hackers. Don’t ever think you are. If they want something from you, they can probably get it. Accepting that possibility from the start is the best way to go. Make sure you know what to do when it happens, and try to minimize possible losses when it happens by keeping backups f.e. and not putting unnecessary valuable information behind online accounts.

This all, of course, besides the normal prevention tips of having an up to date virusscanner installed (firewalls are nice too, though they are MUCH more easily fooled than virusscanners), and trying to avoid software from non official sources. Which everyone already knows, or at least should.

Advertisements