Gaiscioch Select Chapter
POPULAR ADVENTURES:



ACTIVE ADVENTURES:





ADVENTURES:
Enshrouded
Once Human
Conan Exiles
Baldur's Gate 3
Ashes of Creation
Dune Awakening
Soulmask
Guild Wars
Myth of Empires
Stardew Valley
Valheim
- Full List -
CHAPTERS:
Chapter 8:
Conqueror's Blade (2019)
Chapter 7:
New World (2021)
Chapter 6:
World of Warcraft: Classic (2019)
Chapter 5:
Elder Scrolls Online (2014)
Chapter 4:
Guild Wars 2 (2012)
Chapter 3:
RIFT (2011)
Chapter 2:
Warhammer Online (2008)
Chapter 1:
Dark Age of Camelot (2001)
Community
Events
CHARITY:

LEGACY EVENTS:


Search Gaiscioch.com:
137 Tuatha Guilds:
8,328 Members:
14,047 Characters:
11,709 Items:
  • Views: 2,902
  • Replies: 7

Market Board Hack (Check your gil when you log back in!)

Curadh de na Iomproidh
Gibsauce
Curadh de na Iomproidh
Posted On: 11/08/2013 at 02:41 AM

Apparently quite a few people were hit by this:

Official Forums - Thread 1.

Official Forums - Thread 2.

Reddit post.

Yoshi-P's statement on the matter:

Here is a message from Producer/Director Yoshida regarding the current security issue and action that will be taken from this point on for Market.
-------------------
This is Producer/Director Yoshida.

This is a thread, but I would like to mention the current situation and actions that we are going to take from this point on.

First of all, a few hours ago, we have received several reports about fraud in certain features of the Market operated by an outside source.
There are not many reports of casualties due to this, but to prevent any further cases, we performed an emergency maintenance.

We apologize for the inconvenience and that this has affected many of our players.
We are verifying the data and promise that everything will be kept safe.

This issue can only be seen in certain Worlds, Zones and circumstances, so it will not affect players that are not logged in.

Once we resolve the issue and assure the safety of the situation, alongside the recovery of the game, we will take action towards the outside fraud source and take security countermeasures.

Again, we apologize for the inconvenience that this may have caused.
-------------------
We are not planning to do any sizable data roll backs at this time for this case.
We are basically planning to correspond to the players whose data was affected.

We have obtained information of the route and IP address of the source and we are planning to take legal actions of this fraud.

 

Might be a good idea to check and make sure that all your gil is available at your next login, and that no fraudulent purchases were made at the market board by your character(s).

Last Edited on: 11/08/2013 at 02:42 AM
Awards & Achievements
Devotion Rank 20Fellowship Rank 10Scholar Rank 2

Response:

Laoch de na Iolair Buí
Sekkerhund
Laoch de na Iolair Buí
  • GW2: Sekkerhund.3790
  • ESO: @Sekkerhund
Replied On: 11/08/2013 at 03:23 PM PST
  • Steam
  • PSN
  • XBOX
  • Twitch
  • Twitter

Wow, talk about a post that describes absolutely nothing about the issue that they're telling us to not be concerned about.  How do we check for fraudulent purchases made by our characters?  I'm assuming that if someone's account was affected, then SE will be contacting them, if I read that right.

Awards & Achievements
Devotion Rank 20Valor Rank 10Fellowship Rank 20Scholar Rank 9Artisan Rank 6Social Rank 7
Curadh de na Iomproidh
Gibsauce
Curadh de na Iomproidh
Replied On: 11/08/2013 at 08:18 PM PST

How do we check for fraudulent purchases made by our characters?

Retainer history log?

Awards & Achievements
Devotion Rank 20Fellowship Rank 10Scholar Rank 2
Curadh de na Fhiaigh Donn
Aalwein
Curadh de na Fhiaigh Donn
  • ESO: @Aalwein
Replied On: 11/08/2013 at 10:59 PM PST
  • Steam
  • PSN
  • XBOX
  • Twitch
  • Twitch
  • Twitter
  • Extra-Life

Yeah you can check your history log at the retainer. Unless you were online sitting idle for an extended amount of time, and you at least several hundred thousand gil on your person, you weren't targeted.

I do have to admit that this hack is downright ingenious - strictly from a technical observation, of course. I mean, who comes up a way to hijack your data stream while you are playing, and waits until you are AFK long enough that they can do the whole process before you are even aware!

Awards & Achievements
Devotion Rank 20Valor Rank 6Fellowship Rank 10Scholar Rank 4Social Rank 3
Banlaoch de na Griobhta Dearg
Briseadh
Banlaoch de na Griobhta Dearg
  • GW2: Briseadh.7386
Replied On: 11/09/2013 at 04:31 AM PST
  • Steam
  • Twitch
  • Twitch
  • Extra-Life

I decided not to log on that day and lately I haven't been on a lot along with not going afk more than the time it takes to let the dog out or a bio.  ::chuckles::  So when I did check things my retainer had sold one of four items.  I'm quite sure I need to price adjust to get the others gone. 

The retainer log is a good thing, but I also know how much gil I have.  I'm good at remembering numbers.  Even had an idea of all the stuff crammed on my retainers, too, due to making sure I have what I need for my crafting sprees.

Don't mess with Mama Bear, I might hug you too tight. =D
Awards & Achievements
Devotion Rank 20Valor Rank 13Fellowship Rank 20Explorer Rank 9Scholar Rank 12Artisan Rank 9Social Rank 8Mentorship Rank 3
Seaimpin de na Ulchabhan Oráiste
Charlatan
Seaimpin de na Ulchabhan Oráiste
  • GW2: Charlatan.9306
  • ESO: @Charlatan57
Replied On: 11/09/2013 at 05:29 AM PST
  • Twitch
  • Extra-Life

Re: checking if you were hacked: I thought the retainer log was only for things people purchsed from you, not purchases you made? From what I've seen in the threads above, people noticed they had low level items like bone chips or allagan pieces in their inventory and then they checked the market logs for those items.

 

As for the ingenuity of the hack, it's just another facet of some horrible programming that is similar to the earlier bug where people could log in as another person and/or the fast leveling and item dupe bugs. When you log on, you're issued a session id. First problem is that a lot of the comms between the client and server aren't encrypted, so it's possible to get the session ID. Second issue is that the session ID doesn't expire for a few days. Third issue is that when the server receives a message from the client, it doesn't check to see if the session ID for the message is valid for the client transmitting it.

 

So the way the hack works is this:

- hacker logs in, gets a session ID. Say it's 30.

- say Chris is standing near the retainer bell. Somehow these guys have figured out a way to examine packets sent from other clients to the server (Note 1). The hacker 'sniffs' packets and sees Chris accessing his retainer. From that message he gets Chris's session ID. Say Chris' session ID is 500.

- the hacker then goes to the market board and finds a bone chip he has put up for sale for 3 million gil. He then "buys" the chip but before the packet is transmitted to the server, he finds the session ID (30) in the message and sticks Chris' session ID in there (500).

- The server sees a message "Buy a bone chip for 3 million gil." There's got to be a session ID in this message that says who is buying the item to indicate where the money comes from and who receives the item in their inventory. So for this fraudulent message the server takes the money from session ID 500. (Note 2) The hacker's retainer gets 3 million and Chris ends up with a bone chip in his inventory.

 

Note 1: If communications between the client and server were encrypted this wouldn't be possible

Note 2: If the message to the server validated the client ID versus the client session this wouldn't work.

Awards & Achievements
Devotion Rank 20Valor Rank 7Fellowship Rank 12Scholar Rank 4Artisan Rank 9
Caomhnoir de na Fhiaigh Corcra
Hex
Caomhnoir de na Fhiaigh Corcra
Replied On: 11/11/2013 at 10:52 AM PST

Yay I got home from a short holiday and my gil was all intact! Win!

Awards & Achievements
Devotion Rank 20Valor Rank 11Fellowship Rank 11Scholar Rank 6Artisan Rank 1
Laoch de na Iolair Buí
Sekkerhund
Laoch de na Iolair Buí
  • GW2: Sekkerhund.3790
  • ESO: @Sekkerhund
Replied On: 11/11/2013 at 05:06 PM PST
  • Steam
  • PSN
  • XBOX
  • Twitch
  • Twitter

It sounds like they're getting the session IDs from packets sent to their own client, because our client must use those IDs to identify other players.  Or they're just taking a stab at IDs.  I don't see how they can hack the datastream from other clients, well I can but that's some serious technology that's a bit beyond some simple RMT gold seller.  If its that easy to hack into the FFXIV NOC, then we're all hosed.

edit: Wow, reading that Reddit thread is scary.  If I'd had known of those other issues, I wouldn't have invested money or time into this game.  There's just no excuse for such crappy packet security and tbh, I'm a bit shocked because the rest of the game is so nicely done and seems well thought out.  >_>

edit#2:  Oh, who was it that doubted me when I said, in another thread regarding account security, that I had a suspicion that there was a flaw in SE's login process that was allowing hackers to hijack accounts.  There were too many people getting hacked for it to have been a simple case of re-used passwords or viral hacks.  This is almost a flashback to RIFT's security flaw hacks, shortly after that game went Live.



» Edited on: 2013-11-11 17:18:11

Awards & Achievements
Devotion Rank 20Valor Rank 10Fellowship Rank 20Scholar Rank 9Artisan Rank 6Social Rank 7
[0.1593]