Welcome to a hopefully humorous look at World of Warcraft

World of Warcraft is many things and the meaning of the wht it is varies by what each person considers significant.

Programmers might be fascinated and engaged by the technology itself; highly customizable and sophisticated.

Gamers like it for being a cutting edge MMO RPG.

Adults and kids alike enjoy its social aspects; communication/collaboration with others.

Collectors and puzzle-solvers find plenty of items to collect and puzzles to solve.

Some, perhaps a very few, regardless of their involvement in the game if any, will gaze at it from a distance — ponder upon what they see — and perhaps wear a small grin.

This blog is for those with perspective, not just a narrow interest, and the ability to perceive things in context.

Search This Blog

Tuesday, June 22, 2010

Account security: harsh lessons from those with no class

A lot of people accessing World of WarCraft have not created their own characters.  They are playing on characters they have stolen from others, or bought from electronic "fences" on the Internet.

At the heart of this debacle are the cyberthieves.

Using black technologies they have sharpened to the hilt from a decade of hacking Windows systems for profit, they are now stomping their way through the war grounds of World of WarCraft.  Taking no prisoners but kidnapping & selling characters, their gear, and 100 or more stacks of items and untold amounts of gold from the banks of guilds these characters belong to.

This would be pointless if not for one thing.

Lazy, unprincipled people are paying money for these items.  Real world hard cash.

They have created a black market.  And where there are black markets, there are victims.

The banks of the guilds of my characters belong to on different realms have been robbed repeatedly.  Not a month goes by where one or more guild mates accounts have not been hacked, stripping them and the guild bank of hard won gear & gold.

Blizzard has responded by offering dynamic password authenticators.  This offers a measure of security but it is limited to how much it can protect by the laziness of the malware authors doing the hacking.

Turns out these professional hackers are not that lazy.  They use the same big loophole in computer security that electronic bank users use.  Once they have their malware in your computer, when you log in, they hijack it.

They turn your computer into a router for their commands.  Your computer has been authenticated for however long you are logged in.  So during that time, they can get it to do things making it look like you did them.

They can do a lot of damage to your characters and your guild in that way.  Of course, without any Authenticator, once your computer is infected they can do things to your account 24x7, even while you are sleeping and your computer is turned off.

Recently, one of the best known players in the game of WoW, Kaliope had her WoW account hacked.  She was not too thrilled about this.  She even waited a while to blog about it.

People may argue she should have done this or done that.  Guess what?  She did all those things.


  1. She had an Authenticator for her WoW account.
  2. She had antivirus software that was up to date on her computer.
The malware ran right past the antivirus software without the software noticing it. Even after she diagnosed the problem, she was unable to get the scanner to notice the malware.  It simply did not notice.  For a half decade Windows antivirus corporations have been shouting into the ether that Mac owners and Apple had a "false sense of security".  Perhaps, instead, it is these antivirus companies and their customers who have a false sense of security.  Because they are the ones with the computers and accounts that get hacked.

What was the solution that Kaliope chose?  Well, she could have done nothing.  However, instead she decided o do something to deny the hackers their chance to gloat.  She bought a Mac.

Now the antivirus companies are not gloating either.  They are standing on the side of a road being used as a highway for an exodus, selling lemonade that tastes not so sweet anymore.


Is stealing WoW items a crime.  Heck, yes.  The sole exception would be if two children shared the same account, and that practice is expressly forbidden by the World of Warcraft license agreement and terms of use document.  Two children cannot share the same account, period.  A parent and their own child can, but not two children.

I heard of at least 2 or 3 cases first hand where a child in our guild got all their items stolen and vended by a brother or sibling.  We also had an entire guild robbed years ago by a ninja who blamed it on his brother, though we doubt that.

WoW items are not taxed, accounted for nor reported.  However, the people buying and selling them are using them as if they should be - but are not doing it.  So probably this is a special sort of crime, in addition to theft, unauthorized access to computers, installing malware, violating privacy laws for the USA & California, interstate commerce laws, etc.

The US recently charged a Ukrainian with serious computer hacking crimes revolving around fake antivirus software called scareware.  It scares you into buying it, locks down your computer to prevent you from doing virtually anything with it, and then extorts money from you.  Violates a whole slew of laws.

Hopefully, by this time next year, he will be spending time in the US prison system.  With luck, so will the people doing this hacking.  In the meantime, do not use Internet Explorer if you play WoW or have a real bank account or e-commerce account.
Posted by at
Labels: , , , , ,