EQ Servers Hacked

According to the Seattle Times, last October someone hacked into at least one EQ server, as well as Brad McQuaid's home computer, and obtained a superuser account and other account information. The article states that "'Access to these accounts gives the superuser an individual's name, date of birth, work and home telephone numbers, Internet protocol address and other information,' including home addresses, according to an affidavit filed with the warrant. Moreover, superuser status also 'enables the user to have complete administrative controls over the game, including the suspension, banning and unbanning of accounts.'" Furthermore, it states "In McQuaid's computer, the hacker copied a voluminous file containing the blueprint for the release of the game's next version, 'EverQuest2,' scheduled for release next year. Other personal and proprietary information was also accessed." Interesting news, considering that the existance of any Everquest 2 has never been officially confirmed by Sony. The only official statement I have seen from Sony is in the Developer's Corner where John Smedley posted this: "We have seen the article in the Seattle Times regarding an incident almost a year ago in which someone apparently got a hold of one or more superuser accounts for a short period of time. We want to assure our customers that at no time was any consumer billing information compromised. No one should be worried that their credit card information got out… IT DID NOT. In addition, some time ago we added additional layers of security in an effort to prevent this from happening again. Beyond this, it is inappropriate for us to comment in light of the ongoing investigation." I am not a computer expert, so I can't even begin to speculate on this. There are far more qualified people than me to do that, so I'll let it to you to debate the consequences, or whether you should at least change your password. You can read the entire article at this link.

Comments

1 2 Next »
Post Comment
now who wants to take the blame
# Sep 01 2001 at 1:23 PM Rating: Default
I just wanted everyone to know that i just hacked into your systems through this site and got all the information on your hardrives. I think that it is everyone's fault for not spending all their money on firewalls and security, therefore allowing me access to their private information. Obviously from the thoughts of everyone this compromise of security would be your fault. Now if that really makes sense then please continue to blame Brad. Though I also see that if nothing has happened and the superuser account was probably changed, then this is crying over spilt milk. My suggestion is to get something to clean it up an quit whining.
?!
# Sep 01 2001 at 9:07 AM Rating: Decent
How in the HELL could this be Brad's fault people? His box prolly has more security/firewalls on it then we even KNEW about. So when someone breaks into our box and everyone says its our fault, what're you gonna say?
Brad's Fault?!
# Sep 01 2001 at 8:54 AM Rating: Default
I see all these people talking about how it's Brad's fault this happened. That's the stupidest thing I've ever heard! Obviously, this is the hacker's fault! If someone broke into your house would you want to be sent to jail for not having good enough locks on your doors? The hacker obviously targeted Brad because he had a superuser account. It was probably some guy who had been banned and wanted to get access to the superuser account to unban his account. In any case, it's obviously not Brad's fault. You can't expect the victim of a crime to take the blame
RE: Brad's Fault?!
# Sep 01 2001 at 10:15 AM Rating: Decent
And why not? You can sue someone if you get hurt breaking into their house.
RE: Brad's Fault?!
# Sep 01 2001 at 11:01 AM Rating: Default
It is true, you can sue someone for just about anything. That does not mean you will win or have any legal leg to stand on. The only way you could sue someone for being hurt when breaking into their home, at least in Georgia, would be if they had deliberately done something to harm you to a degree out of line with the threat you posed. For example, if the homeowner had placed a shotgun booby-trap on the front door and you were shot when you forced it open. There are, of course other examples, but if you break into someone's home and trip over the end table and break your ankle, no court in the world is going to award you any damages.

Also, interestingly, in California, if you leave your keys in your car and someone steals that car, then you are liable for any damages done by that individual in your stolen car; ie., car wrecks, hit and runs, etc.

What we might infer is that if the security measures taken to protect this information were deemed to be inadequate, then the individuals in question might, possibly, be held accountable for any damages done. In court, however, you must prove tangible damages. If this hacker went in and banned someone inappropriately, it is unlikely that a lawsuit would result in anything worthwhile. Not many courts would find loss of playing everquest a "tangible damage." If billing information was leaked, and the security measures were inadequate, there might (I stress, might) be something to look at. I have to agree, though, that I feel that the people involved with Sony's software team probably have very extensive security measures in place. The sad fact of the matter is that only one hundred percent sure way to prevent a hacker from getting into your computer is to not have it hooked to the internet. (And that won't work if you invite him into your home...)

Saldiven
RE: Brad's Fault?!
# Jan 09 2002 at 2:38 PM Rating: Default
this is a bit off subject ,but for your info
In the state of Georgia you can sue someone for tripping over their nightstand,i had a friend who was sued because when he arrived home,someone was in his house,he parked his truck close to side door and went into the front door,the theif then ran out the side door,tripped on his tow hitch breaking his leg.my friends homeowners insurance had to pay the theifs medicale bill.
RE: Brad's Fault?!
# Sep 03 2001 at 4:12 AM Rating: Default
LOL!

Damn, US laws are really f***d up.
Debit Cards
# Sep 01 2001 at 8:00 AM Rating: Default
I work for a large bank in Texas, and I know what we do when something like this happens.

You cancel the debit card immediately after you suspect someone unauthorized is using it, and you fill out a lot of paperwork. You also have to sign an Affidativ stating it was not you who used the card and that you also did not authorize said companies to draft off the card.

You can also close the account the debit card is attached to and reopen a new one, and transfer all your direct deposits, etc. over.

If you read your bank's deposit agreement, you will be able to read fully what you can do in an event like this, or check fraud/forgeries, etcetera. When you opened your account you signed a document stating you would abide by this agreement. My bank's agreement states that you will notify the bank immediately of unauthorized uses and that you only have 30 days after issue of the monthly statement to report any discrepencies.

So I wouldn't worry about it. Most bank's want your business and they would take care of this situation as long as you acted in a timely manner.
Something you seem to have overlooked.
# Sep 01 2001 at 6:07 AM Rating: Default
Given that this happened nearly a year ago, over half the credit cards will have expired by now, and if anything was gonna happen, it would probably have happened by now.

This hasnt said exactly what was hacked, your creditcard stuff is held in a different place to your character stuff.

Tenre made a very valid comment, 99% of us are very average people, we dont like to admit it, but out of the thousands and thousands of people, theres probably more chance of winning the lottery than this kid doing much with your stuff - but hell, if hes watching these posts, perhaps he'll now target your data. Personally, I believe if you do a crime you're prepared to do the time, I dont care if you're in the US, or not, its not anti american. Im not even in the US..

Someone commented that they would get your IP address and protocol - well whoop, most people are on non fixed Ips so, what good will that do them? the protocol is gonna be udp or tcp, no surprise there.. most likely udp most games are.. so, thats not going to tell them anything other than the IP address with point them to your ISP.

Face the facts, you'd have seen a problem by now if you were going to.
Credit Card Fraud
# Sep 01 2001 at 6:00 AM Rating: Decent
Loved some of the comments. I really liked Makers solution of having a credit card just for internet use with a low limit. My wife, who is a financial manager of a corporation, told me that if someone steals your credit card and runs up your account you are only liable up to $50. With a debit card this may not be so, she was at a seminar on credit card fraud this summer where the speaker told them that you were liable for all of it on a debit card. My bank has assured me that that is not true. We are trying to verify the answer to that one. Mackers solution is the best. Have a special credit card just for EQ and then if something more than your EQ bill pops up, it's easy to catch when it happens.

Krassis Sleestak
Shaman on Tunare
RE: Credit Card Fraud
# Sep 01 2001 at 10:26 AM Rating: Default
There is a big difference between a credit card and a debit card. When someone drafts against a credit card the money comes out of the credit card companies account, you may owe the credit card company but there is routes of disbute to follow. A debit card is a pile of your money, if someone takes it you have no money till the issue is resolved. Sujestions of having a seperate , low limit , credit card for internet use sounds like a good idea. Having a debit card to your main bank account(the one that RENT and FOOD comes from) and having this money comeing up missing untill the issue is resolved could be a disastor, bouncing the rent check is not cool.
RE: Credit Card Fraud
# Sep 01 2001 at 5:50 PM Rating: Default
My bank (in an European country) noticed that some people did use internet to buy stuff, so to decided to create a way to get their butts out of some risks (although the say they are only thinking in their customers, the truth is that sometimes they also lose some $ and even get bad publicity) by issuing an Internet-Use-Only credit card.

The card can be lost in the street and it can't be used get money in ATM machines nor to buy stuff in stores, it also doesn't have the full number printed on the card (some of them are a confidential code only known by the user). This measures prevents some security hazards on normal CCs.

Another point is that it only allows values up to almost 100 dollars (ideal for my multy internet buys), theoreticly if at anytime a bill higher than my limit pops up or that will make my expenses gets over the limit, the bank automaticly rejects it and blocks my account and contact me for explanaitions (and they will charge some expenses for that), so i tend to be very carefull with the stuff i buy so that the bank don't bust my head. :)

Sure, as a new product, there can be some problems that were not considered in the planning but only time will fix (hopefully), and the limit may seem too small for some of you, but i can choose my limit as i require.

So this stuff kinda lets me sleep a bit more unworried, even though i play 2 online games that require monthly payment and sometimes i order stuff from stores like Amazon.

I'm even surprized to know you guys there in the US don't have a similar thing... prolly you have and aren't remembering it. :)
Headline : VI tastes own medicine
# Sep 01 2001 at 5:31 AM Rating: Default
Seems to remind me of the good old days when VI got away with circumventing my, and many others (thousands and thousands), firewalls and protections to scan our systems...and no, 2 wrongs dont make a right... they both broke the law in my opinion and should both face the consequences of those actions. Wonder if VI will ever have to face any consequence for their actions? Doubtful? Wonder why? Oh ... let me see $$$$$$$$$$$$$$$$$$
RE: Headline : VI tastes own medicine
# Sep 01 2001 at 11:11 AM Rating: Default
Well, at least in America, I don't think there are (or were at the time) any laws that prevented VI from looking into your computer's files to check for needed updates, etc. There might be now, I'm not sure. Also, if they didn't do any damages to the "victims," then neither party should face any "consequences." Being ticked off, annoyed, or reighteously pissed off do not count as damages, unless the act in question was patently illegal, then you can go for punitive damages. The only way either party could be held as doing something worthy of sanction would be if their activity could be legitimately proven to a reasonable person to have caused some harm to the "victim." Stealing access to hundreds of people's accounts probably would fit the bill. Accessing your hardrive to see if you need an update probably would not. I'm not judging the morality of either one's actions, I'm merely commenting on my understanding of how courts work in the US.
RE: Headline : VI tastes own medicine
# Sep 02 2001 at 4:09 PM Rating: Decent
*
69 posts
Actually, by that logic, simply stealing access to those accounts would not then be a crime. Doing something with them would. I may have another person's credit card information, but until I try to fraudulently charge something against it, I've done nothing illegal.

Just a thought.
#REDACTED, Posted: Sep 01 2001 at 3:04 AM, Rating: Sub-Default, (Expand Post) you know its too bad this kid is going to go to jail for this, or at least could. what a great country the usa is where we lock up our youth for these things, its no surprise that the usa has the largest percentage of their population incarcerated out of any countries in the world...the home of the brave and the land of the incarcerated. and most of you peeps prolly want to see this kid locked up for potentially stealing your wurmslayers. down with your evil system of injustice! my 2cps on the usa and the incarceration of its citizens.
RE: too bad
# Sep 01 2001 at 6:14 AM Rating: Decent
OK, I wanna know what this guy was smoking, and where I can get some? The culprit ILLEGALLY obtained access to a SuperUser account that was in no way his right or due. In doing so, he illegally compromised and accessed multiple systems while he gained the access necessary to set up the Superuser priviledges.

If this is not a crime in your country (and I seriously doubt it isn't one) then I am glad I don't live there, because ANYONE could access my financial and personal data, pretend to be me and there wouldn't be a d****d thing I could do about it legally. If you want your imformation raped and sold or used without your permission, then post it all here where it can be seen. Otherwise STFU and get a clue.
RE: too bad
# Sep 01 2001 at 4:02 AM Rating: Default
Are you an idiot or just trying to make people angry with your rhetoric? Let’s give all the genius little hackers of the world a pat on the back and a free ram upgrade.

A crime has been committed just as if this person were to trespass and/or break and enter a business. Verant has placed barriers that are supposed to keep their data secured. Obviously this person has spent a good deal of time and trouble circumnutating the system and ILLEGALY obtaining this data.

BTW. This is a discussion forum about Everquest not your anti-American opinions.


RE: too bad
# Sep 01 2001 at 4:54 AM Rating: Decent
I totally agree - if it's a crime, it should be dealt with. If some kid broke into a house, would you complain against the punishment then?
Bah
# Sep 01 2001 at 2:14 AM Rating: Decent
i just hope they dont get into my account, dont wanna losw all my junk/credit :P
How to avoid this
# Sep 01 2001 at 12:17 AM Rating: Decent
Generally im not a paranoid person, just cautious. For this reason i has a special credit card with a very low limit ($300) all this card is used for is EQ and my monthly isp fees. That way if some jack *** steals my card info he/she wont ruin too much of my life. Hehe.

Becareful all
Argaha 32 tribunal shaman
M Marr
Thanks Sony!
# Aug 31 2001 at 11:33 PM Rating: Default
And this happened over a year ago? And, when was Ssony going to tell us that out personal info had been compromised? Again, customers are not given ANY consideration!
RE: Thanks Sony!
# Sep 01 2001 at 10:03 PM Rating: Decent
I agree with this one. Sony should have at least mentioned that our accounts were in possible danger. What I would like to know is what would happen if a really malicious "Black Hat" Hacker had been in there stealing CC info. Would Sony neglect to mention that to us also? Sure it could have been one of those guys that go in for the screenshot, but what is it wasn't?
MOLES
# Aug 31 2001 at 11:26 PM Rating: Default
I see the Verant mole are out to suppress facts again. Shoo moles! SHOO!
Oh sure
# Aug 31 2001 at 11:19 PM Rating: Decent
>and besides the only real reason somebody would >hacke your account is to take your stuff and i >doubt somebody with your intellect has any good >equip or high level chars anyways, just my 2 cp.

>-Tenre Forestcaller<Fatal Rage>
>Ranger of the 47th season
>Hail Karana!

Okay, if you think the only thing a hacker can do with the info on his computer is take someone's account and play the character on it, then give me all of your EQ info, because your credit card number, date of birth, etc... is on there. And if I had access to 400,000+ credit cards, you can bet i wouldn't be playing everquest any more. At least not until it was on some remote island I recently bought. heh
'
# Aug 31 2001 at 9:05 PM Rating: Default
Well im with him if he says theres nothing to worry about then thats good enough for me and if i see anything on my CC ill just cancel it =)
RE: '
# Aug 31 2001 at 11:24 PM Rating: Default
I smell a mole!
Does it really matter?
# Aug 31 2001 at 9:00 PM Rating: Default
Hey! Who cares who's fault it is? I mean people get ahold of accounts ALL the time. They buy and sell, who knows how many times an account has gone through someone? And if our credit card information wasn't seen, what difference does it make?
RE: Does it really matter?
# Aug 31 2001 at 11:24 PM Rating: Default
VI mole!
RE: this is sad!
# Aug 31 2001 at 8:14 PM Rating: Default
Im with brianr. this is probly brads fault. brad, if yer reading this, sorry dude, but someone must take the blame!
Am I the only one who sees the villian here?
# Aug 31 2001 at 8:06 PM Rating: Default
Personally I don't believe Verant is at fault here. How many hackers are there in the world? All trying their hardest to get into places where they have no right to be and obtain information that they have no right to have. I believe in freedom of speech and freedom of information but also in the right to privacy. Yes, security at a company like Verant should be their top priority, and I'm sure it is, but how long would you be able to keep a secure wall intact against an army beating against it 24/7? We all need to be taking measures against things like this from happening. I know quite a few people who have claimed to have the knowledge to do similar things but THEY know right from wrong and choose to use their talents for more constructive purposes. Obviously these hackers do not.

BTW... I will be changing my Username and Password more frequently now. And as soon as they come out with those EQ player cards I will be using those instead of my personal credit card.
RE: Am I the only one who sees the villian here?
# Sep 01 2001 at 1:45 AM Rating: Default
... hackers have gained a bad rap bye the "moles" mentioned earlier. most are in it for the thrill and don't take anything but a screeshot to prove they were there. the real "villan" is the man/woman/child that did it. beyond that... please keep your "mole" misinformation to yourself
RE: Am I the only one who sees the villian here?
# Sep 01 2001 at 11:55 AM Rating: Default
are you trying to say that its ok for hackers do hack into whatever they want, once they don' take anything? Thats is a pretty dumb idea. Would you like it if someone broke into your house? Maybe that person might have not taken anyhting, but he could have, and you don't really know. Hackers have gained a bad rap, because what they do is ILLEGAL. should they all be congratulated for being able to break into private security systems or something? They are mostly just a bunch of teens, who because they command no power in thier real life, have to do big bad things on the internet to make themselves feel adequate. i hope this kid gets sent to jail. Breaking into something privately owned, wether it be on the web, or physically breaking into a building, is wrong and shouldn't be tolerated.
RE: Am I the only one who sees the villian here?
# Sep 01 2001 at 4:11 PM Rating: Good
Despite the fact that this is one argument where: 1) An opposing person will be persuaded by no argument their foe makes; 2) No one is entirely "right" on either side; 3) It doesn't really matter. Despite these facts, I feel like typing, so here goes.

Crackers break into things and steal stuff. If you "talk old school," they are "black hats" or "black hat hackers." "White hats" are hackers. They hack for curiosity's sake, or for safety's sake.

A white hat never targets a place that would not be considered "okay to rumamge in" if the media did a report on it. The only difference is, it seems so effortlessly easy and looks like they could directly threaten anyone's computer information. Numerous companies do, in fact, have hackers to thank for pointing out security holes. Consumers with private information on those company's servers have hackers to thank, since if the company made no attempt to remedy their mistakes, the hacker would speak up and the company would be in big trouble.

If not for hackers, in a particular case, everyone's credit card information would be easily accessible to anyone with the most basic set up (I mean *basic*. A computer with a modem.). After the security hole was discovered, the companies tried to cover it up; once the hacker inevitably spoke up, he was jailed for his trespass. But after all the publicity, the security hole was fixed. Who knows what would've happened if a cracker had found the hole?
With Verant's Banning Policy...
# Aug 31 2001 at 6:31 PM Rating: Excellent
Obviously this is Brad's fault. Doesn't matter what happened. His account should be banned. :)
RE: With Verant's Banning Policy...
# Sep 01 2001 at 12:27 PM Rating: Default
I agree, if it were my computer I would be banned.

So let's se if Verant will follow it's own rules.

RE: With Verant's Banning Policy...
# Aug 31 2001 at 7:13 PM Rating: Default
~Great!!!~
And I am supposed to believe that my information is safe when Brad couldn't even keep his info from prying eyes? I suggest that anyone with a long term account change their billing information. Yeah...I'm paranoid....but hell, I work hard and am not ready to risk it all on their word...especially after this.
#REDACTED, Posted: Aug 31 2001 at 9:43 PM, Rating: Sub-Default, (Expand Post) Man why would a hacker specifically target you, the obviously targeted Brad because he is a SUPERUSER not some dumbass regular person with only one account like yourself, there would be no point in hacking a regular persons account because if you can do that and get one persons information why not go for the highest you can go and get everybodys info, i mean COME ON use your brain dumby, and besides the only real reason somebody would hacke your account is to take your stuff and i doubt somebody with your intellect has any good equip or high level chars anyways, just my 2 cp.
RE: With Verant's Banning Policy...
# Oct 17 2001 at 1:04 PM Rating: Default
/sarcastic
Hmm... lets see... Why could you possibly want *anyone's* billing info? Credit card numbers, billing addresses, exp. dates, etc...

Oh well, nothing comes to mind /shrug


1 2 Next »
Post Comment

Free account required to post

You must log in or create an account to post messages.