Lost and Naked: A tale of hacking in World of Warcraft - Tech Digest
What would you do if you woke up half-way across the world with no clothes on, and just a mining pick in your possession? That was the virtual reality that faced Luke Maskell when he logged into his World of Warcraft character, Häwk, one morning. His character had been hacked into and everything of value had been removed and sold. "They must have stolen around ten to fifteen thousand gold worth of goods and cash," says Luke, "they probably would have earned around £50-£80". That might not sound like much, but for his character it represents months and months of play in the massively-multiplayer online world where one of the most controversial topics is that of gold farmers and selling equipment for real cash. Selling gold and virtual items in World of Warcraft is very strictly against the rules set by developer Blizzard. The terms of use for the game state, quite firmly, that "you may not sell in-game items or currency for "real" money, or exchange those items or currency for value outside of the Game". But is it a crime? Well, a spokesperson for the Metropolitan Police told us that it was a very tricky one - it would need a test case to be determined, and it would depend on many factors. Complicating the matter is the fact that the virtual thief might not be resident in the UK, and Blizzard's servers might be sitting in yet another country again. I put this to the Police spokesperson who sucked his teeth and told me that a court-case spanning three countries would be "absolute madness". "I certainly see it as a crime," states Luke, defiantly, "the online assets are in the end, property of Blizzard, and someone is selling this property for real-world money without permission, they should be treated as any other criminal." It's not completely clear how the attacker managed to gain access to Luke's characters: "Virus scanners and anti malware software found a few stray cookies from websites I was unsure about, but nothing major like a trojan or virus. I don't think I'll ever find out how my details were stolen." Blizzard, for their part, offer plenty of advice on how to keep accounts secure. On their compromised accounts page they recommend you change passwords regularly and warn against installing dodgy-looking game modifications or using power-levelling services. They also sell a device called an 'authenticator', which hooks up with your account and generates a second password that operates alongside your main one. This password changes every five minutes, so it's impossible to log in if the authenticator isn't in your possession. Luckily, this story has a happy ending for Luke: "Blizzard were great with the issue. I went through both the in-game ticketing system and their online support site to get my items and account back under my control, and they responded quickly and professionally." "They advised me on steps to take to prevent any further hacks, fully restored all my items and gold, and even gave everything that was taken from the guild bank back, all within 3 days of the hack occuring. I was very impressed." His guild - a group of players that he plays with on a regular basis - were also very supportive, too: "From my guild, I got a general response of sympathy and people wishing me luck in getting all my items and money back from the game moderators. I had a lot of people in the guild offering me some cash to get me back on my feet and replace my items" If you're a player of World of Warcraft, or any other online game, put yourself in Luke's shoes for a minute. Think about how long it took you to acquire the items that you're using in-game, and how long it would take to replace them. Then go change your account password and buy an authenticator - in the long run, you'll be very pleased you did.