Jump to content

Welcome to Rune Tips, the first ever RuneScape help site. We aim to offer skill guides, quest guides, maps, calculators, informative databases, tips, and much more to help you get the most from the Massive Online Adventure Game, RuneScape, by Jagex Ltd © 2009.

Report Ad

Welcome to Forum.Tip.It
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

Account Hijacking & Jagex’ Item Return Policy


  • Please log in to reply
175 replies to this topic

#1
lordkafei
[ Display Name History ]

lordkafei

    Demon Vanquisher

  • Members
  • 2,123 posts
  • Gender:Not Telling
  • Location:Pico and Sepulveda
  • Joined:6 October 2004
  • RuneScape Status:Retired
  • RSN:Kafei Nation

Hi everybody, You may be aware that a player with a considerable amount of in-game wealth was hijacked recently. We don't want to invade that player's privacy by naming names, but we understand that this topic is raising a lot of discussion among the community. As soon as we became aware of the situation we acted quickly banning the hijacker's accounts as well as removing any items & wealth stolen. Unauthorised access to online accounts whether it is your bank account or your RuneScape account is a criminal offence, it is illegal in the UK under the Computer Misuse Act 1990, and the USA's Computer Fraud and Abuse Act 1986 as well as equivalent legislation in many other countries around the world. Jagex have already successfully pursued a RuneScape hijacker in the UK using the above law. You can read about it on the BBC news website here. We want to send a clear message that hijacking is not clever and will not do you any favours, it is an illegal act and we regularly send information onto local law enforcement agencies. Currently we do not return lost/stolen items. This is why it is so important to make sure your account is as secure as possible. Make sure you do the following;

  • Set a Bank Pin. This will help protect your items if the worst happens and somebody accesses your account.
  • Set a Email Address to your account to help recover your account and secure it from others trying to gain access to it.
  • Choose tough Passwords that aren't easy to guess or very common.
  • Don't input your Username/Password into other websites! The only website you should use your RuneScape Username/Password for is the main RuneScape website.
Mod Mark H On behalf of the RuneScape Player Support Team



ref: RSOF QFC: 14-15-106-62560262

This is being alluded to on RSOF, and I found many hits to many fansites in Google also referring to this event. Without naming the player in question, I will only mention an accumulation of 1000-ish Santa Hats.

While I applaud Jagex going after the hijacker and stripping him of his ill-gotten gains, how in the name of Hades can you justify not returning the stolen e-items to their rightful owner?

If your house was broken into and the police recovered your items, yet refused to return them to you, all hell would break loose. Yet somehow, Jagex justifies their policy of never returning items in these cases.

How can you justify using the law as a pretense to seize those ill-gotten e-items and then not return them to the rightful accountholder? Please note that Mod Mark H cites US & UK code of law in his post.

I personally, am as disgusted with Jagex as I am with the teenaged punk who pulled this off.

Could a victim of e-crime not use those same codes of law to twist Jagex' arms in court and force the return of stolen e-property?

PvP is not for me

In the 3rd Year of the Boycott
Real-world money saved since FT/W: Hundreds of Dollars
Real-world time saved since FT/W: Thousands of Hours


#2
K4ylan
[ Display Name History ]

K4ylan

    Moss Giant Whipper

  • Members
  • 2,924 posts
  • Gender:Male
  • Location:California
  • Joined:27 December 2009
  • RuneScape Status:F2P
  • RSN:Harpy Priest
  • Clan:Harpies
Because Terms of Agreement prevail over the law, considering that it is in fact a game, regardless of real-life value of these items.

#3
Jehosaphat
[ Display Name History ]

Jehosaphat

    Moss Giant Whipper

  • Members
  • 2,927 posts
  • Gender:Male
  • Location:HEY, LISTEN!
  • Joined:4 June 2009
  • RuneScape Status:Retired
  • RSN:Theros
  • RSN2:New Fatscape
This thread again. Really?

OT: It's policy. And I haven't seen them get sued for it yet, so it must be a legal policy somehow. Otherwise you'd have butthurt botting 12-year-olds having their parents sue Jagex's pants off.
Posted Image

#4
Afishinsea
[ Display Name History ]

Afishinsea

    Chicken Feather

  • Members
  • 15 posts
  • Joined:22 September 2010
It's been Jagex's policy since the start, and if they change their position on it there is already a backlog of thousands upon thousands of players who have lost money from bugs, hacked accounts and so forth that would also need to have their items returned. They can't just change the policy because chessy is famous, nor would it be right to do so.

There are also a huge number of issues in returning items. If player B hacks player A, taking player A's blue partyhat and selling it anonymously on the ge to player C, how would you return the hat to player A without duping it?

#5
Stev
[ Display Name History ]

Stev

    Cherremy's Slave

  • Members
  • 3,466 posts
  • Gender:Male
  • Location:Windsor, ON
  • Joined:31 October 2008
  • RuneScape Status:P2P
  • RSN:Stev Peifer
Lol, why would they return her items? Simply because she's famous? If they do it for her, they'd better do it for me.

See my point?

09144a99bb.png


#6
lordkafei
[ Display Name History ]

lordkafei

    Demon Vanquisher

  • Members
  • 2,123 posts
  • Gender:Not Telling
  • Location:Pico and Sepulveda
  • Joined:6 October 2004
  • RuneScape Status:Retired
  • RSN:Kafei Nation

It's been Jagex's policy since the start, and if they change their position on it there is already a backlog of thousands upon thousands of players who have lost money from bugs, hacked accounts and so forth that would also need to have their items returned. They can't just change the policy because chessy is famous, nor would it be right to do so.

There are also a huge number of issues in returning items. If player B hacks player A, taking player A's blue partyhat and selling it anonymously on the ge to player C, how would you return the hat to player A without duping it?


I acknowledge your points and I have no answer in those cases.

However, in this case - and I quote Mod Mark H - "As soon as we became aware of the situation we acted quickly banning the hijacker's accounts as well as removing any items & wealth stolen. " - which means they had the information they needed to return the items. There would be no duping in this case. But instead of returning them, they removed them forever.

If Mod Mark H had hidden behind "terms of service" then that would be different. But he didn't - he wrapped himself in the code of law. The victim in question should have recourse to recover those items from Jagex if Jagex is going to use that same law to seize them from the hijacker.

Items taken as a result of hacking can't be stolen when it is convenient for Jagex and not stolen when it isn't.

PvP is not for me

In the 3rd Year of the Boycott
Real-world money saved since FT/W: Hundreds of Dollars
Real-world time saved since FT/W: Thousands of Hours


#7
Alphanos
[ Display Name History ]

Alphanos

    Bear Fur

  • Members
  • 330 posts


It's been Jagex's policy since the start, and if they change their position on it there is already a backlog of thousands upon thousands of players who have lost money from bugs, hacked accounts and so forth that would also need to have their items returned. They can't just change the policy because chessy is famous, nor would it be right to do so.

There are also a huge number of issues in returning items. If player B hacks player A, taking player A's blue partyhat and selling it anonymously on the ge to player C, how would you return the hat to player A without duping it?


I acknowledge your points and I have no answer in those cases.

However, in this case - and I quote Mod Mark H - "As soon as we became aware of the situation we acted quickly banning the hijacker's accounts as well as removing any items & wealth stolen. " - which means they had the information they needed to return the items. There would be no duping in this case. But instead of returning them, they removed them forever.

If Mod Mark H had hidden behind "terms of service" then that would be different. But he didn't - he wrapped himself in the code of law. The victim in question should have recourse to recover those items from Jagex if Jagex is going to use that same law to seize them from the hijacker.

Items taken as a result of hacking can't be stolen when it is convenient for Jagex and not stolen when it isn't.


I agree completely. If Jagex doesn't reconsider, I think that Chessy018 should sue Jagex over this. Early discussions on the matter estimated her bank to be worth well over $100,000 in real life cash. Although I agree with Jagex's policy against RWT, I think the prevailing black market rates give at least a minimum figure of those items' value to her.

It's true that Jagex doesn't have the manpower to investigate all claimed cases of item loss, and though unfair even in general, in aggregate their existing policy provides the most benefit to the most players. This is considering how many fewer updates, etc, we'd get if they were expending so much manpower on lost item claims. However that general situation doesn't hold true for this specific case, as stated, because they already used the manpower to resolve a high-profile case, so no additional resource expenditure is needed to return Chessy's items.

This is like the police having a policy where they can't reimburse everyone for stolen property, since in many cases the property can't be found or the perpetrators can't be tracked down. However, in this specific case, they caught the thieves, have the goods in a pile at the police station, and when Chessy shows up asking for the items, they instead set them on fire while informing her they can't be bothered to return stolen property.

The magnitude of the unfairness here is unbelievable.
Alphanos
Posted Image

#8
Afishinsea
[ Display Name History ]

Afishinsea

    Chicken Feather

  • Members
  • 15 posts
  • Joined:22 September 2010
What you ignore is that ingame items are not property. They are values stored in a database that is sitting on Jagex-owned hardware, and Jagex can do whatever they want with them.

#9
Alphanos
[ Display Name History ]

Alphanos

    Bear Fur

  • Members
  • 330 posts

What you ignore is that ingame items are not property. They are values stored in a database that is sitting on Jagex-owned hardware, and Jagex can do whatever they want with them.


This is semantics. Property doesn't need to be physical things, and can certainly be values in a database. Corporations often have millions, or even billions of dollars in intangible property, such as patents, copyrights, trademarks, etc.

As for Jagex's right to do whatever they want with the intangible property, I agree 100% that this is stated in the EULA that we all must agree to in order to play the game. However, I'm sure that when this agreement was written, nobody expected that players' virtual wealth could be valued at hundreds of thousands of dollars in real life cash. Again, this is not in support of RWTing, but merely pointing out that capitalism has supplied formulae by which virtual items can have real-life value estimated and assigned to them. In light of this, I would hope that the courts would rule that the player had some legitimate claim to their virtual possessions.
Alphanos
Posted Image

#10
Star_Fox
[ Display Name History ]

Star_Fox

    Dragon Slayer

  • Members
  • 6,971 posts
  • Gender:Not Telling
  • Joined:30 October 2006
  • RuneScape Status:Retired

Lol, why would they return her items? Simply because she's famous? If they do it for her, they'd better do it for me.

See my point?


I never really liked "her" but I do kind of feel bad since the terrible loss she suffered could of given "her" a fortune.

I wonder how she feels though. :twss:

#11
MightyMuddy
[ Display Name History ]

MightyMuddy

    Bear Fur

  • Members
  • 314 posts
  • Gender:Not Telling
  • Joined:19 August 2010
  • RuneScape Status:None


Lol, why would they return her items? Simply because she's famous? If they do it for her, they'd better do it for me.

See my point?


This. Unfortunately for her, she's broke now. Not to mention 1000s of rares being deleted. (please correct me if I'm wrong).

I never really liked "her" but I do kind of feel bad since the terrible loss she suffered could of given "her" a fortune.

I wonder how she feels though. :twss:

I really hope they aren't gone, what a waste of 1000s of rares :(

#12
dirk4slayer
[ Display Name History ]

dirk4slayer

    Bear Fur

  • Members
  • 489 posts
  • Gender:Male
  • Location:The Netherlands
  • Joined:20 February 2006
  • RuneScape Status:P2P
  • RSN:Dj Slayer0
  • Clan:Lady H forever :D
Correct me if I'm wrong, but if you'd have decent security measures on your account you would never get into this kind of trouble, and it is still very much my opinion that if you do get hacked it is your own fault for not sufficiently protecting your account against it, and thus it should be you responsible for any items stolen/lost. After all, if Jagex would start to give items back now simply because the person in question lost a 1000 Santa Hats, what would stop me from asking Jagex to return the 500K I lost when I got hacked?
Posted Image

Chuck Norris doesn't ever need a compass; he randomly points somewhere and north goes there in order not to anger him.


#13
glasscube
[ Display Name History ]

glasscube

    Varrock Guard

  • Members
  • 1,484 posts
  • Joined:31 July 2004

Correct me if I'm wrong, but if you'd have decent security measures on your account you would never get into this kind of trouble, and it is still very much my opinion that if you do get hacked it is your own fault for not sufficiently protecting your account against it, and thus it should be you responsible for any items stolen/lost. After all, if Jagex would start to give items back now simply because the person in question lost a 1000 Santa Hats, what would stop me from asking Jagex to return the 500K I lost when I got hacked?

Well statistically never, yes. It wouldn't be impossible though. Even RSA Security had someone infiltrate their systems, and they know a little more about computer security than the vast majority of runescapers.(Kinda reminds me of the old saying 'the only safe computer is one that isn't connected to a network' or something along the lines of)

And then you think about the fact that her items were worth over $100k and suddenly you got a lot of incentive.

Posted Image
Help drive change Canada


#14
strilmus
[ Display Name History ]

strilmus

    Moss Giant Whipper

  • Members
  • 2,910 posts
  • Gender:Not Telling
  • Joined:11 April 2006
  • RuneScape Status:P2P
Well, it was their choice to destroy all those rares forever

let's just say for the sake of hypothetical situations, that even if we were to follow all these tips

and our stuff still gets jacked

we still wouldn't get them back

because apparently it is our fault

this is the impression that I get from Jagex

8f14270694.jpg


#15
Randox
[ Display Name History ]

Randox

    The Consultant

  • Administrators
  • 6,605 posts
  • Gender:Not Telling
  • Joined:21 June 2006
  • RuneScape Status:Semi-Retired
  • RSN:Randox
  • Clan:All Friendly
First off, there would be a [cabbage] storm of craptacular proportions if Jagex went back on that policy now. Nothing short of a retroactive reimbursement going back to '01 would be able to prevent that, and for good reason. It would be amazingly unfair to everyone who didn't get their compensation.

Secondly, Jagex puts monumental efforts into account security. If there is one thing I will stand by them on, its that they have done or tried to do everything humanly possible to ensure accounts don't get hacked, including an offer to subsidize isolated random key generator devices that would have made accounts 100% secure to everything short of stealing the generator itself, and the community spat in Jagex face for it. I believe the account in question was compromised when enough information was gathered to crack its recovery questions, something that shouldn't be possible to do (the best recoveries are strong passwords unrelated to the questions). Players really do have a pretty big part to play in keeping their account secure, and it goes way beyond a good anti virus program and avoiding sketchy RS related sites. Everything that stands between people and access to your account needs to be strong. Things like passwords, recoveries, email security if that's tied in, not using public computers, not using unsecured or, for the extra paranoid, WEP encrypted wireless (WEP can be cracked without resorting to pass guessing). You have to make sure no one ever sees you type in your pass, make sure that you never tell it to anyone or share your account. Don't log into runescape with a mobile device, its security is probably no where near up to par with your PC.

I would much rather Jagex put their time into banning things like macros than working on returning all the lost stuff resulting from hijacking, and I applaud their efforts to try and take real world action against people who do this sort of thing.

#16
RU_Insane
[ Display Name History ]

RU_Insane

    Dark Wizard Robe

  • Members
  • 781 posts
  • Gender:Male
  • Location:Canada
  • Joined:22 August 2007
  • RuneScape Status:P2P
  • RSN '07:RU Insane

Correct me if I'm wrong, but if you'd have decent security measures on your account you would never get into this kind of trouble, and it is still very much my opinion that if you do get hacked it is your own fault for not sufficiently protecting your account against it, and thus it should be you responsible for any items stolen/lost. After all, if Jagex would start to give items back now simply because the person in question lost a 1000 Santa Hats, what would stop me from asking Jagex to return the 500K I lost when I got hacked?


I'll correct you. The issue only takes a few minutes to research. First of all, her account was not hacked, it was recovered. There were several people from Final Ownage Elite, at least three of them I have heard of now but will not name, who had worked together to recover her account. They did this by collecting her personal information and abusing a flaw in the recovery system. The person's account had been inactive for several months as far as I am aware, so the 'crackers' as they were just waited for the bank PIN on the account to expire. The person in control of the account at that time chooses three days or seven days for the PIN to expire, and logically here the choice would be three days if the hackers were looking for the biggest haul in the shortest amount of time.

So they only needed to wait three days for the PIN to expire, which was very easy considering the person is inactive, so she did not know that her PIN had a cancellation request pending on it. The perpetrators stole about 175 billion GP from the person's account, which was also her entire bank, and dispersed the ill-gotten wealth amongst themselves and traded other people whom they did not know to show what they had stolen. In the process, the infiltrator had went into the person's clan chat and publicly framed another very wealthy player for the scheme, and then promptly logged out. The schemers were dealt with pretty quickly seeing as how they posted pictures of their gains. The victim's account was locked, and the intruders were permenantly banned.

The person had a bank PIN, she was just inactive so it was easy for the perpetrators to forcefully expire it. I'm sure someone with her level of wealth would take some of the most cautious measures to ensure that her computer were safe from any keyloggers or trojans and the like. It's a fallacy to assume that the reason her account was broken into was because her computer was insecure. The people recovered the account, so it's most likely that the information they used to recover it, if the person was smart, was very personal. If she was not paying as much attention when setting her recoveries, she most likely used information that would only take a few minutes to retrieve the aforementioned account.

These are my own thoughts now, but I think it's safe to presume that the information used could not endanger her real life wealth, meaning the information was personal but not necessarily harmful, because it makes no sense to retrieve someone's credit card number or social security and use them to crack into someone's account on a video game when potentially more could be made from stealing from the former.

I also think since so many rares have now left the game because the accounts were banned or locked, that rares will experience quite a sharp rise in price. And since the victim in question is also inactive, I doubt if she knows her account has even been broken into. She is in for quite a surprise when she logs back on. :-/

RIP RU_Insane. August 3rd, 2005 - November 11th, 2012.
RU_Insane.png

 

My Stats on Old School RuneScape: 

RU_Insane.png
O4zgH.png
Reform Customer Support
Check Out My Threads UNRoA.gif
 


#17
Alphanos
[ Display Name History ]

Alphanos

    Bear Fur

  • Members
  • 330 posts
The above is an excellent reason to avoid linking things like a Facebook account to a Runescape account. Although I understand their marketing incentive, it is irresponsible for Jagex to advocate these connections, security-wise.

Regarding the effect on the rate market, any actual effect will be solely due to unfounded panic. Most estimates have put the lost items at closer to 200 billion, but more importantly these items weren't in the market to begin with. The player who lost the items was well-known to hoard rares, not putting them back into the market. If anything, her newfound lack of wealth should decrease demand for rares, since if she should return to Runescape it will take her much longer to resume acquiring and hoarding rares.

I don't know the exact means used by the perpetrators to gain the relevant recovery answers for the account in question. Maybe the account's owner really is partially to blame for connecting Runescape and social networking accounts, but many players do this, and Jagex is now encouraging it. If Jagex proposes recovery questions that could be answered by i.e. viewing the account holder's Facebook page, and also encourages players to associate their Runescape and social networking accounts, doesn't that place at least some of the responsibility on them?
Alphanos
Posted Image

#18
Star_Fox
[ Display Name History ]

Star_Fox

    Dragon Slayer

  • Members
  • 6,971 posts
  • Gender:Not Telling
  • Joined:30 October 2006
  • RuneScape Status:Retired
Correct me if I'm wrong, Geek, but I believe a majority of those rares were sold to the public before the ban took place. So
in theory, rares might dip a little or even crash for that matter since one of the biggest rare hoarders are gone. A youtube
video shows the hacked acc pleading to give all the items away and quitting by framing a known person. The hacked acc
actually instead, sold the items, including the santa hats for a considerably cheaper price. The certain youtube video also has pictures
of the hack that took place when santas and green partyhats were being sold to the GE. So the rares stolen might have a
very minimal effect on the market, but I can't speculate that rares may rise since so many hoarded rares have now reached
circulation again.

The FOE people used personal information to "recover" the account. My guess is that this was
all done from sensitive information leaked by her Facebook, Twitter, or even her RS clan chat and Youtube channel.

~My last post was when I just figured this out. So sorry if I sound a little contradicted.

#19
glasscube
[ Display Name History ]

glasscube

    Varrock Guard

  • Members
  • 1,484 posts
  • Joined:31 July 2004

I don't know the exact means used by the perpetrators to gain the relevant recovery answers for the account in question.

There have been bugs in the recovery system before, so it wouldn't surprise me. It used to be possible to randomly recover really old accounts.

Posted Image
Help drive change Canada


#20
Tim
[ Display Name History ]

Tim

    Eternal Session of Sound

  • Members
  • 8,846 posts
  • Gender:Male
  • Location:Australia
  • Joined:12 November 2006
  • RuneScape Status:Retired
Karma came and hit her for her greedyness. Doesn't bother me one bit.

Popoto.~<3





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users