Jennson
Elite
- Joined
- May 22, 2009
- Posts
- 2,942
- Location
- Germany
- Society
- The Ministry
- Avatar Name
- Jennson Laudi Marakomm
Pesonally i do believe the people behind the "hacks" are the same people who are behind the gols seller site.
Imho the way they operate is: In other games use farmbots, goldfarmers and hacked accounts to gain gold and sell it.
If they do not have enough gathered they just do not deliver and try to find 100s of excuses. During the "support" they try even to get credit card numbers or any useful information to get more out of their vic.. i mean customers.
In Entropia obviously goldfarming with Bots or an Army of goldfarmers does not work.
So here they need to hack accounts. They do not use regular trade channels to get out the maximum of peds of a hacked account, it seems they just TT quickly and drop or trade the PEDs to an accomlice.
Then they use the hacked account to advertise until the account is locked by MA. The PEDs will be used to build up a reputation as a "working" goldseller. If someone tries to buy and they do not have enough on stock they will simply scam them.
The question how they can attack the accounts is a good one. One way for sure is to try credentials from people who register on their site for a particular game.
Since Entropia has a relatively small userbase they need to use ways to target the userbase in a very selective manner.
Just spreading Malware over the internet does not work. It must be something that is connected to EU. So possibly
-Helper Programs for Entropia or the place where their user data is stored ( lbml, entropedia, entropialife, android apps... ) Either by distributing it ( I believe there was a "tool" which was advertizes as a cheat programme for EU, which ofc was only to get credentials ).
-Attacking EU related forums
CF,PAF,PCyrF,RTF ...
-Attacking non-official national forums
-Attacking soc-forums
A lot of these forums above especially soc forums and player communities are mostly not hosted by professional webadmins, so here is a huge potential for security risks
And possibly some of these methods are even combined.
I do not believe EUs database itself leaked somehow, otherwise there would have been way more cases i believe, so obviously it is not that easy to gain accesses to EU accounts, ottherwise this forum would have reports of hacked accounts every couple of days instead of every couple of weeks.
But one thing is true which is mentioned by Sunsout, scams are not performed by only one person. We see it again and again and there are way more people ther eto grab a quick buck. And the more popular EU becomes, the higher the userbase, and the better the public awareness the more prople or groups will try their shady practices in EU. Be it hacking be it scamming be it just some unethical traders.
Nevertheless there is the option to protect an account. Convinient or not, it obviously works as i haven't heard of a single Account protedted with gold card that has been hacked in all the years i am part of this community now. ( People who gave away credentials AND a valid gold card code well there is no security options that can help them anyway so this does not count ).
The victims of these "hacks" are still victims and i feel sorry for them even if they did something wrong. An they are already punished enough by the inconvinience and by the stuff they lost. I still hope they try to find the things they have in common to identify the attack vector and for everyone who provides a tool or a community i just hope they check their logs for anything suspicous that might lead to the conclusion data from them leaked and they inform the community so people have the chance to change their credentials.
There are still some things that can be done to improve security on MAs site. Easy measurements to make the life of intruders harder:
- Allow people to choose their own username that is not their e-mail address
- Raise intervall of login tries after every unseccessfull attempt ( to reduce speed of possible brute force attacks )
- Let people choose just to login from a defined machine and the need to verify a new machine if the option is chosen
- Raise the awareness of the goldcard and its importance, and bring it back to the client loader.
- Do not use the Internet Explorer for the client loader.
and possibly some more. The crackers will disappear when they cannot gain anything from being here or when they need to put so much effort into it, that the gain does not outweigh it. But also we as users have to make it impossible for them to gain anything by awareness of security risks and the values of our accounts. Be aware that every single Dollar that can be earned by an account which was hacked due to our own sloppiness is a stimulus for the efforts they put in to rip off other people.
BR
Imho the way they operate is: In other games use farmbots, goldfarmers and hacked accounts to gain gold and sell it.
If they do not have enough gathered they just do not deliver and try to find 100s of excuses. During the "support" they try even to get credit card numbers or any useful information to get more out of their vic.. i mean customers.
In Entropia obviously goldfarming with Bots or an Army of goldfarmers does not work.
So here they need to hack accounts. They do not use regular trade channels to get out the maximum of peds of a hacked account, it seems they just TT quickly and drop or trade the PEDs to an accomlice.
Then they use the hacked account to advertise until the account is locked by MA. The PEDs will be used to build up a reputation as a "working" goldseller. If someone tries to buy and they do not have enough on stock they will simply scam them.
The question how they can attack the accounts is a good one. One way for sure is to try credentials from people who register on their site for a particular game.
Since Entropia has a relatively small userbase they need to use ways to target the userbase in a very selective manner.
Just spreading Malware over the internet does not work. It must be something that is connected to EU. So possibly
-Helper Programs for Entropia or the place where their user data is stored ( lbml, entropedia, entropialife, android apps... ) Either by distributing it ( I believe there was a "tool" which was advertizes as a cheat programme for EU, which ofc was only to get credentials ).
-Attacking EU related forums
CF,PAF,PCyrF,RTF ...-Attacking non-official national forums
-Attacking soc-forums
A lot of these forums above especially soc forums and player communities are mostly not hosted by professional webadmins, so here is a huge potential for security risks
And possibly some of these methods are even combined.
I do not believe EUs database itself leaked somehow, otherwise there would have been way more cases i believe, so obviously it is not that easy to gain accesses to EU accounts, ottherwise this forum would have reports of hacked accounts every couple of days instead of every couple of weeks.
But one thing is true which is mentioned by Sunsout, scams are not performed by only one person. We see it again and again and there are way more people ther eto grab a quick buck. And the more popular EU becomes, the higher the userbase, and the better the public awareness the more prople or groups will try their shady practices in EU. Be it hacking be it scamming be it just some unethical traders.
Nevertheless there is the option to protect an account. Convinient or not, it obviously works as i haven't heard of a single Account protedted with gold card that has been hacked in all the years i am part of this community now. ( People who gave away credentials AND a valid gold card code well there is no security options that can help them anyway so this does not count ).
The victims of these "hacks" are still victims and i feel sorry for them even if they did something wrong. An they are already punished enough by the inconvinience and by the stuff they lost. I still hope they try to find the things they have in common to identify the attack vector and for everyone who provides a tool or a community i just hope they check their logs for anything suspicous that might lead to the conclusion data from them leaked and they inform the community so people have the chance to change their credentials.
There are still some things that can be done to improve security on MAs site. Easy measurements to make the life of intruders harder:
- Allow people to choose their own username that is not their e-mail address
- Raise intervall of login tries after every unseccessfull attempt ( to reduce speed of possible brute force attacks )
- Let people choose just to login from a defined machine and the need to verify a new machine if the option is chosen
- Raise the awareness of the goldcard and its importance, and bring it back to the client loader.
- Do not use the Internet Explorer for the client loader.
and possibly some more. The crackers will disappear when they cannot gain anything from being here or when they need to put so much effort into it, that the gain does not outweigh it. But also we as users have to make it impossible for them to gain anything by awareness of security risks and the values of our accounts. Be aware that every single Dollar that can be earned by an account which was hacked due to our own sloppiness is a stimulus for the efforts they put in to rip off other people.
BR
![[FM]](/forum/data/avatars/m/10/10000.jpg?1594336199){kind=avatar}