AusGamers takes a deep and hard look at just what Bungie has to offer in their newest sci-fi world, and just where our Destiny may lay.
Destiny Reviewed
AusGamers had the chance to sit down and chat with lead programmer and local Australian Ian Hern on all things Kraden’s Crypt.
Interview with Ian Hern on Kraden's Crypt
We take a look at all the local talent Australia has to offer for the gaming scene
Indie Friday: A Look at Australian Gaming
Joaby Gilroy takes The Sims 4 for a spin on PC and finds out just what the life simulator has to offer.
The Sims 4 Reviewed
Hacked Origin/BF3 Account...
pjs75
Victoria
25 posts
Just wondering how many others have found their account comprised?
I went to login yesterday after not playing for about 3 weeks, my password had been changed and also origin id.

Chat to support for 40 minutes to get it fixed, though I inadvertantly left my originId to the hacker name.. so I've got a hacker name for 7 more days. FFS..

First time I've had my accounts hacked, horrible feeling.

Pat.
03:54pm 18/01/13 Permalink
system
Internet
--
03:54pm 18/01/13 Permalink
TiT
Brisbane, Queensland
5327 posts
yeah a few ppl here have. Origin need the same security as steam. I would die if i lost my steam account so much money involved!
03:58pm 18/01/13 Permalink
copuis
Brisbane, Queensland
3674 posts
yeah, i'm guessing that you followed the email scam from a few weeks ago
04:52pm 18/01/13 Permalink
Dodgymon
Brisbane, Queensland
2242 posts
yeah mine took over 30 days to get back. I am not impressed only having played bf3 for like an hour. I have lodged a complaint with the office of fair trading because I don't want an origin account anymore because EA need to seriously lift their game.
04:53pm 18/01/13 Permalink
fpot
Gold Coast, Queensland
22105 posts
I would literally hunt down and kill anybody who stole my Steam account. Am I right in thinking that you have to fall for something for people to get your password, whether that be replying to a phishing scam or by installing a keylogger on your machine?

How hard is it to intercept packets and then decrypt them to get the password? I'd be thinking close to impossible or certainly hard enough to make stealing Origin/Steam accounts too much work.
04:57pm 18/01/13 Permalink
pjs75
Victoria
26 posts
yeah mine took over 30 days to get back. I am not impressed only having played bf3 for like an hour. I have lodged a complaint with the office of fair trading because I don't want an origin account anymore because EA need to seriously lift their game.


That's fking $hit, at least I played mine for at least a year or so.

I like the idea of going to fair trading - they should be forced to compensate people who have their accounts hacked.
05:00pm 18/01/13 Permalink
pjs75
Victoria
27 posts
yeah, i'm guessing that you followed the email scam from a few weeks ago


Not sure? I'm pretty careful about stuff (IT developer for 15 years), can you provide more info? Thank you!

Pat.
05:01pm 18/01/13 Permalink
copuis
Brisbane, Queensland
3675 posts
yeah, pat, there was a very well done scam where it looked like the emails came from EA, and showed (or looked like it showed) that someone accessed your account, and changed your password


office of fairtrading isn't going to be able to do much sadly. ea has crap support
05:09pm 18/01/13 Permalink
Dodgymon
Brisbane, Queensland
2243 posts
True but if no one complains they will just keep doing it.
05:17pm 18/01/13 Permalink
parabol
Brisbane, Queensland
7423 posts
Are most of these cases browser exploits on websites related to Origin games that people may frequent, or something?
05:34pm 18/01/13 Permalink
pjs75
Victoria
28 posts
I would literally hunt down and kill anybody who stole my Steam account. Am I right in thinking that you have to fall for something for people to get your password, whether that be replying to a phishing scam or by installing a keylogger on your machine? How hard is it to intercept packets and then decrypt them to get the password? I'd be thinking close to impossible or certainly hard enough to make stealing Origin/Steam accounts too much work.


I feel the same, but they are in Russia or god knows where.. they are just a##holes with nothing better to do, so not worth getting fizzed up about it... At worst I'dby another bf3 key or something.
05:35pm 18/01/13 Permalink
pjs75
Victoria
29 posts
Are most of these cases browser exploits on websites related to Origin games that people may frequent, or something?


Got me stuffed as I hadn't played or touched BF3 in about 4 weeks, nor any games really. And Origin give any meaningful info back to us about how the hackers are doing it. :-/
05:37pm 18/01/13 Permalink
greazy
Brisbane, Queensland
5704 posts
I would literally hunt down and kill anybody who stole my Steam account. Am I right in thinking that you have to fall for something for people to get your password, whether that be replying to a phishing scam or by installing a keylogger on your machine? How hard is it to intercept packets and then decrypt them to get the password? I'd be thinking close to impossible or certainly hard enough to make stealing Origin/Steam accounts too much work.

I am not a crypto expert but decrypting HTTPS is too much trouble. A lot of "hacking" is through keyloggers/fishing I think.
yeah, pat, there was a very well done scam where it looked like the emails came from EA, and showed (or looked like it showed) that someone accessed your account, and changed your password
Close but these were authentic emails from EA. See: http://www.forbes.com/sites/erikkain/2012/11/14/ea-origin-accounts-hacked-time-change-your-passwords/

This is relevant http://xkcd.com/936/
06:02pm 18/01/13 Permalink
copuis
Brisbane, Queensland
3677 posts
greazy, I dont think they were, in my case (and what triggered my concern) those the "emails" went to the wrong email address in my case, but because they looked like someone had entered and changed password, and promoted people to click on the link change passwords etc, (all like the correct EA method) people got caught

there was no hacking, it was a clever phishing
06:13pm 18/01/13 Permalink
crazymorton
Brisbane, Queensland
3796 posts
my naive question on this is...........what do they do with a hacked account?

apart from being a pain in the arse for you what else can happen as a result? do they have your CC details or anything?
06:37pm 18/01/13 Permalink
Rdizz
Germany
2288 posts
when mine got hacked they were just using it to play bf3. I think it might be an international exploit through different origin servers.. When it originally happened to my account they got me through a russian version then they tried to get me again though the japanese origin, strangely only about a week ago my origin client promted me to use a secret question and password for my account. I really doubt its from a keylogger or anything on the user end because I have read that people that have dedicated gaming pc's have even experienced the loss of an origin account, and given the scale of this hacking not every one of the people that have had it would have a virus on their pc to steal origin info.

Question for OP: did you ever use catalyst for bf3?
06:59pm 18/01/13 Permalink
pjs75
Victoria
30 posts
when mine got hacked they were just using it to play bf3. I think it might be an international exploit through different origin servers.. When it originally happened to my account they got me through a russian version then they tried to get me again though the japanese origin, strangely only about a week ago my origin client promted me to use a secret question and password for my account. I really doubt its from a keylogger or anything on the user end because I have read that people that have dedicated gaming pc's have even experienced the loss of an origin account, and given the scale of this hacking not every one of the people that have had it would have a virus on their pc to steal origin info.

Question for OP: did you ever use catalyst for bf3?


Hi there Rdizz,
That sounds about right, I'm running norton 360, always up to date, pretty careful about spam etc so hoping its not keylogger.
I just checked what Catalyst is, no I never use hacks or anything, Colonel 40 level, just insane amount of game time. :)
This is my current "hacker" name "-T_T-3aHyDa_EKB" until I change it back (7 days), it should be sgt_soap75 .

Pat.
07:32pm 18/01/13 Permalink
pjs75
Victoria
31 posts
my naive question on this is...........what do they do with a hacked account?

apart from being a pain in the arse for you what else can happen as a result? do they have your CC details or anything?


No I don't think so. From my Battlelog page, he just played (and very poorly at that) on Russian/US servers.
Fked my stats up he did. :-O
07:34pm 18/01/13 Permalink
Whoop
Brisbane, Queensland
21160 posts
greazy, I dont think they were, in my case (and what triggered my concern) those the "emails" went to the wrong email address in my case, but because they looked like someone had entered and changed password, and promoted people to click on the link change passwords etc, (all like the correct EA method) people got caughtthere was no hacking, it was a clever phishing

Whenever I get one of those emails, I manually open whatever site it is if I feel the email *might* be authentic, but usually the links link off to www. randomrussiansite. ru / blah blah / officialsitename / login.do or some s*** and that's a dead giveaway.

my naive question on this is...........what do they do with a hacked account?

apart from being a pain in the arse for you what else can happen as a result? do they have your CC details or anything?

They go on a hacking / griefing rampage and generally try to ruin the game for everyone on whatever server they join.
07:38pm 18/01/13 Permalink
fpot
Gold Coast, Queensland
22109 posts
Well I just checked to see if my account was affected. Luckily it wasn't but after an update it asked me to change my security question to a custom one and to verify my email. The email I received from them contained a link to a page where it asked me to input my username and password to verify. If I hadn't just requested the verification through the actual Origin client and just been sent an unsolicited verification email an air-siren would have gone off in my head. That's the classic phishing method I have heard about. A verification email that leads you to a page asking for details.

Maybe the accounts were being compromised through easily guessable security questions. Mother's maiden names are a classic one that would be easy to brute-force your way through.
07:39pm 18/01/13 Permalink
Whoop
Brisbane, Queensland
21161 posts
Maybe the accounts were being compromised through easily guessable security questions. Mother's maiden names are a classic one that would be easy to brute-force your way through.
Trouble is, I make my questions random things like "who am I" and the answer might be "your fathers boyfriends sisters cousins former room mate" and then when it comes time to log in, and I forget my password, I've also forgotten what the f*** the answer to the question was. lol.

e: oh and they can also get them via easily exploitable form software, they get your forum password and then try it in steam / origin to see if you're dumb enough to use the same password (or sometimes the accounts are just linked automatically)
07:43pm 18/01/13 Permalink
fpot
Gold Coast, Queensland
22110 posts
My Origin password isn't great, but my Steam PW is so secure NSA couldn't crack it. Gotta protect that Steam account.
07:46pm 18/01/13 Permalink
Whoop
Brisbane, Queensland
21163 posts
My passwords are so secure even I don't know what they are.
07:56pm 18/01/13 Permalink
trog
AGN Admin
Brisbane, Queensland
36676 posts
My Origin password isn't great, but my Steam PW is so secure NSA couldn't crack it. Gotta protect that Steam account.
There's only so many variations on "SHANEWARNEGETHIMUPHEREIWANTTOBOOFHIM"
07:57pm 18/01/13 Permalink
fpot
Gold Coast, Queensland
22111 posts
tbh I have actually forgotten my Steam password. My account is still logging in automatically so when that stops I'll have to reset it.

There's only so many variations on "SHANEWARNEGETHIMUPHEREIWANTTOBOOFHIM"
Also John Lennon.
07:57pm 18/01/13 Permalink
Whoop
Brisbane, Queensland
21164 posts
http://keepass.info/ and use a password + key file, store the key file on a USB stick and hide it somewhere (preferably not in your ass)
07:59pm 18/01/13 Permalink
pjs75
Victoria
32 posts
http://keepass.info/ and use a password + key file, store the key file on a USB stick and hide it somewhere (preferably not in your ass)


That's priceless advice Whoop! :D
08:09pm 18/01/13 Permalink
pARODY
Brisbane, Queensland
1112 posts
I am not a crypto expert but decrypting HTTPS is too much trouble. A lot of "hacking" is through keyloggers/fishing I think.


Most times you can bypass any encryption protocols used by using process hollowing and injection. You get a .dll or .exe to load, suspend the thread, use API functions like WriteProcessMemory() to load your own code into that thread while it's running and then have you newly injected code run and in realtime inspect the buffer that goes into the SSL/TLS tunnel. Most games and their related programs will have protections to combat this but the attackers always have the advantage with being able to analyse the defenses given in code and adapting around them.
08:10pm 18/01/13 Permalink
Whoop
Brisbane, Queensland
21166 posts
That's priceless advice Whoop! :D
Most of my advice is s***, but sometimes I'll come up with some juicy nuggets of info
08:17pm 18/01/13 Permalink
Nukleuz
Perth, Western Australia
256 posts
Another (semi maybe) priceless piece of info.

If you can be bothered, link your account to a gmail address and enable their two factor authentication. I'm not sure if it works without a smartphone because I had to download an app that functions like an RSA SecurID.

The last thing you want is them getting your Origin/Steam/Whatever account and the email address that is linked to it.
11:22pm 18/01/13 Permalink
Obes
Brisbane, Queensland
9906 posts
http://keepass.info/ and use a password + key file, store the key file on a USB stick and hide it somewhere (preferably not in your ass)

Last Pass ftw
04:20pm 19/01/13 Permalink
pjs75
Victoria
33 posts
@Obes
I'm going to download that now - all these password changes is doing my head in! :)
04:30pm 19/01/13 Permalink
crazymorton
Brisbane, Queensland
3804 posts
Last pass ftw.

http://lastpass.com/
11:09pm 19/01/13 Permalink
system
Internet
--
11:09pm 19/01/13 Permalink
AusGamers Forums
Show: per page
1
This thread is archived and cannot be replied to.
Close