PDA

View Full Version : Hacking MMOs



Ertzi
11-02-2013, 08:56 PM
I just read the KS update that mentions hacking. Could it be that someone has already tried to hack HEX?

I honestly do not understand why anyone would do this in any game. Can someone please shed some light why people do this? We play games because we want to be entertained and have fun, right? So what drives people to spoil the fun for everyone? I seriously don't get it.

If the game in question could be used to make real-life profit, then I would understand, even though I would still shun anyone who did that. To my knowledge, people have always done this in games that can only be played for fun as well. Are some players just that desperate to win and feel superior? Is it a psychological thing? I in fact love to gradually get better in games and want to earn everything. I would not magically get all the best stuff and skills even if that was an option. I certainly would not use any aim-bots or similar cheat tools, because that would take the fun out of everything.

Any insight into this practice? Can anyone give some compelling reasons why people do this? I might just not know enough about this subject, but I have been wondering about this for many years now.

Niedar
11-02-2013, 09:12 PM
Because they can is the best answer, you already covered for profit.

mightbes
11-02-2013, 09:14 PM
Hackers are people who looking for challenge.

The harder or the more famous the target it the more fun. Party, they did it because they going to have the advantages but mainly because of the hacker's prestige.

It is like you are bullying someone without any reason to just showing-off that you can. These bullies are around you.

Zarien
11-02-2013, 09:21 PM
Hackers are people who looking for challenge.

The harder or the more famous the target it the more fun. Party, they did it because they going to have the advantages but mainly because of the hacker's prestige.

It is like you are bullying someone without any reason to just showing-off that you can. These bullies are around you.

I mean, that's sort of a narrow example. There are a ton of reasons/examples/types of "hackers". There are white hats, black hats, normal programmers, "script kiddies" etc. All with very different reasons and types of approaches/intents.

MercuryMonkey
11-02-2013, 09:32 PM
I mean, that's sort of a narrow example. There are a ton of reasons/examples/types of "hackers". There are white hats, black hats, normal programmers, "script kiddies" etc. All with very different reasons and types of approaches/intents.

Agree with this. I think most of what they are seeing right now is backers that are white hats or just curious because they did put quite a bit of money in for a game. The rest of the activity is likely just people looking to see if they can slip in to the alpha. I doubt there is much activity at this point aimed at cheating in game.

keroko
11-02-2013, 09:39 PM
There's question as to what is ok to do with regard to client and it's interactions with CZE infrastructure.

One piece of clarity - hackers are filth. Look at traitor Snowden, who's busy trying to socially engineer the German government as we speak.


https://www.youtube.com/watch?v=ohx_MVSauUo&feature=youtube_gdata_player
Security testing through approved channels is another matter entirely.

We consent to monitoring when accessing hex, this is in part for prevention of s like glider bots. Some folks are interested how that works.

There are also a number of ways in which the server infrastructure could be targeted.

Some folks in the community are genuinely interested in security improvements, and i dont mean the kind that involves unauthorized probe or compromise

Xtopher
11-03-2013, 12:05 AM
Funny, I just read an article that said Snowden got a job at Gameforge.

Vengus
11-03-2013, 03:30 AM
I am pretty sure gold farmers are already aware of this game and figuring out how to best hack it to get peoples login info once the game is live. I can remember beta testing a game called Mortal Online years ago and before the game was released there was already a goldsell website devoted to it. Then there was RIFT, where lots of people got hacked in the first month after release because the hackers had already discovered a security flaw. Gold farmers start really early exploring games these days to get an advantage.

jetah
11-03-2013, 07:24 AM
I am pretty sure gold farmers are already aware of this game and figuring out how to best hack it to get peoples login info once the game is live.

Nope (said in Ruby of RWBY voice). They hack lower security websites like wiki's, forums, etc. This was the case with Diablo III. There were many people posting how their account was compromised. Eventually it came down to the farmers finding the login info on wiki and forum websites. People use the same password for a video game as their email address. Now that games are using email address as the login name, it is making it easier for them.

Farmers will just use the username and passwords of existing accounts to attempt to log into HEX. If they work they'll strip the account and then proceed to spam everyone on the server. I'm sure the farmers are already working on the hex db sites.



I'm glad that CZE is giving those people a chance to test the backend/security of the client and server. I truly hope that CZE will put a spoof list of usernames, passwords, cc info to see if people can access it.

I truly believe that everyone should have the authenticator when it become available. CZE make sure you sell them at card shops and retail locations too. You could produce a 'box' version of the game which could include an authenticator too.

FlyingMeatchip
11-04-2013, 02:20 AM
Snowden did what he thought was right. We the people...are the boss. He in his own way is letting the boss, the citizens, know there is a lot oh shady dealings going on. I for one thank Snowden and Manning among others for having the courage to start letting We the people know what's going on.

keroko
11-04-2013, 06:18 AM
With respect - we, the people, give a big damn about your personal qualms with your work in our government - and provide several avenues for whistle blowing.

That is what Snowden should have done - told someone he had stuff to talk about.

Instead he sought fame of the anonymous, stole reams of structural data on nsa and it's Ops, broke his oaths to serve his country and ran to foreign governments to hide and trade favors for other people's work. He trades in safety for a clouded vision of information freedom.

In doing so he endangers us, the people - in doing so he's promoted himself to adjudicator of what is right and wrong, what can and cannot be. This is not his position, it is held by many committee and agency.

His betrayal continues every day as he times his poisons of our intl diplomatic relations; releasing drabs of political sensationia through some UK rag or Assange's geopolitical shaping org of the ultra wealthy playspace.

When you take some actions it no longer matters why. Its the actions and their ramifications on us, this human biomass, that do.


There will be no rest for him in Germany, and there will be no clemency in this - our United States - for the most 'dictatorial' / despotic set of actions in self promotion beyond one's station I've seen in my recent lifetime.

Andre Malraux, a french author once put it:

un homme est la somme de ses actes, de ce qu'il a fait, de ce qu'il peut faire, rien d'autre.
(A man is the sum of his actions, of what he has done, of what he can do, nothing else.)


http://youtu.be/9A_he75G9kI

I'd be happy to debate this in game, or in private channel - but we should try to focus here on Hex and its security.

How would you feel if someone at CZE decided they did not like their job any more and to steal all the source code, all the concept art, payment and privacy info, all the IT infrastructure info, all internal communications, company strategies etc etc. they could get their hands on after having wormed their way into that position with the explicit intent of stealing and disseminating just that. What if they then went on to leverage that information to blackmail CZE?

You'd be livid.

We's tell him to DIAF, but in his very real case are too busy putting out ones of his creation.

No rest for the self-made tinpot god.

TZHX
11-04-2013, 08:20 AM
+1 for keroko -- Snowden ain't a hero, and this isn't really the place to discuss it anyway.

As for "Why hack MMOs?" -- for the same reason people cheat in other games, they enjoy the power it gives them. I doubt most "hackers" in modern video games actually create the hacks themselves, they just use ones they find on the Internet. Aim bots, etc. in FPS games are common place, as are things like transparent walls. Anywhere you've got something that congratulates people on success, there'll be some segment of the community that's willing to cheat, or "hack", to obtain it.

Additionally, anywhere there's some means for financial gain -- as it would seem there will be with HEX, you're going to get people trying to find the cracks in the system to give them the advantage. Some people may do it for "the challenge", but I don't think this is the driving force for the majority of cheats.

Finally, I think anything where there's a collection of user data, there's going to be some interest from other parts of society. The sad reality is that most people use the same email address and password for everything and so if you can find their login details for World of Warcraft, you've got their Facebook and email account. You can now start blackmailing them and/or impersonating them trying to get their friends to send you money via Western Union so you can escape a holiday gone wrong.

It's just the world we're in. People are jerks, and some people are criminal jerks. Nothing about Hex will attract these jerks more than any other web site, online game, whatever.

Shirik
11-04-2013, 10:51 AM
I mean, that's sort of a narrow example. There are a ton of reasons/examples/types of "hackers". There are white hats, black hats, normal programmers, "script kiddies" etc. All with very different reasons and types of approaches/intents.

Thank you for saying this. When most people say "hackers" they're really referring to "script kiddies" and that is quite depressing.

The very nature of Alpha is that everyone is supposed to be a hacker. You are supposed to be intentionally trying to break things to see what happens, and then report it. You're not supposed to be abusing it to gain some kind of advantage (to whatever advantage you can get in a game that's going to be reset...) but just doing clever things to solve a problem. That is the real definition of hacking.

Unhurtable
11-04-2013, 11:05 AM
How would you feel if someone at CZE decided they did not like their job any more and to steal all the source code, all the concept art, payment and privacy info, all the IT infrastructure info, all internal communications, company strategies etc etc. they could get their hands on after having wormed their way into that position with the explicit intent of stealing and disseminating just that. What if they then went on to leverage that information to blackmail CZE?

You'd be livid.

We's tell him to DIAF, but in his very real case are too busy putting out ones of his creation.

No rest for the self-made tinpot god.

Ok I'm just going to ignore the first part of your post, mainly because its heavily inaccurate.

Now lets look at your example. It is not even close to the snowden case on similarity alone, but nevermind that.
Would I be livid? Yeah if my credit card number was a part of the stolen information then yes I would be livid but aside from that, if they stole essentially everything else other than my credit card info, then I don't think I would be livid. It wouldn't impact me that greatly. The person in question would lose all of their credibility and affect a company I haven't formed a personal attachment to.

keroko
11-04-2013, 11:17 AM
https://www.youtube.com/watch?v=NI1ss0-3B_I&feature=youtube_gdata_player

Deal with it. Make it your own, scream at the sky. Its not EVER going away.

I saw the Pentagon burning from the building I was in before we were evacuated.

Impingement on your private lives? You're damned right.

== EDIT ==

Additionally, when imbued with trust as an administrator you adopt a mantle of responsibility.

If you choose to betray that responsibility you have done massive disservice to yourself, and are potentially the worst kind of harm that might be visited upon the people you are supposed to serve.

Your 'personal attachment' as a user of a system is an irrelevancy, as is your care or lack thereof.

The matter is one of abandonment of duty, deception and outright betrayal. In my hypothetical example, as with snowden, these core elements ring with resounding clarion bell for vigilance - for those steadfast.

Unhurtable
11-04-2013, 01:53 PM
Deal with it. Make it your own, scream at the sky. Its not EVER going away.

I have no idea what you are talking about here. Is it a cryptic message?


I saw the Pentagon burning from the building I was in before we were evacuated.

Impingement on your private lives? You're damned right.

I don't see how this is relevant.


Additionally, when imbued with trust as an administrator you adopt a mantle of responsibility.

If you choose to betray that responsibility you have done massive disservice to yourself, and are potentially the worst kind of harm that might be visited upon the people you are supposed to serve.


Also, the sky is blue, most people think cake is delicious.


Your 'personal attachment' as a user of a system is an irrelevancy, as is your care or lack thereof.

It is relevant to my reaction of a company implosion, is it not? My care of what, exactly? My care of the hypothetical situation? It is not irrelevant because

What if they then went on to leverage that information to blackmail CZE?

You'd be livid.

makes it relevant as it is an assumption of the readers (me in this case) emotional reaction, regardless if you use my lack of care in my modified hypothetical or my answer to the specific hypothetical.
Otherwise, I'd love to hear an explaination as to why its irrelevant though.


The matter is one of abandonment of duty, deception and outright betrayal. In my hypothetical example, as with snowden, these core elements ring with resounding clarion bell for vigilance - for those steadfast.
Again, the sky is blue etc. I don't see how this statement is adding to the conversation.

keroko
11-04-2013, 01:58 PM
We are not going to see eye to eye.

Perhaps we should discuss client / server interaction testing, local client process dynamics and sys interactions and potentialities in exploit of our parallel test lab-to be?

mudkip
11-04-2013, 02:03 PM
What a strange turn of events for this thread.

OT: I'm looking forward to the White hats doing their thing. Should make for some interesting stories!

Unhurtable
11-04-2013, 02:24 PM
We are not going to see eye to eye.

Agreed.


Perhaps we should discuss client / server interaction testing, local client process dynamics and sys interactions and potentialities in exploit of our parallel test lab-to be?

Sure lets discuss this. Do you wish for the discussion to be on topic or regarding some other aspect of these exploitable parts of the system at hand?

sayuu
11-04-2013, 03:10 PM
https://www.youtube.com/watch?v=NI1ss0-3B_I&feature=youtube_gdata_player

Deal with it. Make it your own, scream at the sky. Its not EVER going away.

I saw the Pentagon burning from the building I was in before we were evacuated.

Impingement on your private lives? You're damned right.

== EDIT ==

Additionally, when imbued with trust as an administrator you adopt a mantle of responsibility.

If you choose to betray that responsibility you have done massive disservice to yourself, and are potentially the worst kind of harm that might be visited upon the people you are supposed to serve.

Your 'personal attachment' as a user of a system is an irrelevancy, as is your care or lack thereof.

The matter is one of abandonment of duty, deception and outright betrayal. In my hypothetical example, as with snowden, these core elements ring with resounding clarion bell for vigilance - for those steadfast.

I suggest you read the 4th amendment to our Constitution. As well as the 1967 Supreme Court ruling of Katz v. United States.

The problem is not what the NSA is doing But how. . .