Real Hacking of Accounts

[Braxton]

Ok guys, call me an idiot but I don't actually believe that 99% of these so called "hacked" accounts are really hacked. I mean, to be hacked one would have to actually find an open port on your machine, perhaps through a router and enter without your permission right? Im sure that 95% of these "hacked" account were due to misuse and perhaps the last 4% was due to maby an innocent mistake such as going to those "bot report" sites. Even still, isnt it retarded to give out your account info to report a bot. I have heard of people dl'ing fraps from another trusted player and getting loggers but come on people, common since will keep your account safe. Sorry for the rant but im sick of hearing people scream about being "hacked", if someone actually hacked you without any misuse or mistake on your part, I will do everything I can to help you out if you can prove to me it was not your fault. How many people will take the time to "actually hack" when there is SO many idiots that just give there info away, perhaps malice or jealousy but not for a few shiny items.

[satman83]

Ok guys, call me an idiot but I don't actually believe that 99% of these so called "hacked" accounts are really hacked. I mean, to be hacked one would have to actually find an open port on your machine, perhaps through a router and enter without your permission right? Im sure that 95% of these "hacked" account were due to misuse and perhaps the last 4% was due to maby an innocent mistake such as going to those "bot report" sites. Even still, isnt it retarded to give out your account info to report a bot. I have heard of people dl'ing fraps from another trusted player and getting loggers but come on people, common since will keep your account safe. Sorry for the rant but im sick of hearing people scream about being "hacked", if someone actually hacked you without any misuse or mistake on your part, I will do everything I can to help you out if you can prove to me it was not your fault. How many people will take the time to "actually hack" when there is SO many idiots that just give there info away, perhaps malice or jealousy but not for a few shiny items.

Well...

umm ok, but what about people (new players) who go to keylogger
websites, they get hacked...
and i myself was purposly hacked, yes the person/peopel who hacked
me admited that they had been trying for 2 weeks to hack me....why
well because they tried to flame me and i ended up making them look
stupid and so they hacked my account.
(and yes 13 year old kids who play this game do get that mad and cry
about it when you make them look stupid).

Oh and yes....you can be hacked if you give out your information...cuz
someone signs into your account and takes your character/s items, this
is being hacked...well a form of being hacked.

(p.s. you also have to realise that what your talking about is the normal
defintion of being hacked, but in a game its use/meaning is changed to
mean someone who takes another characters account..as in they
hack it.....hacked)

[Arabian]

Ok guys, call me an idiot but I don't actually believe that 99% of these so called "hacked" accounts are really hacked. I mean, to be hacked one would have to actually find an open port on your machine, perhaps through a router and enter without your permission right? Im sure that 95% of these "hacked" account were due to misuse and perhaps the last 4% was due to maby an innocent mistake such as going to those "bot report" sites. Even still, isnt it retarded to give out your account info to report a bot. I have heard of people dl'ing fraps from another trusted player and getting loggers but come on people, common since will keep your account safe. Sorry for the rant but im sick of hearing people scream about being "hacked", if someone actually hacked you without any misuse or mistake on your part, I will do everything I can to help you out if you can prove to me it was not your fault. How many people will take the time to "actually hack" when there is SO many idiots that just give there info away, perhaps malice or jealousy but not for a few shiny items.

+1

Hey Draz. Hows UO? This is MissArrow BTW. Hows Ollie? I saw you in game but you were afk.
see you around athens.
PM me: 7777.

[Ishagmuro]

It`s very hard to find a real cracker ... and it`s even harder find one playing silk instead of other things.

however, you can be cheated by keyloggers, social scam, etc, an updated antivirus and this kind of soft, and special care of your account
will protect you enought

[//:Protocol]

Lets see some common sense.

We know for a fact:

Stolen, Scammed, and HACKED are different words.

If you download a keylogger, that is your account being stolen.
If you enter an account trade or something, and you lose your password, that is being scammed.
To be HACKED, I would assume the following things must happen:
1) The person has to get it from Joymax, they would have to find the database wherein passwords are stored, gain access via some form of security flaw, DECRYPT your password, and then use it to gain access to your account.

Knowing that, lets throw around some numbers.

Lets say, 1 in 1 million people can actually do this.
Lets say, That that 1 in 1 millionth person was actually interested in taking a silkroad account. That is a 1 in 500,000 chance in itself. (Educated Guess..)
Lets say, That they found your account. Depending on the level of this account\how much you flaunt your gold\items, this is a 1 in 500-25,000 chance.

The possibility of that happening is VERY. VERY. VERY. VERY RARE.
Yet despite this, 2 people per day, claim they've been "hacked" on silkroad.

[satman83]

(p.s. you also have to realise that what your talking about is the normal
defintion of being hacked, but in a game its use/meaning is changed to
mean someone who takes another characters account..as in they
take it.....hacked)

i agree with what your saying, but its been changed to inclued any form
of an account being taken...its not acutally the same meaning.

[ping_lo]

You all have a very narrow and might I add incorrect definition of hacking. Hacking is not just breaching software via exploits etc. It is also social engineering and general circumventing of security measures. Take it from me. I have done a bit of hacking. Or take it from someone who has been arrested for it. Kevin Mitnik. Sure hacking is exploiting software vulnerabilities. But that is not all. Not by a long shot.

[zrabbit]

hacking in to a site isnt so so hard as a 1 in a mil chance. when i get my inet conection 12 years ago or so, i used to spend some time looking around the hackers pages and reading hacking begginers guides and so. there 3 things u need to hack a site or whatever u want to hack: pacience, information and more pacience. actually all the information that someone needs to hack is out there at inet. also dont get surprised to know that a 12 year old kid hack whatever since most of the 12 year old kid has more free time on their hands and less thing to do with it than any regular 30 something advance programmer
ps.: Joymax claims never been hacked, then again all security advisors tells to all the companys that have been hacked that their first public responce to the hacking is to deny then deny and after that deny

[Blackchocob0]

It's funny you made this thread today, because I only hours ago told someone who said they got 'hacked' the same thing.

Well that sucks. Can you recall a time in the recent past that you downloaded a questionable file from a website or from someone on MSN/AIM?

Rarely do people actually get 'hacked'. They get their passwords figured out or they download a keylogger.

Being hacked is when someone has access to every part of your computer and can be there watcing at any time.(I think ) It's a much more serious deal than losing your SRO items.

Doesn't one have to gain access to your computer using your port #, IP address, etc? And once they have this info, depending on your own defenses or lack-there-of, you get hacked. Literally hacked.

[CodeOfSilence]

The only real hacking that can happen in silkroad on somewhat regular basis is Social engineering if your too dumb. The rest of hacking happens because a lot of people beleive it or not log on from their schools or net cafes where a bunch of people might pass by or just happen to be next to you and they notice your keystrokes, its not too hard to remeber which keys someone typed. thats how people get hacked.

[Luoma]

About hacking.... Can you get hacked by joining a party or trading someone? Is it true?

[zrabbit]

The only real hacking that can happen in silkroad on somewhat regular basis is Social engineering if your too dumb. The rest of hacking happens because a lot of people beleive it or not log on from their schools or net cafes where a bunch of people might pass by or just happen to be next to you and they notice your keystrokes, its not too hard to remeber which keys someone typed. thats how people get hacked.

yep, sure. and windows is the most secure OS in the world

About hacking.... Can you get hacked by joining a party or trading someone? Is it true?

i think its possible but since i dont have any real proof to sustain that i would say probably not

[Ms.InNo]

i agree and disagree with this... yea if you give out your info and get keyloggers and others you are asking for it...BUT alot and i mean alot lately there has been people that have been hacked that havent given out ANY information, have had NO keyloggers haven't done a thing wrong and have still gotten hacked...how do i know? i was one of them and a couple of other people i know too... so there are more ways that they can do it without obtaining information.

[fireandice25]

I know myself i took a short vaca from playing silkroad and lost all my information for my old lvl 53 account so i had to start fresh. If i was any type of fat ass loser noob who cant get a girlfriend because their dicks are too small i would have blamed it on hacking too. So I have to agree with Braxton, a lot of ppl blame losses on hacks. Forums and emails are 110% more likely and easier to hack than someones silkroad account. Even if you get into their silkroad account its usually worthless. Ppl who brag on forums and Teamspeak/Vent are usually lvl 2 noobers or lvl 70 bots. Big friggin deal.

*FireandIce25 tips hat to Braxton* Good post m8, good post.

[Sroge]

Ok guys, call me an idiot but I don't actually believe that 99% of these so called "hacked" accounts are really hacked. I mean, to be hacked one would have to actually find an open port on your machine, perhaps through a router and enter without your permission right? Im sure that 95% of these "hacked" account were due to misuse and perhaps the last 4% was due to maby an innocent mistake such as going to those "bot report" sites. Even still, isnt it retarded to give out your account info to report a bot. I have heard of people dl'ing fraps from another trusted player and getting loggers but come on people, common since will keep your account safe. Sorry for the rant but im sick of hearing people scream about being "hacked", if someone actually hacked you without any misuse or mistake on your part, I will do everything I can to help you out if you can prove to me it was not your fault. How many people will take the time to "actually hack" when there is SO many idiots that just give there info away, perhaps malice or jealousy but not for a few shiny items.

+1

[phresh]

I read somewhere that there is a method for gaining one's username via an in-game exchange or partying being accepted. From there it comes down to a brute force attempt at guessing the password. With the lack of the use of caps (gg joymax!) and the slim vocabulary of your average gamer - it's not that unlikely to occur but, you must have really pissed someone off or have something someone really wants for them to go through all of this.

Use strong passwords..

I do agree though, in most cases it is the users fault. Just saying, it could happen..

-phresh

[Braxton]

We are doing good, we are 50% to lvl 5 . Its a long hard road when you are legit, haha. We are in a great union and overall doing super, thanks for all the support in the post guys!!

[Progress]

Ok guys, call me an idiot but I don't actually believe that 99% of these so called "hacked" accounts are really hacked. I mean, to be hacked one would have to actually find an open port on your machine, perhaps through a router and enter without your permission right? Im sure that 95% of these "hacked" account were due to misuse and perhaps the last 4% was due to maby an innocent mistake such as going to those "bot report" sites. Even still, isnt it retarded to give out your account info to report a bot. I have heard of people dl'ing fraps from another trusted player and getting loggers but come on people, common since will keep your account safe. Sorry for the rant but im sick of hearing people scream about being "hacked", if someone actually hacked you without any misuse or mistake on your part, I will do everything I can to help you out if you can prove to me it was not your fault. How many people will take the time to "actually hack" when there is SO many idiots that just give there info away, perhaps malice or jealousy but not for a few shiny items.

Ports arent actually "open". Unless you just mean it isnt blocked. If you try to establish a connection to a port which does not have a server listening to it, all you get is a TCP packet with the RST flag set (connection closes).

What it would really take is that you know the IP-address of the victim, know that his computer is running a server program that has a vulnerability that can be exploited remotely, and that you have access to or can write such an exploit. And that such exploit allows you to execute code on his machine.

You would then have to exploit this vulnerability at pretty much the same time as he is logging on to SRO (there is no reason for sro_client.exe to keep the login and password in memory after the login has been successful).

To actually pull this off would require knowledge in the C programming language and/or assembler, and even then, there is no guarantee. Some programs just dont have known vulnerabilities (openbsd).

Also, if the gamer has a "toy-router", you can forget about even connecting to his computer since NAT is "in the way".

[Blackchocob0]

There are some smart dudes on this forum, they're just far and in between...progress that was some crazy shit right there.

I've got a program in mind that almost entirely fits into what you've described. MIRC. A user's IP address and plenty of other info is available after a couple clicks in an mIRC chat room.

[ping_lo]

Ports arent actually "open". Unless you just mean it isnt blocked. If you try to establish a connection to a port which does not have a server listening to it, all you get is a TCP packet with the RST flag set (connection closes).

What it would really take is that you know the IP-address of the victim, know that his computer is running a server program that has a vulnerability that can be exploited remotely, and that you have access to or can write such an exploit. And that such exploit allows you to execute code on his machine.

You would then have to exploit this vulnerability at pretty much the same time as he is logging on to SRO (there is no reason for sro_client.exe to keep the login and password in memory after the login has been successful).

To actually pull this off would require knowledge in the C programming language and/or assembler, and even then, there is no guarantee. Some programs just dont have known vulnerabilities (openbsd).

Also, if the gamer has a "toy-router", you can forget about even connecting to his computer since NAT is "in the way".

I have not sat and sniffed the packet traffic. But there is no need to know passwords to get into something. You can get access to whole SQL databases via script injection from otherwise locked down interfaces. You can run arbitraty code on most systems including BSD via exploiting buffer overflows etc. And you can most certainly modify packet traffic. So if they are writing bots that don't use the official client. So called clientless bots. What makes you think they can't spit the server purposefully formed packets to cause all sorts of havoc. Causing users to DC and or gaining access to things they shouldn't. When it comes down to it SRO connects to a server. And that server seeing how the game works is likely quite vulnerable.

Yeah most fall to the social engineering form of hacking. But don't fool yourself that someone needs to know your password to get in.

[ping_lo]

There are some smart dudes on this forum, they're just far and in between...progress that was some crazy shit right there.

I've got a program in mind that almost entirely fits into what you've described. MIRC. A user's IP address and plenty of other info is available after a couple clicks in an mIRC chat room.

That is general to all IRC servers and clients not just mIRC. But any IM program that allows any sort of direct connections like file transfers etc can be used to get IP info. Typically in the case of file transfers though it is more fruitfull to pack the file with a trojan or some such rather than scanning the IP and trying to exploit.

[Drew_Benton]

Agree w/ OP.

You would then have to exploit this vulnerability at pretty much the same time as he is logging on to SRO (there is no reason for sro_client.exe to keep the login and password in memory after the login has been successful).

You would think so, but that is something I've verified in an older client. I could find my account name, password, server, and character all in memory.

Of course, if the person was running Game Guard, it'd be really hard to take this information out, but it's possible, even with GG actively "protecting".

I've yet to try this on any recent clients though, but I'll take a look again later.

[Azrael]

before joymax fixed the problem with their forum that was displaying everyone's username, the hacker probably already gotten the whole database of usernames. then using a bruteforce program on the official silkroad website itself (notice that you can actually logon to the website even when you're still in the game), the hacker will eventually gain access to your account, depending on how strong your password is (length & alphanumeric, too bad they doesn't support symbols), will result the amount of time they will take.

i don't know how the bruteforce program works, but computer systems are getting faster and smarter, and they are plenty of tools that are available on the net to assist in hacking. so... good luck to all

[wildwolf111]

Seriously, I don't think anyone would have actually taken all that trouble to hack your account. Except if they really have you very very very much. Am I right?

[Azrael]

Seriously, I don't think anyone would have actually taken all that trouble to hack your account. Except if they really have you very very very much. Am I right?

what if a person has a +9 sos weap and full set sos gear 8th? and you already have the knowledge of hacking before you even start playing this game?

[oktaytheazer]

im trusted wid 5 more acc dey r all on alps server lvls r from 31 - 44 all got over 15mil gold 1 has lvl 47 sos +4 top garment lvl 46+3 botom and lvl 45+3 hat ^^ dan i can hack dem netime but cose im a gd friend i wont

[Progress]

I have not sat and sniffed the packet traffic. But there is no need to know passwords to get into something. You can get access to whole SQL databases via script injection from otherwise locked down interfaces. You can run arbitraty code on most systems including BSD via exploiting buffer overflows etc.

You are "citing" examples that have nothing to do with the actual topic, basically. Just because an SQL injection is a potentially "possible" way to "get in", doesnt mean it is always possible. And in this case, the client is most likely not even running an SQL server of any kind. A buffer overflow is not always possible, either. It is no joke that openbsd is probably the most secure OS available right now - and has been for some time.

http://kerneltrap.org/node/573

And you can most certainly modify packet traffic.

Just because they can modify packets doesnt mean the server wont check and discard them if they "ask" for something that the "client" isnt supposed to be able to do.

So if they are writing bots that don't use the official client. So called clientless bots. What makes you think they can't spit the server purposefully formed packets to cause all sorts of havoc. Causing users to DC and or gaining access to things they shouldn't.

Because it hasnt happened yet, at least i havent seen an indication that it would be the case.

When it comes down to it SRO connects to a server. And that server seeing how the game works is likely quite vulnerable.

It is possible that their servers do have vulnerabilities that can be exploited remotely. This doesnt really matter much unless you actually know what they are. I really dont wanna get into a free software vs closed source discussion, but one thing is correct, if you dont know what the bug is, it is unlikely that you can exploit it.

Yeah most fall to the social engineering form of hacking. But don't fool yourself that someone needs to know your password to get in.

What you seem to not understand is that there is not always a "way in".

[Progress]

i don't know how the bruteforce program works,

Bruteforce works by trying all available combinations.

but computer systems are getting faster and smarter, and they are plenty of tools that are available on the net to assist in hacking. so... good luck to all

They may have the login, but they dont have the hashed password. So they would have to connect to the server to verifty if the password is correct - something that will seriously slow them down.

[Arabian]

We are doing good, we are 50% to lvl 5 . Its a long hard road when you are legit, haha. We are in a great union and overall doing super, thanks for all the support in the post guys!!

Yeah. Im glad to hear things are ok.

Ill maybe even ask my guild to become a union with yours.

Tell lillian I said<" Good Job killing TG"

-MissArrow

[x_CodeZero_x]

Ping_los first post ftw <.<

You're being too literal.