Im Scott Jennings, otherwise known as GM Luminary, working with NCsofts Game Surveillance Unit (GSU). Ive been asked to take some time to speak for a bit on the fallout from the war that weve been fighting in our games against real money trading (RMT) companies and others trying to violate your account security, and how you can help in the fight.
Make no mistakeit is a war. One that you, our players, see the effects of whenever you play our games or visit forums related to our games. Many of you have noticed the decrease in bots, farmers, and gold spammers as a result of our efforts.
In the game industry, we have also seen an increase in attacks by third parties in an attempt to steal your account information by any means necessary, including phishing, obtaining passwords from third party sites/systems, and using account information provided by those engaged in power-leveling services and other prohibited activities. Recently, the number of these attacks has risen dramatically.
As a result, our game support queues have drastically increased, with thousands of support tickets from players who have lost access to their game accounts and are suffering extended wait times for help. Our game servers, account databases, and support sites are under constant attack and being probed for any vulnerability. Its a war that by no means is over.
Our enemies are playing for high stakesthe estimated $2 billion dollars that RMT companies earn off the back of game developers and players like you. And we are playing for high stakes as wellthe right that we believe we have as a company, and you as players, to play games that are free from the corruption of in-game currency sales and all that results from that.
Its a war that were committed to winning, but one that well need your help with to achieve a real victory. Ill describe first our responsibility to you to provide a safe and secure gaming environment, and then what you can do in return to protect yourself.
Our job: Provide a secure environment for your game.
With the increase in account compromises that we've been seeing in this past month, I think its worth taking a moment to review how seriously we here at NCsoft take your account security.
The news from Google regarding a serious, high-level attack by hackers on the most secure technology companies in the world is sobering. We continue to refine our systems to counter the various attacks that these RMT companies employ. We have a team of security professionals with years of experience in massively multiplayer games and online security in Seoul, Seattle, Austin, and Brighton that is striving to make our servers as secure as they can be. Any vulnerability that is discovered is addressed and fixed.
For example, a thread on a third-party Guild Wars forum this New Years attracted a good deal of attention. It detailed a list of security vulnerabilities that supposedly had been discovered on our account website, ending with the alarmist note that the only responsible thing NCsoft can do is to shut off their website, as soon as possible.
Despite the fact that this report occurred over the holidays, when the majority of NCsoft employees were home with their families, our security team responded immediately with a point-by-point testing and analysis of the erroneous concerns that were raised. As a result of the point-by-point testing and analysis, our security team concluded no critical vulnerabilities had been demonstrated or identified, but our security team continues to research, to monitor closely, and to implement security improvements to address any potential weaknesses raised.
Well continue to audit our systems, and you will see some dramatic changes in the next few months. NCsoft views account security as a very important matter.
Your task: Help protect yourself.
So how you can protect yourself from the sort of constant attacks that weve been seeing?
Many of you reading this letter are experienced online game players. Youve heard the dont do this and dont click that and dont run that thing warnings over and again, youre not dumb, youd never get your account stolen simply because you know better.
Youre wrong. I know this because I know many people who thought they knew betterpeople who work in the gaming industry, and have done so for years, and still tried to log in one day and found their password changed and someone else logged into their account cleaning out their inventory.
(If youre not an experienced online gamer and want the basics in account security, theres no shame in that. We have a complete guide online.)
The following brief guide in self-protection is going to be a bit different than what you may be used to. Its going to assume that you know the basic rules of how to protect your account, and it will detail how weve seen accounts stolen anyway. Think of it as an advanced class in account security. And dont think that these guidelines apply to other people who dont pay attention. If you do any of these, your account is at risk of being stolen.
Dont share your password with anyone. Dont let your friends log in to your game account.
There are two simple reasons for this. The first, and one you may not want to particularly acknowledge, is that your guildmate or childhood friend or relative may do things on your account that can get you banned, such as using bots. Another is that once you share your account, your security is as vulnerable as theirsand any mistake that they may make that allows for an account intrusion will compromise your account as well.
Dont use bots. Ever.
If you use third party applications that control your game playwhich is the literal definition of botsyou will lose your account, and nothing you say will get it back. We can detect bots. We have multiple ways of detecting bots. We have banned thousands of accounts and will continue to ban such accounts due to bot usage. Bot usage is one of the key ways that RMT companies use to fund their operations, and removing bots from the game is one of our best attacks against them. The GSU banhammers against bot usage will not stop, and if you use a bot, you will be caught.
You may not be caught immediately, but it will happen.
Dont buy in-game money.
Aside from the fact that you are funding the very people who are at war with our gamesand thus at war with youmany RMT companies use web browser vulnerabilities to attempt to load Trojans onto your system. In some cases, they ask you to create website logins for their system and then check to see if that information is the same user name and password you use to log in to the game with. A few companies simply ask you for your user name and password. In any event, these are not companies that can be trusted. Because your accounts can be compromised as a result of RMT, we specifically prohibit this type of activity in our User Agreements.
Dont use power-leveling services.
Again, these services are run by the same people who are attacking our game, and by using their services, you are funding their attacks (and the money that they earn while power leveling goes to fund in-game currency sales). The same potential attacks that exist with in-game money sellers apply here as well (especially since, obviously, you have to supply your account information for them to log in to your account to level it), but with one important addition: Power-leveling services level your character quickly using bots. We can detect this. It will cause your account to be banned, quickly.
Dont run programs designed by third parties for use with our games.
Aside from the small matter of NCsoft banning you if you use a bot, using third party applications is asking for trouble. You are allowing code someone else wrote to run on your computer. Do you implicitly trust the creator of that program not to add a virus or Trojan horse that is used to steal your account?
Beware of phishing. One of the recent plagues that it is hard to miss of late is that of the phish, or the attempt by RMT companies to get you to simply hand over your account information through crafting a copy of our website and placing it on a web server with an address that is similar, but not identical, to ours. Many of these phishing attempts are laughably obvious because they are created by people who are not fluent in English. However, there are others that are not so obvious. Regardless, NCsoft will never ask you, for any reason, for your password in game, to go to a website to reset your password, to add you to a beta, or to give you a free holiday gift. If we need your password reset, we can do so without asking you to go to a website. If there is a new beta, there will be instructions for how to enter on our official websites and forums. When entering your user name and password, you should always check the address bar of your web browser to ensure you are at https://secure.ncsoft.com/. And if you get an odd error message after logging in to what you think is an official NCsoft site, change your password at the correct NCsoft site immediately. Please carefully check the spelling of the address in your browser. Any misspelling may lead you to a phishing site.
Beware of keylogger links on forums.
This is akin to the previous point on phishing. Keylogger links are created as forum spam to get you to go to a website loaded with attacks on your computer through web browser security holes. Some of them are very obvious, such as the recent Wii sex toy ads posted everywhere. Some of them appear very innocent, such as links to view a screenshot of someones character. Avoid the obvious ones. Protect your browser from the less obvious ones by ensuring that you are using the latest version of your web browser and that it is set to automatically update itself when new security holes are found.
Adobe Flash, a tool used for website animations that comes with every web browser, has historically been an attack vector for loading malware (hostile programs) on your computer. At minimum, be absolutely surethat your version of Flash is up to date by visiting http://www.adobe.com/products/flashplayer/. If you run a browser that supports extensions such as Mozilla Firefox, consider running an add-on such as Flashblock, which only loads Flash movies if you click on them.
Protect your system.
There are many viruses and Trojan horses, such as the recent Aion2010.dll, that target your account information for our games specifically. Hackers constantly strive to find new ways to load software on your system without your consent or knowledge. It is critical that you run virus protection software and a firewall to protect yourself from these attacks.
Free, effective virus protection software is available. Here are links to some of the more popular solutions. Note that we cannot endorse or recommend any specific program, but we recommend you run something and ensure that it remains updated.
Having a firewall, or system which protects your computer from unauthorized access, is also important. If you have a router that provides broadband Internet access for your home, its likely that a firewall system is included with that. Every version of Windows also ships with a software solution, Windows Firewall. Ensure that one of these is active and protecting your home network.
Dont use the same password for your game account that you use on Internet forums.
There have been instances of forums that have had their security compromised and the user names and passwords from their system were then used to try to gain access to game accounts. To prevent the possibility of this happening, ensure that you use different passwords for each forum that you frequent. This can be managed easily through password managers, such as Lastpass or RoboForm.
This letter has been quite long, and I thank you for your attention, especially during the parts Im sure youve heard many times before. Our fight for the security of the games that you play is neither an easy one, nor a short one. But it is one that we are committed to seeing through, and it is one that we very much appreciate your help with. Your continued patronage as a customer, and the enjoyment of the games that we provide, is what makes this all worthwhile.
Now if youll excuse me, I have another gold farmer cartel to ban."
"Greetings, all.
Im Scott Jennings, otherwise known as GM Luminary, working with NCsofts Game Surveillance Unit (GSU). Ive been asked to take some time to speak for a bit on the fallout from the war that weve been fighting in our games against real money trading (RMT) companies and others trying to violate your account security, and how you can help in the fight.
Make no mistakeit is a war. One that you, our players, see the effects of whenever you play our games or visit forums related to our games. Many of you have noticed the decrease in bots, farmers, and gold spammers as a result of our efforts.
In the game industry, we have also seen an increase in attacks by third parties in an attempt to steal your account information by any means necessary, including phishing, obtaining passwords from third party sites/systems, and using account information provided by those engaged in power-leveling services and other prohibited activities. Recently, the number of these attacks has risen dramatically.
As a result, our game support queues have drastically increased, with thousands of support tickets from players who have lost access to their game accounts and are suffering extended wait times for help. Our game servers, account databases, and support sites are under constant attack and being probed for any vulnerability. Its a war that by no means is over.
Our enemies are playing for high stakesthe estimated $2 billion dollars that RMT companies earn off the back of game developers and players like you. And we are playing for high stakes as wellthe right that we believe we have as a company, and you as players, to play games that are free from the corruption of in-game currency sales and all that results from that.
Its a war that were committed to winning, but one that well need your help with to achieve a real victory. Ill describe first our responsibility to you to provide a safe and secure gaming environment, and then what you can do in return to protect yourself.
Our job: Provide a secure environment for your game.
With the increase in account compromises that we've been seeing in this past month, I think its worth taking a moment to review how seriously we here at NCsoft take your account security.
The news from Google regarding a serious, high-level attack by hackers on the most secure technology companies in the world is sobering. We continue to refine our systems to counter the various attacks that these RMT companies employ. We have a team of security professionals with years of experience in massively multiplayer games and online security in Seoul, Seattle, Austin, and Brighton that is striving to make our servers as secure as they can be. Any vulnerability that is discovered is addressed and fixed.
For example, a thread on a third-party Guild Wars forum this New Years attracted a good deal of attention. It detailed a list of security vulnerabilities that supposedly had been discovered on our account website, ending with the alarmist note that the only responsible thing NCsoft can do is to shut off their website, as soon as possible.
Despite the fact that this report occurred over the holidays, when the majority of NCsoft employees were home with their families, our security team responded immediately with a point-by-point testing and analysis of the erroneous concerns that were raised. As a result of the point-by-point testing and analysis, our security team concluded no critical vulnerabilities had been demonstrated or identified, but our security team continues to research, to monitor closely, and to implement security improvements to address any potential weaknesses raised.
Well continue to audit our systems, and you will see some dramatic changes in the next few months. NCsoft views account security as a very important matter.
Your task: Help protect yourself.
So how you can protect yourself from the sort of constant attacks that weve been seeing?
Many of you reading this letter are experienced online game players. Youve heard the dont do this and dont click that and dont run that thing warnings over and again, youre not dumb, youd never get your account stolen simply because you know better.
Youre wrong. I know this because I know many people who thought they knew betterpeople who work in the gaming industry, and have done so for years, and still tried to log in one day and found their password changed and someone else logged into their account cleaning out their inventory.
(If youre not an experienced online gamer and want the basics in account security, theres no shame in that. We have a complete guide online.)
The following brief guide in self-protection is going to be a bit different than what you may be used to. Its going to assume that you know the basic rules of how to protect your account, and it will detail how weve seen accounts stolen anyway. Think of it as an advanced class in account security. And dont think that these guidelines apply to other people who dont pay attention. If you do any of these, your account is at risk of being stolen.
Dont share your password with anyone. Dont let your friends log in to your game account.
There are two simple reasons for this. The first, and one you may not want to particularly acknowledge, is that your guildmate or childhood friend or relative may do things on your account that can get you banned, such as using bots. Another is that once you share your account, your security is as vulnerable as theirsand any mistake that they may make that allows for an account intrusion will compromise your account as well.
Dont use bots. Ever.
If you use third party applications that control your game playwhich is the literal definition of botsyou will lose your account, and nothing you say will get it back. We can detect bots. We have multiple ways of detecting bots. We have banned thousands of accounts and will continue to ban such accounts due to bot usage. Bot usage is one of the key ways that RMT companies use to fund their operations, and removing bots from the game is one of our best attacks against them. The GSU banhammers against bot usage will not stop, and if you use a bot, you will be caught.
You may not be caught immediately, but it will happen.
Dont buy in-game money.
Aside from the fact that you are funding the very people who are at war with our gamesand thus at war with youmany RMT companies use web browser vulnerabilities to attempt to load Trojans onto your system. In some cases, they ask you to create website logins for their system and then check to see if that information is the same user name and password you use to log in to the game with. A few companies simply ask you for your user name and password. In any event, these are not companies that can be trusted. Because your accounts can be compromised as a result of RMT, we specifically prohibit this type of activity in our User Agreements.
Dont use power-leveling services.
Again, these services are run by the same people who are attacking our game, and by using their services, you are funding their attacks (and the money that they earn while power leveling goes to fund in-game currency sales). The same potential attacks that exist with in-game money sellers apply here as well (especially since, obviously, you have to supply your account information for them to log in to your account to level it), but with one important addition: Power-leveling services level your character quickly using bots. We can detect this. It will cause your account to be banned, quickly.
Dont run programs designed by third parties for use with our games.
Aside from the small matter of NCsoft banning you if you use a bot, using third party applications is asking for trouble. You are allowing code someone else wrote to run on your computer. Do you implicitly trust the creator of that program not to add a virus or Trojan horse that is used to steal your account?
Beware of phishing. One of the recent plagues that it is hard to miss of late is that of the phish, or the attempt by RMT companies to get you to simply hand over your account information through crafting a copy of our website and placing it on a web server with an address that is similar, but not identical, to ours. Many of these phishing attempts are laughably obvious because they are created by people who are not fluent in English. However, there are others that are not so obvious. Regardless, NCsoft will never ask you, for any reason, for your password in game, to go to a website to reset your password, to add you to a beta, or to give you a free holiday gift. If we need your password reset, we can do so without asking you to go to a website. If there is a new beta, there will be instructions for how to enter on our official websites and forums. When entering your user name and password, you should always check the address bar of your web browser to ensure you are at https://secure.ncsoft.com/. And if you get an odd error message after logging in to what you think is an official NCsoft site, change your password at the correct NCsoft site immediately. Please carefully check the spelling of the address in your browser. Any misspelling may lead you to a phishing site.
Beware of keylogger links on forums.
This is akin to the previous point on phishing. Keylogger links are created as forum spam to get you to go to a website loaded with attacks on your computer through web browser security holes. Some of them are very obvious, such as the recent Wii sex toy ads posted everywhere. Some of them appear very innocent, such as links to view a screenshot of someones character. Avoid the obvious ones. Protect your browser from the less obvious ones by ensuring that you are using the latest version of your web browser and that it is set to automatically update itself when new security holes are found.
Adobe Flash, a tool used for website animations that comes with every web browser, has historically been an attack vector for loading malware (hostile programs) on your computer. At minimum, be absolutely surethat your version of Flash is up to date by visiting http://www.adobe.com/products/flashplayer/. If you run a browser that supports extensions such as Mozilla Firefox, consider running an add-on such as Flashblock, which only loads Flash movies if you click on them.
Protect your system.
There are many viruses and Trojan horses, such as the recent Aion2010.dll, that target your account information for our games specifically. Hackers constantly strive to find new ways to load software on your system without your consent or knowledge. It is critical that you run virus protection software and a firewall to protect yourself from these attacks.
Free, effective virus protection software is available. Here are links to some of the more popular solutions. Note that we cannot endorse or recommend any specific program, but we recommend you run something and ensure that it remains updated.
Avast!: Avast! Home Edition
AVG: AVG Free Anti-Virus
Microsoft: Security Essentials
Having a firewall, or system which protects your computer from unauthorized access, is also important. If you have a router that provides broadband Internet access for your home, its likely that a firewall system is included with that. Every version of Windows also ships with a software solution, Windows Firewall. Ensure that one of these is active and protecting your home network.
Dont use the same password for your game account that you use on Internet forums.
There have been instances of forums that have had their security compromised and the user names and passwords from their system were then used to try to gain access to game accounts. To prevent the possibility of this happening, ensure that you use different passwords for each forum that you frequent. This can be managed easily through password managers, such as Lastpass or RoboForm.
This letter has been quite long, and I thank you for your attention, especially during the parts Im sure youve heard many times before. Our fight for the security of the games that you play is neither an easy one, nor a short one. But it is one that we are committed to seeing through, and it is one that we very much appreciate your help with. Your continued patronage as a customer, and the enjoyment of the games that we provide, is what makes this all worthwhile.
Now if youll excuse me, I have another gold farmer cartel to ban."
Support Centre for our English European players
Support Centre for our North American players
Plateforme d'assistance pour les francophones
Support-Center f�r deutschsprachige Spieler