Potential Xbox Live hacking related to FIFA 12
- Thread starter Scott_Arm
- Start date
FIFA is only significant because it provides a profit motive for the hacking. The game has an in game player trading economy, AND random booster pack DLC you can buy over and over again that allows hackers to break in to an account, charge up a bunch of points, and by buying lots of FIFA DLC, eventually build up value in game that they can actually sell on eBay. It's basically a way to convert stolen MS points into actual cash. There's no reason to believe EA or FIFA is actually the weak link in the security. They've just given hackers a reason to hack gamertags.
Ugh, all the more reason why allowing EA to party their own way on XBLive was a mistake. Yeah Microsoft had no choice way back when, EA muscled their way onto Live by demanding that concession and Microsoft had no leverage then to say no. But now they are paying for that decision. Hopefully they don't allow this EA garbage on their Win8 app store.
Ahhhh, that explains it. Polluting footabll with collectables.
Prophecy2k
Veteran
So it's possible there's a security hole on MS' end then?
It's curious to me as if it were on EA's end then we should be hearing of similar things coming from the PS3 version of FIFA wouldn't we?
Not if it's to do with how EA interface with Live or something. We haven't any particulars. We don't know if Live! accounts have always been hackable due to a vulnerability but no-one bothered until now, or if it's only EA's vulnerability hence the appearance only on an EA title.
Regards the selling on of DLC, wouldn't that need the content bought on other people's accounts to be transfered to a 3rd party for them to sell on? Without that, it's useless. What's the point in making 5 Live gamers buys FIFA content on their accounts if the hacker can't take that content and sell it on? So either there's a paper trail, or that premise of premium content having worth doesn't hold up.
But the content they are buying is intended to be tradeable. They probably change hands a bunch of times (in various hacked and/or "burner" accounts) and since the payment occurs via a third party there is plausible deniability by the time it's to the buyer: "How was I to know they were stolen? I just bumped in to that guy in a match or on a forum and he offered to send the cards my way!"
There should be a paper trail though. It'd have to pass through the ahckers account/accounts. Out of...10,000 hacks, say, all 10,000 would have had to have passed through the same user account(s), and unless that person has 10,000 unique accounts, costing way more than the content is worth, they'll appear in each transfer chain. So find the common accounts present in every hacking case where content is transfered and you find the culprit. Assuming transfers are fully catalogued!
I don't think thats true. I don't think you actually need to have your own account to pull this off. If you have access to hacked accounts, all the in game transactions can be handled by those accounts.
How do you get hold of your money if all the transactions are in other people's name?*If* someone is profiting from this, there'll be a trail back to them where they are collecting their ill-gotten gains.
People have had their account breached and FIFA stuff bought on their accounts. Only FIFA stuff. If the objective is to gain access to people's bank accounts, credt cards, or steal identities, why are the crims buying FIFA stuff and making their presence known?
The money is changing hands outside of the Live system via third party services. There is no way for MS to track it if it's happening via ebay, paypal or craigslist. The hackers use an account with no real life connection to them to trade the virtual goods to the buyer, but the buyer could have literally handed them cash after responding to an ad on craigslist and meeting in real life, or sent the hacker bitcoins, or bought via paypal in a transaction MS has no knowledge of.
So the trade in gaming goods not via EA then? I misunderstood, thinking it was an in-game feature. If it's content being sold for cash outside of the system then you're right. That could mean the weak link is either EA or MS - prior to this there'd be no point to hacking Live! as there'd be no way to convert purchased items to cash.
The lack of either party to actually address this, maybe putting a stop on trading content until this is worked out, is a bit disconcerting then.
The lack of either party to actually address this, maybe putting a stop on trading content until this is worked out, is a bit disconcerting then.
Use a third party payment system. It then becomes a question on how well a hacker can cover their tracks using an outside system. It also forces EA to go through legal means to uncover the identity linked to the third party user account.
So, once the criminal has access to the account they have from the moment that they purchase the content until the victim becomes aware that their account is compromised and contacts MS to freeze the account to complete the sale and transfer the content to the buyer. The criminals probably take into account the time zone the victim is in and make the purchase while they are likely to be sleeping to maximize the amount of time that they have.
Wow
I guess the complaints i read wasn´t off the mark
http://whatthegeek.net/2011/10/05/the-tale-of-a-hacked-xbox-live-account/
Similar threads
