Page 1 of 6 12345 ... LastLast
Results 1 to 15 of 77
Like Tree1Likes

About recent hackings.... how do you think its happening?

This is a discussion on About recent hackings.... how do you think its happening? within the General Chat forums, part of the Knight Online (ko4life.com) category; I was hacked too about 3 weeks ago: Here are some pointers, which could lead to answers about how it ...
Page: 1


  1. #1
    Ancient Tribesman Moderator Darken's Avatar
    Join Date
    Nov 2006
    Location
    In deep d4rk forest, with thick mists is something valuable hidden.The Village of Golden Tribesman
    Posts
    1,389

    Default About recent hackings.... how do you think its happening?

    I was hacked too about 3 weeks ago:

    Here are some pointers, which could lead to answers about how it happens:

    I had:
    - Newly installed windows, everything formatted, there was nothing at PC but KO and msn yet.. Everything clean so far.
    - Low lvl char
    - Too many coins on it, but nothing much else.
    - Never changed chars pw
    - I had some sort of bug, saying kinght online will be closed, and I had option to choose whether to report the bug or not. Strange thing is that whether I Choose option YES or NO, both times it will say bug has been reported... Now I wonder if this is not some sort of hack that has been somehow inserted into game updates, and downloaded through them. That could be somehow sending your login info somewhere. Its just my theory.

    So far I came to three possible ways how it could be happening:
    - Database leak: Not changing your pw caused it (Changed your pw long time ago)
    - Website hack: On contrary Changing your pw at website caused it.
    - Bug that sends "reports" caused it.


    If any of you hacked people had same bug happening and sending some "reports" please write here, so we have more clues. Or any other kinds of suspicions or circumstances under which you have been hacked, can help prevent further hackings..
    Last edited by Darken; 08-14-2012 at 03:42 PM.

  2. #2
    Senior Member
    Join Date
    Nov 2006
    Location
    P-town
    Posts
    90

    Default

    i was hacked this morning.. yea i had some error bs awhile back but seemed to stop with in last month or so. but yea everything gone love ko

  3. #3
    Little archer Senior Member
    Join Date
    Dec 2007
    Location
    nowhere
    Posts
    8,270

    Default

    obviously, everything points at "never changed password".

    i too have gotten that bug thingy, when i tried to use Fraps while online, but nah, nothing too important.

    how old is your account? usko or euko?

  4. #4
    Senior Member
    Join Date
    Nov 2006
    Location
    P-town
    Posts
    90

    Default

    its usko account. prolly about 2 years. bought a rogue in cypher ring made that new account for it. then bought a 83 rogue in cypher ring about a week ago so i cyphered the 80 off and put the 83 on had it about a week took all items but left me a gb in the INN and brand new packs of scrolls that were tradeable.

  5. #5
    Senior Member WnxMiqdad's Avatar
    Join Date
    Nov 2010
    Location
    London
    Posts
    1,805

    Default

    change your pw every week...

  6. #6
    /Quit_Game Senior Member sonvicky's Avatar
    Join Date
    May 2007
    Posts
    1,025

    Default

    Quote Originally Posted by Darken View Post
    So far I came to three possible ways how it could be happening:
    - Database leak: Not changing your pw caused it (Changed your pw long time ago)
    - Website hack: On contrary Changing your pw at website caused it.
    - Bug that sends "reports" caused it.
    - Database leak; Very unlikely because if the DB had truly been hacked, the passwords would be hashed and therefor protected. If, MGame truly were stupid enough, to keep passwords in plain text, the person that would have the DB would have to be pretty smart just to get it, so therefor it seems more logical to scan the DB for accounts that have not been logged in for awhile(inactive accounts) and that have either a minimum amount of gold on that account or/and items. Cleaning out accounts that are inactive > active accounts, you're just screwing yourself over in the long run since you're upsetting a ton of people which will therefor (best case) get the company to do something.

    - Website hack; This has a higher chance of happening, if you are able to hack their panel then there's not really any limits as to what you could really do. You could alter the source of the .php/ASP script to send a copy of everything when a person tries to change their password, but then again... Seems unlikely, or otherwise MGame would have to be a complete and uter failure of a company. It's probably not this because these hackings seems to show up at random times and a ton at once when they do, and then they go down for awhile and not as many people get hacked.

    - Bug that sends "reports" caused it; I'm guessing you use Windows Vista/7, just no. The info you're sending does not have anything to do with your account infos, all that happens is that you send some info to microsoft with some technical data ONLY.

    Usually most things like this is put in a internal network, so no computor from the outside can get access to it...

    So what do I think it is? A major flaw in their security somewhere, but I don't know where.

  7. #7
    Senior Member squirrelspea's Avatar
    Join Date
    Apr 2007
    Location
    Around...
    Posts
    113

    Default

    good thing i can't log into ko

  8. #8
    Banned
    Join Date
    Mar 2006
    Posts
    827

    Default

    Quote Originally Posted by sonvicky View Post
    - Database leak; Very unlikely because if the DB had truly been hacked, the passwords would be hashed and therefor protected.
    I lol'd. What kind of encryption do you think they use? Most likely md5 or sha etc. which can be cracked in seconds. Even if they use a hash/salt type on encryption they can be cracked insanely fast with a decent GPU.

  9. #9
    Senior Member Rougean's Avatar
    Join Date
    Apr 2008
    Location
    Denmark
    Posts
    1,276

    Default

    If a person is smart enough to hack and steal the entire database from a multi million company I bet that person could also easily crack the passwords for all accounts even tho they are hashed..

  10. #10
    /Quit_Game Senior Member sonvicky's Avatar
    Join Date
    May 2007
    Posts
    1,025

    Default

    Quote Originally Posted by MrRapist View Post
    I lol'd. What kind of encryption do you think they use? Most likely md5 or sha etc. which can be cracked in seconds. Even if they use a hash/salt type on encryption they can be cracked insanely fast with a decent GPU.
    CPU* I belive you mean?

    Correct me on this if I'm wrong btw, I haven't dealt with this in ages;

    If you hash it and then keep it a one-way street, you shouldn't fail with keeping it protected. For example, if you can get the password in plain text, hash it and then simply match the hash'd value if it's the same as in the DB, then the entered password is the same as the one in the DB = Successful loggin.

    Edit: Also, if they have the DB and decide to do the other way around, I don't think it would simply go as fast as you make it sound. Everything has pros and cons ofcourse, but seriously, do you really think someone would be THIS eger to hack a simple game? It would have to be a very pathetic person, I'd like to think that no person is THAT pathetic atleast.

  11. #11
    /Quit_Game Senior Member sonvicky's Avatar
    Join Date
    May 2007
    Posts
    1,025

    Default

    Quote Originally Posted by Rougean View Post
    If a person is smart enough to hack and steal the entire database from a multi million company I bet that person could also easily crack the passwords for all accounts even tho they are hashed..
    Lets first imagine the odds of him pulling something like that off, shall we?

    Besides
    There are a set of hash functions that were specifically designed for passwords. In addition to being secure "one-way" hash functions, they were also designed to be slow.

    One example is Bcrypt. bcrypt() takes about 100ms to compute, which is about 10,000x slower than sha1(). 100ms is fast enough that the user won't notice when they log in, but slow enough that it becomes less feasible to execute against a long list of likely passwords. For instance, if a hacker wants to compute bcrypt() against a list of a billion likely passwords, it will take about 30,000 cpu-hours (about $1200) -- and that's for a single password. Certainly not impossible, but way more work than most hackers are willing to do.
    Btw just want to make it clear, I DO NOT think I know everything or so, I'm just saying my opinion and the things I do know, it's all speculations in the end.

  12. #12
    Banned
    Join Date
    Mar 2006
    Posts
    827

    Default

    Quote Originally Posted by sonvicky View Post
    CPU* I belive you mean?

    Correct me on this if I'm wrong btw, I haven't dealt with this in ages;

    If you hash it and then keep it a one-way street, you shouldn't fail with keeping it protected. For example, if you can get the password in plain text, hash it and then simply match the hash'd value if it's the same as in the DB, then the entered password is the same as the one in the DB = Successful loggin.

    Edit: Also, if they have the DB and decide to do the other way around, I don't think it would simply go as fast as you make it sound. Everything has pros and cons ofcourse, but seriously, do you really think someone would be THIS eger to hack a simple game? It would have to be a very pathetic person, I'd like to think that no person is THAT pathetic atleast.
    No I mean GPU. I am currently coding a cms and forum from scratch for the company I work and I've gotten in touch with a shitload of encryption algorithms, especially last month. Using a CPU for cracking is very inefficient when there are GPUs out there that can do more than 250million checks against a single hash per second. oclhashcat is just an example of a cracker that can even use 2 GPUs at the same time and add around 40% more checks.
    Last edited by MrRapist; 08-14-2012 at 06:21 PM. Reason: spelling

  13. #13
    /Quit_Game Senior Member sonvicky's Avatar
    Join Date
    May 2007
    Posts
    1,025

    Default

    Quote Originally Posted by MrRapist View Post
    No I mean GPU. I am currently coding a cms and forum from scratch for the company I work and I've gotten in touch with a shitload of encryption algorithms, especially last month. Using a CPU for cracking is very inefficient when there are GPUs out there that can do more than 250million checks against a single hash per second. ighashcat is just an example of a cracked that can even use 2 GPUs at the same time and add around 40% more checks.
    Understandable I suppose, I do see the benefits of using the GPU instead of the CPU in this case...

    But back ontopic; How many people do you think, that actually have the knowledge of all of this, play KO and how many out of them would be able to pull all of THIS of? Just seems very unlikely TO ME atleast, that's all.

  14. #14
    Banned
    Join Date
    Mar 2006
    Posts
    827

    Default

    Quote Originally Posted by sonvicky View Post
    Understandable I suppose, I do see the benefits of using the GPU instead of the CPU in this case...

    But back ontopic; How many people do you think, that actually have the knowledge of all of this, play KO and how many out of them would be able to pull all of THIS of? Just seems very unlikely TO ME atleast, that's all.
    Best example; mo3head. Hacked countless of private servers. Hacked ko4life atleast twice and cracked countless of passes and hacked their shit because they used the same password for their e-mails etc.. Don't need many persons to pull something off like that, only one that has the knowledge and is willing to do it. I can easily dig around 30threads of hacks that happened because of him. If you remember SayGekz on c-west that was him aswell. He hacked blomii, nouna and countless of others.

  15. #15
    Senior Member Rougean's Avatar
    Join Date
    Apr 2008
    Location
    Denmark
    Posts
    1,276

    Default

    Quote Originally Posted by sonvicky View Post
    Lets first imagine the odds of him pulling something like that off, shall we?
    Lets imagine the odds of mGame actually knowing anything about security.

    odds = 0.00001

Page 1 of 6 12345 ... LastLast

Similar Threads

  1. What do you think about my Character ?
    By FunnyFrisch in forum Media
    Replies: 13
    Last Post: 12-10-2006, 06:12 PM
  2. What do you think about my Character ?
    By FunnyFrisch in forum Media
    Replies: 37
    Last Post: 11-02-2006, 08:31 PM
  3. What do you think about this???
    By otzi in forum General Chat
    Replies: 7
    Last Post: 08-13-2006, 10:53 PM
  4. Replies: 10
    Last Post: 08-02-2006, 05:39 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •