Hacking and WoW

Got a question to ask of a technical nature? Want to show off your new PC specs? This forum is open to all users of the SC forums.
User avatar
Kaidagar
Pandaren Monk
Pandaren Monk
Posts: 1848

Hacking and WoW

Post#1 » 04 Jun 2010, 14:26

I found this post whilst investigating avenues on how I was comprimised two weeks ago, I believe mine was related to my Gmail account being hacked into by some friendly IP in China, but none the less it's an interesting read, MITM stands for Man In The Middle in case you didn't know:

ITT: Ignorant people who think you can only be hacked by doing something wrong. This accounts for approximately 50% of the posts, all the stupid people saying stupid things like "People are in denial and they clicked links and are too scared to admit it" or "People don't update their antivirus/adblock/whatever and its their own fault". Seriously. Stop giving PC advice if you're this dense.

I work as a network security engineer. Every month, I encounter at least half a dozen compromised upstream routers, siphoning data for MITM attacks. Usually the router itself is compromised and sending it's data via a third party server, or the router is fed false routing tables from a source upstream from itself. Its uncommon that malware is installed directly to the router, as - well, I won't go into it. It doesn't work that way. However, the end effect is that certain data is siphoned off to remote third party. Different targetted packages determine what kind of data the hacker is trying to grab.

In almost all cases, battle.net logins are one of the targetted subsets. They're worth more to goldfarmers than their purchase $ value. This is an upstream attack, that acts independent of your PC completely. The majority is merely siphoning off data, which can be protected against by simply having an authenticator. By the time someone uses that login, the authenticator code will be invalid. Not having an authenticator makes you completely ripe for "pwning" in this scenario, even if YOU have done nothing wrong, and have everything up to date, don't follow links, etc. People who are telling you otherwise are idiots.

Occasionally, there are active hacks going on where they'll take authenticator data and use it to log in directly, but I haven't seen this happening on MITM routing though I have no reason to think it doesn't. Most often, this is when a keylogger has gotten into your computer, as running an active hack on a compromised router leaves the attacker too open to tracing. However, for the keylogger to get on your PC, there are many attack vectors that STILL don't rely on you doing anything wrong. Anyone saying that you must have clicked something or whatever is still an idiot. There are unpatched OS vulnerabilities that allow hackers to attack your PC directly. There are daily new vulnerabilities in most web-browsers, even with ad-block, no-script, or whatever. New malware comes out daily. Anti-virus is reactive - they get the new viruses THEN update their detection. Some common vectors are detected by heuristics, but the fact is, AV is updated AFTER a virus is out and in the wild, not before.

In short, if you've been hacked and you're reasonably smart and know you did nothing wrong - don't fret. These attacks ARE on the increase. Over the last two years I've seen an increase of around 4000% (this is a rough estimation.. 40x) of MITM routing attacks specifically targetting WoW (amongst other targets). If you haven't been hacked and say "I don't need any protection because I'm too smart to be hacked".. you're not. You're an idiot. I pray you're unlucky enough to be playing on a soon-to-be-compromised route.

General advice is always good at reducing your risk in any case:
- Have up-to-date antivirus and keep it updated.
- Dont' follow strange links.
- Type site addresses rather than following them from emails.
- Keep ad-block and no-script up to date.
- Don't download illegitimate software such as keygens, sandboxes, hacked clients, etc. If it's illegal, and been cracked, it's already been in the hands of the "bad guys". Its been a good couple of decade since there were crackers with self-respect. They'll steal your data if they can.
- Use an authenticator.

User avatar
Sardius
Pandaren Monk
Pandaren Monk
Posts: 1770

Re: Hacking and WoW

Post#2 » 04 Jun 2010, 16:26

Interesting read. So glad I got my authenticator!
Battle.Net ID: Penguins#1368

D3: Wizard/Crusader/everything, Clan <SC>

World of Warcraft
Kilrogg - Alliance

-RIP-
SW:TOR
Rift

User avatar
Selphie
Epic!
Epic!
Posts: 1613

Re: Hacking and WoW

Post#3 » 06 Jun 2010, 09:17

i thought i found a partner in crime but was sorely disappointed :(

anyway, i disagree with this guy. i can't disprove what he's saying about compromised routers since im not a network engineer, but i think the vast majority of users are simply naive and have guessable (or brute-forcable) email address passwords or secret questions. either that or they actually fall for the various phishing scams.
also, 4000% is 50x.
Image

nucleon
Bloodsail Admiral
Bloodsail Admiral
Posts: 1144

Re: Hacking and WoW

Post#4 » 07 Jun 2010, 09:17

I work as a network security engineer. Every month, I encounter at least half a dozen compromised upstream routers, siphoning data for MITM attacks. Usually the router itself is compromised and sending it's data via a third party server,


I call fiddlesticks.

If you have compromised routers in your network with that frequency, then your company needs better network engineers.

or the router is fed false routing tables from a source upstream from itself.


This is a serious offence. It means an ISP has a false trust relationship somewhere and this needs to be rectified. If this boils down to compromised routers - then you need better network engineers.

If Blizzard's IP ranges are being redirected elsewhere - this would show up in various counters on the route reflectors of major ISPs.

Its uncommon that malware is installed directly to the router, as - well, I won't go into it.


You can't install additional software onto these routers - there's no software hooks for additional code. It's a monolithic code.

General advice is always good at reducing your risk in any case:
- Have up-to-date antivirus and keep it updated.
- Dont' follow strange links.
- Type site addresses rather than following them from emails.
- Keep ad-block and no-script up to date.
- Don't download illegitimate software such as keygens, sandboxes, hacked clients, etc. If it's illegal, and been cracked, it's already been in the hands of the "bad guys". Its been a good couple of decade since there were crackers with self-respect. They'll steal your data if they can.
- Use an authenticator.


All good advice though :)


-- Craig
CoV - Soundspeed (Son/Kin Cor)
CoH - Ms Taken (Storm/NRG Def) GoldenRock (Rock/Rock Tank)
WoW - Omikron (Druid) KappaOmikron (Shaman)
Image

Return to “Tech Forum”

Who is online

Users browsing this forum: No registered users and 1 guest

cron

Login  •  Register