Chinese Hackers? hacking nexon american accounts
I don't want to be racist, however I heard a lot over basil and people in maplestory, that the main suspect in the increasing of hacked players in nexon america is due to Chinese Hackers in China hacking accounts and selling messos or something? Is this true? or just a rumour?
November 16, 2011
25 Comments • Newest first
Apparently that's what it is. Like everyone else has been saying, Chinese hackers get into your account and grab your items to sell to in-game characters for very reasonably cheap prices so they can produce quick meso revenue and sell to their supporting website.
I think it's $7/1000M right now. Selling people's godly equips from one account can easily result in 14 ~ 180 USD quickly and easily. Imagine doing at least 10 accounts a day, well there's living right there.
[quote=CTBlack]WARNING Wall of text!
I had a bunch of hacking attempts to my Linux firewall coming from China before, but once I sent off an email to the admin of the ISP traced to the origin of the hacking, the hacking attempts stop. So its possible Chinese gold sellers could be one of the sources responsible for the account hacking. They have the motive.
To those that argue why not hack a bank, then ask yourself the following questions:
Which you think is more secure? A bank or Nexon?
Which puts more money into protecting their accounts?
Which will cause more legal problems/actions if they gotten hacked?
It seems most players either keep complaining about Nexon to do more in their security to protect their accounts (which Nexon should), or just plain old given up and hope bad luck don't hit them for getting hack.
If you want to prevent your account from getting hacked, you <b>CAN</b> do something to protect it. It just simply changing both your ms account password and email password to the maximum allowable number of characters with random upper/lower case letters and with both numbers and symbols. You can google password generator for online ones that will allow you to choose those criteria.
##Explanation## for those that wants to understand.
You will have to understand how password security works in online system in order to understand why the above will be able to prevent this types of account hacking (it will not prevent those get infected with a keylogger).
For every internet online system with accounts and passwords, there needs to have a database that stores the "authentication" info, which is not the plain text password that the users suppled when they registered for the account, but its a encrypted string using some standard encryption algorithm using the user's suppled password as part of the key, so the actual password doesn't exist in any of the system. Also the encryption algorithm is designed to be "one way", that is its impossible to "reverse" back to the plain text password from the encrypted string using any algorithms.
So the only way to gain the plain text password from the encrypted string is using brute force method, which is to try all possible combinations and feed each combination into the encryption algorithm then compare the end result with the encrypted string. As the encryption algorithm will take time to execute and especially when there are lots of combinations that it needs to go through. So the longer your password the more combinations there are, hence the maximum allowable number of characters as one of the above criteria.
However, there exists tools to speed up the brute force matching of the encrypted string!
1. Massive lists of possible words that can be used for passwords are available, which includes passwords using numbers as letters types of passwords, hence the random criteria as another requirement above.
2. Specific applications that uses GPU (commercially available graphic cards) to help speed up the encryption algorithm, which can encrypt up to 6 billion+ encryptions per second. Again hence the maximum length for the password is a criteria.
Currently for ms, the max allow characters for the password is 16 (not 100% sure, as it was 12 before but think they have increased), which will have 37157429083410091685945089785856 combinations ((26 upper + 26 lower + 10 number + 32 symbol) power 16), will take 196+ trillion years to brute force crack all the combinations using the GPU assisted method.
* Hi Hi Ky Ky *[/quote]
Well said, very very well said.
If more people actually understood how hard it is to brute force passwords or use salt tables to try to decrypt hashed passwords (which are the only things ever stored by any company that knows even the most basic security protocols- never passwords in clear text), they would realize that protection of your account is truly in your own hands.
[quote=SovietRussia]Where did you hear that horse crap?[/quote]
http://www.youtube.com/watch?v=W-Ji_ACN65w
[quote=CTBlack]WARNING Wall of text!
I had a bunch of hacking attempts to my Linux firewall coming from China before, but once I sent off an email to the admin of the ISP traced to the origin of the hacking, the hacking attempts stop. So its possible Chinese gold sellers could be one of the sources responsible for the account hacking. They have the motive.
To those that argue why not hack a bank, then ask yourself the following questions:
Which you think is more secure? A bank or Nexon?
Which puts more money into protecting their accounts?
Which will cause more legal problems/actions if they gotten hacked?
It seems most players either keep complaining about Nexon to do more in their security to protect their accounts (which Nexon should), or just plain old given up and hope bad luck don't hit them for getting hack.
If you want to prevent your account from getting hacked, you <b>CAN</b> do something to protect it. It just simply changing both your ms account password and email password to the maximum allowable number of characters with random upper/lower case letters and with both numbers and symbols. You can google password generator for online ones that will allow you to choose those criteria.
##Explanation## for those that wants to understand.
You will have to understand how password security works in online system in order to understand why the above will be able to prevent this types of account hacking (it will not prevent those get infected with a keylogger).
For every internet online system with accounts and passwords, there needs to have a database that stores the "authentication" info, which is not the plain text password that the users suppled when they registered for the account, but its a encrypted string using some standard encryption algorithm using the user's suppled password as part of the key, so the actual password doesn't exist in any of the system. Also the encryption algorithm is designed to be "one way", that is its impossible to "reverse" back to the plain text password from the encrypted string using any algorithms.
So the only way to gain the plain text password from the encrypted string is using brute force method, which is to try all possible combinations and feed each combination into the encryption algorithm then compare the end result with the encrypted string. As the encryption algorithm will take time to execute and especially when there are lots of combinations that it needs to go through. So the longer your password the more combinations there are, hence the maximum allowable number of characters as one of the above criteria.
However, there exists tools to speed up the brute force matching of the encrypted string!
1. Massive lists of possible words that can be used for passwords are available, which includes passwords using numbers as letters types of passwords, hence the random criteria as another requirement above.
2. Specific applications that uses GPU (commercially available graphic cards) to help speed up the encryption algorithm, which can encrypt up to 6 billion+ encryptions per second. Again hence the maximum length for the password is a criteria.
Currently for ms, the max allow characters for the password is 16 (not 100% sure, as it was 12 before but think they have increased), which will have 37157429083410091685945089785856 combinations ((26 upper + 26 lower + 10 number + 32 symbol) power 16), will take 196+ trillion years to brute force crack all the combinations using the GPU assisted method.
* Hi Hi Ky Ky *[/quote]
the way that the hackers are getting the information won't be stopped by lengthening your password. using a keyscrambler and locking your account by putting alts in it everytime you log out is much safer(alts can be emulated too, thats why we use the keyscrambler). when i got hacked a month back, i changed my password very often and it and my pic were both insanely long and always changing. and no i wasn't keylogged, as sad as it may be, the only websites i go to on my computer are my email, facebook, gms homepage, and basil. it was either related to charging nx, using mts, or just one of the hackers exploits in the database in general.
[quote=xBlazinBow]This is the reason people are racist to Chinese people...Yes or No?[/quote]
No. No one is being racist other than a few trolls.
In the end the truth is most of them are chinese. I even speak pinyin with some of them to practice loool.
WARNING Wall of text!
I had a bunch of hacking attempts to my Linux firewall coming from China before, but once I sent off an email to the admin of the ISP traced to the origin of the hacking, the hacking attempts stop. So its possible Chinese gold sellers could be one of the sources responsible for the account hacking. They have the motive.
To those that argue why not hack a bank, then ask yourself the following questions:
Which you think is more secure? A bank or Nexon?
Which puts more money into protecting their accounts?
Which will cause more legal problems/actions if they gotten hacked?
It seems most players either keep complaining about Nexon to do more in their security to protect their accounts (which Nexon should), or just plain old given up and hope bad luck don't hit them for getting hack.
If you want to prevent your account from getting hacked, you <b>CAN</b> do something to protect it. It just simply changing both your ms account password and email password to the maximum allowable number of characters with random upper/lower case letters and with both numbers and symbols. You can google password generator for online ones that will allow you to choose those criteria.
##Explanation## for those that wants to understand.
You will have to understand how password security works in online system in order to understand why the above will be able to prevent this types of account hacking (it will not prevent those get infected with a keylogger).
For every internet online system with accounts and passwords, there needs to have a database that stores the "authentication" info, which is not the plain text password that the users suppled when they registered for the account, but its a encrypted string using some standard encryption algorithm using the user's suppled password as part of the key, so the actual password doesn't exist in any of the system. Also the encryption algorithm is designed to be "one way", that is its impossible to "reverse" back to the plain text password from the encrypted string using any algorithms.
So the only way to gain the plain text password from the encrypted string is using brute force method, which is to try all possible combinations and feed each combination into the encryption algorithm then compare the end result with the encrypted string. As the encryption algorithm will take time to execute and especially when there are lots of combinations that it needs to go through. So the longer your password the more combinations there are, hence the maximum allowable number of characters as one of the above criteria.
However, there exists tools to speed up the brute force matching of the encrypted string!
1. Massive lists of possible words that can be used for passwords are available, which includes passwords using numbers as letters types of passwords, hence the random criteria as another requirement above.
2. Specific applications that uses GPU (commercially available graphic cards) to help speed up the encryption algorithm, which can encrypt up to 6 billion+ encryptions per second. Again hence the maximum length for the password is a criteria.
Currently for ms, the max allow characters for the password is 16 (not 100% sure, as it was 12 before but think they have increased), which will have 37157429083410091685945089785856 combinations ((26 upper + 26 lower + 10 number + 32 symbol) power 16), will take 196+ trillion years to brute force crack all the combinations using the GPU assisted method.
* Hi Hi Ky Ky *
this is as likely as americans hacking cms accounts to sell to chinese people
do you actually think that they cant make money any other way
Yes it is. Don't believe me? Chat them. They'll advertise their sites and tell you they're from China. Then they'll usually ask you to buy their stuff.
And at the people saying they should focus on CMS, well derp, they can obviously profit twice as much with GMS hacking at the same time.
[quote=Tormented]@darksherrill: Yeah, totally sheltered (sarcasm). I'm saying its secured as in no moron can hack into it. Its secured enough that only a company and some lucky people can hack into it and actually make a difference to more than a few people.[/quote]
i assure you, luck has nothing to do with it. more people have gotten in than you think.
Battle with hackers and kick them off GMS and All the MS world!
yeah... because us chinese people have no other way to make money...
[quote=Taichikara]Maybe cause if you get caught you can be held legally responsible; bank = real money.
whereas if its an account for a game, it all depends on the countries jurisdiction and the games tos/toc (terms of service/terms of conditions). Not all countries punish internet crimes the same as you would a bank robbery or something.[/quote]
You wouldn't get caught hacking bank accounts from China if you actually know what you're doing.
[quote=EvanelleOnyx]Chinese hackers? On my MapleStory?
It's more likely than you think.
... I couldn't resist. On topic, I don't think that race has much to do with it. Hackers are everywhere. Anywhere there are people with that knowledge who are willing to cheat and steal for a quick buck, they'll be there. Just saying.[/quote]
I know someone IRL who's told me that in China, they have these huge rooms filled with computers with people hacking at leprechauns, and making insane amounts of money ( I've seen this actually ). They also start spamming "Go to XXXX.com to buy mesos blahdeblahdeblah" I have a screeny PROVING they're Chinese.
[quote=darksherrill]if you think nexon has a highly secured server you've lived a sheltered pixilated life.
on the top of this thread, it is true, the meso selling sites have ways at the weak points in the data base. they sell your items for cheap and then sell the mesos. its a business, its an immoral sad and dishonest business but it does happen. its happened to me, and its happened to friends. there are also smaller groups that do it like the hacker "jackmeoff" in broa, all the good deals you find from him for super cheap is stuff from hacked accounts(experience). it's mostly the chinese mesos sellers responsible for the mass amount of people hacked lately(which nexon still hasn't made right, which frankly doesn't surprise me coming from nexon) but there are some of our "script kiddies" doing it to. and we have some pretty smart hackers of our own[/quote]
same things happened in cms every day and every where.
[quote=Tormented]It's not like i want to believe it but..
America doesn't have the brightest people.. There's a lot of script kiddies, but hacking a website or actually bypassing highly secured servers is far beyond them.
[/quote]
if you think nexon has a highly secured server you've lived a sheltered pixilated life.
on the top of this thread, it is true, the meso selling sites have ways at the weak points in the data base. they sell your items for cheap and then sell the mesos. its a business, its an immoral sad and dishonest business but it does happen. its happened to me, and its happened to friends. there are also smaller groups that do it like the hacker "jackmeoff" in broa, all the good deals you find from him for super cheap is stuff from hacked accounts(experience). it's mostly the chinese mesos sellers responsible for the mass amount of people hacked lately(which nexon still hasn't made right, which frankly doesn't surprise me coming from nexon) but there are some of our "script kiddies" doing it to. and we have some pretty smart hackers of our own
lol~~~~~nexon can not stop Chinese to break the game balance,Korean fails to Chinese people.
You're dumb. If you had an ability to hack an account without them giving out info, why not hack thier bank accounts instead of a dumb childs game account, you can earn way more money.
Clearly the people who get *hacked* gives out info.
Chinese hackers? On my MapleStory?
It's more likely than you think.
... I couldn't resist. On topic, I don't think that race has much to do with it. Hackers are everywhere. Anywhere there are people with that knowledge who are willing to cheat and steal for a quick buck, they'll be there. Just saying.
Chinese hacker everwhere when they can get money lol ,i am Chinese. o.o
[quote=SovietRussia]Where did you hear that horse crap?[/quote]
http://i194.photobucket.com/albums/z243/kelpoman2/Maple0194.jpg
Hehehehe
[quote=Tormented]It's not like i want to believe it but..
America doesn't have the brightest people.. There's a lot of script kiddies, but hacking a website or actually bypassing highly secured servers is far beyond them.
China on the other hand has a lot of people, and have several occasions where they have hacked majorly secured networks in other countries.
Every server has designated stores with godly equipment with the same type of "kjalgrssthsr" IGN with the same store name. This shows its not just a little group of people, its most likely a company. The sad thing about all of this is most meso selling sites aren't based in the USA, even for games such as Maplestory, RuneScape, Vindictus, FFXI, and Cobal. Most are based in China and India. The chance that a Chinese meso site(s) could be behind the thousands of hackings in the past year is nearly 100%. There's BT hacking, which is at the peak of normal hacking. They may be the best providers and hackers int he open but, the ones hiding are the ones that do the real damage that most likely are the businesses who don't care at all if the game lives or dies as long as they meet their bottom dollar.[/quote]
gms is located in l.a. if i remember correctly.
I've heard there were Chinese hackers in JMS as well and I've read somewhere that someone calling in to a meso-selling site spoke to a person with a Chinese accent. I don't think it's entirely impossible and this is coming from a Chinese person.
To all the people saying no to the chinese hackers it's actually a huge possibility. So you're chinese and offended? Too bad. The fact is, the chinese are notorious for online stunts like the one theorized and the TS did say he was not trying to be racist so stop digging for an argument because let's face it, the hackings are happening and this is a very probable case.
Any of those smega that says "gogogogo" that's them.