[an error occurred while processing this directive]

Hacking Information

Hacking Information – 29th August 01
Posted by Cynthe, Community Manager, ORIGIN Systems

In the last few days there have been multiple reports of UO accounts being hacked. Unfortunately, this happens all the time, as hackers find more and more clever ways of getting into someone’s computer.

So why is it suddenly coming to light now? One possibility is that there are players who were unknowingly infected with sub7’s or Trojans months ago, or gave a password to someone in a guild months ago, but they were not actually hacked until the hacker felt there was something worth taking on the account (like Vet Rewards, which would explain the recent outbreak). The players would have never seen any hacking activity on their account until now if their virus program did not detect a Trojan (which does happen). Even if a player changes their password, with a Trojan it would make little difference. Anything and everything stored in or done through your computer can be compromised.

Unfortunately, even if it is a player’s in-game items or characters that are affected by the hacking, it is not UO or OSI that has been hacked – it is the information on the player’s own computer that allows the hacker to log into the game as the other person. This means that any player who has been hacked has been hit with a form of computer theft/fraud, which is a crime. However, since the crime is actually committed on a machine outside of the Origin Systems network and service, the law does not allow us to press charges. Only the victim can do that, and unless that is done, the perpetrator will continue his malicious deeds.

We strongly advise that any person who has fallen victim to such activity immediately contact their local police and/or District Attorney in order to take legal action against the violator. This is explicit criminal activity, and the offender is subject to prosecution by law.

What Origin Systems can do – and does on almost a daily basis – is provide any and all information to the law enforcement entity investigating the matter. Such requests for official assistance must be made via fax at (512) 795-8014, and will be returned to the processing authority almost immediately. This gives the prosecuting police/attorney the hard data that is needed to continue the matter and serve as evidence against the alleged offender.

It is also possible for us to shut down any web sites that attempt to solicit passwords for the purpose of hacking, and we most definitely remove all offenders’ accounts from the game once caught. Again, though, if no charges are pressed, nothing has actually happened to prevent that activity from continuing.

The prosecution and conviction of individuals who choose to engage in this criminal activity is the only absolute method in bringing an end to that activity, and due to the limited nature of Internet law, it is absolutely vital that each victim report this crime to the necessary local, county, district, state, and/or federal authorities.

We simply do not have the resources or power to actually determine if every person playing our game is legally or illegally accessing those accounts (and having that power would naturally create a slew of privacy issues), but that power does lie with the law. The same falls true for the ISP and domain used in the event – while each of their services may be compromised by someone violating their Terms of Service or other similar usage agreement, they are almost invariably unable to file charges.

All players should take the time to read our document on account security at http://support.uo.com/faq_1.html. The best method one can use against hacking is to use extreme caution! This comprehensive document covers the area of account hacking, how to prevent it, and what to expect from the Internet.

More on viruses and backdoor programs:
http://www.symantec.com/avcenter/warn/backorifice.html

Also, here are some additional links to federal sites pertaining to Internet fraud:

http://www.usdoj.gov/consumerfraud.htm
http://www.usdoj.gov/criminal/fraud/Internet.htm

The address hacked@uo.com is available for anyone who has been hacked, and we will help you in any way we can.
[an error occurred while processing this directive]