Security FAQ

Question

Security FAQ

Answer

ACCOUNT SECURITY FAQ

---

General
Hacking
Viruses
Summary
Resources

---

GENERAL

What does account security mean?

Account security refers to the process of preventing and detecting unauthorized use of your game account. Account security techniques dovetail with the techniques used to keep your computer secure.

Preventing use means stopping unauthorized users from accessing any part of your computer system. Detecting helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.

To keep your account secure means that you are doing a number of things to protect it:

• Keeping your user name and password to yourself; never sharing your password with others, including NCsoft staff.
• Using good judgment on how you communicate in-game and out-of-game.
• Protecting your computer system from being accessed by others (hacked).
• Protecting your computer system from viruses.

It is each individual's responsibility to keep his or her account safe.

Why do I have to worry about this? Isn't it NCsoft's job to provide a safe environment in which to play?

NCsoft takes responsibility to provide systems, rules and regulations that offer as much protection to our customers as possible. However, this responsibility ends on the system end -- we cannot and are not responsible for how players act in-game and out-of-game.

What we can do -- and have done -- is provide Rules of Conduct and this account security page. The Rules of Conduct is meant to educate customers on our expectations for acceptable behavior in and out of our games.

This account security page is provided to inform customers the dangers of certain out-of-game behavior, how an account can be infiltrated, and what each customer should to do protect their account.

We also frequently remind players to keep their account password private. Never give your account password to anyone, even our staff. Beyond these measures, it is the customer's responsibility to protect one's self from being taken advantage of. We cannot control your computer system and the decisions you make when interacting with others on the boards or in the game.

Why do I have to keep my user (account) name and password to myself?

This protects you from being duped by any other players or computer criminals that may be in the game, in the message boards, or in other types of chat or instant message programs. Keeping your user name and password private will make it more difficult for someone to trick you into giving them your items, accessing your computer system, or stealing your identity.

Keep in mind, you may have friends that you feel you can trust with your account information, but NCsoft suggests you use caution. We have seen multiple cases where trusted individuals have abused the trust given by other users. Many of the cases of claimed hacking come from individuals whose friends broke their trust. This can not only give you a lot of headache, but it can ruin friendships. Use care.

How can someone get my password?

There are many ways someone can get your password. The most obvious is if you give it to someone! This is very important. NCsoft employees will never ask you for your password while trying to help you. Therefore, you should never give it to someone claiming to be NCsoft support or any NCsoft employee. Additionally, you should avoid giving out your password to anyone else -- friend, foe, or other.

A computer criminal could guess your password if they know something about you, so remember to use caution in online group environments. The more information you share about yourself, the easier you make it for crooks to guess your login(s) or password(s). The best thing you can do is pick a random password that you will be able to remember, but that is not remotely related to you. Many people place numbers in their passwords to make it even more difficult for someone to guess a password. For instance: F1L3tRansfer. This is the phrase "file transfer" with random capital letters, a 1 in place of the I and a 3 in place of the E in the word "file." You may also choose a random string of letters and numbers such as: b23fz5d. These are more difficult to remember, but probably the least likely to be guessed.

The most common way for people to get your password is by retrieving it using the Account Management tools on the PlayNC website (https://secure.plaync.com/cgi-bin/plaync_manage.pl). If you share your e-mail account with someone and use that e-mail account on your game account, it is possible that they could retrieve your password if they know your account name. (A similar thing can happen if you use certain instant messenger programs and share your account with someone…they could easily get access to the free e-mail account that you get with IM programs.)

Another way for computer criminals to get a password is to go through a list of all possible passwords, given they know an account name. This might seem tedious, but hackers do it with the help of computer programs that quickly cycle through all potential letter and number combinations. Should this happen (while unlikely, it does happen), the infiltrator needs your account name next. You should guard your account name if you can; avoid making your user name something that is readily accessible or easily guessed. For instance, don't use the name of your main character as your account name.

Remember, if someone has remote access to your system, it is very possible that they will be able to get your password if you have the password saved on your computer. There are two things you can do to prevent this from happening: never leave a save password box checked and keep your system cleared of viruses, particularly Trojans (which are discussed later in this document). Leaving a save password box checked means the password will be stored somewhere on your local drive. While this makes logging into websites or games easier, it also gives crooks a head start in getting your passwords.

What do you mean by "using good judgment" on how I communicate with others?

First, it is advisable to be kind in the game, on the boards, and in other venues where the game is discussed. It makes computer criminals very happy to steal from someone they consider a jerk. Of course, they are happy to steal from nice people too.

Second, it is important to beware that while some people are nice and just want to establish a friendship, some are out to get personal information about you with the sole purpose of taking advantage of you. Therefore, you are encouraged to meet people and have fun in and out of the game, but we recommend that you never give out information about your game accounts, your personal accounts, your ISP, or anything else.

HACKING

What does being hacked mean?

Hacking is done by computer criminals. When you are hacked, your computer has been infiltrated by someone. You may know them, you may not. It doesn't matter; someone has accessed your personal information without your permission. That is being hacked.

To NCsoft's knowledge, there is no way your computer security can be compromised through our game clients.

However, you must beware of ways you can create security holes via your involvement in the game's external community. Instant messaging, websites, e-mail, and third party programs can all be used to gain access to your computer. There are ways to make it more difficult for a hacker to get into your computer, and any criminal is going to look for easy targets first, not difficult ones.

What does a hacker do?

Hackers go through great lengths to gain access to your system -- especially if you have a high-speed, uninterrupted Internet connection…most especially if you do not have a firewall and/or port monitor protecting your system. They are always looking for the easy target, so it is important to try your best to be a difficult one. They try to find ways to get your IP address, your computer password(s), or your account password. They may do this by establishing a friendship with you on message boards or instant messaging, asking you probing questions so you will give up information you would not normally share, or using hacker tools and software to crack into your system.

Hackers do not mind spending time to get to know you. It could take months to gain your trust, but a computer criminal won't mind waiting. Computer criminals have a lot of patience; the longer it takes to gain your trust, the more exciting it is for them.

If a hacker gains access to your system, he or she could abuse any information you store on your computer: credit card numbers, bank account numbers, game accounts, online shop accounts, and more. They can send spam e-mail from your system, potentially getting your account or IP address banned, and may even attack other computers from your system.

In terms of your game account, a hacker accessing your information could:

• Transfer in-game property to other characters (namely theirs).
• Delete any or all of the items on your character.
• Convince your friends in game to allow the user in the account to "borrow" (steal) items or money.
• Delete your main or other characters.

In games such as Lineage or Lineage 2, a hacker could also repeatedly kill your character, causing him to level down, or repeatedly kill other characters to make your character "go red."

Please understand that NCsoft does not have the ability to protect systems outside of its network, and cannot control the actions of any user which may be using your machine. It is each user's responsibility to keep secure their computer system and keep private their account information. Because of this, we will not be able to reimburse you in any way for anything else done to your account by a computer criminal. This is another reason it is imperative to do everything possible to make your computer safe. If someone does break into your computer and hacks your game data, you should contact your local authorities to report this crime.

How would a hacker get access to my computer?

Most people are hacked by downloading files from a source they know nothing about or by trusting someone they have met online. In doing this, the hacker has found a way to get your IP address.

In order to connect to the Internet you must have an IP address. Your ISP assigns one to you when you log onto the Internet. Some ISPs give you an IP address that stays the same for a period of time. This is a static IP address. Other ISPs give you a different IP address every time you log onto the Internet -- this is a dynamic IP address. Their purpose? Like a telephone number, IP addresses allow other systems to contact you. In other words, this is how data is routed through the Internet. This is how you get your e-mail. This is also how hackers can get into your computer.

Important! It is not possible for a hacker to get your IP address through the game client. The most likely way for someone to gain this information is via contacts you make outside the game.

Security holes are not created by the game client, but you may meet a computer criminal within the community. Hackers can only get information you offer to them. However, most infiltrators can learn things about you - like your IP address - through other forums including, but not limited to:

• Bulletin Boards (posts may include your IP address)
• Instant messaging/chat programs
• IRC chats
• Direct link Internet games (FPS, RTS)
• File sharing programs

While finding out your IP address is a popular way to infiltrate your system, it is not the only way. There are lots of hacking programs and tools available to help computer crooks get into your system. Leaving your computer on and unattended for long periods of time -- especially if you have an always-on Internet connection -- could give hackers access. Viruses are also used to this end. Beware of executable files from sources you do not trust, even if it is a funny slide show or mini game. Hackers frequently use Trojans embedded in executable files to open a port to your computer. Viruses will be discussed later in this document.

Can I tell if I've been hacked?

There are ways you can tell that you have been hacked. Unfortunately, most people are infiltrated well before they know. Some indications are:

• Unauthorized charges to your credit cards.
• Unauthorized actions in your bank or investment accounts.
• Unauthorized use of your game accounts.
• Being accused by other individuals or ISPs of sending spam e-mail you know you have not sent.
• Running a virus scanner discovers Trojans or backdoor software installed on your machine.
• Strange computer behavior, such as random reboots, sounds suddenly playing, windows popping up unexpectedly, passwords being locked out, and so forth.

There have been reports that a hacker could even erase your hard drive! It is important to protect yourself from this type of malicious behavior.

What do I do if I've been hacked?

If you find evidence of a Trojan or other virus on your system, you should disconnect your computer from the Internet and contact your local authorities to report the crime.

If my account has been broken into, what recourse do I have?

Regrettably, there isn't much you can do if you've been hacked. We are not able to offer a restoration of any losses that may have occurred due to a hacked account. This is why it is so important to protect yourself and your computer.

VIRUSES

What is a Virus?

Viruses are small software programs that "attach" themselves to other programs. Once a program is run, the virus begins to replicate itself and attach itself to other files resident on the machine.

What do viruses do?

Viruses do many different things. Many lay dormant for a long time and then can cause problems on your system when a certain file is used or on a certain day. They can be like little mischievous gremlins or they can cause a lot of damage, like wiping your hard disk. Others make themselves present every time you boot your system. Viruses are also transmitted and shared by attaching themselves to outbound e-mails or files saved to portable storage devices such as CD-ROMs and floppy disks. This allows them to spread much like a communicable virus from person to person.

What is a Trojan?

Trojan viruses are named after the famous story of the Trojan horse. Long ago, the Greeks were attempting to gain entrance into the city of Troy. They built a large wooden horse and hid a force of soldiers inside if it. The people of Troy saw the horse as a gift and moved it inside the city walls. Sometime during the night the Greek army made their way out of the horse and opened the gates to the city, giving the rest of the army access to the city. They burned it down and killed many of its inhabitants. Much like the story, a Trojan is a seemingly harmless program that once installed on your machine will then open up a gateway to allow others to gain remote access to the computer.

Trojans allow people to access your system and remove, add, or manipulate files. Any action done on your computer can be seen or copied, allowing hackers to obtain private information on your computer, copy your credit card numbers, or learn the passwords you enter while performing online banking, purchases, or gaming on the Internet.

This can all happen without your knowledge in the background of your computer, and this is what makes Trojans such a popular and successful way for hackers to gain access to your system.

How do I get a Trojan?

Actually, you inadvertently install a Trojan by running an infected executable program on your system. Trojans take advantage of the fact that so many programs that we use process other things in the background. Additionally, the executable programs come disguised as pictures of a "friend," as funny multimedia clips, as mini programs that offer some helpful tool, and the like. This makes it very important to never download or run programs from someone you don't trust implicitly, or that are not from a trusted web resource.

The two most common Trojans are Back Orifice and NetBus. Both are very difficult to detect. They provide any potential hacker a way into your system. Once these programs are installed, any computer criminal can simply scan random IP addresses. When they find one that has a NetBus or Back Orifice connection at the other end, they can get into your system.

How do I protect myself from viruses?

Unfortunately, there is no way to get 100% protection from all past, present and future viruses. Security companies are constantly playing catch up, as computer criminals change their code in old viruses to make them undetectable, and invent new ways and code structures to get into your system. All you can do is your very best to protect your computer and your private information. Some ways to protect yourself include:

• Always have updated anti-virus software actively running on your computer.
• Before installing or running executable files (i.e.: joke.exe files or mini games) sent to you -- even by your friends -- ask yourself, "How badly do I want to see this? Is it worth it?"
• Run virus scanning software on any files you are about install.
• Update your operating system often with the latest updates concerning security or vulnerability issues.
• Acquire back door scanning software that can detect and remove spyware and/or Trojans. Spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties, including hackers.

What else should I be aware of?

One of the features in Windows 95, 98, NT, 2000, and XP is the ability to share your files with other computers. Whether these computers are on a local area network or on the Internet, you should always make sure you are very careful about file sharing. If you have enabled file sharing, you should always make sure to password protect your hard drives.

You should NEVER go away from your computers (also known as "afk," for "away from keyboard") while your character is in the game world. People that play in game rooms should be especially careful of this. Even turning your back for a minute or dashing away while a "trusted friend" watches your game can have disastrous effects in some cases.

Additionally, if you play in game rooms, you should be especially careful of people that watch over your shoulder when you log into the game. It is possible that someone could watch you type your login name and password and then guess what it is. This could happen even if they don't see the actual characters you type.

SUMMARY

How do I protect my computer system from being hacked or accessed by others without my permission?

• Install a firewall on your system.
• Install a port monitor.
• Never accept files from people you do not know and trust.
• Avoid downloading programs from unfamiliar sources.
• Avoid downloading programs from sources that do not provide some way of reaching them should something with the download go wrong.
• Install a virus scanner; keep it active on your system and ensure you always have the most up-to-date virus scanning files.
• Run the virus scanner on files received prior to installing or executing them.
• Never give your account password (or any other passwords, for that matter) to anyone.
• Change your account password at least once every three months.
• Use a complicated password structure (number, extended characters and mixed case) at least seven characters long.
• Use caution when giving out your instant message ID(s).
• Use caution when accessing instant message and chat programs.
• Do not name your characters the same as your user name or login ID.

RESOURCES

• How Computer Viruses Work
• How Web Servers Work
• Symantec: Information on Back Orifice and NetBus
• Trojan horses: Back Orifice & Netbus
• CNET News.com: Windows "back door" raises flags

Not finding what you are looking for? Ask a Question!