Now that we have our theories on how the attack will work and where it will occur, now we have to figure out what the attackers will do once they've got the compromised account. For the most part, attackers would do a few different things. They would shard and sell everything a 'toon has then transfer the gold to another character. They may also just flat out transfer the character off the server. Either way, the password would often be changed from the original so the player could not log in.
With an authenticator, the attacker will only get one shot at an account at a time, so they will have to make a decision as to what method to take. Based on my last entry, a website-based keylogger will still allow an attacker one-time entry into the legitimate "Account Management" page for a compromised account, allowing the attacker to change the password and transfer characters off the server. The problem with that method of attack is even if the character is moved entirely off server the attacker will not be able to gain access to it, a loss of $25 to the attacker. Ergo this method of attack still seems only to be really viable for players that do not use the authenticators.
A program front-end keylogger will allow the attacker to log into the game as that player's toons, but they won't be able to wheel around and get into the "Account Management" website. So this leaves the attacker one option, to shard & sell as many items as they can and then mail the gold to a gold mule. The mule itself will then be transferred off the server, where the gold can be picked up and used for sale on the market.
Now as I had said on my last entry, the open window for a successful attack will be a short period indeed, maybe a maximum of 60 seconds. As of this writing we still don't know anything regarding Blizzard's configuration of the authentication window. Either way with such a small amount of time this means someone will need to be at the machine all the time to take advantage of a compromised account and harvest gold. It's possible such a requirement could force smaller operations out of business due to the increased complications to keep their coffers full of plundered gold. This will probably not affect larger operations quite so much as they will be able to afford a workforce to keep running 24/7.
Of course a bot program to automatically log into compromised accounts and then sell items at the nearest vendor *might* be feasible, but that's beyond the scope of this document.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment