Dark Age of Camelot European Server Compromised

Revz writes "The company in charge of the Dark Age of Camelot servers in Europe finally admitted they have been having security problems, after over a week of unusual happenings for the players of this PC MMORPG. Unknown people have been causing havoc with GM admin tools on live servers and have potentially gained access to account passwords. Sanya (the community relations manager from Mythic, who run the servers in the US) has commented on the whole thing in this thread on the DAoC Catacombs site, saying 'server security has never been compromised... there is an explanation for this that doesn't involve anybody breaking into databases or servers'. Pictures and videos of the situation on the European servers where multiple high level creatures were spawned can be found in this thread on an unofficial forum."

Re:fp!

[Digital11]

Undoing mod.. somehow i hit interesting instead of troll.....

Comment removed

[account_deleted]

Comment removed based on user account deletion

Sounds like the .Hack anime...

[wickedj]

This is right out of .Hack [dothack.com] where players in beginner areas are confronted with high-level creatures that shouldn't be there. I wonder if there is someone who isn't "bound" by the game rules, is not sitting in front of a pc while playing, and is currently in a comatose state. Of course, that last part could apply to a lot of people I know who play video games...

Maybe someone was about to quit.

[darkmayo]

Maybe an employee of GOA (the company running the european side of DAOC) was disgruntled logged in and used his GM toolset to spawn mobs and cause a bit of a ruckus before they quit.

Seems the most plausible to me, since daoc has been the most stable and secure MMORPG release..(IMO) unlike a certain PVP centric one..

Movie link

[Lord_Dweomer]

For those who didn't want to search through that massive thread to find the video link, here it is.....be gentle!

Some poor sop's FTP [213.112.207.103]

Heh, I was smart, waited to post this AFTER I downloaded it.

Lock and Key

[August_zero]

I wonder if the security for the current crop of MMORPGs is that much more lax than the older generation or is it that more people are gunning for them? I suspect that its a little of both. I remember back when I was playing AC there were a few cases of people messing up the servers (someone actually worked out how to crash an entire server) but I seem to recall that these troubles were from exploits in the game itself and not the actual work of any hackers.

With these types of games becoming more and more popular, and the fact that we are getting closer and closer to the day that items in game will carry real legally recognized value (lawsuits over lost items, are already starting to appear and even if you find it absurd, it is what things are moving towards) It may become really expensive for companies to put out games that are not perfectly secure (and what is perfectly secure anyway?) How many years will i get for hacking in my own LongSword of Holocaust?

Stuff

[E_elven]

Well, EQ was reputedly written based on the ubiquitous DIKU-family of MUDs (some say the original EQ engine was actually a DIKU.) DIKUs have been out there for a long time and a lot of the bugs have been quashed. Then again, maybe you're right.

These guys don't understand "security"

[tc]

These guys clearly don't understand the meaning of the word 'security'. Literally. They say that security has not been compromised because there was no server break-in, and yet all these game-wrecking events are happening. Sounds like a security problem to me.

The deal here is that security is an end-to-end process. It's not a single lock that gets picked, or a server that gets hacked. It's a whole system, which may involve a large number of human factors. It doesn't matter how security was breached, but if the assets are compromised (in this case game integrity), then there has been a security failure. Even if this didn't involve a direct attack on the server, it's no less of a security failure.

Re:These guys don't understand "security"

[TempeTerra]

The deal here is that security is an end-to-end process. It's not a single lock that gets picked, or a server that gets hacked. It's a whole system, which may involve a large number of human factors. It doesn't matter how security was breached, but if the assets are compromised (in this case game integrity), then there has been a security failure. Even if this didn't involve a direct attack on the server, it's no less of a security failure.

I agree. My experiences of MMORPGs (can't someone find a better

I'm surprised

[TechnoPope]

I'm surprised that people not only keep playing these games, but that people keep signing up for them. Over the past couple of weeks, the security of MMORPG's has become somewhat of a joke. Ragnarok might as well be called Ragnahack because it's been compromised so many times. And now this. Even Microsoft does a better job of protecting their information.

What gets me is that people are still signing up for these games. I personally haven't because the only one I've liked was RO, but I didn't have time to

CC details safe, they reckon

[Scorchio]

In a further news [goa.com] article on the DAoC site :

Your billing information is not stocked on our servers. Everything related to your money is handled by a billing partner specialised in online transactions. Your billing information is totally safe and isolated from the platform targeted by the recent attacks.

It's even worse

[Yomar]

If you check out Barrysworld (http://forums.barrysworld.com/forumdisplay.php?s= b74713e616fe7316d4cbdc2f9963005d&forumid=160) you will notice that many users will never be able to retrieve their passwords, because they cannot update their e-mail addresses. After all, when RightNow (their customer support tool) will be up again they can't gain access to it, because the passwords have changed. So to get their password, these people need to change their profile. To gain access to their profile, they need to know the password. But they don't know the password, because the password was changed.

In Mythic's defense...

[wynterwynd]

So far there have been no serious security compromises on the US DAOC servers, mostly just the occasional dupe item bug, player radar, or 'speed hack', which are almost always dealt with quickly. And they have always said their European servers were almost completely outsourced, which may not have been the best idea and I'm sure they regret to some degree now. So much of DAOC is server-side that I don't see how this could've happened unless a rebellious GM (or their account) was involved.

Re:In Mythic's defense...

[PainKilleR-CE]

So far there have been no serious security compromises on the US DAOC servers, mostly just the occasional dupe item bug, player radar, or 'speed hack', which are almost always dealt with quickly

I'm amazed they have problems with speed hacks after these were so well publicized in fps games (Half-Life, Quake 3, and other Quake-based games, UT managed to escape it due to player location synchronization and speed limitation being built into the server before the hacks even started). Radar and occasional dupe-item bugs are going to be problems for some time, but speed hacks, especially extreme cases, can be easily stopped.

Re:In Mythic's defense...

[Auburn_Jack]

My guess is that a developer of an MMOG isn't too concerned about a speed hack. After all, considering how games like EQ and DAoC operate (even in regards to PvP), the very worst it's going to do is unbalance the classes a little. MMOG's usually need to be designed for stat numbers rather than twitch.