Hacker boosted my account? Wtf?

[jjjon123]

There was one guy in H&A that (said) he got his account hacked and got free 400m in random stuff O_o

 

here http://forum.tip.it/topic/300168-i-got-it-back-but/

 

Lol sounds like they were making you into a turoth botting account haha.

turoth?

no they were only killing blue dragons i guess i kept checking the adventure log to see what was up >.<

and they got a LOT of effigies but didn't even save them >.<

 

 

grtz on account back i just got mine back days ago cept this guy had lots of stuff for me to sell for 400m lol 5 sets bandos god swords d claws 4 dfs 10 sets of dharok and veracs various other things lol

[Deathknell]

Mod Edit: removed spam posts! :)

 

IKR. First I read it... Then read it again... And again... Then thought, "This guy can't really be serious!"

 

What, are they just waiting to ban him? Collecting a giant list of names (Which is like 3 for Jagex), and then ban them all at once? Lolol, some people on TIF just trip me out.

 

Actually, I think he forgot the :| smiley used to convey the savage irony.

Edited August 29, 2011 by Kimberly

[wotmania505]

Cancel your membership. I think they get some code when they subscribe that can be used for recovery (further proof it is your acc, etc). Then do the usual routine of virus scan. Make a password using numbers, letters and symbols if you have a godly memory. Example: for4eh!l0[lz] (not a real password :P, but you get the point). Makes it harder to brute force your ass.

 

And to answer your question, if a hacker stole my account and pumped its stats, I would be [bleep]ing happy. I barely have any GPs or valuable [cabbage] anyway, so I'd profit quite a bit. Not saying I would set myself up to be vulnerable to someone hijacking my account, but still. Don't see how them boosting your stats is a bad thing as long as you can get your account back.

 

its actually safer to make a memorable password that is 4+ words long

 

...I smell an XKCD reader..

[D. V. Devnull]

Cancel your membership. I think they get some code when they subscribe that can be used for recovery (further proof it is your acc, etc). Then do the usual routine of virus scan. Make a password using numbers, letters and symbols if you have a godly memory. Example: for4eh!l0[lz] (not a real password :P, but you get the point). Makes it harder to brute force your ass.

[spoiler=XKCD #936, "Password Strength", Image hidden... Click to view...]

@Zaaps

 

That is not true, most brute force hack programms use random words. You can better just make up words or write the words so that they are not correct (like lolspeak or backwards).

In addition to what essiw said, Randall Munroe's argument with that comic falls apart hard because he didn't use equal-length passwords for his comparison in that comic. Therefore, the bit comparison was skewed in favor of the 'dictionary word'-based password, instead of the jumbled password having an equal footing against it. Heck, I would suspect that he's got an obvious bias against passwords with punctuation/symbols for some silly reason or another. :roll:

 

And just to seal this argument with a win (which has become more than warranted) for me and essiw, here's the math for a jumbled password of 22 characters, which has an inherent 96 possible selections (yes, look at your bloody keyboard and think) per character. Yeah, just slightly less than Randall's 25-letter dictionary-based password, but more than enough (And more than enough bits!) to make the blasted point...

 

22 characters ^ 96 possible selections per character = 7.4572269244280810732000205241347*10^128 combinations

 

7.4572269244280810732000205241347*10^128 combinations / 1000 [guesses/sec] / 3600 [sec./hr] / 24 [hours/day] / 365 [days/year] = 2.3646711454934300714104580555983*10^118 years

 

...which leaves a person with a password that basically can't be cracked in their lifetime, period. And there's the blasted math as proof, damnit. :ugeek:

 

~D. V. "That was one poor attempt at an argument, Zaaps..." Devnull

[jjjon123]

can rs even be hacked 1000 guesses a second :-?

[Hedgehog]

You can guess like 10 times per hour before it blocks you. Not gonna try cuz I'm too addicted to this game to log out though.

[sebas379]

I have a removed digit password that looks something like this:

removed

 

I think that's enough to prevent anyone from brute force hacking his way into my acc, and if they use some really powerful program, they can crack anything.

Yes, it took me a little while to memorise that cause there is no logic at all in it. But after a few weeks of typing it its crammed into your head and you never forget the code.

 

Ofcourse it's not much securer/less secure than a random word with some letters substituted wit numbers. Just dont use your name, birthday, girlfriends name, or well, anything that makes sense.

 

EDIT: I wouldn't go sharing details about your password.

 

Jeffwilson99

Edited August 28, 2011 by Jeffwilson99
Details censored- Jeffwilson99

[Noxx]

When i took a break from RS about 2 years ago for almost a year. During that time i got "hacked". I had about 800m in cash and 500m in items, which was a lot back then. When i started thinking about coming back to RS again i noticed that my account had been used by someone else. The activity from my Adventure Log showed PKs from that day and a few days following up to that so i assumed that whoever used the account must have used it as his own for a lengthy period of that year. My Slayer level was raised from 93 - 95. My Strength Exp also went up with a few million which annoyed me because at that time i was working on getting my Def Exp to 50m while leaving the other two (Attack and Strength at 25m). Anyhow i managed to recover my account and start playing again. Too bad almost my entire bank was cleaned out and all i was left with was 30m.

[Tim]

This actually happened to my Current main. I created it in 2001 and had a red party hat, was only 14 combat and I was like "nar, this sucks"

 

then I tried recovering the next 2 years and finally in December last year I managed to recover it. They leveled a fair bloody chunk up (and to my annoyance, my party hat was gone) but at the same time, It felt weird going from my main I made in 2004 to my 2001 that someone tried to claim as theirs. I'll admit it feels bad playing with levels I didn't do, but in a way, kinda glad as I've always had low motivation due to always being crap compared to others my combat lv.

 

tl;dr - recovered old main, had been leveled up by hacker, felt guilty but relieved to have it back.

 

@Noxx, how the hell did you manage to make it back though? I'm still struggling to get my cash wealth back (Yes, I know a red phat is bat-[cabbage] insane costly but I haven't been able to even make back 200m worth of it due ot slayer being crap and unprofitable like before)

 

EDIT: My friend at the time was the one who stole it, in case you were thinking "why would a random try and hack some low leveled player?"

[Star_Fox]

Sounds like you got hacked by gold farmers tbh.

 

defense + constitution level probably means he used that acc for hunting dragons for gold. The items which were taken might have also been used to sell gold.

[Barihawk]

So yesterday I decided to get on RS for the first time in a nice few months, only to discover my password doesnt work. Thinking I just forgot it, I did an account recovery and was able to get into my account. Only to find that I now have 97 Defense (previous was 85) and 91 Constitution (Also 85 before hacker).

 

I did lost all of my items and such, but luckly he had left me enough green D hide and Dragon bones to be able to recover the important stuff.

 

My question to you, how would YOU feel if a hacker had made advancements onto your character without your knowledge?

 

Im kind of dissapointed, myself.

 

Exact same thing happened to me. Logged in and discovered myself poorer at the green dragons. Luckily I managed to salvage 3 mil worth of hides and bones as well as two combat levels.

[pulli23]

Get a bank pin before you do anything else though:

 

-The subscription (especially the first) is a very, very strong "argument" for getting an account back. (You know, jagex doesn't really mind who plays it, if you say "hey give me the account because I pay/paid subscription" they will give it).

 

The extra safety (bank pin) however has a certain time before it is resetted - enough for you to recover your account.

[Kimberly]

I just had to remove a lot of spam and off-topic arguing. Please remember that we all have to abide by our forum rules here, site staff and members alike. To recap, the topic for discussion is:

 

My question to you, how would YOU feel if a hacker had made advancements onto your character without your knowledge?

 

You're welcome to discuss things but please take care to add substance to your post to prevent your posts being removed for spam--let alone arguing :P

[D. V. Devnull]

Since I've lost this from my tracking stack due to a Moderator's cleanup, and since I had the feeling I missed something when I posted here before, I think I'll answer this:

 

My question to you, how would YOU feel if a hacker had made advancements onto your character without your knowledge?

Personally, I think I would probably quit RuneScape. Knowing my luck, I would also find my Friends/Ignore Lists deleted and most of my Bank gone with my defenses violated, thereby removing my memories of who I was buddies with and what I was last up to in-game. (Can't contain everything in your head, ya know...) Plus, it would mean that someone had messed with the state of my namesake (which I don't let anyone else touch) without my say-so, and not in my presence either. And heck, who wants to touch damaged goods anyway? For me, that would leave nothing short of a sick, dull, obnoxious feeling in my stomach that I wouldn't want to feel anymore. I need not say more than that. :(

 

On the bright side, I keep my accounts secure enough that it would take too long for anyone to break in. And NO, you're never getting the details out of me! :shades:

 

~D. V. "I'm one crazy dude you won't pluck the mind of..." Devnull

[FooK-A-Ji]

I would change my password to 12345 and hope that the hackers come on again to keep on getting me free levels.

[Platinum_Myr]

In addition to what essiw said, Randall Munroe's argument with that comic falls apart hard because he didn't use equal-length passwords for his comparison in that comic. Therefore, the bit comparison was skewed in favor of the 'dictionary word'-based password, instead of the jumbled password having an equal footing against it. Heck, I would suspect that he's got an obvious bias against passwords with punctuation/symbols for some silly reason or another. :roll:

 

And just to seal this argument with a win (which has become more than warranted) for me and essiw, here's the math for a jumbled password of 22 characters, which has an inherent 96 possible selections (yes, look at your bloody keyboard and think) per character. Yeah, just slightly less than Randall's 25-letter dictionary-based password, but more than enough (And more than enough bits!) to make the blasted point...

 

22 characters ^ 96 possible selections per character = 7.4572269244280810732000205241347*10^128 combinations

 

7.4572269244280810732000205241347*10^128 combinations / 1000 [guesses/sec] / 3600 [sec./hr] / 24 [hours/day] / 365 [days/year] = 2.3646711454934300714104580555983*10^118 years

 

...which leaves a person with a password that basically can't be cracked in their lifetime, period. And there's the blasted math as proof, damnit. :ugeek:

 

~D. V. "That was one poor attempt at an argument, Zaaps..." Devnull

 

But the point is that humans don't actually make random jumbles of letters and numbers. We take a single dictionary word and perform obvious variations of it. So you can create a dictionary of common "strong" passwords very easily, because we know 3-4 of the patterns. The point is that I can make a longer password that is easier to remember when using the sequence of words.

 

It is skewed in the sense that he chose common examples of each type of password. Yes, a similar length password which is jumbled is more secure than a series of words. But keep in mind that if you get 5-6 words in length, the number of combinations is very high. How many words are in the english language? there are thousands of words. Possibly even 100,000 words (or more, but lets keep to 100k here). so, if I select 4 words from that list, I have 100,000^4 which is 100k*100k*100k*100k which is 10^20, which is a very big number. Just under 1zeta (SI prefix) combinations. While a similar length password that is complete jiberish would be much stronger (considering that there are 96 characters on the keyboard) and let's assume an average word length of 5 that is 20 characters long would be 96^20, which is astronomically larger than 10^20. However, I don't know about you, I am not likely to remember a random 20 character password.

 

The point is that the dictionary attack works perfectly fine against many passwords, because humans don't actually choose random passwords, and we keep them down under 10 characters. We use something as a base (a word) which we then modify using a standard pattern. Maybe that's not what you or I do, but I know a lot of people who think this creates a strong password.

 

You are best off making a completely gibberish password that has no basis on a word or similar, but good luck remembering it. This is why the combination method can be better. Use 5-6 words and you have an exponential increase in the strength of your password. (Granted, a lot of systems won't even let you use passwords like this soo..)

[Hakaan]

Back when I was a noob and had a couple hundred gp, probably around level 30, I got hacked (which was 100% my own fault, I was just stupid about security stuff back then). I recovered my account within a day and no major changes happened, but I logged in to find myself in Falador with about 16k in my inventory. I had had a few k before, but 16k seemed like a [cabbage]load. I bought a rune kite with the money and thanked the hacker in my mind, lol. I later thought that perhaps the hacker was a gold farmer.

 

My friend also recently got hacked, and the hacker got him a few mil cash, 94-99 herblore, and 96-99 prayer. Nothing bad, except he feels like he didn't accomplish those two 99's.

[D. V. Devnull]

<<<Quote Snip>>>

 

But the point is that humans don't actually make random jumbles of letters and numbers. We take a single dictionary word and perform obvious variations of it. So you can create a dictionary of common "strong" passwords very easily, because we know 3-4 of the patterns. The point is that I can make a longer password that is easier to remember when using the sequence of words.It is skewed in the sense that he chose common examples of each type of password. Yes, a similar length password which is jumbled is more secure than a series of words. But keep in mind that if you get 5-6 words in length, the number of combinations is very high. How many words are in the english language? there are thousands of words. Possibly even 100,000 words (or more, but lets keep to 100k here). so, if I select 4 words from that list, I have 100,000^4 which is 100k*100k*100k*100k which is 10^20, which is a very big number. Just under 1zeta (SI prefix) combinations. While a similar length password that is complete jiberish would be much stronger (considering that there are 96 characters on the keyboard) and let's assume an average word length of 5 that is 20 characters long would be 96^20, which is astronomically larger than 10^20. However, I don't know about you, I am not likely to remember a random 20 character password.The point is that the dictionary attack works perfectly fine against many passwords, because humans don't actually choose random passwords, and we keep them down under 10 characters. We use something as a base (a word) which we then modify using a standard pattern. Maybe that's not what you or I do, but I know a lot of people who think this creates a strong password.You are best off making a completely gibberish password that has no basis on a word or similar, but good luck remembering it. This is why the combination method can be better. Use 5-6 words and you have an exponential increase in the strength of your password. (Granted, a lot of systems won't even let you use passwords like this soo..)

Serena_Myr, it is as equally possible to achieve these super-strong passwords such as what I've noted through a method of making things that sound like words from their visual aspect, but without being words and/or based upon words. In turn, it throws even what Randall Munroe tries to make a point of to the wind, invalidating the argument set forth in his comic by showing ease-of-use to strange, short, made-up wording. However, it still leaves the mind easily able to remember because it will "roll off the tongue", as the old adage goes, causing the person to remember their password by the image drawn in their own mind. ;)

 

 

For proof to the pudding, you end up with the following math... Even with a small, case-insensitive, 12-character password using only numbers/letters...

 

12 [characters] ^ 36 [possibilities/character] = 7.0880187498509184538134430700957^10*38 [combinations]

 

7.0880187498509184538134430700957^10*38 [combinations] / 1000 [guesses/sec.] / 31536000 [sec./year] = 2.2475960013479573991037046772247*10^28 [years] = 22,475,960,013,479,573,991,037,046,772.247 [years]

 

...which (in my personal opinion) is far longer than the universe (let alone RuneScape) is likely to remain around. In turn, it makes itself a very easy alternative to turn to over choosing even a set of ~4 dictionary words. Heck, it would even make a good thing for geekoverlord (our opening poster, who asked about how others would react to the plight of being hacked) to construct a password according to this very school of thought which I've just shown the math for, in order to prevent ever being hacked again by even mere chance. That is, providing they never end up with getting their PC hacked from a mis-step on the web. :ugeek:

 

 

~D. V. "Crunching the numbers /w calculator, while listening to 'ParagonX9 - Chaoz Japan'..." Devnull

[RoswellCrash]

Never been hacked from 2001 to 2004 on first account, never been hacked from 2004 to 2011 on current account.

 

Personally you only get hacked if you've been careless.

 

Little tip for making easy to remember passwords.

 

Take a long word or a few short words that you'll remember and stick numbers between each letter.

 

Example:

r1o2s3w4e5l6l7c8r9a10s11h

 

You can even write the words backwards, go from 1-10 or 10 - 1, just alternate two numbers e.g "1 2 1 2" with your word of choice between. It helps create "jumbled up" passwords with a rememberal touch.

 

Always remember to avoid personal words or numbers, like name, phone number. Also refrain from things like your favourite team or film, why not your least favourite team or film? (film = movie for any Americans)

[Zimberfizz]

Trust me, I would know about hacking ;)

Some noob wanted to keep your account, and he used it to make cash. He botted hundreds upon hundreds of hours on it, and thought he secured the account. The account will ALWAYS be yours and he can't retrieve it, if your account gets banned send an appeal and say "Someone else had access to my account" you're safe.

 

Oh and to all you guys who think the hacker guessed the password, please shut up. He got keylogged/RAT'd. No runescape account hijackers *not hackers, it isnt hacking* bruteforce or guess passwords. That's just plain stupid

[fallout]

I have an account with 99 range, 1 pray, 95+ magic and 40 defense, on top of that high skilling levels and 91+ runecrafting. It was fine until free trade, when some how my laptop was compromised and my account got keylogged. At least 500m worth of wealth was gone. Felt bad, but would have been far worse when the keylogger would have leveled pray or defense levels. I quit the game though. Also made a promise to myself never to play 'no items back' policy wealth based game any more.

[Logdotzip]

it's probably getting banned soon it sounds like the guy botted hundreds of hours at green dragons with it.

What makes you think that jagex will actually ban the account?

The fact that they ban most bots

 

This made me smile.

[Platinum_Myr]

<<<Quote Snip>>>

 

But the point is that humans don't actually make random jumbles of letters and numbers. We take a single dictionary word and perform obvious variations of it. So you can create a dictionary of common "strong" passwords very easily, because we know 3-4 of the patterns. The point is that I can make a longer password that is easier to remember when using the sequence of words.It is skewed in the sense that he chose common examples of each type of password. Yes, a similar length password which is jumbled is more secure than a series of words. But keep in mind that if you get 5-6 words in length, the number of combinations is very high. How many words are in the english language? there are thousands of words. Possibly even 100,000 words (or more, but lets keep to 100k here). so, if I select 4 words from that list, I have 100,000^4 which is 100k*100k*100k*100k which is 10^20, which is a very big number. Just under 1zeta (SI prefix) combinations. While a similar length password that is complete jiberish would be much stronger (considering that there are 96 characters on the keyboard) and let's assume an average word length of 5 that is 20 characters long would be 96^20, which is astronomically larger than 10^20. However, I don't know about you, I am not likely to remember a random 20 character password.The point is that the dictionary attack works perfectly fine against many passwords, because humans don't actually choose random passwords, and we keep them down under 10 characters. We use something as a base (a word) which we then modify using a standard pattern. Maybe that's not what you or I do, but I know a lot of people who think this creates a strong password.You are best off making a completely gibberish password that has no basis on a word or similar, but good luck remembering it. This is why the combination method can be better. Use 5-6 words and you have an exponential increase in the strength of your password. (Granted, a lot of systems won't even let you use passwords like this soo..)

Serena_Myr, it is as equally possible to achieve these super-strong passwords such as what I've noted through a method of making things that sound like words from their visual aspect, but without being words and/or based upon words. In turn, it throws even what Randall Munroe tries to make a point of to the wind, invalidating the argument set forth in his comic by showing ease-of-use to strange, short, made-up wording. However, it still leaves the mind easily able to remember because it will "roll off the tongue", as the old adage goes, causing the person to remember their password by the image drawn in their own mind. ;)

 

 

For proof to the pudding, you end up with the following math... Even with a small, case-insensitive, 12-character password using only numbers/letters...

 

12 [characters] ^ 36 [possibilities/character] = 7.0880187498509184538134430700957^10*38 [combinations]

 

7.0880187498509184538134430700957^10*38 [combinations] / 1000 [guesses/sec.] / 31536000 [sec./year] = 2.2475960013479573991037046772247*10^28 [years] = 22,475,960,013,479,573,991,037,046,772.247 [years]

 

...which (in my personal opinion) is far longer than the universe (let alone RuneScape) is likely to remain around. In turn, it makes itself a very easy alternative to turn to over choosing even a set of ~4 dictionary words. Heck, it would even make a good thing for geekoverlord (our opening poster, who asked about how others would react to the plight of being hacked) to construct a password according to this very school of thought which I've just shown the math for, in order to prevent ever being hacked again by even mere chance. That is, providing they never end up with getting their PC hacked from a mis-step on the web. :ugeek:

 

 

~D. V. "Crunching the numbers /w calculator, while listening to 'ParagonX9 - Chaoz Japan'..." Devnull

 

True. Granted, that's relying on a 1000 guess/sec which I think is fairly low.. However, keep in mind that most people don't actually create truly random passwords. That's what XKCD is pointing out. People make passwords based on words, with a general pattern. Dictionary attacks don't only use dictionary words. If you can figure out the 4-5 methods that people use you can build a fairly comprehensive dictionary attack that works.

 

Recall your Discrete Math for a moment, and remember that a longer password is generally adding more entropy than increasing the number of possible characters. there are 52 letters + 10 numbers = 62 characters minus special symbols. In the equation, n^x, increasing n has a smaller effect than increasing x unless you increase n dramatically.

 

The strength of the password is based on the entropy of the information, so if the hacker can figure out that certain sets of letters and numbers aren't "valid" passwords then you lower the entropy of the password.

 

Your password type is extremely secure compared to the runescape entering system and would require social engineering or breakthroughs in decryption technology. But I know several people who pick passwords that are incredibly easy to guess. And they would be fair more happy to select a 5-6 word password which is much more difficult to guess. (Suppose there are 50,000 words in the english language, and a person can effectively pick them at random, you have 50,000^5) which is very large. And this supposes the attacker knows that the password is composed of english words. A dictionary attack becomes very difficult, because they have to know the set of words you chose from, and potentially how many words you selected. Otherwise you get 50,000^5 + 50,000^4 + 50,000^3 and so on. It becomes incredibly difficult to dictionary attack as they are forming a crossproduct on the dictionary.

 

I'm more likely to remember 5 words than I am to remember 12 random numbers and letters.

[Atom Smash40]

it's probably getting banned soon it sounds like the guy botted hundreds of hours at green dragons with it.

What makes you think that jagex will actually ban the account?

The fact that they ban most bots

 

This made me smile.

Because you know it's not true.

[jasignhagj]

Oh and to all you guys who think the hacker guessed the password, please shut up. He got keylogged/RAT'd. No runescape account hijackers *not hackers, it isnt hacking* bruteforce or guess passwords. That's just plain stupid

 

This. Unless you're a top 15 player and your password is 1234 or password, you're safe.