MMO Account Security Tips
I got a virus for the first time in my life, after 18 years of PC use online. It was from, hilariously enough, Kerbal. I went to download an addon and it sent you to one of the Rapidshare like sites, where they run those advertisements for DOWNLOAD NOW and it looks like a download button but it's not. I mindlessly clicked it, it of course emulates the same name but with an .exe extension, and nothing happened. Mindlessly I clicked the correct download link and got my zip file to load some parts into the game.
The irony is just yesterday I was talking about account security with what some more people hacked now.
So, when you download a virus, the payload usually comes like a bunker buster, the exe begins to download and execute as many viruses as it can as fast as it can. It's not just a single virus usually, but a swarm of them, a server somewhere that is hosting an endless foray of data mining and account stealing software. Most of the times anti-viral get it, but this time it didn't.
So the one that got through was Cryptowall and some Bitcoin pirates got their hands on my PC and encrypted the vast majority of files. A decade and then some of data disappeared overnight as it ran. Then, like that, everything is gone. All of your programs, your documents, your games, and all you have for it is a single website where you can pay $500 USD in Bitcoin to receive, maybe, the software to unlock your PC.
Luckily, I keep stringent backups of critical files on another PC, and due to security policies on my PC, two hard drives weren't even touched by the virus. However, all of my games were gone.
It's critical to understand that in our modern time, security is paramount, because technology has advanced and so has hackers. One of the most vulnerable sections is gaming because it's low risk. Prosecutors around the country right now are dealing with thousands and thousands of cases and low budgets. When you roll into their office and explain that another person's intellectual property was stolen from you, they'll push you away and you'll go down in their list of "weird people who came into the office last week."
If you ever wondered why MMO games have had just so much hacking, it's because it's still the wild west. The FBI and CIA are always working to foil cyber terrorists, but as citizens, we usually ask what's more important, someone's +5 Axe of Pwnage taken by some group in a studio apartment in some foreign land drinking Red Bull and trying to use their "1337" botnet to get them more loots to sale or the list of social security numbers stolen by real life terrorists that's going to go fund bad things.
That's why for us gamers, it's paramount that we keep ourselves safe. With that in mind, please follow these three foolproof ways to reduce your risk of haxxoring:
Use New Passwords for Every Site
So a hacker somewhere obtains a list of emails and passwords, usually bought on the black market. They then run scripts to try the username/password combinations on various services. Due to limited retries, they utilize massive bot nets to keep fresh IPs going for try after try after try. Whenever they "hit" or get a login, they then mark that one off as for sale to whatever "industry" uses it. Obviously, the RMT industry would in the instance of an MMO account, buy a list of working username/passwords, then login and see what beautiful loot they can steal.
That's pretty much the process. If you use a different password on every site and one site is hacked, your information for other sites is pretty secure. This also applies obviously to password reset questions. NEVER give an honest answer to those! Ever! Treat each one like a password, but obviously make it easy to remember.
Each year, the AV market changes drastically. Front runners from the year past now suck and things you scuffed at is the clear winner. Microsoft Security Essentials dominated the free market for a few years, then AVG retook, and now all signs point to Panda Cloudsecure as the best free AV right now. Do some research, look up reviews, and get the most potent AV you can.
Anti-malware is important too, for whatever it does different, outside of removing toolbars and tracking cookies.
Of course, this is just a theater of security for your PC. AV is capable of finding stuff you could accidentally download, but there is so many iterations on viruses and they're so adaptable, that if you let one run odds are it's going to shut your AV down and infect your PC anyway. Additionally, having an aggressive scanning approach can slow a PC down, as it has to scan every bit of data coming into your PC and that's a ton.
AV is like a first line defense. There is stronger methods of keeping your data safe, including using Group Policies on Windows and file encryption, but those are generally outside of the skill level of the average consumer, so generally speaking, install an AV.
Don't Trust Anyone
Don't click links, don't download anything, just don't trust anything at all about the Internet ever and never do it since the dawn of time if you have, like build a time machine and go back, because the Internet has more pirates and ner'do'wells than you think and they all want what you have:
- Your IP address.
- Free power (electricity).
- To make money off of you.
Understanding these core pirate ideals they have, you're a valuable resource, and they want to either turn your PC into part of their army, exploit you personally, or access your accounts and steal what's inside. The likelihood of an invasion is also peppered with risk. A small time operation isn't going to access your bank account, because your bank is liable to replace the money they steal, and any time a bank loses money they become very interested in getting it back. However, some game development company isn't going to care about the imagined losses of your WoW gold.
It's actually kind of scary just how little they should care. Say your Twitter is hacked and you spam everyone, well they're now losing customer satisfaction, which can break into their bottom line, because that one account can inconvenience a large portion of the Twitter population depending on how many followers you have. If you have 10,000 WoW gold stolen, why should Blizzard care when they can just change the number in a database and voila you have the gold again.
That's why it's just absolutely critical to defend yourself. Keep backups of important documents and files, do more research than just a column written by an MMO journalist on how to keep your PC safe, and never trust anything on the Internet. Hell don't trust me, don't even trust my advice, it's nowhere near enough to keep you safe, and to that extent, you should feel obligated knowing that to research more.
Then don't trust that either, because there is so much bad information online about how to keep yourself secure, when the reality is, it's better to be prepared for the worst and implement best practices to prevent the worst, then it is just to solely rely on prevention. Backups, cold storage, cloud storage, etc. can be a lifesaver. System restore points and hard drive mirrors can get you back to running in no time.
These things are beyond the scope of this article, so I ask that you take security seriously. US-CERT has some tips to get started with, but ultimately, you can sum all of these tips up with "take PC security seriously, take information security even more seriously."