Symantec Finds Server Containing 44 Million Stolen Gaming Credentials 146
A Symantec blog post reports that the company recently stumbled upon a server hosting the stolen credentials for 44 million game accounts. It goes on to explain how the owners of the server made use of a botnet to process that mountain of data:
"Now it's time to turn those gaming credentials into hard cash. But how do you find out which credentials are valid and thus worth some money? Three options come to mind: 1) Log on to gaming websites 44 million times! 2) Write a program to log in to the websites and check for you (this would take months). 3) Write a program that checks the login details and then distribute the program to multiple computers. Option one naturally seems next to impossible. Option two is also not very feasible, since websites typically block IP addresses after multiple failed login attempts. By taking advantage of the distributed processing that the third option offers, you can complete the task more quickly and help mitigate the multiple-login failure problems by spreading the task over more IP addresses. This is what Trojan.Loginck's creators have done."
I must be new here (Score:3, Interesting)
I an a little naive to the criminal enterprise that is stolen gaming credentials, but I have to wonder: why does it matter, if you are selling a stolen credential, if it's good or not? Is the buyer really going to come back and demand a refund when it doesn't work? And what real benefit are these, anyway? Don't tell me that people buy stolen creds and log into them just to take all their e-loot (worth thousands of e-dollars)? Oh for the love of humanity the things people will do in the name of wasting time.
Re:I must be new here (Score:5, Informative)
Don't tell me that people buy stolen creds and log into them just to take all their e-loot (worth thousands of e-dollars)? Oh for the love of humanity the things people will do in the name of wasting time.
No, this is often the people who STOLE the creds, log in, and sell the E-loot for REAL money. If you've never played WoW, Eve, or Runescape for more than a Month, I wouldn't expect you to understand. But this is a problem that does occur regularly.
Re: (Score:2)
This is very common in WoW. It usually goes like this:
1: Someone visits a website which is either legit but gets served up a fake ad via an ad-rotater, or the site is using exploits directly. Either way, a keylogger gets downloaded. It can be an add-on that just logs keys in the background and ends when the Web browser is closed and not even installed on the system.
2: The keylogger grabs the WoW password.
3: The account is grabbed, password and other info is changed.
4: The higher level characters have
Re: (Score:2)
Seriously. Here's a system that, if put into widespread use, would not only make their game more appealing to players, but should also decrease their support costs by significantly reducing an issue that is a completely pain in the ass for all parties involved.
How many people does Blizzard employ just to spend all day taking care of hacked account related issues? They should be doing everything they can to make that problem go away.
Re: (Score:2)
Or you have to be smart enough not to visit shady websites that result in keyloggers getting installed on your system.
Or you have to be smart enough not to buy games from shady companies that designed a game with a built-in protection racket. It's not like they can't restore your character to an earlier point. And if they can't, their game blows.
Re: (Score:1)
I wonder if anyone has ever filed a police report for stole e-goods?
I can just see the officer's face taking a report about stolen gold as it slowly dawns on him it's from a video game.
Re: (Score:2)
You'd find something else to do, just like anyone with a normal psyche. This stuff does hold the potential for addiction, which for most of these people is the only explanation for their obsessive behavior.
Think about it: nobody really wants his life to be sitting in a chair wasting time and just waiting for death to come a little closer. Nonetheless, this is the behavior of folks with addictions.
Actually, that description sounds like having a (white collar) job. I produce nothing of value, but here I am, h
Re: (Score:2)
Ah, er, if you are comparing the endgame in having a family to that of a porno, either you are watching some messed up pornos or you are doing it all wrong.
That'd be the point, wouldn't it?
I'm illustrating a cost-benefit vs the specific short-term need.
Re: (Score:1)
Re: (Score:2)
Not to mention the selling of characters, which does happen on occasion.
Re: (Score:2, Funny)
It's a little easier than that... all they have to do is use hordes of 3rd world labor at low rates to farm and auction what they get, especially if they work on commission.
Re: (Score:2)
Re:I must be new here (Score:4, Insightful)
Probably not, but reputation must be worth something in criminal enterprises. Giving out a bunch of bogus products kills the word-of-mouth.
And what real benefit are these, anyway? Well, all the criminal has to do is sell off the account for less than the game costs up-front. They make pure profit and people willing to buy stolen games get a discount. Steam accounts could probably be quite lucrative, for instance.
Re: (Score:3, Insightful)
I can't imagine how they could sell those individually to gamers. For them it makes more sense to single out invalid accounts and to sell large blocks to less skilled criminals at a premium. Just like in the normal business world one would pay more than twice for a product which has a 0% failure rate instead of 50%. Of course one could just pretend that all accounts a
Re: (Score:3, Informative)
Is the buyer really going to come back and demand a refund when it doesn't work?
While I'd guess it's not impossible to just fake the account details, and maybe people do that, it could just be that these particular people found it is just more profitable to be legitimate after stealing the account for a variety of reasons. These are legitimate auction sites according to TFA.
Just guessing, but you see a account you'd like to get on the auction site, check to see if that character is actually good or has good equipment on WOW or whatever. If it isn't, no bid. If you buy it and the log
Re:I must be new here (Score:5, Insightful)
Oh for the love of humanity the things people will do in the name of wasting time.
One man's wasted time is another man's Sistine Chapel, or pornography collection, or fictitious language for a fantasy book series.
From the moment you open your eyes in the morning until you close them at night you're passing time. Whether or not it is wasted depends entirely on whether or not you regret how you spent it.
Re: (Score:2)
Oh for the love of humanity the things people will do in the name of wasting time.
One man's wasted time is another man's Sistine Chapel, or pornography collection, or fictitious language for a fantasy book series.
I don't think that last example really helps your case...
Re: (Score:2)
From the moment you open your eyes in the morning until you close them at night you're passing time. Whether or not it is wasted depends entirely on whether or not you regret how you spent it.
I think this is possibly the most profound and insightful quote I've read in the past year. Kudos to you, good sir/madam.
Re: (Score:2)
Don't tell me that people buy stolen creds and log into them just to take all their e-loot (worth thousands of e-dollars)?
This is typically what happens.
In WoW, for example, they'll sell off all your nifty loot for gold. Then they'll transfer the gold to some other character and leave you sitting naked and penniless in the auction house.
They will then sell those huge piles of ill-gotten gold for real-world dollars.
People will actually pay real cash for in-game cash.
Re: (Score:2)
people will pay just about anything for a "performance enhancement"...
Re: (Score:2)
Re: (Score:2)
Oh for the love of humanity the things people will do in the name of wasting time.
Quoth second poster on a slashdot gaming article...
Re: (Score:2)
Is the buyer really going to come back and demand a refund when it doesn't work?
No, but it would be impossible to sell him a bigger list if the test account comes up empty. No one who would give any real good price for a large 'batch' of accounts would start out by 'testing' a 'supplier'. It shouldn't be surprising that, even to criminals, guaranteed results have a monetary value. e.g. If you stole an apartment super's keyring, you could break into each home yourself. However few pickpockets like yourself have the stones for burglary, so instead you sell them to someone who will.
Re: (Score:2)
Don't tell me that people buy stolen creds and log into them just to take all their e-loot (worth thousands of e-dollars)?
It's about cold, hard cash. The e-loot and e-dollars are worth hard currency; mainly because you can trade e-dollars for it. From a somewhat aged article on the BBC in 2007 [bbc.co.uk]:
Hey you guys (Score:2)
You know Slashdot doesn't let you say your own password? Check it out:
*********
Also, Alt+F4 gets you instant Karma!
---
Had to get that out of me. So I didn't RTFA, but what I gather is that they used some kind of keylogger and now the server has 44 Million user credentials. At first I was like "Why didn't it just test the credentials when it recieved them, and then changed the password?" But that runs the risk of users detecting the virus, having it's spread shut down by Symantec, and the account being deeme
Re: (Score:2)
To test this I found a really old article (to avoid the chance of someone coming upon it) and posted a comment in it with my password. Turns out you were wrong!!! Damn you.
Re: (Score:2)
It's the oldest trick in the book, and you'd be surprised how many people have lost their account info that way. ...
*shifty eyes*
I was twelve okay? I didn't know any better.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Funny)
Re: (Score:1, Offtopic)
Re: (Score:2)
Actually he was right. You can see your own password because it's your password.
You can even see it after logging out, because slashdot remembers your ip.
And detects it through web proxies.
And uses biometrics on the keyboard to recognize you from another computer.
Yeah, that's it.
Re: (Score:2)
You can't comment in really old articles.
Re: (Score:2)
Did you know that by clicking on your username, I can see what posts you have recently made?
Re: (Score:2)
Apparently, your password is asstastic [slashdot.org]. Now that's funny.
Re: (Score:3, Funny)
Re: (Score:1)
Re: (Score:2)
Nope, it lets me post my own password. :)
Re: (Score:2)
Remind me to change the code on my luggage too. :)
Re: (Score:2)
or... (Score:1, Insightful)
4) Sell them in bulk, untested.
Damn it. (Score:5, Funny)
They should post the usernames... (Score:5, Interesting)
They could, as a service to the online community, go ahead and post the usernames that are compromised.
Re: (Score:2)
I get your point, except that you should change your gaming password now anyway. It might have been you, it might not have, and your creds. might've been stolen by someone else entirely.
Change your passwords anyway.
Re: (Score:2)
I get your point, except that you should change your gaming password now anyway. It might have been you, it might not have, and your creds. might've been stolen by someone else entirely.
Change your passwords anyway.
This is true every moment of every day. Maybe my password was stolen a second ago, or maybe in the next second. We have to make some assumptions or else the protection becomes unusable.
Symantec, however, has the list and so makes far fewer assumptions as to whom should take action.
Also, having the list would let people know that they are in need of better security, along with letting them know their password needs changed. Omitting the former means your new password would be immediately compromised as we
Re: (Score:2)
needs changed
What's the weather like in Pittsburgh today?
Re: (Score:2)
They could, as a service to the online community, go ahead and post the usernames that are compromised.
Along with the passwords. Because, um, then we'd know if the thieves have old creds? Yeah, that's the reason.
Re: (Score:2)
In truth, if my password were divulged back to me I'd know WHEN the compromise happened as well.
But, as you so eloquently pointed out, there would be other uses for this information...
Re:They should post the usernames... (Score:5, Interesting)
I used to have a lot of fun with that, when I was the sysadmin for a large site. It seemed every script kiddie wanted the password to it. It showed up regularly on passwordz sites. We had a whole bunch of triggers to detect and resecure accounts. One of the easy and obvious ones was to let them post it, and catch it afterwards (usually within seconds of being posted). The legitimate account holder got a notification that we changed their password to a secure one. Everyone else just sat there and wondered how we'd catch them so fast.
That trigger was pretty low on the list though. My favorite was to catch 'em scanning for passwords. If they tried say 1000 wrong passwords in a short period, but got one or two right, we'd let them keep scannning for a while, and then block their access to the server. (iptables drop rule). Then the program would figure out which passwords they actually got right, change those, and notify the account holder of their new password. :) It was always fun to see what the delay was between them finding a password, and when it started being used from passwordz sites. In those cases, we always had the account secured before they had time to post it. The typical time from being scanned to being posted was about 12 hours. The typical time for us to reissue the passwords was less than 5 minutes.
I can't imagine online game places wouldn't have something similar. Brute force attacks are just too easy, and people will always try them. How many different usernames can a person really try before you know that they're just brute force attacking.
Re: (Score:3, Insightful)
Re: (Score:2, Insightful)
What would be the point of publishing a 500 MB (@~11 chars/user) text file? And how would they do that? If anyone gives a shit about their account, they'll just change their password as soon as they hear about this.
Also, let's do some statistics, shall we? Let's say there are 20 million WoW accounts (pulled the number out of my ass, Wikipedia said 12 million in 2008). There are also 0.2 million stolen WoW accounts. The chance of your account being compromised is 100:1. Pretty high, if you ask me, so just sc
Re: (Score:2)
You might want to check out some of the other posts in the thread...
Infringed! (Score:2)
Hey, the original users got to keep their credentials - all that happened was the hacker got a spare set! (Until the password was changed...)
And if I did this... (Score:3, Insightful)
OK, so Symantec "recently stumbled upon a server hosting...".
What, was it placed on their doorstep one night, and they didn't notice it when they went outside to get the morning paper?
So, they wrote a crawler that intrusively scanned servers that they didn't have permission to access, opening and analyzing files that they didn't have permission to read, then published what they found?
And the penalty if I did that is, what, 5 years in federal PMITA prison?
There is something wrong in this world.
Re:And if I did this... (Score:5, Insightful)
And the penalty if I did that is, what, 5 years in federal PMITA prison?
There is something wrong in this world.
You're quite wrong. This is an example of one of the few somethings that is right in this world. Selective enforcement is designed into the system, along with jury nullification, to help the laws achieve ends that keep the public they support happy. Any "completely fair" application of the law would make it unworkable in very short order.
Could you imagine a robot issuing you indecency citations every time you pass gas in public? Could you imagine a police officer doing the same if you passed gas into a megaphone-amplified-sound-system aimed at, say, an Inaugural speech? Context is key, and thankfully so.
Re: (Score:2, Insightful)
Selective enforcement is what creates tyranny and allows those in authority undue power in determining who's looked after and who isn't.
Re: (Score:2)
Selective enforcement is what creates tyranny and allows those in authority undue power in determining who's looked after and who isn't.
Clearly, but then we like a little tyranny, don't we?
Re:And if I did this... (Score:5, Funny)
We don't care about your sick perverted little secret fetishes.
Oh, "tyranny." Never mind.
Re: (Score:3, Insightful)
I lol'ed. :P
Re:And if I did this... (Score:4, Insightful)
You say that any completely fair application of the law would make it unworkable. That is the biggest pile of bullshit I've seen on
Re:And if I did this... (Score:4, Interesting)
You know "IMHO" can sometimes be interpretted as "honest" and not "humble" right?
Re: (Score:2)
You know "IMHO" can sometimes be interpretted as "honest" and not "humble" right?
IMHO, no it can't.
Re: (Score:3, Funny)
Don't let me squash your corporate angst that you're grooving on, but you're entirely off my point, and have gone on to bend it towards one of your own.
Symantec being 'the machine' is completely irrelevant. We still use them as a tool to keep our computers protected (the effectiveness is debatable, but not the use), and so would definitely allow them more leeway than we would an individual that neither harms nor benefits us.
Our founding fathers knew this.
Our founding fathers were, by the strictest application of the law, brazen criminal
Re: (Score:2)
Our founders knew that equality under the law mattered. They sure as hell didn't get it right in their lives, but they went further than anyone else had.
YES, I expect every law to be enforced for every infraction, or I expect the law to be changed. If selective enforcement is the rule, then prejudice, classism, and eventually a chaste system will prevail. You can live in that world, or we can all
Re: (Score:2)
Jeez, but you're frothy. How do you possibly know me well enough to label me in such ways? (Hint, slashdot has a posting history feature...) And why didn't you respond to the non-prosecution of our founding father's crimes?
I'm not telling you that I necessarily support every possible imaginary application of selective enforcement, but only that it is implicit and necessary in the system for us to have a thing we like to call 'justice'. If you don't get it, fine. If you disagree, try and do so on more th
Re: (Score:2)
Let me try again with a little less froth. I believe in justice, and I don't believe that can be achieved by selective enforcement. Only by just laws. I do realize that under our current system I pretty much have to accept a little bit of both. At least for now. However, that doesn't mean I'm o
Re: (Score:3, Insightful)
Selective enforcement is designed into the system
[citation needed] Can you cite a single government document that says this? "Selective enforcement" does in fact exist, but it is almost always used unfairly. It's an excuse to target the poor or minorities and let the rich and powerful off the hook.
Sometimes they have "zero tolerance" policies in place in my city, and they're always in place in the ghetto. This coountry was NOT started with the concept of "selective enforcement" in mind, it was started with
Re: (Score:3, Insightful)
"Selective enforcement" does in fact exist, but it is almost always used unfairly.
Selective enforcement, by definition, is ALWAYS used unfairly. Sort of like how water is wet.
Re: (Score:2)
"Selective enforcement" does in fact exist, but it is almost always used unfairly.
Selective enforcement, by definition, is ALWAYS used unfairly. Sort of like how water is wet.
Not necessarily. I say this having had a law selectively enforced against me. In my state, it is illegal to gamble, except in the state lottery or at Indian casinos. This is selectively enforced, and everybody knows it. It's even in the case law. The purpose of the law is not to stop gambling from occurring, but to stop it from becoming a racket or other public nuisance. It would be nearly possible to write all the distinctions into law for the types of gambling our state considers okay and the types
Re: (Score:2)
Perhaps I got my arguments crossed, but I've been tangoing with many on here that want to see every infraction dealt with on exactly the same terms, and are labeling this as 'fair'. You're saying it can be (something close to) fair to society while not necessarily being entirely fair to the individual, or something, which is fine.
But as long as it is selective, there will be errors and 'fair', being equitable, in the sense it was being used earlier cannot exist.
Re:And if I did this... (Score:4, Funny)
They're not going to say "a server we were protecting with our products got hacked and was used in an operation to steal 44 million credentials..."
Re:And if I did this... (Score:5, Interesting)
OK, so Symantec "recently stumbled upon a server hosting...".
What, was it placed on their doorstep one night, and they didn't notice it when they went outside to get the morning paper?
So, they wrote a crawler that intrusively scanned servers that they didn't have permission to access, opening and analyzing files that they didn't have permission to read, then published what they found?
Symantec and many other companies set up honeypot computers.
The honeypot gets infected, Symantec pulls apart the trojan and studies its web traffic.
This usually leads to the dumpsite where the trojan is uploading the data.
Many botnet/trojan masters don't bother to encrypt their data dumps or secure the server hosting it.
And even if they did, are they going to sue Symantec for unauthorized access?
Re: (Score:3, Insightful)
Re: (Score:1, Insightful)
> OK, so Symantec "recently stumbled upon a server hosting...".
> What, was it placed on their doorstep one night, and they didn't notice it when they went outside to get the morning paper?
> So, they wrote a crawler that intrusively scanned servers that they didn't have permission to access, opening and analyzing files that they didn't have permission to read, then published what they found?
Yeah, it's not like Symantec reverse engineered a trojan that was attracting their attention (Trojan.Loginck),
Re:And if I did this... (Score:5, Informative)
RTFA. This is not a case of Symantec hammering through random servers looking for bogeymen.
The very first sentence of the article states that the server was flagged from a new set of sample data submitted to Symantec. This is likely user data aggregated from Norton's threat detection network.
Re: (Score:3, Interesting)
OK, so a compromised machine was pointing to the server.
That somehow gives them the right to go rummage through that server uninvited, reading and analyzing what they found and publishing it? Now, I know the vigilante in all of us wants to say "yes", but it's not clear to me that the law permits that kind of activity. And I stand by my statement that, if I did it, I'd end up a very unhappy puppy.
Let's imagine that I find some Symantec product on my machine that I didn't install, and I find a server address
Re: (Score:2)
Let's imagine that I find some Symantec product on my machine that I didn't install, and I find a server address in the code. Does that give me the right to go pillage Symantec's machine and publish information about what I'd found?
There are several underlying issues which are highly relevant to your argument:
1. Was the unwanted code contacting that particular server from your computer?
2. Can a bad actor grant access rights to his program but not to you, the user whose machine it is residing on?
3. If the bad actor does not secure the information on an internet facing server, have you exceed access by "pillaging" it?
4. Can a bad actor even make a claim of unauthorized access?
Personally, I'd make the argument that the answer for #2,3,4
Re: (Score:2)
That somehow gives them the right to go rummage through that server uninvited, reading and analyzing what they found and publishing it? Now, I know the vigilante in all of us wants to say "yes", but it's not clear to me that the law permits that kind of activity.
Yes.
And did Symantec report this to the authorities? (Score:2)
Re: (Score:2)
I thought having a Just Plain Wrong moderation option would be useful, but it would just be abused by trolls. So instead one must actually respond to wrong such as you and others have. It helps foster the community in that we can't just say something is wrong, but we have to say how it is wrong.
Read all about it! Read all about it! (Score:2)
In other, unrelated news... (Score:2)
A Symantec blog post reports that the company recently stumbled upon a server hosting the stolen credentials for 44 million game accounts.
Symantec has reportedly bought up all the beer in the area and is planning raids into the deep mines.
Inflated Numbers Are Misleading (Score:2, Interesting)
Summary (and article) claims "44 million stolen gaming credentials", which sounds like a lot of us English-speaking and English-game-playing Slashdot readers.
However, in the article, they analyze "a particular sample", with about ~18.3 million accounts in it. Of those ~18.3 million, ~16 million of them were game accounts for "Wayi Entertainment", which is an Asian company. They have no English website, that I can tell, and I think it's a safe assumption there are no English counterpart to these games.
So we'
how to make money from stolen gaming credentials (Score:1)
Hold it Right There.... (Score:2)
The article glosses over the fact that *millions* of accounts are discovered.
That suggests the data is captured in massive quantities at one time. Specifically, 210,000 WoW accounts are hard to come by one-by-one. The computing effort might not be great, but the time to trawl compromised PC's would seem to be. Am I completely off-base with this assumption?
My point being, the bigger problem seems to be blocks of data that must come from the inside of these organizations pretends not to exist. Instead we
Its not about logging on. It's about selling (Score:2)
They would split up the list and sell it as small lists. E.g. you could split it up into lists of 1000 accounts or less, wheras the newest accounts are the most likely to work, thus having the highest price or similar.
Re: (Score:2)
Your post is the closest in the discussion to how to make money out of the list. The only problem is that you didn't think big enough. So the problem is that you can only sell each list once, and the stinky ones are hard to shift.
Rather than sell the lists you want to securitise them. Bundle the lists up into tranches and sell rights to the loot in each tranche. By using clever financial magic we can make the bad stink from the oldest accounts go away and sell each account many times over.
Absolutely nothing
??? Profit!!! (Score:2)
For the benefit of the non-gamers amongst us, perhaps someone could explain exactly how one goes about converting game accounts into "hard cash".
Stolen? (Score:2)
Who says they're stolen?
Could be the owner suffered from schizophrenia with multiple personalities and had 44 million separate personalities, all avid gamers... ;)
Games and security... (Score:2, Informative)
One of my buds ran a long thread here [incgamers.com] a while back. Several of his accounts were taken...don't remember how they got his WoW account. But it ended up that he eventually figured out that a server admin had poisoned a Web-downloadable
Re: (Score:3, Insightful)
But it ended up that he eventually figured out that a server admin had poisoned a Web-downloadable .exe map pack file with a trojan that scraped some account info off files while running a keylogger to get anything that the scraper missed. These hackers are usually on top of their game
That's one step above coldcalling your friend and asking for his credentials. These aren't "hackers" "on top of their game"...your bud is just a complete moron.
Re: (Score:2)
Although a little outdated, mmogchart [mmogchart.com] had the total number of active MMO subscriptions at less than 20 million in 2008. Makes you wonder 1) what % of those 44 million are inactive accounts, and 2) what do they do when they find an inactive account - scrap it, save it, or purchase an untraceable game-time card to reactivate?
If their methods for stealing logins are that advanced, do you think they have some sort of organization of those inactive accounts by likelihood of them containing enough loot to be wo
Re: (Score:3, Informative)
My WoW account was inactive for a year and a half.
It was also hacked, months after I canceled my subscription. No idea how.
So, in short, they sit on the account info and wait until it is inactive. This way they are less likely to be noticed as they link the WoW account to a battle.net account that they control. They also PAY to have the stolen account reactivated and thus raise no flags with Blizzard. It looks like someone simply reactivated the account as far as Blizzard is concerned.
Once they have the acc
Re: (Score:2)
Yeh, I had a guy in my old guild get hacked. He came back to a lvl 85 with epic flying and 5k more gold than he had before.
Then you have others that get hacked, have their accounts transferred to other servers and lose everything.
It can go either way.
Re: (Score:2)
Well maybe he is from the future come to warn us of the coming WoW hacking apocalypse !!!
I hear the expansion has a new level cap of 85 lol
Re: (Score:2)
They also PAY to have the stolen account reactivated and thus raise no flags with Blizzard...All told, I logged back in about 6k richer, more then enough to get back into the swing of things.
At least that is what happened to my account.
Whoa. It's brilliant! Pay for someone else's account to be reopened, and spend time making the unsuspecting victim richer. They're criminal masterminds!
Re: (Score:2)
I wonder about this, this costs a lot of money for someone to activate your account for you....and use it to farm maybe 20$ a month (= to 10,000 gold?) worth of gold, if they are good....and even then would not blizzard realize something is up if the ip address is now playing from china instead of the us???
I was also thinking if you had your account hacked when it was deactivated, trying to log unto it once in a while during the time it is deactivated should be good, as well changing the password to your ac
Re: (Score:2)
"I wonder about this..."
Keep in mind that that account was probably being used by several people, 24/7. 10k gold is nothing to these guys. They can whip it up pretty quick, especially since they are using Bots. At that point, it is just a computer generating money. As long as the numbers balance to the black, all is good and it was worthwhile.
The IP is more then likely going through a controlled proxy, giving the appearance that the account is being accessed from the US.
We are talking US dollars in a Chines
Re: (Score:2)
good to know, tyvm....
will keep my eyes peeled as i am intending to come back to wow once cat. comes out...
Re: (Score:2)
There are those who wonder how value can be created in a fantasy world.
I wonder if they then turn around and wonder how it's created in the real world.