Blizzard Says Diablo 3 Hacking Isn't Unusual - UPDATED

[Ushiromiya Battler]

lol it's like you can't even read. Please, give me one example where a blizzard game has received a good review. They just produce cheap shovelware with crap characters and cartoony graphics. Unless you are talking about the tournament to make the worse game ever that blizz is engaged in I have never heard of any of these tournaments you talk of.

Don't feed the troll, kids.

No one can be this impossibly wrong and be serious about it. He's obviously trying to provoke you and you're buying into it.

Yeah, I noticed that now, either he's a troll or simply extremely ignorant.
I really, reaaaally want to show him a few reviews though.
Nah, I wont bother, I can't take the stupidity anymore.

Anyways, thanks for the warning, this might have gone on for a while.

 

[direkiller]

Because we all know how hack-free the oh-so-sacredly-singleplayer Diablo II was right?

except hacks were a common occuance in D2

Did you not ever hear of what happened in D2? Research OP.

Ah yes, this old argument. It's funny because it's easily dismissed with just one question: How many people playing Diablo 2 had their offline single player game saves hacked, again? I wager the number is between 0 and 0 people, inclusive.

You're referring to "item hacks", which are an entirely different problem from people having their account information stolen or their characters cleaned out.

Thanks for trying, but your feeble defense of Blizzard only continues to get more feeble by the day.

except there were account hacks
item hacks just happens to be easier due to the combat mechanics (non-consensual pvp)


Also there was a way to take your single player charters to an online mode(see boss mod) and it would have been possible to drop hack/steal B-net passwords
(like)
http://www.youtube.com/watch?v=8ydrw1hn-t4
hey look a guy admitting he got hacked from his single player char(info bar)

so care to change that wager?

 

[Therumancer]

[

Seems like Blizzard not wanting to take responsibility for their own security and other problems. I'm paticularly annoyed with them trying to say "oh well, the hacking isn't actually all that rampant, this is how it normally is". If this is how it normally is when a new game is released they bloody well should have been ready for it before now.

They certainly could have taken additional steps. They could require the use of an authenticator. They could require users have a verified and useful virus scanner on their machine before letting them launch the game. They could require that any log on be authenticated by forcing a response to an SMS message. You'll also note that these steps, while undeniably improving security to near perfection, are annoying to extent that it would adversely impact user experience and undermine sales.

Or you can just advise people that they should think about doing those things and hope for the best.

I think what people seem to largely forget is that security is never perfect. In a public facing system, there are always going to be breaches of security. Any door that is meant to be opened can be opened by someone who isn't supposed to if the conditions are right. I mean, if various portions of the federal government cannot ensure the security of their systems when they dedicate billions of dollars to research and development coupled with decades of experience wearing both hats, is it really so hard to believe that Blizzard cannot do better than they?

The problem is that there are a lot of things that companies like Blizzard could do to make the situation better, without negatively impacting the user base, with varying levels of "sanity" according to public perception. The bottom line is that Blizzard and it's corperate overlords don't want to spend the money, which would cut into profits. They would rather the hacking go on at this "acceptable" level than cut into it any more and having to pay for it.

To put things into perspective, a lot of the major hacking problems come from countries where the laws and ethnical standards are differant. China is one example of this. Blizzard continues to peddle the products and compadibility to those kinds of markets, relying at most on things like region locking to try and "police" it, which is easily bypassed by simply obtaining a NA copy of the software (if there is any differance at all). With some of their games like WoW they are selling basic copies of the software dirt cheap, making it so even if they ban someone it can be as little as $5 to re-register with a new ID/code more or less legitimatly. What's more I can't think of a single case where Blizzard has actually brought a case against a hacker or had them thrown in jail. You can talk about the practicality of that, but the bottom line it hasn't even been tried as a deterrant even once.

Doing things like simply not releasing games to Asia at all, and putting up blocks and so on, won't totally deal with the problem (even from this regions) but would reduce it. Of course Blizzard would also lose a ton of money that comes in from those markets. They would rather exploit Asian markets (which are not exclusively responsible, so don't misunderstand this, it's just a big part of it) and pocket that money, than reduce the hacking to other consumers. Likewise they would rather simply take a "ban" policy when they actually catch someone and force them to buy new software, than actually spending the money to have some of these guys put in jail, which is why it goes on with such imputiny. If some guy makes like $100 a day hacking accounts and selling the proceeds (even if it's $40 if he buys a new set of software every day) why should be bother to stop his sideline, especially if he's doing it primarily for the lulz (to annoy people, as much or more than to make money), as a lot of hackers will say with imputiny "what, are they going to throw me in jail for stealing some guy's stuff online?"

Your right, there is no such thing as perfect, but there is a LOT more that can be done, and really I don't think Blizard is even trying. To them the hacking probably doesn't really matter unless it costs them money.

Hell, I'll even go so far as to say that Blizzard is arguably encouraging hacking, this whole real money auction house idea pretty much makes it more profitable than ever before to be a game hacker. In most games you hack an account, sell all the items and then transfer the money to another character (or accross a few accounts) and then sell the money to other players for real $$$. With Diablo 3, you hack accounts and then take all the rare items then put them on the auction house to sell directly for real money.

The problems with the hacking in D3 are paticularly disturbing given the doors Blizzard opened, you'd expect this game to not be "normal" in terms of the amount of hacking (as they put it) but to have unprecedented security, more responsible marketing, and Blizzard chomping at the bit to have some people thrown in jail to make an example of as a deterrant at the very least. Instead we get what amounts to "oh well, yes there is hacking, but not any more than there usually is...".

IMO Blizzard needs to take more responsibility, I don't expect perfection, but I expect a better and less dismissive attitude. I also expect to see them taking more tangible action towards protection when they release things like a real money auction house.

 

[Eclectic Dreck]

The problem is that there are a lot of things that companies like Blizzard could do to make the situation better, without negatively impacting the user base, with varying levels of "sanity" according to public perception. The bottom line is that Blizzard and it's corperate overlords don't want to spend the money, which would cut into profits. They would rather the hacking go on at this "acceptable" level than cut into it any more and having to pay for it.

People keep saying there are mystical things they could do. So, you've piqued my interest. What could be done?

To put things into perspective, a lot of the major hacking problems come from countries where the laws and ethnical standards are differant. China is one example of this. Blizzard continues to peddle the products and compadibility to those kinds of markets, relying at most on things like region locking to try and "police" it, which is easily bypassed by simply obtaining a NA copy of the software (if there is any differance at all). With some of their games like WoW they are selling basic copies of the software dirt cheap, making it so even if they ban someone it can be as little as $5 to re-register with a new ID/code more or less legitimatly. What's more I can't think of a single case where Blizzard has actually brought a case against a hacker or had them thrown in jail. You can talk about the practicality of that, but the bottom line it hasn't even been tried as a deterrant even once.

Your argument here might hold water if it weren't for the fact that spoofing IP addresses is incredibly easy to do and incredibly difficult to figure out in real time.

Doing things like simply not releasing games to Asia at all, and putting up blocks and so on, won't totally deal with the problem (even from this regions) but would reduce it.

Why would you refuse to market your game to fully half the world population? That seems like the absolute stupidest move you could make.

Of course Blizzard would also lose a ton of money that comes in from those markets. They would rather exploit Asian markets (which are not exclusively responsible, so don't misunderstand this, it's just a big part of it) and pocket that money, than reduce the hacking to other consumers.

Of course they would. More to the point, not marketing the game would not eliminate the problem nor would it reduce the problem. What you have done is deny people the opportunity to pay for a product in the hopes that you would somehow reduce the hacking demand.

What you seem to fail to see about this problem is that there is an excellent reason why this form of hacking exists: because there is an enormous amount of money at stake for the people doing the hack. Gold farming is speculated to be a billion dollar industry. Making it more difficult would help deter things for lulz but would make little impact when its done for profit.

Likewise they would rather simply take a "ban" policy when they actually catch someone and force them to buy new software, than actually spending the money to have some of these guys put in jail, which is why it goes on with such imputiny.

There are lots of reasons. One, it's incredibly difficult to prove in court. It's hard to establish loss. More importantly, if the root of the problem originates in other nations, you have to deal with a host of different laws. In many cases, such activities are perfectly legal.

Your right, there is no such thing as perfect, but there is a LOT more that can be done, and really I don't think Blizard is even trying. To them the hacking probably doesn't really matter unless it costs them money.

None of the ideas you or anyone else has presented has any probability of increasing security in this case save making it fully an offline game. That step there is the one and only thing I've seen that they could have done differently. And in spite of the fact I don't like that always on nonsense, I completely understand why they do it (Largely because there is no value in a real money auction house unless you can ensure scarcity of items).

The problems with the hacking in D3 are paticularly disturbing given the doors Blizzard opened, you'd expect this game to not be "normal" in terms of the amount of hacking (as they put it) but to have unprecedented security, more responsible marketing, and Blizzard chomping at the bit to have some people thrown in jail to make an example of as a deterrant at the very least. Instead we get what amounts to "oh well, yes there is hacking, but not any more than there usually is...".

Time and again you bring this up. The only part of the security Blizzard can reasonably ensure is on their side. All reports suggest accounts are being breached through normal use of the password system. The incidence rate of this is not high enough to suggest a penetration of the system or a known mechanism for bypassing such authentication in order to access a user account. This means the failure lies with the user.

As I've said, yes it could be made more secure by making currently optional mechanisms mandatory. Authenticators dramatically reduce the vulnerability to an account who's password is in the hands of a villain. Requiring a third authentication via SMS extends this further. Requiring up to date anti-virus software reduces the vulnerability to the password itself.

IMO Blizzard needs to take more responsibility, I don't expect perfection, but I expect a better and less dismissive attitude. I also expect to see them taking more tangible action towards protection when they release things like a real money auction house.

They aren't being dismissive. Because of issues we've been over at length, there is an expected rate of unauthorized account access. They have simply said that the rate of occurance with Diablo is not great enough to indicate a vulnerability. It isn't dismissive to say that a certain percentage of something will fail, nor is it unreasonable to accept that such things are inevitable when the alternatives would result in a degraded user experience.

 

[medv4380]

People keep saying there are mystical things they could do. So, you've piqued my interest. What could be done?

Supply the IP addresses of the last 10 logins for every account to the account owner. The fact that they don't do this is embarrassing. Since there is legal precedent for Virtual Items being treated as real property it would allow account holders a method to strike back legally. This would also be a deterrent because hackers would know that their tracks have been recorded and have no way to cover them up.

Put back the always request an authenticator ID at every login for anyone who has an Authenticator. Having it as a once a week trusted machine is stupid. If I was into hacking I'd just turn the Key Logger Virus into a VNC clone. Then wait for perceived inactivity and use your machine to do the dirty work.

Region lock the servers. It's pretty easy to put into the server a region lookup for the IP and lock out regions like China from accessing NA server. They shouldn't be using them anyways due to latency issues so any long distance logins should be considered suspect from the start.

IP spoofing isn't as easy as you think. Authentication requires that I have given you at least in part a valid IP address for communication. IP spoofing is good for tricking servers into sending data to the WRONG location not the RIGHT location. They'd still be able to utilize a proxy server, but those are detectable and if your Protocol is sufficiently complex then the Proxy will fail. Simply nesting in the UPnP networked address into the Packet would flag it as an issue since the Proxy server only would change the TCP/UDP packet IP address and other Known protocols and not the Authentication data packet.

Blizzard stopped requiring Authiticator ID's on every loggin because it saved them money even though tech savy people knew right away that their was a serious whole in their new methodology. They've avoided every simple method for handling hacker issues. The only reason Authinticator accounts aren't normally hacked is because it's still easier to hack the Authintiator free accounts. It's like arguing why should I hack a Mac users when their are still hundreds of idiot PC users to milk.

 

[Frotality]

so the best defense they have is, "all our other games get hacked this badly, therefore its perfectly normal and acceptable". wonderful business ethic.

i would also like to point out the obvious, if only to add one more voice to the chorus, that a single player game is having issues that should very much be exclusive to MMOs.

 

[SovietSecrets]

...and you don't think that's an entirely different problem from players having their items stolen by somebody else?

..? That was just part of the single player offline problem. Online was a bunch of duping and people trying to nab your accounts as well. Putting offline into D3 isn't going to solve the same problem that has been screwing the game since D2.

Ah yes, this old argument. It's funny because it's easily dismissed with just one question: How many people playing Diablo 2 had their offline single player game saves hacked, again? I wager the number is between 0 and 0 people, inclusive.

You're referring to "item hacks", which are an entirely different problem from people having their account information stolen or their characters cleaned out.

Thanks for trying, but your feeble defense of Blizzard only continues to get more feeble by the day.

Ah yes this old argument. I'm defending Blizzard from your own stupidity which is seemingly amazing at this point. Offline had its share of problems though it was only for the player who caused it, D2 online was a fucking huge mess with people nabbing accounts and duping as I said in the first post. "Item hacks" and account theft were issues in D2 and was even admitted by an old scammer who did so before the release of D3.

The point is it shouldn't be allowed and I am not defending Blizzard in that regard, I want them to fix it and I want these people gone. BUT this is not an issue that is just local with Diablo 3. This was widespread in Diablo 2 and just crying for an offline single player isn't going to fix all any of it. I really don't understand why its so hard for people to comprehend this.

 

[WabbitTwacks]

Ah yes, this old argument. It's funny because it's easily dismissed with just one question: How many people playing Diablo 2 had their offline single player game saves hacked, again? I wager the number is between 0 and 0 people, inclusive.

You're referring to "item hacks", which are an entirely different problem from people having their account information stolen or their characters cleaned out.

Thanks for trying, but your feeble defense of Blizzard only continues to get more feeble by the day.

How is this even logical? Single players don't need to log on to anything and can't have their accounts compromised because they don't have any. By saying that single player solves this issue you are basically telling everyone to not play online but instead play single player because that is the only way you are 100% sure that your account will not be hacked. It's like saying 'if you don't want to catch HIV don't have sex'. This doesn't solve anything as there still are people who want to play online and thus still the issue of hacked accounts.

....

Spoiler: Rather than explain in words why your post hurts my brain, I'll let images speak for me.

Okay, all better now.

1) Diablo 3 doesn't HAVE an offline single player option. Ergo, there is absolutely no way to avoid being hacked because even if you play the game single player, you are still logging into the Battle.net servers and, thus, can still be hacked. That's the whole point: people are pissed because they were originally promised a game that would provide offline single player, but Blizzard changed their minds and said "don't worry, there's NO WAY you'll be hacked on our secure servers, so we're forcing you to authenticate and play on our servers to play the game".

2) "If you don't want to catch HIV don't have sex" ....even though this is a flawed analogy because you don't understand how Diablo 3 even works, it helps further highlight how utterly boneheaded your post was. Because, to be honest, it's 100% correct to say that you should expect consequences if you choose to have sex. HIV, unwanted pregnancy, etc, these things occur because of sex. If you want to 100% guarantee they won't happen, DON'T HAVE SEX. So to try to bring this point back to something representing the actual argument, if there WAS an option to play single player on D3 offline and you still chose to play the game's single player online....um, expect there to be a possibility of being hacked? Because that's sort of how it works. If you exchange information with a server, you risk a chance of corruption and hacking from an outside source, no matter how great the security.

Seriously, I'm not even sure what you're trying to argue. I assume you're trying to say "I want to play Diablo 3 online, but I also want to play single player, and I don't want to be hacked". And my answer to that is: complain to Blizzard, not to us. We're complaining because the option of having offline play was never granted to us in the first place, and if we had been able to choose offline play and thus avoid the hacking issue entirely, we all would have done so.

"not wanting to get hacked" does not always equal "wanting to play offline". you are making the fallacy that "what applies to me applies to everybody else".

 

[Cid Silverwing]

Tell me.

Why is it so hard to ignore that scummy-looking "ACCOUNT VERIFICATION REQUIRED" email you get spammed with even when you're not subscribed to the MMO it came from?

After the millionth time of receiving a phishing mail about my Battle.net account, I got fed up with it and called Blizzard's tech hotline and manually asked them to ban my account. Also to stop legitimate suspension mails because motherfucking gold farmers somehow hacked me and used me to make goldspammers.

Something must be done or the industry will suffer another crash.

 

[Amnestic]

It seems to me that some people think an offline mode would have solved the hacking. How is that? Accounts would still be hacked.

Not if you never connected to a server. Kind of like how my Skyrim game was never hacked. Funny how that works.

I like how you chose Skyrim.

Why? Because Skyrim is a Steamworks game. It requires Steam authentication. Both my SKSE and my basic Skyrim executable launched Steam when I tried to launch Skyrim. I specifically closed down Steam to test this.

Tell me again how you can't have your Skyrim game hacked.

Tell me.

Why is it so hard to ignore that scummy-looking "ACCOUNT VERIFICATION REQUIRED" email you get spammed with even when you're not subscribed to the MMO it came from?

After the millionth time of receiving a phishing mail about my Battle.net account, I got fed up with it and called Blizzard's tech hotline and manually asked them to ban my account. Also to stop legitimate suspension mails because motherfucking gold farmers somehow hacked me and used me to make goldspammers.

Something must be done or the industry will suffer another crash.

...

In your first paragraph, you note that you're getting phishing emails to MMOs you're not subscribed to.

In your second paragraph, you asked Blizzard tech support to ban your account because you were fed up with phishing emails. I can only assume you did so because you thought it would stop said emails.

Even though we've already established that you get said emails even when you lack a subscription.

!"?$!%^$&%!??????