How easy is it to be hacked

[Corbuk]

Okay,a friend of mine has been hacked by a guy saying he has hacked many accounts.and my friend knows a lot about computers and all that,so he didn't click on a phising website,he didn't have a keylogger or anything like that,and he has antispyware,everything people have been saying help you not to get hacked.And he also had a bank pin,but they got past that.

So I was thinking about that,and another friend said that people hack into jegex database and hack your account from there,is this true or not?

 

And I also have picturs that show my friends wealth,and pictures that have the guy saying he will hack all of us,if we don't give him 20m,would these help my friend?

 

Thank you for any help I might get:)

[meb]

If he could hack you would he just ask for 20m and leave it at that?

 

Some people...

[Corbuk]

No he was asking a group of us to come up with 20m between us,or he'll hack us all...

[Kaida23]

Have all of your friends change their bank PINs and their passwords to something random (no real words, and at least 10 numbers and letters) and tell him to go fly a kite.

 

If you come up with the 20M, he'll just be back for more.

[Kimberly]

Okay,a friend of mine has been hacked by a guy saying he has hacked many accounts.and my friend knows a lot about computers and all that,so he didn't click on a phising website,he didn't have a keylogger or anything like that,and he has antispyware,everything people have been saying help you not to get hacked.And he also had a bank pin,but they got past that.

So I was thinking about that,and another friend said that people hack into jegex database and hack your account from there,is this true or not?

 

No, this is not true. Your friend who 'knows a lot about computers' got hit by a screengrabber+keylogger...or he was stupid and shared his account details with someone

 

And I also have picturs that show my friends wealth,and pictures that have the guy saying he will hack all of us,if we don't give him 20m,would these help my friend?

 

Thank you for any help I might get:)

 

No...it won't help your friend to give into blackmail. Run regular virus scans, run an anti-malware program, change your password and recoveries, register a SECURE email that is hard to recover.

 

Practice smart account security.

[Sy_Accursed]

If he could hack you easily he would not try and blackmail money out of you first. He'd just straight up hack you and take what he pleased.

 

Also there's no such thing as simply "getting passed" a bank pin: you either get the pin via brute force (if its stupidly obvious), acquire it via advanced keylogger type infections or wait the 3/7 days for it to clear.

And all the tech savvy in the world won't save you from being hacked by brute force if you use a stupidly simple password (the number of times you read data logs that are published from hackings and a good 50% of people just have things like "password123" and/or an easily guessable password.

You're pet's name follwoed by your year of birth and then you lovers name may seem like a super epic password, but it's not. All 3 pieces of information are quite easy to obtain in this day and age for anyone remotely close to you and in brute force hacking such basic combinations are top of the list to try out.

[haqiang]

If you don't give me 50m, I'll hack ur account. oh wait nvm.

Seriously, i don't think jagex would be dumb enough stored their customer information without hashing and salting them like the dumb playstation 3 network. So even if someone got into the database due to some unforeseen attack vector, all ur info would look like random garble due to hashing and salting. I really doubt there is any idiot out there would try to reverse a hash just for a run escape account due to the sheer amount of computing power and time it would take. But of course, if you are stupid enough to let him steal ur session info and launch a replay attack, that's because of ur stupidity of going into an unsecured domain, not fault of jagex's security measure.

[The Observer]

The only way you can get hacked is if you have a keylogger or a password that's easy to guess. You can hack Jagex's network, but it would pretty public if it did happen... And anyone who regularly plays Runescape isn't advanced enough to do so. Besides, the time and effort isn't worth the reward.

 

There is also the possibility that the hacking of Sony could be connected to it. I mean, if you have your email and password on there, they might be able to access your RuneScape account through that.

[Star_Fox]

Screenshot the evidence of the guy that's threatening to hack you. Report everything to Jagex and let them take care of it.

If the guy DOES get banned, have them tell you how he's hacking Runescape accounts.

 

Also, just because someone says he can hack a lot of accounts doesn't mean it's true or you should believe him. He

probably took the opportunity to hack your friend because of the usual stolen pass, keylogger, or downloading a malicious

software with the chance your friend might be lying to you about all this.

 

Lastly, if he's threatening you to give him 20m, why couldn't he just hack his way through your account and get 20m

from each of you and your other friends if he's the so called "greatest hacker in the world"? It would make more sense

because obviously the hacker would end up with more than what he bargained for. Would you be so gullible to

have it his way without knowing if he's really capable of hacking your account?

[Corbuk]

Once this guy knew that we wouldn't give him the rank,then he started blackmailing us,and he also knew one of us,so that's why he didn't really want to,but as soon as he found out,then he started saying all the stuff,and we all thought it was a guy messing about,then the next day......

 

@kimberly-this guy knows a lot about computers,he's too smart to have done something like that,he also doesn't share his account :)

[Kimberly]

@kimberly-this guy knows a lot about computers,he's too smart to have done something like that,he also doesn't share his account :)

 

Then he wouldn't have gotten hacked, simple enough.

 

and he also knew one of us

 

So you're sure that your friend that got hacked didn't do something stupid then? Because if this hacker fellow knew you lot, it's completely plausible that he guessed your friend's recoveries and whatnot.

[The Observer]

To inquire further to what I said previously, does your friend have a PS3 which uses Playstation Network?

 

Might be a bit of a stretch, but yeah.

[Alphanos]

and he also knew one of us

So you're sure that your friend that got hacked didn't do something stupid then? Because if this hacker fellow knew you lot, it's completely plausible that he guessed your friend's recoveries and whatnot.

 

The above sounds the most likely to me.

 

Plain and simple, here's a breakdown of the ways people get hacked:

 

• A) The attacker gets the password.
  
• B) The attacker recovers the account through Jagex's recovery process.
  

 

• A1) The attacker is told the password, watches the account holder type it in real life, or simply guesses it.
   
  
• A2) The attacker uses malware to install a keylogger which captures the account holder's password. Usually, though not always, the downloaded software relates to Runescape in some way. Runescape isn't that big of a target in the wider world of malware. The most common culprit is botting software, which may capture this information regardless of whether it works. Note that anti-virus programs can only help so much once you start downloading dangerous software - anti-virus can't stop everything.
   
  
• A3) More difficult but still possible is a type of remote exploit which can directly infect and install malware via simply browing a website. With enough care (I.E. careful browser settings, good anti-malware browser add-ons, keeping all plugins like Java, Flash, and Adobe Reader up-to-date) this possibility can be almost entirely eliminated.
   
  
• A4) The attacker brute-forces the password, which involves trying millions of combinations to break through a weak password. Note that this type of attack is not directly possible against Runescape, but it can apply to the below.
   
  
• A5) The account holder uses the same password both on Runescape, and for other sites/accounts/etc (very very common). Many other sites have much poorer security protections than Runescape itself. If the attacker can gain access to one of these accounts, they can then try using the same password against the Runescape account as well. In particular, getting access to the account holder's email account could allow them to check for the many stupidly-designed sites which have a direct record of your password in plaintext, and will send it to your email account upon request. If as you say this particular attacker knows you in real life, this method of attack is also a possibility, for example if you check your email on a computer they will later have access to, and then close the browser without actually clicking logout. While less likely, another related possibility is that if the backend database of another site using the same password can be hacked into, then even without any security failures on your part an attacker can gain access in this way.
  

 

• B1) The attacker is able to find out the recovery question answers, possibly through personal knowledge, social networking sites, or social engineering (i.e. slowly asking the person related personal questions 2-4 weeks apart until they have all the info).
   
  
• B2) The attacker is able to gain sufficient other information to convince Jagex they are the account holder. Most likely this would require both getting into the account holder's registered email account using any of the described methods, as well as having details on the payment methods used for membership.
  

 

Nobody who gets into Runescape accounts does so by breaking into Jagex. Just for starters, if they had that capability, they could simply give themselves unlimited money/rares/etc directly, without needing to take from anyone else.

 

As stated earlier, bypassing the bank PIN requires either knowing it through observation (in real life or via an advanced keylogger), guessing it, or waiting for it to expire.

 

I think that covers everything; if anyone can think of something I've missed let me know. Hopefully knowing the possible avenues of attack will help people to better secure their accounts.

 

In particular, if you are reading this and use the same password for Runescape as for other things, I highly recommend that you choose a unique password for Runescape, and never use it for anything else.

 

In the past, I used to pay little attention to possibility A5. That changed last week when I went to check my email, and found out that someone from another country had been trying to send gambling-related email from it. A5 is essentially the only possible way this could have happened, thus causing my above emphasis.

[Corbuk]

Btw they can hack into jegex and look for the account details there.and items such as phats money and rares arnt stored on a network,lol,there isnt a place that has like 10b of every item in rs in a folder or something like that,those are created by codes or something like that,I think.

[Star_Fox]

Once this guy knew that we wouldn't give him the rank,then he started blackmailing us,and he also knew one of us,so that's why he didn't really want to,but as soon as he found out,then he started saying all the stuff,and we all thought it was a guy messing about,then the next day......

 

@kimberly-this guy knows a lot about computers,he's too smart to have done something like that,he also doesn't share his account :)

 

I probably know little to nothing about computers compared to your friend you're talking about but it sounds like he has troubles

keeping his account secure. No computer knowledge can assure you 100% protection if you don't learn how to keep your mouth shut

from telling vital information to anyone about your account. Don't use easy to guess passwords, linked passwords, update and scan

antiviruses regularly, and keep recovery questions obscured. Plain and simple. Anyone who has enough common sense can do all this

and never get hacked once. Maybe your friend just had none of it. :rolleyes:

[Avant]

1. Go to w2 grand exchange

2. Take down the names of anyone who is trading something worth 20m+

3. In the middle of the night, find their login details in the database you supposedly have access to and steal their [cabbage]

 

But yeah, no.

[Alphanos]

Btw they can hack into jegex and look for the account details there.and items such as phats money and rares arnt stored on a network,lol,there isnt a place that has like 10b of every item in rs in a folder or something like that,those are created by codes or something like that,I think.

 

For the record, everything in the quoted post is nonsense. I hope he was trolling.

 

Items and money aren't stored on a network? How do you access them without going to Jagex headquarters then...?

[Dex]

If the so called hacker can hack into jagex, he would have every runescape account password and username. Also if he can hack into jagex, he wouldn't be bothering with hacking accounts in a petty game. He could just hack into jagex's bank account, transfere money into an anonymous account.

[Corbuk]

Once this guy knew that we wouldn't give him the rank,then he started blackmailing us,and he also knew one of us,so that's why he didn't really want to,but as soon as he found out,then he started saying all the stuff,and we all thought it was a guy messing about,then the next day......

 

@kimberly-this guy knows a lot about computers,he's too smart to have done something like that,he also doesn't share his account :)

 

I probably know little to nothing about computers compared to your friend you're talking about but it sounds like he has troubles

keeping his account secure. No computer knowledge can assure you 100% protection if you don't learn how to keep your mouth shut

from telling vital information to anyone about your account. Don't use easy to guess passwords, linked passwords, update and scan

antiviruses regularly, and keep recovery questions obscured. Plain and simple. Anyone who has enough common sense can do all this

and never get hacked once. Maybe your friend just had none of it. :rolleyes:

Mate,he had all of them,and no one had a reason to hack you....

[Corbuk]

Btw they can hack into jegex and look for the account details there.and items such as phats money and rares arnt stored on a network,lol,there isnt a place that has like 10b of every item in rs in a folder or something like that,those are created by codes or something like that,I think.

 

For the record, everything in the quoted post is nonsense. I hope he was trolling.

 

Items and money aren't stored on a network? How do you access them without going to Jagex headquarters then...?

Can you read,I said they can't....

[Corbuk]

If the so called hacker can hack into jagex, he would have every runescape account password and username. Also if he can hack into jagex, he wouldn't be bothering with hacking accounts in a petty game. He could just hack into jagex's bank account, transfere money into an anonymous account.

But if they hack into every single account,they would draw attention to them,so they don't do it loads,they spread it out.Cuz they could go in jail for like 5years.

 

And just for the record,I never said that I could do it,this is just what someone told me.And yr all like this is totally impossible,well it's not,also this might not Evan been the way he hacked him

[Corbuk]

If the so called hacker can hack into jagex, he would have every runescape account password and username. Also if he can hack into jagex, he wouldn't be bothering with hacking accounts in a petty game. He could just hack into jagex's bank account, transfere money into an anonymous account.

But if they hack into every single account,they would draw attention to themselves,so they don't do it loads,they spread it out.Cuz they could go in jail for like 5years.

 

And just for the record,I never said that I could do it,this is just what someone told me.And yr all like this is totally impossible,well it's not,also this might not have been the way he hacked him

[Dex]

Once this guy knew that we wouldn't give him the rank,then he started blackmailing us,and he also knew one of us,so that's why he didn't really want to,but as soon as he found out,then he started saying all the stuff,and we all thought it was a guy messing about,then the next day......

 

 

A rank in what? Your story isn't making much sense...

 

Assuming they can hack into jagex and get your account info, why would they bother with 20mil. 20mil isn't alot of money, if hacking into multiple accounts will draw attention to the hacker, it would be a much better idea if he just hacked into 1 account with alot of money.

 

To be honest, there are 3 options:

 

1. your friend isn't as clever as you make him out to be

2. the hacker can really hack into jagex

3. the hacker is bluffing

 

If it is 1, make your own account secure. Change pin and password, scan your computer etc etc.

If it is 2, nothing you can do. You loser either way so you might as well pray the hacker is bluffing.

 

And another thing, you said the 'hacker' knew one of you. It wouldn't be difficult to put a keylogger on someone's computer if they trust you.

 

P.S there is a 'multiquote' button for a reason.

[Kimberly]

Mate,he had all of them,and no one had a reason to hack you....

 

People don't need a reason to hack other people.

[Sy_Accursed]

At this stage even with bad broken English aside I find myself concluding that the OP is either really really stupid, so stupid in-fact he think he is in fact smart and is blind to his own stupidity, naivety and gullibility OR this is a troll thread.