Filed under: Exploits

Yesterday we reported that a wide number of e-mail password phishing scams were being sent out to Aion users. Today, AionSource.com has sent out an e-mail announcement to all of their users that this new wave of scams may have been due to a hacking attack on their website.

Knite Shadowbane, administrator of AionSource, has posted that AionSource.com had been under hacker attack five days ago on the 24th of January. The staff has since cleared the attack and has proceeded to beef up their security, but today's e-mail to all AionSource members warns that their database could have been used for these phishing scams. So, if you are a member of AionSource, keep an eye out for any unusual e-mails coming your way.

Even if you aren't a member, always remember to check the source of any e-mails coming to you that request for you to "access your account" or "confirm your password" or require you to log into an unverified source.

Knite has also posted a handy guide to securing your account, such as changing your password and installing anti-virus software.

There are a lot of choices we face where we don't so much pick a good option as we pick the option that's least negative. Most people would argue that going to work is a better choice than faking illness and calling out, but not really a choice they like. Kill Ten Rats recently posed an interesting question along the same lines: would you rather your game have gold farmers or cheaters?

As the full piece argues, gold farmers are the greater evil to the companies running the game -- they aren't paying customers and they're disrupting the playerbase. But the average player is more likely to run into cheaters than gold farmers, and they're more likely to have a direct negative effect upon the experience of the game. Yet teams tend to be more active in pursuing gold farmers (witness Aion's theatrical destruction of them) because cheaters, to the company, are a slightly lesser problem.

Obviously, it's not a binary equation, and some games (such as Final Fantasy XI) place both at an equally high target priority. The fundamental question, however, is an excellent one -- cheating jerks, or RMT bots? There's no good option.

It's an immutable law: create an online game where virtual currency is used and it'll inevitably give rise to a black market for that currency, not to mention for the various items in the MMO. Earthrise will be no different, but developer Masthead Studios aims to be proactive about the problem of gold sellers, rather than reactive. They also feel that their game will be difficult to bot. "Most of Earthrise design has followed the paradigm of requiring player interaction and skill through every aspect of combat, crafting and logistic movement so we firmly believe the game will be, by design, very difficult to automate via known methods," Masthead explains in their latest Question of the Week.

Another factor that Masthead Studios feels will curb black market activities in Earthrise, at least in respect to items, is that every use of gear slowly degrades the item in question. Of course, where there's a will there's a way. So when Earthrise enters open beta Masthead Studios will keep a close eye on the various ways players find to exploit the economy.

"We have met the enemy and he is us." The player identified as "Patrick" is not the malevolent monstrosity we'd like to see. Nor is he a victim of circumstance, at that. He acts for all the world like a perfectly normal gamer, and if you didn't know he'd scammed between $10,000 and $20,000 in a year of reprehensible behavior, you certainly wouldn't be able to guess. That's what makes a video interview with him, mirrored and annotated at PlayNoEvil and originally recorded by Marcus Eikenberry, so odd on many levels.

The full interview lasts thiry-eight minutes, which makes it a bit long for casual viewing. The article which mirrors the video notes some of the highlights, including when he almost breathlessly exhorts the moment he realized that there was nothing in PayPal's EULA that prevented him from not transferring his EVE Online account to a purchaser on Craigslist.

His rationalizing of the actions include the loss of his job and financial instability, even as he begins the interview explaining how he would scam players in both EVE Online and World of Warcraft for fun. His words are unsettling, but what makes them all the more eerie is the fact that without the foreknowledge... there's no way to tell his voice from any of ours. When you have the time, the whole interview is well worth looking at if you're at all interested in account security and the culture of scammers.

NCsoft hasn't been having an easy start to the year, at least not in the eyes of security-minded players. The entire Guild Wars security question recently came to a head with suspicions and accusations that the flaw was something wrong with NCsoft's account management, a black eye if ever there was one. Of course, that raises questions about not just Guild Wars, but any game under the company's aegis, which includes City of Heroes. So it should come as little surprise that a reminder about account security has recently been posted on the official site.

The reminder itself is fairly standard boilerplate, reminding everyone to avoid giving out their account information to any other players, only log in from secure locations, and so forth. It also addresses the issue at hand in a roundabout fashion, mentioning that they found no malicious workarounds after investigating "current claims." However, the very next line mentions that they have added more robust logging and security procedures, which can lead to the obvious conspiracy theories. With fewer items to be traded than many other games, City of Heroes has a smidge more built-in security -- but a little extra reminder and caution never hurts.

It started as a surprise. Guild Wars players reported suddenly finding themselves hacked, their accounts cleaned out, no indication of what could have caused the problem. NCsoft and ArenaNet offered suggestions, security safeguards, new measures being taken, hints that the problem lay in a popular third-party website with an undisclosed name. But with the recent rash of problems that Aion players have been having regarding security, new facts have begun coming to light, and they paint a picture that isn't pretty.

Specifically, some players seem to be finding that it doesn't take any skill to wind up hacking someone's account accidentally. And all it takes is a few log-in attempts to find yourself with access to someone's account name, password, and billing information for all of a player's NCsoft games.

Square-Enix can get very touchy about certain things with Final Fantasy XI. Revealing the precise numbers and mechanics behind many of the game's elements seems to be one of them that none of the game's fans are terribly pleased with, but they're just as touchy about people cheating in the game, which fans can't help but be happy about. The game's terms of use clearly state that the use of third-party applications interacting with the game is expressly forbidden, and the game has recently dropped the hammer for good on one of the distributors of third-party hacks.

The announcement, which can be found on the official site or mirrored on Allakhazam.com, states that the game's team had been monitoring the sale and distribution of certain undisclosed third-party applications, and they had subsequently shut down both the servers for the programs as well as the sellers. The specific applications are not named, as is normal for Final Fantasy XI -- they don't want to encourage anyone to seek out the cheats, after all. The announcement also includes the usual warnings about bannings and account security when connected with third-party cheats. It's always good news when the less scrupled side of a game's community gets shut down -- now if only we could pass some of this along to NCsoft for their recent woes.

CCP Games has made some sweeping changes to how players claim and contest territory in EVE Online, with the recently-launched Dominion expansion. These changes haven't been without issue, however, and a significant problem with the new Sovereignty Blockade Units (SBU) has arisen. SBUs are anchored by attackers at stargates in a solar system belonging to the territory-holding alliance and disrupts the control of the Sovereignty holder, providing opportunities for attackers to usurp the space holding alliance. Issues with the SBUs prompted the devs to declare an exploit over the weekend. EVE's Community Manager CCP Wrangler stated:

"An issue has been discovered that makes outposts and infrastructure hubs vulnerable to attacks without the attacker having adequate Sovereignty Blockade Unit (SBU) coverage in the system. Attacking outposts and/or infrastructure hubs without adequate Sovereignty Blockade Units in the system is an exploit and any incidents will be dealt with accordingly. Situations where attackers have the proper SBU coverage are not subject to this rule. The problem is under repairs and will be fixed as soon as possible. We thank you for your understanding and patience in this matter."

When faction warfare went live with EVE Online's Empyrean Age expansion back in the summer of 2008, It was a magnificent success. It was intended as a way for newer players to get into PvP and as a stepping stone from the safe haven of empire to full-on sovereignty warfare. It wasn't long before large fleets were duking it out in low security space and for a time, it was great. Eventually, problems began to come to light that demanded developer attention. Capturing exploits and a lack of rewards were causing players to leave the war and after a year with no development, faction warfare was looking abandoned.

Rewards were eventually implemented in an attempt to revitalise the ageing faction warfare system and promote PvP. With the Dominion expansion came the most anticipated of those rewards - new tier 1 navy battleships available only from the faction warfare loyalty point store. Since the announcement that they were coming, mission-runners have been farming faction warfare missions like crazy for loyalty points. The promise of unique rewards from the missions was intended to revitalise the game and give pilots something to fight over. But did the rewards really improve faction warfare and promote PvP or was it a huge mistake?

In this three page exposé, I run down the history of faction warfare missions, from the development mistakes to the EVE corp that made almost enough ISK to build a titan. Did the mission buff revitalise faction warfare or did it put the final nail in its coffin? And just how did mission-runners make billions of ISK?

[Via PlayNoEvil]

The November community address for Aion is out, and it's mostly good news.

The good news, of course, includes the stunning nine-minute trailer depicting the future of Aion. Player response was overwhelmingly positive, and netted NCsoft more than a few immediate resubs. The Community Team has also been doing a good amount of work that, while not quite as fun to look at as the trailer, brings results that players can't help but be just as happy about. The Aion team has set up a dedicated Game Surveillance Unit focused solely on taking out bots, gold spammers, and the like. (It seems to be working so far, a recent Tweet reports over 27,000 botting accounts banned this week.) The community address also mentioned the ubiquitous grind complaints. Some short-term changes to grind, loot, and risk vs. reward are on the way, and a more long-term solution seems to be in the works.

On the downside, the server transfer system has been delayed until the Community Team can be sure of releasing a solid finished product. It's a frustrating issue for players, but hopefully the delay will be worth it.

The full community address can be read here.

"Companies should just stop gold farmers." It's a consistent complaint in many games, with "gold" replaced by your game's currency of choice. As complaints go, it's right around "somebody should do something about all the problems" in terms of overall utility, but heck, no one likes the practice and it should just be eliminated, right? Well, as Scott Jennings has pointed out recently, it's not quite that easy.

As Lum points out, there are several common misconceptions about the entire process. Among them are the idea that the game company doesn't step in because they're getting kickbacks, which is pointed out to fail the simple test of Occam's razor. When developers want to get more money from an existing game, there are usually better ways to run it, such as the Champions Online model or the Dungeons and Dragons Online approach. He also tackles the infamous statement that the farmers are paying customers and therefore the company has even less incentive to stop them.

So if everyone hates RMT, why is it still around? The article briefly touches upon it, but We Fly Spitfires had a recent post that articulates more specifically: more people buy gold than would necessarily admit it. Since no one will admit to it, no one ever asks, and as a result there's a large culture of silence that publicly despises it and privately takes part. In short? As long as there's a customer base, the farming will continue. Food for thought all around.

Hackers, as everyone knows, were scheduled to be the mirror class to Choppas... wait, no, that's not right. We're not talking about one of the classes of Warhammer Online, we're talking about that scourge of the paying and fair-playing populace of every MMO. The most recent developer diary on the game's official site is with John Cox, development manager, discussing some of the ways and means that allows Mythic to fight against the scourge of hacking and try and keep the game on the level.

Cox discusses a number of techniques, starting with the most obvious: that several people working on fighting the hacks are part of hacking communities, observing silently and sometimes even testing them internally to develop a response. He also discusses why some of the progress on fighting illegal behavior is a bit slower than the community would like, and why it's not always as possible to shut things down straightaway on the server end. With a discussion of some of the holes in detection, which includes an explanation of why the game briefly had Vista users almost universally flagged as hackers, it's an interesting look behind the scenes at Warhammer Online's efforts to fight the good fight. (That is, the one not involving Order versus Destruction.)

Remember Kevin Alderman (known in Second Life as Stroker Serpentine), CEO of Eros LLC who is one of the plaintiffs who have filed a lawsuit against Linden Lab for negligence with respect to security and failing to act in accordance with their obligations under the DMCA? Well, it can't be a good week for either him or for the Lab.

During Linden Lab's Burning Life event in Second Life this year (a sort of living pop-art showcase and party that draws many spectators) persons only presently known to the server logs left a cache of copied content, including at least one of Alderman's latest products, and a whole swag of other content belonging to other designers – free for the taking.

It isn't really Burning Life's fault, but if you had to place the stuff somewhere where many people would take it, none-the-wiser that it was unlawful content, that would be the best place at this time of the year.

No, we're not endorsing RR Day. But ArenaNet Community Manager Regina Buenaobra announced today that Hero Battles and Team Arenas will be removed from Guild Wars with this week's update, and it's safe to assume that a good many players will be mourning that loss. The news shouldn't come as any surprise, given that Live Team Lead Linsey Murdock warned us of this almost two months ago.

So how does this affect the PvP side? Well, after the update this week -- presumably Thursday or Friday -- the Commander title will still exist, but gaining points for it will no longer be possible. It will be replaced by a new title so those who haven't maxed their Commander title won't be left out in the cold. Random Arenas will no longer promote to Team Arenas, and the Hero Battles Ladder will freeze.

Linsey has said that Team Arena will be "renamed and repurposed" for the new Sealed Deck format, and that the Hero Battles maps will be reused, but the only change indicated for this week is the removal of TA/HB. It looks like Sealed Deck and all the other PvP projects are still having finishing touches put on them, so we'll keep watching for them.