WoW account hacking and stripping – “Cyber-crime”

Between Tobold and Raph Koster there is some argument about game mechanics with respect to real money transfer. I don’t particularly find the topic that important but I was struck by a remark of one commenter, that “cyber-crime” related to RMT would be well worth discussion much more than the generic RMT discussion that flares over and over.

Just to give this some context. Within the guilds that my characters inhabit I know of at least 3 cases of accounts getting hacked and stripped. The number of active players in the guilds is certainly lower than 50 people. That’s a stunning 6% victim rate and the correct number is likely a tad higher. If I compare that to my real life familiarity with breaking and and stealing (burglary), I’d have a much much lower familiarity rate (certainly way below 0.1%). I would conclude that account hacking happens frequently!

So it’s fair to ask: Why is there so much discussion about RMT, when cyber-crimes like hacking & stripping are much more disruptive and on top of it are frequent?

I really don’t know. Looking at WoW the developers have learned a few things:

  • Disenchanting with no leveled trade skill is a bad idea. Disenchanting high level items now requires a certain level of enchanting skills.
  • No mail delay between acounts or AH buying removes ability to intervene or monitor. Between-account sending of cash is no longer instant, and selling in the AH isn’t either.

But these are just two measures to try to make it harder for hacker/strippers to make their lives more difficult.

Today still there are issues in WoW:

  • Locking of compromised accounts takes way too slow. In one case of a guildie of mine it took 3 days until the account got locked after reporting. The hacker tried to join multiple guilds to get access to guild banks. I have not heard of a single case where a compromised account got locked within an hour of reporting, which would be the time-frame it’d take to have the mail delay mechanism actually help.
  • There is no full restore functionality of victims. The cases I know people only got their equipted gear restored and non of the goods they had in the bank. Hacked people who have found to be clearly victims really should get a full restore. May be that the current server architecture makes this hard, but future game design should plan for this.
  • No mechanism to report hacking accounts in-game. Guildies are helpless to a found hacking incident. A GM will do nothing but tell that the account holder has to report their account compromised on the web-page. If the account holder is not around, people can sit and watch while the hacker sells off stuff in the AH and the trade channels. I understand the trickery here: Abusive reporting. If it was easy to lock an account down by 3rd parties this could be abused to grief a player. But surely there must be some way to improve crime reporting. I.e. if multiple guild members report hacking and activity on the account support the report (account stripping, all out auctioning/vendoring etc) and immediate in-game lock should be possible. The account holder can still report if the claim was frivolous, but in the worst case they got delayed in stripping themselves.

What else is there to be done to prevent cyber-crimes like hacking/stripping MMO accounts?

And yes, be safe. Don’t ever run executables you don’t trust or frequent shadey web-sites. If you have been hacked: my sympathies and my best to get your stuff back as best as possible.


%d bloggers like this: