Buying in-game loot using real money is illegal and frowned upon in many an MMORPG, but it still thrives nonetheless. Among the many MMORPGs that don't allow these kinds of transactions is Final Fantasy 11 Online. In their efforts to stop Real Money Transactions (RMT), they've even set up an enforcing body within the community as their Special Task Force. Read the full article for more of Square Enix's efforts to stop RMTs.

In the Austin Games Developer Conference (Austin GDC), Heatwave Interactive Director of Development Tim Keating gave a lecture on how video game coders can handle the more shady people who play online games.

Most of what he shared are based on his real-world experience when he was the lead designer of the popular MMORPG Ultima Online.

Keating gave advice on how developers can protect their games from the more common methods of attacks and hacks including duping and denial-of-service. Here are the main and interesting points the director raised:

• Don't give information to players about other players that can be used in duping scams.
• Avoid "monkey patching" - fixing code in a piecemeal fashion. Instead fix all scripts at once.
• Remember that when you add new features, the interaction testing burden increases in a nonlinear fashion.
• Fix the problem on the front-end "or it will bite you on the back end."
• Don't allow flexible inventory limits in your game. "Players will take a reasonable excess and use it pathologically," said Keating.
• Make sure your network infrastructure can support arbitrary packet sizes, but also ensure that packet sizes above a certain threshold raise warning signals.

Keating's new company Heatwave Interactive was formed back in February this year. The development studio has yet to announce its first project.

 

A recent problem has popped up with regards to logging into Blizzard's World of Warcraft. A lot of Europe based players have given word that they keep getting stuck on the "authentication" part.

Now Blizzard's support team was very quick to respond in the forums through Prokkar. The issue was quickly repaired but until now there is still an investigation going on regarding the source of the problem. A lot of theories have come up and here's a quick run down on the most popular ones:

• Hackers
• System bug
• Authentication server issues
• Too many people connecting at the same time
• Goblins sabotaging the system
• A crazy gnome hooking up the server to his new contraption to see if he can get the authentication process to go faster

All in all, it was good that Blizzard responded quickly to the problem. However, they had really better get to the root of the problem to prevent this from happening again since a lot of the player became rather disturbed by the occurrence.

Yes, this is yet another news regarding the growingly rampant WoW accounts hacking. And unfortunately, you guys just might have to be paranoid a little bit more.

Roger Thompson, CTO of Exploit Prevention Labs, warns that the gangs are still "incredibly active, and it's a good exploit." By now, you should know the hackers' MO already. But if not, it's never too late to find out. Basically, these hackers infect those sites that WoW players usually visit with keylogging software. Now, the sites need not be WoW-related, but is frequented by avid gamers. With the software installed in the computers, the hackers are then able to spy on keystrokes, and ultimately, to steal WoW accounts from unsuspecting players.

As to why WoW accounts are the ones targeted, "The guys working out how to do it are WoW players. We're pretty sure we know who (most of them) are: a couple of Chinese college students, and it turns out they're interested in WoW." They also suspect a Russian gang to be in on it as well.

For their part, Blizzard has already addressed the problem by giving a shout out to the gamers via their official website. "[An] important means of protecting your account information is keeping your system up-to-date. For instance, installing the latest Windows security patch is a good way to avoid exploits designed to steal your login and password details."

The thing is, it's most likely that this pilferage of WoW accounts will remain in the community because the players themselves do tend to be lax regarding their software security. Apart from this is the fact that there is an existing market out there for the stolen goods. Says Symantec's senior manager for the security response team, "People are willing to buy on the black market. If players themselves were not willing to go outside the games to improve their characters, then there wouldn't be such a need."

So at the end of the day, this security problem is still -- er -- a problem. While there still are no clear-cut mechanisms on how the WoW community can actually police these hackers, as well as a well-founded check and balance mechanism to avert these kinds of incidents, each player would just have to be extra vigilant that these folks with malicious intents on your accounts don't tread on yours.

"The moral of the story is that if you patch, you're safe," concludes Thompson. "If not, be afraid, be very afraid. Complacency is the enemy."

Microsoft recently admitted to being a victim of hacking through social engineering. Social engineering is defined as "a collection of techniques used to manipulate people into performing actions or divulging confidential information" (Wikipedia). The company's phone support staff released the account details of some Xbox Live users to some callers. As a result, some users were charged with purchases they did not make.

Security experts from Australia believe that this is not an isolated case. Gamers are being warned that they are one of the new high profile targets this year. MacLeonard Starkey, a security analyst for Australia's Computer Emergency Response Team (Auscert), said, "I haven't seen [sic] any malicious code that is specifically designed to run on a PlayStation 3 or an Xbox but I would expect (it) is not very far away at all."

He further elaborated on this, citing the attacks on MMORPG gamers. "We're seeing an awful lot of malicious code that will specifically target online games for the purposes of capturing user names and passwords." He stressed the financial ramifications of the incidents saying that these "thieves" can log in and steal the items collected by the players over a course of time. "There's actually some pretty good money in that," he added.
 
However, not everyone sees the threat as inherently malicious. The director of product management at security software maker CA 1, Stefana Muller, believes that the attacks on gaming payment systems and less damaging "proof-of-concept" hacks will be done to show off a hackers proficiency than for monetary gain.

She gave her take on the matter. "I think it's going to be an 'I did it' kind of target, 'I got to exploit this gaming console'. It's obvious that once a new thing comes out, if it's cool, it will be exploited."

Besides just reporting about the latest happenings within the video game industry, we here at QJ also play a lot of video games for fun, and to just relax. Because of this, we really feel for gaming site Kotaku's Michael Fahey who has just fallen victim to one of the worst things that can happen to an online game. Apparently, his World of Warcraft (WoW) account has been hacked.

Fahey's character is called Rande and is on the Ysera server. After logging in last night, he found a "naked" Rande, who has been stripped of his armor and otherin-game items. Thinking that this could be just a bug, Fahey went directly to the server and looked up his character there. Amusingly, he learned that his mailbox and his in-game bank account have been wiped out as well.

We're guessing that what hit Fahey's account was the new keylogger exploit that we shared with you a couple of days ago. A keylogger, for those not quite familiar with it, is not actually inherently bad. It is a diagnostic tool that was originally intended to detect errors in computer systems. It captures a user's keystrokes - and that folks is an open invitation for hackers.

Anyway, the latest keylogger hides behind the HTML file name "tonydanza.a11net" and is spreading across the official WoW forums. Blizzard Entertainment, in the past, has issued a lot of safety precautions regarding this but the exploit continue to persist and spread. Fahey has already asked for some assistance and the Blizzard representatives promised to investigate the matter and help him recover his stuff.

A couple of weeks ago, several developers and publishers of MMOs did their job of crushing the emerging practice of website hacking. In our reports, we mentioned that there are actually different ways to pull this act. Most common of all is third party sites offering in-game items for a hefty sum of money. Final Fantasy XI Online and Hero Online are just some of the games that encountered this modus operandi.

Then you have the much more blatant style, hackers attacking the very domain registry of a gaming site. IGG is a classic example of this, when its site for free MMO Voyage Century Online was hijacked not too long ago. The company had to look for a temporary host just to continue their operations.

Usually, this is the part when we would say "Fortunately, it's all over now." Sorry to burst your bubble, but things got a little worse. The U.S. Federal Bureau of Investigation came up with a warning today, saying a "handful" of Web sites were hacked and then defaced with a fake FBI seal. The report then went on by stating that the seal was accompanied by "an anti-piracy warning claiming that the site had been seized by the law enforcement organization."

FBI spokesman Paul Bresson tried to appease the gaming public by saying that the matter is not yet widespread. However, he expressed his concerns regarding the misuse and abuse of FBI's name. When asked about the possible reasons for such attacks, Bresson commented, "I'm not sure if it's financially motivated. I'm not sure what their motive would be."

If we are not mistaken, IGG is one of the few companies that promised to keep their MMO free as long as it exists. This to us, feels like customer service at its highest degree. Now, you can only imagine our amazement upon knowing that some no good people hijacked the company's online domain.

"All IGG registered members, we are sorry to announce that our IGG official domain names including have been hijacked by criminal and were stolen," an official statement from the company reads. Accordingly,  the hackers gained unauthorized access to the domain registry provider and transferred Voyage Century's and other IGG official domains to another registry.

Despite this, IGG would like to send word to all registered users that all information they have provided remain untouched and intact. As of now, the free MMO will temporarily be hosted at the address provided for you via the 'Read' link below. Adjustments to restore order are currently being done and the wheels of legal action are soon to be in motion.

We wouldn't be surprise if the good guys eventually call it quits because of things such as these. It's just plain disappointing.

Anything that appears to be lucrative or of value is susceptible to being abused or taken advantage of. The gaming industry is no exception to that.

Dave Weinstein, an engineer at Microsoft, has sent out a warning that hackers are now targeting online games. Massive multiplayer online role playing games (MMORPG), like World of Warcraft, are particularly vulnerable to such attacks. These hackers break into players' account information by using malicious programs to sell virtual items, such as gold or weapons, for cash.

While the issue seems to be trivial, F-secure security specialist Mikko Hypponen maintains that this is a real problem. In fact, there have already been lots of cases concerning malicious programs that seek to steal players' account details. Earlier this year, almost a fourth of a million characters were created in Lineage, a Korean online game, using stolen identities.

Hypponen further explains that trojans are most commonly used by criminals to steal account details. This is supposedly a harmless program that collects login and password information. The catch is that these information are actually being sent back to the hacker. Once he takes hold of the password details of a character, the hacker can now login to the account and sell the characters' weapons, potions and spells. Trojans are often disguised as programs that will give a character special powers such as invisibility. Distribution may be done through in-game chat rooms or by e-mail.

At the annual Gamesfest conference in Seattle, Weinstein urged the developers to be up on their toes, especially now that there are serious security risks on their games. "Those of you who are working on massively multiplayer online games, organized crime is already looking at you," he said.