Welcome, Unregistered.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
Old 20-Oct-2011, 11:08   #26
Shifty Geezer
uber-Troll!
 
Join Date: Dec 2004
Location: Under my bridge
Posts: 29,068
Default

Quote:
Originally Posted by Prophecy2k View Post
So it's possible there's a security hole on MS' end then?

It's curious to me as if it were on EA's end then we should be hearing of similar things coming from the PS3 version of FIFA wouldn't we?
Not if it's to do with how EA interface with Live or something. We haven't any particulars. We don't know if Live! accounts have always been hackable due to a vulnerability but no-one bothered until now, or if it's only EA's vulnerability hence the appearance only on an EA title.

Regards the selling on of DLC, wouldn't that need the content bought on other people's accounts to be transfered to a 3rd party for them to sell on? Without that, it's useless. What's the point in making 5 Live gamers buys FIFA content on their accounts if the hacker can't take that content and sell it on? So either there's a paper trail, or that premise of premium content having worth doesn't hold up.
__________________
Shifty Geezer
...

Tolerance for internet moronism is exhausted. Anyone talking about people's attitudes in the Console fora, rather than games and technology, will feel my wrath. Read the FAQ to remind yourself how to behave and avoid unsightly incidents.
Shifty Geezer is offline   Reply With Quote
Old 20-Oct-2011, 12:20   #27
Brad Grenz
Philosopher & Poet
 
Join Date: Mar 2005
Location: Oregon
Posts: 2,336
Default

Quote:
Originally Posted by Shifty Geezer View Post
Regards the selling on of DLC, wouldn't that need the content bought on other people's accounts to be transfered to a 3rd party for them to sell on? Without that, it's useless. What's the point in making 5 Live gamers buys FIFA content on their accounts if the hacker can't take that content and sell it on? So either there's a paper trail, or that premise of premium content having worth doesn't hold up.
But the content they are buying is intended to be tradeable. They probably change hands a bunch of times (in various hacked and/or "burner" accounts) and since the payment occurs via a third party there is plausible deniability by the time it's to the buyer: "How was I to know they were stolen? I just bumped in to that guy in a match or on a forum and he offered to send the cards my way!"
Brad Grenz is offline   Reply With Quote
Old 20-Oct-2011, 12:38   #28
Shifty Geezer
uber-Troll!
 
Join Date: Dec 2004
Location: Under my bridge
Posts: 29,068
Default

There should be a paper trail though. It'd have to pass through the ahckers account/accounts. Out of...10,000 hacks, say, all 10,000 would have had to have passed through the same user account(s), and unless that person has 10,000 unique accounts, costing way more than the content is worth, they'll appear in each transfer chain. So find the common accounts present in every hacking case where content is transfered and you find the culprit. Assuming transfers are fully catalogued!
__________________
Shifty Geezer
...

Tolerance for internet moronism is exhausted. Anyone talking about people's attitudes in the Console fora, rather than games and technology, will feel my wrath. Read the FAQ to remind yourself how to behave and avoid unsightly incidents.
Shifty Geezer is offline   Reply With Quote
Old 20-Oct-2011, 18:45   #29
AlphaWolf
Specious Misanthrope
 
Join Date: May 2003
Location: Treading Water
Posts: 8,107
Default

Right. If someone is funneling money somewhere then it shouldn't be hard to catch them.
AlphaWolf is offline   Reply With Quote
Old 20-Oct-2011, 21:35   #30
patsu
Regular
 
Join Date: Jun 2005
Posts: 27,404
Default

In the first place, do we know the total damage $$$ so far ? EA says it's the same rate as FIFA 11. MS says there's no problem.
__________________
My wife pays up to hundreds of dollars for paintings we just hang on the wall They do nothing, just hang their. Journey is interactive, so it does more than our paintings. Art can be expensive! Get over it!
-- 3rdamention@GAF
patsu is offline   Reply With Quote
Old 20-Oct-2011, 22:42   #31
dobwal
Senior Member
 
Join Date: Oct 2005
Posts: 3,346
Default

Quote:
Originally Posted by Shifty Geezer View Post
There should be a paper trail though. It'd have to pass through the ahckers account/accounts. Out of...10,000 hacks, say, all 10,000 would have had to have passed through the same user account(s), and unless that person has 10,000 unique accounts, costing way more than the content is worth, they'll appear in each transfer chain. So find the common accounts present in every hacking case where content is transfered and you find the culprit. Assuming transfers are fully catalogued!

I don't think thats true. I don't think you actually need to have your own account to pull this off. If you have access to hacked accounts, all the in game transactions can be handled by those accounts.
dobwal is offline   Reply With Quote
Old 20-Oct-2011, 23:02   #32
Shifty Geezer
uber-Troll!
 
Join Date: Dec 2004
Location: Under my bridge
Posts: 29,068
Default

Quote:
Originally Posted by dobwal View Post
I don't think thats true. I don't think you actually need to have your own account to pull this off. If you have access to hacked accounts, all the in game transactions can be handled by those accounts.
How do you get hold of your money if all the transactions are in other people's name?*If* someone is profiting from this, there'll be a trail back to them where they are collecting their ill-gotten gains.
__________________
Shifty Geezer
...

Tolerance for internet moronism is exhausted. Anyone talking about people's attitudes in the Console fora, rather than games and technology, will feel my wrath. Read the FAQ to remind yourself how to behave and avoid unsightly incidents.
Shifty Geezer is offline   Reply With Quote
Old 20-Oct-2011, 23:24   #33
patsu
Regular
 
Join Date: Jun 2005
Posts: 27,404
Default

There are probably creative ways. e.g., If they hacked EA or/and XBL, they can continue to hack other stuff like people's bank accounts and stole their identities. But what's the damage so far ? We only hear complains here and there but no overall picture yet ?
__________________
My wife pays up to hundreds of dollars for paintings we just hang on the wall They do nothing, just hang their. Journey is interactive, so it does more than our paintings. Art can be expensive! Get over it!
-- 3rdamention@GAF
patsu is offline   Reply With Quote
Old 21-Oct-2011, 00:55   #34
AzBat
Agent of the Bat
 
Join Date: Apr 2002
Location: Alma, AR
Posts: 4,275
Default

Quote:
Originally Posted by joker454 View Post
Ugh, all the more reason why allowing EA to party their own way on XBLive was a mistake. Yeah Microsoft had no choice way back when, EA muscled their way onto Live by demanding that concession and Microsoft had no leverage then to say no. But now they are paying for that decision. Hopefully they don't allow this EA garbage on their Win8 app store.
+1

Tommy McClain
AzBat is offline   Reply With Quote
Old 21-Oct-2011, 09:45   #35
Shifty Geezer
uber-Troll!
 
Join Date: Dec 2004
Location: Under my bridge
Posts: 29,068
Default

Quote:
Originally Posted by patsu View Post
There are probably creative ways. e.g., If they hacked EA or/and XBL, they can continue to hack other stuff like people's bank accounts and stole their identities. But what's the damage so far ?
People have had their account breached and FIFA stuff bought on their accounts. Only FIFA stuff. If the objective is to gain access to people's bank accounts, credt cards, or steal identities, why are the crims buying FIFA stuff and making their presence known?
__________________
Shifty Geezer
...

Tolerance for internet moronism is exhausted. Anyone talking about people's attitudes in the Console fora, rather than games and technology, will feel my wrath. Read the FAQ to remind yourself how to behave and avoid unsightly incidents.
Shifty Geezer is offline   Reply With Quote
Old 21-Oct-2011, 13:44   #36
Brad Grenz
Philosopher & Poet
 
Join Date: Mar 2005
Location: Oregon
Posts: 2,336
Default

Quote:
Originally Posted by Shifty Geezer View Post
How do you get hold of your money if all the transactions are in other people's name?*If* someone is profiting from this, there'll be a trail back to them where they are collecting their ill-gotten gains.
The money is changing hands outside of the Live system via third party services. There is no way for MS to track it if it's happening via ebay, paypal or craigslist. The hackers use an account with no real life connection to them to trade the virtual goods to the buyer, but the buyer could have literally handed them cash after responding to an ad on craigslist and meeting in real life, or sent the hacker bitcoins, or bought via paypal in a transaction MS has no knowledge of.
Brad Grenz is offline   Reply With Quote
Old 21-Oct-2011, 14:24   #37
Shifty Geezer
uber-Troll!
 
Join Date: Dec 2004
Location: Under my bridge
Posts: 29,068
Default

So the trade in gaming goods not via EA then? I misunderstood, thinking it was an in-game feature. If it's content being sold for cash outside of the system then you're right. That could mean the weak link is either EA or MS - prior to this there'd be no point to hacking Live! as there'd be no way to convert purchased items to cash.

The lack of either party to actually address this, maybe putting a stop on trading content until this is worked out, is a bit disconcerting then.
__________________
Shifty Geezer
...

Tolerance for internet moronism is exhausted. Anyone talking about people's attitudes in the Console fora, rather than games and technology, will feel my wrath. Read the FAQ to remind yourself how to behave and avoid unsightly incidents.
Shifty Geezer is offline   Reply With Quote
Old 21-Oct-2011, 16:23   #38
dobwal
Senior Member
 
Join Date: Oct 2005
Posts: 3,346
Default

Quote:
Originally Posted by Shifty Geezer View Post
How do you get hold of your money if all the transactions are in other people's name?*If* someone is profiting from this, there'll be a trail back to them where they are collecting their ill-gotten gains.
Use a third party payment system. It then becomes a question on how well a hacker can cover their tracks using an outside system. It also forces EA to go through legal means to uncover the identity linked to the third party user account.
dobwal is offline   Reply With Quote
Old 21-Oct-2011, 18:05   #39
mrcorbo
Foo Fighter
 
Join Date: Dec 2004
Posts: 1,799
Default

So, once the criminal has access to the account they have from the moment that they purchase the content until the victim becomes aware that their account is compromised and contacts MS to freeze the account to complete the sale and transfer the content to the buyer. The criminals probably take into account the time zone the victim is in and make the purchase while they are likely to be sleeping to maximize the amount of time that they have.
__________________
My 3D Odyssey:
TNT->GeForce256->GeForce2 GTS->GeForce 3->GeForce 4200 Ti->Radeon 9800SE(softmod)->GeForce 6600GT->Radeon X1800XL->Geforce 8800GT ->Radeon HD 4870->Radeon HD 6970 *Now Playing*
mrcorbo is offline   Reply With Quote
Old 06-Nov-2011, 07:06   #40
-tkf-
Regular
 
Join Date: Sep 2002
Posts: 5,006
Default

Quote:
Originally Posted by mrcorbo View Post
and contacts MS to freeze the account
Wow

Quote:
he told me that my account would be locked for “up to 25 days” while the issue was investigated
I guess the complaints i read wasn“t off the mark

http://whatthegeek.net/2011/10/05/th...-live-account/
__________________
Batteries NOT included with the XBOX One Controllers: http://techland.time.com/2013/07/29/...ore-expensive/
2nd hand market talk here: http://forum.beyond3d.com/showthread.php?t=59311
-tkf- is online now   Reply With Quote
Old 06-Nov-2011, 13:42   #41
NavNucST3
Senior Member
 
Join Date: Jun 2005
Location: Chicago, IL
Posts: 1,590
Default

Quote:
Originally Posted by -tkf- View Post
Wow



I guess the complaints i read wasn“t off the mark

http://whatthegeek.net/2011/10/05/th...-live-account/
I'm surprised they said "up to" reading the GAF thread had me thinking that this was the minimum time it would take. Which seems about how long it took for MSFT to unfreeze my account some years ago simply because my card had expired (even though I was many months away from renewing Live AND there were other cards attached to the account...Not to mention when being billed from most of the MSFT services it normally takes a month before the charge actually hits my bank account meaning that even though I just renewed and got the email I had renewed I don't expect the money to come out of my account until early December...

I would say that MSFT has pretty shitty customer service in these regards. When you can get, eastmen, to think about canceling Live and selling the console you have seriously fucked up your social contract with your customers.
NavNucST3 is offline   Reply With Quote
Old 22-Nov-2011, 13:37   #42
-tkf-
Regular
 
Join Date: Sep 2002
Posts: 5,006
Default

Maybe there is a reason why XBOX support is so slow?

http://www.thesun.co.uk/sol/homepage...ber-fraud.html
__________________
Batteries NOT included with the XBOX One Controllers: http://techland.time.com/2013/07/29/...ore-expensive/
2nd hand market talk here: http://forum.beyond3d.com/showthread.php?t=59311
-tkf- is online now   Reply With Quote
Old 22-Nov-2011, 15:49   #43
Brad Grenz
Philosopher & Poet
 
Join Date: Mar 2005
Location: Oregon
Posts: 2,336
Default

I wish the problem was getting more coverage in the mainstream press, but that article is mostly repeating Microsoft's blame the victim PR strategy.
Brad Grenz is offline   Reply With Quote
Old 22-Nov-2011, 16:08   #44
AlphaWolf
Specious Misanthrope
 
Join Date: May 2003
Location: Treading Water
Posts: 8,107
Default

its likely not getting press because it's just a case of coincidence.
AlphaWolf is offline   Reply With Quote
Old 22-Nov-2011, 16:30   #45
AlphaWolf
Specious Misanthrope
 
Join Date: May 2003
Location: Treading Water
Posts: 8,107
Default

Quote:
Originally Posted by -tkf- View Post
Maybe there is a reason why XBOX support is so slow?

http://www.thesun.co.uk/sol/homepage...ber-fraud.html
So it's confirmed Live wasn't hacked then? Or is this something completely unrelated?
AlphaWolf is offline   Reply With Quote
Old 22-Nov-2011, 17:45   #46
patsu
Regular
 
Join Date: Jun 2005
Posts: 27,404
Default

It cites a phishing case, but does not explicitly conclude that all the recent XBL hacks are due to phishing.

Ask eastmen if he was hit by phishing scam. ^_^
He is one of the victims.

Until someone can come up with a total $$$ loss, the press may go after other bigger news. The only reported figure is the average theft amount. Article says average is £100. People on GAF seem to lose about US$100+ per incident.
__________________
My wife pays up to hundreds of dollars for paintings we just hang on the wall They do nothing, just hang their. Journey is interactive, so it does more than our paintings. Art can be expensive! Get over it!
-- 3rdamention@GAF
patsu is offline   Reply With Quote
Old 22-Nov-2011, 20:31   #47
Brad Grenz
Philosopher & Poet
 
Join Date: Mar 2005
Location: Oregon
Posts: 2,336
Default

Quote:
Originally Posted by AlphaWolf View Post
its likely not getting press because it's just a case of coincidence.
You do realize a coincidence, by definition, requires two or more things to coincide? :eyeroll:

My Live account was hacked. It followed the exact MO that is being so commonly reported. I can say with certainty I was not phished. I was not social'd.
Brad Grenz is offline   Reply With Quote
Old 22-Nov-2011, 21:12   #48
AlphaWolf
Specious Misanthrope
 
Join Date: May 2003
Location: Treading Water
Posts: 8,107
Default

How exactly do you know you weren't? They won't send a notice in your email. It could be someone you know.
AlphaWolf is offline   Reply With Quote
Old 22-Nov-2011, 22:02   #49
Brad Grenz
Philosopher & Poet
 
Join Date: Mar 2005
Location: Oregon
Posts: 2,336
Default

Quote:
Originally Posted by AlphaWolf View Post
How exactly do you know you weren't? They won't send a notice in your email. It could be someone you know.
1. Social attacks almost always involve getting the password reset. Usually they've also compromised the attached email account as well. That did not happen. I was able to regain control of my account with minimal damage because the password wasn't changed. But let's assume for a second I was social'd. Does that mean impostors can convince MS to give out passwords over the phone or in an email? That's even more disturbing than MS being hacked!

2. Someone I know? I don't know anyone in Eastern Europe who has tried to wheedle my password out of me (let alone succeeded).

3. Actually, phishing does usually involve an email. I don't follow links in emails to log in to services. I'm also not so foolish as to believe a suspicious offer of free MS points.

As far as I can tell, my account was compromised in one of four ways. My password was originally a shared, low security password used when I created for Games for Windows Live. I made the mistake of not upgrading it to a stronger, unique password when my MS Live account became associated with my gamertag and a credit card ended up attached to it. So it's possible the password was stolen from a third party and used to access my Live account. For the record, the password was not exposed in any of the recent high profile hacks, including PSN and Gawker.

Second, a virus or other piece of malware infected my computer and logged my credentials. If this was the case it has never been detected by AVG or Spybot and the information gathered has never been used to compromise any of my other accounts (paypal, amazon, google, my bank...).

Third, my password was short enough to have been brute forced. This would require a flaw in Microsoft's security apparatus that is supposed to detect and prevent such attacks. But the password, while alphanumeric and considered relatively secure when it was originally created, was only 8 characters long and should be breakable.

Fourth, there is an undisclosed or undiscovered flaw in Xbox Live's security that allows hackers to discover a password or hijack an account without needing one.
Brad Grenz is offline   Reply With Quote
Old 22-Nov-2011, 22:25   #50
AlphaWolf
Specious Misanthrope
 
Join Date: May 2003
Location: Treading Water
Posts: 8,107
Default

So you've confirmed that you don't know that it was actually Live that was hacked or not.
AlphaWolf is offline   Reply With Quote

Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 08:06.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.