While the general noise of “hacked” Diablo III accounts has subsided a bit, either from outrage fatigue or since more people are hooking up authenticators, there are still some general gaming sites beating the “Battle.net is being directly hacked!” drum. The lead effort today is from Decrypted Tech, a site I’d never heard of before their editorial from a few days ago, that listed every bad thing Blizzard or Activision had ever done and thus concluded that Bliz was either doing the account compromising themselves, or intentionally allowing it to happen.
They’ve followed up that journalistic masterpiece with another along the same lines. Here’s the title and a short quote:
Blizzard Still Clinging To The “It’s the Users’ Fault” Argument, Appears Uninterested In Finding the Real Issue
They are right, in the scenario I described above the database in not touched at all except for normal transactions. The comment “nor has the personal information of our playerbase been compromised in anyway on our end” Is interesting because again they are saying that no one has gotten to the authentication servers and hacked them. It does not address the possibility of an edge based attack or that someone is skimming traffic to and from another server (perhaps a server that hosts a specific world or again the edge web servers). All we see here is that Blizzard does not know what is happening and as such they are automatically blaming the people that are using the game. Again this move is both unprofessional and ignorant on their part.
You get the idea. The fly in the ointment for these theorists is the fact that no one with an authenticator on their account has been hacked, which would seem rather a huge coincidence. It’s like people who claim Bigfoot exists grappling with the debunking issue of no dead bodies ever being found in the woods or as roadkill, while you can hardly send a text message these days without running into a bear.
But wait, here’s someone who says they did get hacked and they have an authenticator on their account?
Yet, on Blizzard’s Battlenet, I have been hacked five times now. For WoW, I’ve been hacked even when my account was frozen (someone please explain that to me). How is it that there is so much hacking going on in Battlenet? I just want to know the answer to that one question. If I were to hazard a guess, I would say that they have a pretty shoddy security system. Let’s keep in mind that I got hacked even while I had an authenticator on my account.
The article is all over the place, and only briefly mentions the alleged authenticator without going into details, when that’s the real meat of the story. Did he have the real thing? The physical device? The cell phone version? Or the badly misnamed dial-up authenticator that doesn’t offer strong security even for WoW, and doesn’t work at all for D3? Given his hacking history in WoW, the guy seems pretty half-assed about his account security in general, so I’m not taking him as a real expert witness on this issue.
Click through for details about what Blizzard has and has not been saying on the Battle.net forums about account hacking, and someone who seems to know what they’re talking about shooting a bunch of holes in a fan conspiracy theorizing.
I didn’t quote any Blizzard forum posts on this since they’re not making any. Almost every Blue reply to an “I got hacked!” thread is just a paste of their basic technical support info plus a, “Forum tech support can’t do anything about account hacking.” There are a few moments of humor in amidst the chaos, though, such as this one from a sad soul who says his account was hacked and his email and password were changed. He’s anguished that Bliz tech support is ignoring him, to which a tech support guy asks how they’re supposed to respond to him if he can’t read the emails they’re sending him.
The usual replies are much less interesting:
[blue]Seeing as how an account compromise is an account issue, there is nothing that we can really do on the forums to assist with this.
If you feel that your account was compromised, you will want to check out this support article for more information on what you need to do next: http://us.battle.net/support/en/article/compromised-diablo-iii-account
This thread is now locked.[/blue]
There are some interesting replies to hacked threads, though. Most of them are full of people sure that it’s not their malware, it’s some vulnerability in Blizzard’s system, and armchair tech experts abound with their pet theories. I’ve yet to see one from anyone who sounds like an actual IT expert. All the expert voices seem to be shooting down conspiracy theorists, such as this one, which just happened to be the most recent post in a seven-page thread in the tech support forum when I looked this afternoon.
This is not a Blizzard post, at least not an official/admitted one; just one forum user replying to another.
I find it funny how when something is OBVIOUS wrong on blizzards end and people still contiune forcing themselves to believe blizz is doing nothing wrong and its ALL the users fault for everything
That’s because you’d have to force yourself to believe otherwise. There is OVERWHELMING evidence that this is not Blizzard’s problem. Period.If I, or any of my friends use a wireless modem the game disconnects not just the game, but my WHOLE modem, causing a network reset to be needed… when it happens, my computer error log says it wa IP conflict issue… I looked into it more, and I cant say %100, but it reeally really looks like diablo 3 was trying to duplicate my IP settings and connect to somewhere else (like a rebound hack used to bounce signals, and gain access to to their computer / game…) It’s session spoofing…
There’s no such thing, and Diablo 3 would not be able to do this without administrator permissions anyway. That’s not even how you session spoof.Pretty much what session spoofing is, when a hacker gets ur IP information, then what they do is with a hack they duplicate all your information, so as the server thinks they are no different than you at your computer, it can’t tell the difference. Then It disconnects your internet because your ISP thinks there is 2 same IP’s in the household (when really 1 is the hacker) so then when u disconnect the hacker is sitting in the game and DIABLO 3 thinks that it is you.
This isn’t how it works. The hacker would have to be living inside your house to make that even remotely possible, and even then, it wouldn’t work, because it’d cause interference, resulting in both of you being disconnected.When the server sends a packet to your IP address, it goes between ~15 routers between you and the server. A hacker advertising your IP address would be blocked by the very first router (ISPs have claims to IP addresses, and you CANNOT make conflicts, they will be dropped if you try). The packets would never even reach the hacker.
Please stop just Googling and making it up as you go along.
They don’t need to use keyloggers or malware anymore, they hack directly into diablo 3, spoof a session, and FORCE their way into accounts.
This is why it is always the last played character thats missing everything.
When getting hacked this way there is really nothing one can do to prevent it…
No, it’s because the hackers have scripted the game client via mouse controls to do this for them. It automatically picks the top option because it’s the easiest.Keep in mind folks, if there was an actually problem on Blizzard’s side, they would be turning the servers off and fixing it. They do NOT want people getting hacked, because that means they are LOSING MONEY. Seriously, gold sellers aren’t just hacking and stealing from you, they’re stealing profits from Blizzard as well now. Because if gold sellers do this, Blizzard can’t make money later on with the RMAH.
If you believe that Blizzard is just in it for the money, then you MUST also believe that they’d be doing everything to stop such an exploit.
Thus, the conclusion is, based on overwhelming evidence and basic analysis, there is no exploit at this time.
The bit he mentioned about automation of hacking rings true to me, from what I know about it. There’s not some guy sitting at his computer, typing in stolen passwords and carefully rummaging through the items and only taking the good stuff; it’s all automation and bots and scripts, usually operating as a part of the same key logger that’s giving the bastards access in the first place. The program logs on, chooses the last character played, joins a game hosted by another hacked account, the macro runs a click click click that drops all your gear, gold, and empties your stash, and then moves on to gut another fish.
These hackers are basically running a Pindlebot, except that compromised accounts are the boss being run, and given that this is Diablo III, legendaries drop far less frequently.
The bot-nature of this is why people are finding their last character and stash emptied out, even if that’s a level 11 with nothing worth stealing, while they had a level 60 with uber gear on the same account. It’s not a some perverse stupidity on the part of account thieves, or some mysterious session hijacking Battle.net vulnerability. At least I really, really doubt it.