Necromancer/White Wolf hacked

[S'mon]

Necromancer games' site is showing the following message:
_____________________

Dear White Wolf Users,

Like many other well-known companies of the last few years, White Wolf was the target of an attack by international hackers this weekend. These hackers are now attempting to extort money from us with the threat of posting user data to the internet. We have no intention of paying this money, and are in contact with the FBI in an attempt to bring these criminals to justice.

We are choosing to make this public so that our users and fans can take any precautions needed to protect themselves. We are recommending that if you have used your White Wolf user password as the password for any other services you use on the internet, that you change them immediately.

These hackers were able to exploit a flaw in our software and access user data, this data included usernames, email addresses and encrypted passwords. As far as we can ascertain, they were unable to access any credit card data (nor have they claimed they did). However, it is possible for the encrypted passwords they accessed to be decrypted given enough time.

In addition, the site will be down for the next few days while we evaluate some of the software we are using and take appropriate action to help prevent future attacks.

We appreciate your patience and concern while we work through the details of this process.

In addition to this posting we will be emailing our userbase with this information. For correspondence regarding this, please direct all queries to wwaccounts@white-wolf.com .
___________

I didn't know Necromancer was part of WW? :\

 

[Mouseferatu]

Geez, that sucks. Why do people have to be such jackasses?

And to answer your question, Necromancer isn't "part of" White Wolf per se. But they do publish many of their books through WW's Sword & Sorcery imprint.

 

[frankthedm]

That does suck.

I knew I should have saved the oWoD character sheets when i had the chance!

Grumble.

 

[Slife]

This is really bad. I wonder how many people this is going to directly hurt... at least these guys are stupid enough to cook their own goose with their threat. If they post it up, they're going to be tracked back.

Too bad Necromancer Games didn't use the correct terminology. Crackers, not hackers were the culprits.

 

[PatrickLawinger]

Necromancer games' site is showing the following message:
<big clip>
I didn't know Necromancer was part of WW? :\

Necromancer Games is not a part of WW but they do take care of all of our fulfillment.

We also have a vast amount of information stored on the WW servers.

I am not certain, but I am guessing that the Necromancer Games Forums (which were done separately through EZboards and all of those forum names/accounts should be fine.

The biggest problem with this is that people tend to re-use the same password for multiple accounts. In other words, if you use the same pword for everything and had a forum ID or character on the WW boards/servers then you better make sure you change your pwords for anything like Amazon or any other storefront that you might have your credit card information stored. The Pwords stolen are encrypted but encryption can be broken with time.

Patrick

 

[kigmatzomat]

This is really bad. I wonder how many people this is going to directly hurt... at least these guys are stupid enough to cook their own goose with their threat. If they post it up, they're going to be tracked back.

Actually, they probably don't care. These attacks are usually made from foreign countries, typically former soviet states, using a U.S. network of zombie Windows machines. Rumors in the security circles are that an attacker can "rent" bots in units of 1,000 machines from the "owner" of a particular worm/trojan. Which means if I wanted to take down WW, I could put in an order for 10,000 haxxored PCs to hammer the WW site on a given day.

Most of the zombie bots are always-on PCs on a cable modems or DSL where the owner has no clue. Sometimes the infection is months, or even years, old. Aunt May is just too clueless to realize her machine has been pOwn3d. While her dinky 200Mhz PPro is just barely smarter than a PalmVx, it and it's 9,999 friends can generate a server slaughtering amount of bandwidth.

The FBI has limited ability to intervene since the money is to be sent to various foreign banks, typically in money-laundering friendly or US-hostile countries. Tell me a Syrian bank is going to care squat about the FBI before the extortionists have a chance to filter the money through carribean and/or swiss banks.

The immediate solution is for data providers to turn off haxx0red users until the machine is clean. It's illegal to drive a car with no headlights, turn signals, or brakes and IMO it should be against the Ts & Cs to be online with a dozen worms and no antivirus.

The long-term solution is for carriers to start taking actions against the host countries and first drop the nation's QOS levels and then start blocking traffic at the network edge. Iran may be able to survive without the internet but the ex-Soviet states are desperately trying to modernize.

 

[Man in the Funny Hat]

Too bad Necromancer Games didn't use the correct terminology.

Not to be snarky as such but... "the correct terminology" is determined by whom? Hackers and crackers can call themselves what they like, but it doesn't necessarily follow that it's improper for people not to form and use their own definitions, even if largely incorrect. In this case, however, there is no real need to draw a distinction because it is clear from the context that they are not implying that all who enjoy delving into the intricacies of computers are responsible.

 

[jdrakeh]

Grr... I hate reading about stuff like this. I'm all for leveling stiffer penalties against cyber-criminals.

 

[Dog Moon]

Heh. Just encountered the problem a little bit ago. Was looking over my passwords and names and stuff and they wouldn't get anything, it looks like, so it should be all good. Then came here and was thinking about posting something similar to the OP when I saw this immediately.

I think some people exist simply to make life harder for other people.

 

[Psion]

Too bad Necromancer Games didn't use the correct terminology. Crackers, not hackers were the culprits.

Sorry, the populace at large, not isolated self interested groups, determines correct terminology. It may be correct within those interest groups, but outside of those groups, such jargon becomes meaningless and useless.

I tried using the term "crackers" for a while. People thought I was using a slur for white southerners. Few people undestood the term to mean "criminal hackers".